I had a similar problem in Kubernetes. What I ended up doing was discovering the FQDN of the internal service address, then generating the external address to match that FQDN using a dotted (non-hierarchical) A record.
Don’t know if you can use that trick, but it might provide some ideas. Sent from my iPhone > On Dec 17, 2018, at 21:21, Peter Tselios via FreeIPA-users > <[email protected]> wrote: > > Hello everyone, > I have 2 FreeIPA servers in AWS and a LB in front of them to serve the UI and > the LDAP (just the gui and just the LDAP. For Kerberos, we use DNS > discovery). > My problem is that I cannot use TLS with LDAP connections because the CA does > not have the LB's name in SAN. > > Is there any way to **add** in the CA certificate the additional hostname? > _______________________________________________ > FreeIPA-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
