you must create a certificate with additional hostnames with -8 option. you can view an example here: http://docs.sun.com/app/docs/doc/819-5899/6n7uuth9p?l=en&n=1&a=view ----- Missatge original ----- > Hello, > > After having read through the Howto:SSL document on the 389 wiki, i > went ahead and set up SSL for my master instance - it works great, and > i couldn't be happier. :) > > I have a slave set up to do read-only replication from the master ; > now, the wiki document has information on how to integrate the > certificate into a slave so that the replication can occur over SSL, > which i'll no > doubt do, but that's not what i'm looking for advice on now. > > What i'm interested in is actually duplicating the new SSL setup that > currently exists on the master. I realise that this sounds funny, but > the reason is simple : in our environment, all of the clients and > LDAP-aware applications are configured to send requests to a given > hostname (which is not the base FQDN of the LDAP server - it's > another, separate hostname entirely). If the master goes down, the > slave automatically has this separate hostname assigned to it. > > (Put another way, it's a sort of poor-man's failover. It's far from > perfect, and everybody knows it, but that's what's there, so for now > we live with it. :P ) > > What i would appear to need, therefore, is to have the slave be able > to respond to incoming SSL requests with exactly the same credentials > as the master. Is this even possible, and if so, how would i got about > doing it ? > > Thank you, all. > > > -- Daniel Maher <dma + 389users AT witbe DOT net> > -- 389 users mailing list > 389-users at lists.fedoraproject.org > https://admin.fedoraproject.org/mailman/listinfo/389-users
