LDAPS - Multiple DC's/CA's
Posted on 2014-04-13
I'm just starting to configure Identity Management for UNIX so that the Unix users can be controlled from the Windows 2012 AD environment.
These are new Unix servers, so there are currently no users on them that need mapping.
Anyway, I want to use LDAPS for authentication but trying to work out how the SSL cert will work.
We have 4x Domain Controllers which has had the 'Identity Management for UNIX ' component installed. Let's call them DC1, DC2, DC3 & DC4.
We have 2x CA's. CA1 is root, CA2 is subordinate.
The Server Authentication Certificate on DC1 has been issued by CA2, whereas the certificate on DC2, DC3 & DC4 have been issued by CA1.
They are all set to expire sometime in October 2014.
If I want to configure LDAPS on the Unix hosts so they can use 2-4 of the DC's for authentication, do I need to export the SSL cert from each of them? What will happen if the DC's change CA's in October when they renew? (Is that possible/probable?)