disable ldap hostname verification?
John Dennis
jdennis at redhat.com
Fri May 12 11:47:05 EDT 2017
On 05/10/2017 06:09 PM, Ghilteras wrote:
> Because I connect to a load balancer with that hostname, but every instance
> behind the load balancer issues a certificate at boot time that matches its
> own name
Assuming the network behind the load balancer is isolated and secure you
should terminate SSL at the balancer with a common name and cert. That
way your backend servers won't be using TLS. Or you could deploy your
backend servers with the same cert and key (this is less ideal). But in
each case the backend server should identify as the same scheme, host
and port as is seen on the public side of the load balancer.
--
John
More information about the users
mailing list