7 May
2016
7 May
'16
7:11 p.m.
On 7 May 2016, at 17:09, Alan Buxey <A.L.M.Buxey@lboro.ac.uk> wrote:
Yep. But if using same private CA you may as well just use the same server cert on each box too. Then they could be just cloned configs, controlled by puppet, pulled from git...whatever.
I guess the advantage of using different server certs, is you can do a rolling revocation if they all get compromised, and it'd help a little with debugging (you'd know which backend you were talking to). Really though it's personal preference :) -Arran Arran Cudbard-Bell <a.cudbardb@freeradius.org> FreeRADIUS Development Team FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2