>>> "Borresen, John - 0442 - MITLL" <john.borre...@ll.mit.edu> schrieb am 14.01.2014 um 20:22 in Nachricht <201401141923.s0ejnerg089...@boole.openldap.org>: > Thanks for your help with my last post. > > Now, the next task, will be setting up an N-way multimaster: > Server1 > Server2 > Server3 > Server4 > > Using TLS. To create the certificates, finding a lot of varying ideas via > google, what is the "best practice" to create certificates to where I don't > have to touch each client if a server goes down. Create a wildcard cert or > use the subjectAltName in the openssl.cnf file?
Hi! I don't see your problem: The certificates are just "normal"; one for each server. And you want to add each server to each client. If one server goes down, you don't have to do anything. What did I miss from your description? Regards, Ulrich > > > John D. Borresen (Dave) > Linux/Unix Systems Administrator > MIT Lincoln Laboratory > Surveillance Systems Group > 244 Wood St > Lexington, MA 02420 > Email: john.borre...@ll.mit.edu<mailto:john.borre...@ll.mit.edu>