Hi. I'm trying to use FreeIPA as a certificate authority. My goal is to issue certificates for patroni cluster nodes and postgres user, and use certmonger afterwards for they renewal. While issuing the certificates for hosts is nobrainer I'm having troubles with postgres client certificate.

How would you recommend to approach my issue? I'm confused with HTTP/service abstraction and think that for my case it's impossible, cause I can't have multiple "postgres" services, or multiple postgres aliases (idea is to use postgres SAN name, but I'm not even sure auth will work). I'm also can't have just one postgres user and therefore certificate for every database cluster.