[Freeipa-users] subjectAlternitiveName for webservice
Matt .
yamakasi.014 at gmail.com
Fri Mar 6 14:13:05 UTC 2015
Hi,
But as the user is the same, I could use the same keytab for each ipa server ?
I need to use the API indeed, so need to issue the http service.
Any other options ?
2015-03-06 14:24 GMT+01:00 Petr Spacek <pspacek at redhat.com>:
> On 6.3.2015 14:08, Martin Kosek wrote:
>> I'm figuring out how to regenerate the webserver certificates so I can
>> use a loadbalancer in front of my ipa servers.
>
> Are you talking about FreeIPA web interface? It is technically possible to use
> load-balancer but it will be really hacky. You would have to solve
> certificates and also distribute shared keytabs and so on.
>
> I would recommend you to use "something" which issues HTTP redirect to ipa
> server 1/2/3/4/5 according to current state instead of using classical load
> balancer on the network level. Normal HTTP redirect will not force you to mess
> with certs and keytabs.
>
> --
> Petr^2 Spacek
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
More information about the Freeipa-users
mailing list