Uhm...I can try, but in that case, is it possible that I've a problem
with replication ?
I don't think so. I've noticed that replication agreements over SSL
don't seem to care about hostname / CN matching, although they do check
that the CA is trusted. If I have the wrong impression on this, someone
please say so :).
In your replication agreements, you'd still want to use the
'nodo1.domain.example.com' or 'nodo2.domain.example.com' names, as
'ldap.domain.example.com' would obviously not be specific enough.
Alessandro Binarelli wrote:
> For the setup you described, you'd probably want to use a
> single certificate, signed with a CN of 'ldap.domain.example.com
<http://ldap.domain.example.com>'.
>
> This will make it possible for your server cert CNs and
> hostnames to match consistently, regardless of which machine
> (nodo1 or nodo2) the clients end up talking to.
>
Uhm...I can try, but in that case, is it possible that I've a problem
with replication ?
Nodes use server ca with only difference....CN
I maked 2 server CA with the same CA
Thanks
Alex
------------------------------------------------------------------------
--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
