I set up a FreeIPA master and replica behind an elastic load balancer in AWS cloud. FreeIPA Clients will be contacting the replica and the master sever through the load balancer so the dns name used when configurting the clients is the ELB CNAME. The problem is when retreiving data and during the authentication, the SSL handshake fail as the certificate send back from the master or replica has a hostname different than the one used in the sssd. so the connection is terminated. There is a workaround which is the use reqcert=allow but this b ring a security issue with a MITM attack. another solution i found is the use SAN but i don't seem to make it right. any thought on how to solve that will be very helpful. _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
[Freeipa-users] FreeIPA master and replica behind an Elastic load balancer
ridha.zorgui--- via FreeIPA-users Mon, 12 Jun 2017 02:20:50 -0700
- [Freeipa-users] FreeIPA master and repli... ridha.zorgui--- via FreeIPA-users
- [Freeipa-users] Re: FreeIPA master ... Arpit Tolani via FreeIPA-users
- [Freeipa-users] Re: FreeIPA mas... Arpit Tolani via FreeIPA-users
- [Freeipa-users] Re: FreeIPA... Ridha Zorgui via FreeIPA-users
- [Freeipa-users] Re: Fre... Ridha Zorgui via FreeIPA-users