I am trying to get FreeIPA LDAP to work when behind a load balancer and
using SSL and I do not understand how I am supposed to get the server to
use a certificate I created that has a SAN created.

FreeIPA 4.4.0 on CentOS 7

Here is what I have:
ipa-master.dev.crosschx.com - master
ipa-replica.dev.crosschx.com - replica
ipa.dev.crosschx.com - load balancer DNS name which point to the master and
replica servers

Here is what I have done.
ipa host-add ipa.dev.crosschx.com --random --force

ipa service-add --force ldap/ipa.dev.crosschx.com

ipa service-add-host ldap/ipa.dev.crosschx.com --hosts={
ipa-master.dev.crosschx.com,ipa-replica.dev.crosschx.com}

ipa service-allow-retrieve-keytab ldap/ipa.dev.crosschx.com --users=admin

ipa-getcert request -d /etc/crosschx -n ipa-load-balancer -N "CN=
ipa-master.dev.crosschx.com,O=DEV.CROSSCHX.COM" -D ipa.dev.crosschx.com -K
ldap/ipa-master.dev.crosschx.com


I can see the certificate is being monitored by IPA when I run ipa-getcert
list but I am lost at the step to have this cert put into the database so
that IPA will properly respond when I try to connect over LDAPS.

I was testing the connection with the following command and I see the the
ipa-master.dev cert being served.

openssl s_client -connect ipa-master.dev.crosschx.com:636 -servername
ipa.dev.crosschx.com

Can you point me to the documentation I need to follow?

Thank you.


*Mike Plemmons | Senior DevOps Engineer | CROSSCHX*
614-741-5475
mike.plemm...@crosschx.com
www.crosschx.com
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to