[Spacewalk-list] placing Satellite behind a VIP
wm-lists
wm-lists at nixpeeps.com
Fri May 23 14:19:16 UTC 2014
Thanks for the response Justin. So I've been messing w/ the rhn-ssl-tool
this morning to generate new webserver certs with SAN's in them. I can see
in the .cnf file that the names are there
# pages where one requests the certificate...
subjectAltName = @alt_names
[alt_names]
DNS.1 =<name1>
DNS.2 =<name2>
DNS.3 =<name3>
DNS.4 = <name4>
and I can see in the associated .csr file that the x509 output has the names
X509v3 Subject Alternative Name:
DNS:<name 1>, DNS:<name 2>, DNS:<name 3>, DNS:<name 4>
But I don't see any output in the .crt file that would indiicate the
existence of SAN's
Should the .crt file have this information in it?
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Key Usage:
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
Netscape Cert Type:
SSL Server
Netscape Comment:
RHN SSL Tool Generated Certificate
X509v3 Subject Key Identifier:
<numbers>
X509v3 Authority Key Identifier:
keyid:<key>
DirName<dir stuff>
serial:<serial>
Thanks for any input...
Will
On Fri, May 16, 2014 at 2:55 PM, Justin Edmands <shockwavecs at gmail.com>wrote:
> On Fri, May 16, 2014 at 12:36 PM, wm-lists <wm-lists at nixpeeps.com> wrote:
>
>> I'm in the process of placing my satellite server and its passive backup
>> at our DR location behind a VIP address (rhn.domain.net). The VIP will
>> forward traffic to whichever satellite is running (DR or Primary). I've
>> already got the failover/backup db part figured out.
>> What I'm trying to figure out is whether I need to do a
>> spacewalk-hostname-rename on the primary satellite server and give it the
>> new VIP name or is there a better process for this.
>>
>> The idea is that I can configure the DR server w/ the same SSL
>> configuration, restore the current db backup to the DR location and start
>> up satellite there in the event something happens to our primary server.
>>
>> Any thoughts about how to handle this?
>>
>> Thanks!
>> Will
>>
>> _______________________________________________
>> Spacewalk-list mailing list
>> Spacewalk-list at redhat.com
>> https://www.redhat.com/mailman/listinfo/spacewalk-list
>>
>
> Well since you said the main reason is for SSL, just use a SAN. Subject
> Alternative Name. If self signed, you can use quite a few. If provided by
> 3rd party, I think most limit it to 5 SANs per cert.
>
>
> _______________________________________________
> Spacewalk-list mailing list
> Spacewalk-list at redhat.com
> https://www.redhat.com/mailman/listinfo/spacewalk-list
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/spacewalk-list/attachments/20140523/83f379f2/attachment.htm>
More information about the Spacewalk-list
mailing list