Hello,
I am getting close to deployment of my CAS 6.2.1 instance. I would like
some advice on updating the idp-encryption{.crt,.key}, idp-metadata, and
the idp-signing{.crt,.key} for my production servers.
I have two servers (we'll call them server-1.onu.edu and server-2.onu.edu)
that I would like to host as a HA cluster. I will be using DNS to send
requests made to server.onu.edu to both server-1.onu.edu and
server-2.onu.edu.
My questions are, how should I generate the certificates and metadata for
deployment to server.onu.edu? Previously, I let CAS auto generate the
certificates and metadata so I do not know the process. Would I need
subject alt names of server.onu.edu, server-1.onu.edu and server-2.onu.edu
or would only server.onu.edu suffice? Are there any specific fields I
should set in my new certificate? I noticed the auto-generated .crt files
have a SAN of DNS name and URI to server1.onu.edu/idp/metadata, how can I
add a URI to my custom certificate and should I include both servers'
metadata endpoints in it or just server.onu.edu's?
I know there is a lot there, I appreciate you taking the time to read
through it.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/c79499d7-4f1b-4481-86a4-f65dec47752fn%40apereo.org.
