On 6.3.2015 14:08, Martin Kosek wrote: > I'm figuring out how to regenerate the webserver certificates so I can > use a loadbalancer in front of my ipa servers.
Are you talking about FreeIPA web interface? It is technically possible to use load-balancer but it will be really hacky. You would have to solve certificates and also distribute shared keytabs and so on. I would recommend you to use "something" which issues HTTP redirect to ipa server 1/2/3/4/5 according to current state instead of using classical load balancer on the network level. Normal HTTP redirect will not force you to mess with certs and keytabs. -- Petr^2 Spacek -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project