disable ldap hostname verification?

John Dennis jdennis at redhat.com
Fri May 12 11:47:05 EDT 2017

On 05/10/2017 06:09 PM, Ghilteras wrote:
> Because I connect to a load balancer with that hostname, but every instance
> behind the load balancer issues a certificate at boot time that matches its
> own name

Assuming the network behind the load balancer is isolated and secure you 
should terminate SSL at the balancer with a common name and cert. That 
way your backend servers won't be using TLS. Or you could deploy your 
backend servers with the same cert and key (this is less ideal). But in 
each case the backend server should identify as the same scheme, host 
and port as is seen on the public side of the load balancer.


More information about the users mailing list