One way of doing this would be to create a CA cert and sign the two certificates for the two LDAP servers with this CA cert and install the CA cert on the clients.
Siddharth Choure Senior Systems Engineer On 3/12/14, 10:57 AM, "Julien Courtès" <[email protected]> wrote: >Hi, >I have two LDAP servers in master-slave >ldap1.domain.com - master >ldap2.domain.com - slave >These servers got different ip addresses and are hosted on different >servers >But I want to enable TLS connection with clients. >So can I create a unique certificate that I put on both servers and the >client will use one unique certificate to connect to server "ldap1" or >"ldap2" if the first one is down. > >If not, how should I do? >I did a search and I found that I can use subjectAltNames or wildcard >certificat. > >Thanks > >Julien Courtès >
