[Spacewalk-list] placing Satellite behind a VIP

wm-lists wm-lists at nixpeeps.com
Fri May 23 14:19:16 UTC 2014 

Thanks for the response Justin. So I've been messing w/ the rhn-ssl-tool
this morning to generate new webserver certs with SAN's in them.  I can see
 in the .cnf file that the names are there
# pages where one requests the certificate...
subjectAltName          = @alt_names

[alt_names]
DNS.1 =<name1>
DNS.2 =<name2>
DNS.3 =<name3>
DNS.4 = <name4>

and I can see in the associated .csr file that the x509 output has the names
            X509v3 Subject Alternative Name:
                DNS:<name 1>, DNS:<name 2>, DNS:<name 3>, DNS:<name 4>

But I don't see any output in the .crt file that would indiicate the
existence of SAN's

Should the .crt file have this information in it?

        X509v3 extensions:
            X509v3 Basic Constraints:
                CA:FALSE
            X509v3 Key Usage:
                Digital Signature, Key Encipherment
            X509v3 Extended Key Usage:
                TLS Web Server Authentication, TLS Web Client Authentication
            Netscape Cert Type:
                SSL Server
            Netscape Comment:
                RHN SSL Tool Generated Certificate
            X509v3 Subject Key Identifier:
              <numbers>
            X509v3 Authority Key Identifier:
                keyid:<key>
                DirName<dir stuff>
                serial:<serial>


Thanks for any input...

Will


On Fri, May 16, 2014 at 2:55 PM, Justin Edmands <shockwavecs at gmail.com>wrote:

> On Fri, May 16, 2014 at 12:36 PM, wm-lists <wm-lists at nixpeeps.com> wrote:
>
>> I'm in the process of placing my satellite server and its passive backup
>> at our DR location behind a VIP address (rhn.domain.net).  The VIP will
>> forward traffic to whichever satellite is running (DR or Primary).  I've
>> already got the failover/backup db part figured out.
>> What I'm trying to figure out is whether I need to do a
>> spacewalk-hostname-rename on the primary satellite server and give it the
>> new VIP name or is there a better process for this.
>>
>> The idea is that I can configure the DR server w/ the same SSL
>> configuration, restore the current db backup to the DR location and start
>> up satellite there in the event something happens to our primary server.
>>
>> Any thoughts about how to handle this?
>>
>> Thanks!
>> Will
>>
>> _______________________________________________
>> Spacewalk-list mailing list
>> Spacewalk-list at redhat.com
>> https://www.redhat.com/mailman/listinfo/spacewalk-list
>>
>
> Well since you said the main reason is for SSL, just use a SAN. Subject
> Alternative Name. If self signed, you can use quite a few. If provided by
> 3rd party, I think most limit it to 5 SANs per cert.
>
>
> _______________________________________________
> Spacewalk-list mailing list
> Spacewalk-list at redhat.com
> https://www.redhat.com/mailman/listinfo/spacewalk-list
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/spacewalk-list/attachments/20140523/83f379f2/attachment.htm>

More information about the Spacewalk-list mailing list