Greg's Tech blog

AD, SSL & Load Balancing

Wednesday 04 of May, 2005
Interesting times. In previous posts we walked through some thoughts about how to create 3rd party certs that have the same CN so that the LDAP clients could see any server as though it were one.

We had created a cert request that had the cn set correctly, but AD/Win2k3 would not accept it since the domain controller name was not in the CN. The article from MS said we could put the dc name in the DNS name field of the Subject Alternative Name (SAN). We thought we had tried this. What we found is that you cannot specify a SAN with a retail cert from Verisign. We then signed up for the Verisign Managed PKI service.

We're still working through the results.