Re: [389-users] Can i use Same Certificate for all my ldap server
On 16.4.2013 23:10, Kyle Flavin wrote: On Tue, Apr 16, 2013 at 2:04 PM, Rob Crittenden rcrit...@redhat.com wrote: expert alert wrote: Hi I am planning to deploy all my ldap server by puppet. so I am wondering, Can i use Same Server Certificate and CA certificate (Directory server) for all my server ??? if yes, then under which directory shall i place those certificate ?? Although it is technically possible, it is not recommended. All servers will share the same private key, so the chance that the key will be compromised is bigger - you need to transfer the key securely from one server to another etc. Could you explain your use case? I'm curious :-) -- Petr Spacek -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
[389-users] Can i use Same Certificate for all my ldap server
Hi I am planning to deploy all my ldap server by puppet. so I am wondering, Can i use Same Server Certificate and CA certificate (Directory server) for all my server ??? if yes, then under which directory shall i place those certificate ?? Thanks for help Robert -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
Re: [389-users] Can i use Same Certificate for all my ldap server
expert alert wrote: Hi I am planning to deploy all my ldap server by puppet. so I am wondering, Can i use Same Server Certificate and CA certificate (Directory server) for all my server ??? if yes, then under which directory shall i place those certificate ?? Certificates typically have the hostname embedded in the subject so it is specific to that host. The exception is wildcard certs (*.example.com). So unless you have a wildcard cert, which I'm not really recommending, you'll need to get separate certs for each of your servers. I'm a cli guy, so I don't know how you'd do this in console, but the certs and keys go into the NSS database in /etc/dirsrv/slapd-YOUR-INSTANCE rob -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users