Hello everyone,
I am planning to deploy replica of freeipa to AWS, and I have following
idea:
* Lets say freeipa domain is example.com
* freeipa domain has it's own CA
* all aws hosts will get hostname automatically over dhcp options in
vpc like ip-xxx-xxx-xxx-xxx.aws.example.com
* Freeipa replica will be reachable one internal IP and one elastic
IP, internal IP will be reachable with hostname ipa.aws.example.com,
external one (elastic IP) will be reachable ipa.example.com, DNS
autodiscovery records will do the rest.
I cannot resolve one part, when using different hostnames, I might run
into TLS, STARTTLS issue, since ipa apache, ldap, kerberos kdc
certificates are issued automatically only to one hostname.
I would like to ask if it is possible to replace ipa apache, ldap,
kerberos kdc certificates with SAN certificates that supports multiple
hostnames?
Thanks,
--
Anvar Kuchkartaev
[email protected]
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]/message/K6BPEKITXJ2PRK2JTUBLPTUI4Z3DI3AW/
