[Date Prev][Date Next] [Chronological] [Thread] [Top]

Antw: N-Way-Multimaster Configuration

To: "John - 0442 - MITLL Borresen" <John.Borresen@ll.mit.edu>, "openldap-technical@openldap.org" <openldap-technical@openldap.org>, "Quanah Gibson-Mount" <quanah@zimbra.com>
Subject: Antw: N-Way-Multimaster Configuration
From: "Ulrich Windl" <Ulrich.Windl@rz.uni-regensburg.de>
Date: Wed, 15 Jan 2014 09:45:35 +0100
Content-disposition: inline
In-reply-to: <201401141923.s0EJNERG089333@boole.openldap.org>
References: <201401141923.s0EJNERG089333@boole.openldap.org>

>>> "Borresen, John - 0442 - MITLL" <John.Borresen@ll.mit.edu> schrieb am
14.01.2014 um 20:22 in Nachricht
<201401141923.s0EJNERG089333@boole.openldap.org>:
> Thanks for your help with my last post.
> 
> Now, the next task, will be setting up an N-way multimaster:
> Server1
> Server2
> Server3
> Server4
> 
> Using TLS.  To create the certificates, finding a lot of varying ideas via 
> google, what is the "best practice" to create certificates to where I don't 
> have to touch each client if a server goes down.  Create a wildcard cert or 
> use the subjectAltName in the openssl.cnf file?

Hi!

I don't see your problem: The certificates are just "normal"; one for each server. And you want to add each server to each client. If one server goes down, you don't have to do anything. What did I miss from your description?

Regards,
Ulrich

> 
> 
> John D. Borresen (Dave)
> Linux/Unix Systems Administrator
> MIT  Lincoln Laboratory
> Surveillance Systems Group
> 244 Wood St
> Lexington, MA  02420
> Email: john.borresen@ll.mit.edu<mailto:john.borresen@ll.mit.edu>

References:
- N-Way-Multimaster Configuration
  - From: "Borresen, John - 0442 - MITLL" <John.Borresen@ll.mit.edu>

Prev by Date: SSHA hashed passwords && retrieving the salt
Next by Date: Antw: SSHA hashed passwords && retrieving the salt
Index(es):
- Chronological
- Thread