> This isn't an SSL problem, it's a problem with the way you are trying to > use it. You are trying to present the world with a single directory > server and behind the scenes have 2 physical servers. Nothing wrong with > this but you were told a while back that this could be a problem. Yes...but I thought that someone have implemented 2 ldap server on a cluster system; > 1. The easiest solution is to use a wildcard in the SSL server > certificate hostname: CN=*.example.com. This is super ugly but should > work. Note that you'll never get a CA like Verisign to issue you a > wildcard server certificate. So if you are using your own self-signed CA > during testing and plan to get server certs later from another CA beware. > uhm..very dangerous > 2. I wonder if it is possible to set up multiple listeners and assign a > separate SSL certificate to each one. Then you could have > CN=host1.example.com on say port 638 for replication and > CN=ldap.example.com on 636 for general use. > This maybe a solution...if it's possible...but I'm a newbe about SSL Ok...omit cluster...if I have a server Fedora DS (A) that it's ssl server too...until A is alone I configure my clients to point at this server for authentication and I tested it works perfectly..now I want another server for load balancing replicated in multimaster(B)...now...how can I set up ssl for this scenario ? This scenario is normal for example in windows Active Directory...I think that it's impossible that nobody has never made a test like this or implemented something like this
