Ulrich Windl wrote: >>>> Michael Ströder <michael@stroeder.com> schrieb am 10.12.2014 um 09:44 in > Nachricht <548807E4.5000108@stroeder.com>: >> Ulrich Windl wrote: >>>> I use a cert with the VIP used by clients, and the hostnames used between >>>> the servers all setup in the subjectaltname of the certificate. >>> >>> But this "solution" does not scale well when adding or removing servers... >> >> Why does it not scale? >> >> If you have an individual cert for each server with the VIP DNS name in >> subjectAltName you can just add servers as needed. > > The point is: If you change one server, you'll have to update certificates for > all active servers; Nonsense. This will only be the case if you change the VIP's DNS name. Or could you please tell us what's so hard to understand with "individual cert for each server"? > not to talk about that fact that all certificates will > expire exactly at the same time. Uuuh... yes, there's work out there to be done. So what's the real problem? Ciao, Michael.
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature