[Freeipa-users] LDAP - Load Balancer - SSL cert with SAN

[Michael Plemmons]

I am trying to get FreeIPA LDAP to work when behind a load balancer and
using SSL and I do not understand how I am supposed to get the server to
use a certificate I created that has a SAN created.

FreeIPA 4.4.0 on CentOS 7

Here is what I have:
ipa-master.dev.crosschx.com - master
ipa-replica.dev.crosschx.com - replica
ipa.dev.crosschx.com - load balancer DNS name which point to the master and
replica servers

Here is what I have done.
ipa host-add ipa.dev.crosschx.com --random --force

ipa service-add --force ldap/ipa.dev.crosschx.com

ipa service-add-host ldap/ipa.dev.crosschx.com --hosts={
ipa-master.dev.crosschx.com,ipa-replica.dev.crosschx.com}

ipa service-allow-retrieve-keytab ldap/ipa.dev.crosschx.com --users=admin

ipa-getcert request -d /etc/crosschx -n ipa-load-balancer -N "CN=
ipa-master.dev.crosschx.com,O=DEV.CROSSCHX.COM" -D ipa.dev.crosschx.com -K
ldap/ipa-master.dev.crosschx.com


I can see the certificate is being monitored by IPA when I run ipa-getcert
list but I am lost at the step to have this cert put into the database so
that IPA will properly respond when I try to connect over LDAPS.

I was testing the connection with the following command and I see the the
ipa-master.dev cert being served.

openssl s_client -connect ipa-master.dev.crosschx.com:636 -servername
ipa.dev.crosschx.com

Can you point me to the documentation I need to follow?

Thank you.


*Mike Plemmons | Senior DevOps Engineer | CROSSCHX*
614-741-5475
mike.plemmons at crosschx.com
www.crosschx.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20161229/c7abd9f2/attachment.htm>