[Freeipa-users] subjectAlternitiveName for webservice
Petr Spacek
pspacek at redhat.com
Fri Mar 6 13:24:31 UTC 2015
On 6.3.2015 14:08, Martin Kosek wrote:
> I'm figuring out how to regenerate the webserver certificates so I can
> use a loadbalancer in front of my ipa servers.
Are you talking about FreeIPA web interface? It is technically possible to use
load-balancer but it will be really hacky. You would have to solve
certificates and also distribute shared keytabs and so on.
I would recommend you to use "something" which issues HTTP redirect to ipa
server 1/2/3/4/5 according to current state instead of using classical load
balancer on the network level. Normal HTTP redirect will not force you to mess
with certs and keytabs.
--
Petr^2 Spacek
More information about the Freeipa-users
mailing list