On Sat, 2016-11-12 at 15:16 -0800, Gordon Messmer wrote: > On 11/12/2016 02:49 PM, [email protected] wrote: > > - Can I install and use several certificates to one DS? > > That would require TLS SNI support in both the server and the client. > As far as I know, it doesn't exist in either. You'll need a certificate > with both FQDNs. If these hostnames resolve externally, you should be > able to get such a certificate from LetsEncrypt.
SNI is specific to the protocol, and LDAP does not support it. You are correct that you need a certificate with both FQDNs for this to work. Please read the updated ssl document which discusses this at length, including the creation of certificates with subjectAlternativeNames. Hope that helps! http://www.port389.org/docs/389ds/howto/howto-ssl.html -- Sincerely, William Brown Software Engineer Red Hat, Brisbane
signature.asc
Description: This is a digitally signed message part
_______________________________________________ 389-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
