I set up a FreeIPA master and replica behind an elastic load balancer in AWS 
cloud. FreeIPA Clients will be contacting the replica and the master sever 
through the load balancer so the dns name used when configurting the clients is 
the ELB CNAME. The problem is when retreiving data and during the 
authentication, the SSL handshake fail as the certificate send back from the 
master or replica has a hostname different than the one used in the sssd. so 
the connection is terminated.  There is a workaround which is the use 
reqcert=allow but this b ring a security issue with a MITM attack. another 
solution i found is the use SAN but i don't seem to make it right. any thought 
on how to solve that will be very helpful.
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to