Hi,
we are planning to use LDAP SSL connections with LB VIP wherein will have 4 DCs. My colleague has generated the CSR from each of those DCs with LDAPS.corpnet.domain.com and SiteA-DC1.corpnet.domain.com. He did this same for each individual DCs.
My point where is the HA when we are having one certificate with LDAPS.corpnet.domain.com and SiteA-DC1.corpnet.domain.com, if anyhow in future something bad happens with that DC then whole domain or any external app using ldaps cert. would have the certificate issue as other DCs is not in SAN name list.
My understanding that is to generate a CSR from one DC with SAN name including other DCs as well. Then after installing the certificate in one DC where the CSR was generated, export the certificate from there and import it to other DCs.
Any suggestions?
Thanks
Rajneesh Kumar MCSE - Server Infra, MCITP - SA, CNA