I am trying to get FreeIPA LDAP to work when behind a load balancer and
using SSL and I do not understand how I am supposed to get the server to
use a certificate I created that has a SAN created.

FreeIPA 4.4.0 on CentOS 7

Here is what I have:
ipa-master.dev.crosschx.com - master
ipa-replica.dev.crosschx.com - replica
ipa.dev.crosschx.com - load balancer DNS name which point to the master and
replica servers

Here is what I have done.
ipa host-add ipa.dev.crosschx.com --random --force

ipa service-add --force ldap/ipa.dev.crosschx.com

ipa service-add-host ldap/ipa.dev.crosschx.com --hosts={

ipa service-allow-retrieve-keytab ldap/ipa.dev.crosschx.com --users=admin

ipa-getcert request -d /etc/crosschx -n ipa-load-balancer -N "CN=
ipa-master.dev.crosschx.com,O=DEV.CROSSCHX.COM" -D ipa.dev.crosschx.com -K

I can see the certificate is being monitored by IPA when I run ipa-getcert
list but I am lost at the step to have this cert put into the database so
that IPA will properly respond when I try to connect over LDAPS.

I was testing the connection with the following command and I see the the
ipa-master.dev cert being served.

openssl s_client -connect ipa-master.dev.crosschx.com:636 -servername

Can you point me to the documentation I need to follow?

Thank you.

*Mike Plemmons | Senior DevOps Engineer | CROSSCHX*
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to