> Uhm...I can try, but in that case, is it possible that I've a problem > with replication ? I don't think so. I've noticed that replication agreements over SSL don't seem to care about hostname / CN matching, although they do check that the CA is trusted. If I have the wrong impression on this, someone please say so :). In your replication agreements, you'd still want to use the 'nodo1.domain.example.com' or 'nodo2.domain.example.com' names, as 'ldap.domain.example.com' would obviously not be specific enough. Alessandro Binarelli wrote: > > > > For the setup you described, you'd probably want to use a > > > single certificate, signed with a CN of 'ldap.domain.example.com > <http://ldap.domain.example.com>'. > > > > > > This will make it possible for your server cert CNs and > > > hostnames to match consistently, regardless of which machine > > > (nodo1 or nodo2) the clients end up talking to. > > > > > Uhm...I can try, but in that case, is it possible that I've a problem > with replication ? > > Nodes use server ca with only difference....CN > > I maked 2 server CA with the same CA > > Thanks > > Alex > > > > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users >
