Dear All,
We have a number of DNS sub zones in different IP subnets, and we want to ensure that DNS
queries respond quickly and aren't waiting for timeouts. So as such we're thinking
of putting our IPA on multiple interfaces, one in each sub zone, and registering the host
and it's clients within that sub zone separately. To achieve this we need to add
principal aliases for each sub zone to the IPA services - which appears to be working well
so far, but I have a question: what's the best way to setup a new certificate for the
web interface to allow SSL on the new sub zone interface. We're thinking of simply
adding alt names to the certificate and getting a newly issued one from the local CA.
Should we be looking to do this exclusively with certutil or should we be using
ipa-server-certinstall.
I hope that this makes sense and our approach isn't complete madness.
Regards,
Callum
--
Callum Smith
Research Computing Core
Wellcome Trust Centre for Human Genetics
University of Oxford
e. callum@well.ox.ac.uk<mailto:callum@well.ox.ac.uk>
Show replies by date