You can also use a SAN cert, and put in just the names of the servers you will be using. Maybe better than using a wildcard cert.
ie:
ldap1.example.com
ldap2.example.com
ie:
ldap1.example.com
ldap2.example.com
On Tue, Apr 16, 2013 at 2:04 PM, Rob Crittenden <rcritten@xxxxxxxxxx> wrote:
Certificates typically have the hostname embedded in the subject so it is specific to that host. The exception is wildcard certs (*.example.com). So unless you have a wildcard cert, which I'm not really recommending, you'll need to get separate certs for each of your servers.expert alert wrote:
Hi
I am planning to deploy all my ldap server by puppet.
so I am wondering, Can i use Same Server Certificate and CA certificate
(Directory server) for all my server ???
if yes, then under which directory shall i place those certificate ??
I'm a cli guy, so I don't know how you'd do this in console, but the certs and keys go into the NSS database in /etc/dirsrv/slapd-YOUR-INSTANCE
rob
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
