Hello all!

We're looking at replacing a lot of our currently self-signed internal SSL
certificates in our infrastructure with certificates generated by the
FreeIPA CA.  However, I've run into something that I haven't been able to
find documented as of yet, and I'm hoping some of you can point me in the
right direction.  Some of our internal SSL sites are load-balanced between
multiple hosts, so we end up with the same SSL/Key installed to each host.
For example:

hostname.domain.com is hosted on hostA and hostB.

Both hostA and hostB have the certs at /etc/httpd/certs/
hostname.domain.com/hostname.crt, and the private key at /etc/httpd/certs/

I would expect I can have both hostA and hostB be able to work with the
FreeIPA certificates by adding additional ipa host-add-managedby and ipa
service-add-host commands, to specify both hostA and hostB.  However, from
my understanding, running the "ipa-getcert request" command on hostA will
put the certs on hostA only, and I'd need the same certs on both hostA and
hostB.  Is there a special ipa-getcert incantation that can retrieve the
already-issued certificate files, and allow them to be managed by FreeIPA
on both hosts?  Or is there another recommended way of doing this?

Thanks for any info you can give me!

Jeremy Utley
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to