From: Wesley C. <we...@um...> - 2007-05-18 20:12:58
|
The radmind server must have a cert that matches the name fed to lapply et al. This allows round robin DNS to work just fine with one certificate. :wes On 18 May 2007, at 11:35, Justin Elliott wrote: > Is anyone using the same server cert on multiple Radmind servers that > are in a round robin DNS? Is this even possible? We sure hope so... > > We've not done this yet, but we're concerned that we might still have > to create separate certs for EACH server listed in the round robin > DNS (yeah, we're new to using certs with Radmind, have have them > working with 1 server thus far). We'd much rather not have to create > a separate cert for each server, along with a new client cert from > each server, as the work load to do this would be much higher. > > We need to have at least 2 Radmind servers in a round robin DNS that > are using certs. We'd like to make one cert for the round robin DNS > and install it on all of the servers so that we don't have to make > special certs for each server. > > In the past (using IP ranges instead of certs) we also resolved the > DNS of the Radmind server to an IP address and then used that IP for > all radmind commands versus using the hostname. We've discovered that > this causes a problem for the tools (when using certs) since the > server cert is based on the hostname and not the IP, and then a > mismatch occurs. We realize that we might not be able to continue > doing this when using certs, but we'd like to if possible, to ensure > that the transcripts are really on the same server, and the load sets > match, etc. |