> When SSL-enabling the directory server, am I allowed to use a
> wildcard certificate or is it mandatory the certificate include the
> FQHN?
>
the certificate should always contain the FQDN but you can use the alternate
extension that allows you to specify multiple names.
this is what I use for my setups:
certutil -R -s "CN=domssm1.xxx.net,OU=aa,O=bb,L=cc,ST=dd,C=dd" -o
domssm1.csr -d . -a -8 domssm1.xxx.net,ldap.xxx.net,ldap-write.xxx.net
hope that helps,
abosch
--
389 users mailing list
[email protected]
https://admin.fedoraproject.org/mailman/listinfo/389-users
