You can also use a SAN cert, and put in just the names of the servers you will be using. Maybe better than using a wildcard cert.
ie: ldap1.example.com ldap2.example.com On Tue, Apr 16, 2013 at 2:04 PM, Rob Crittenden <rcrit...@redhat.com> wrote: > expert alert wrote: > >> Hi >> I am planning to deploy all my ldap server by puppet. >> so I am wondering, Can i use Same Server Certificate and CA certificate >> (Directory server) for all my server ??? >> >> if yes, then under which directory shall i place those certificate ?? >> > > Certificates typically have the hostname embedded in the subject so it is > specific to that host. The exception is wildcard certs (*.example.com). > So unless you have a wildcard cert, which I'm not really recommending, > you'll need to get separate certs for each of your servers. > > I'm a cli guy, so I don't know how you'd do this in console, but the certs > and keys go into the NSS database in /etc/dirsrv/slapd-YOUR-**INSTANCE > > rob > > -- > 389 users mailing list > 389-users@lists.fedoraproject.**org <389-us...@lists.fedoraproject.org> > https://admin.fedoraproject.**org/mailman/listinfo/389-users<https://admin.fedoraproject.org/mailman/listinfo/389-users>
-- 389 users mailing list 389-us...@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
