12:10 p.m.
Hello,
I want to create an AWS Load Balancer that will use HTTPS end to end.
I want to use my FreeIPA to generate the certificates for the instances and for the ALB.
My questions:
1. Is it possible to issue a certificate from FreeIPA for the AWS ALB since the later will
not be a FreeIPA client?
If so, how?
2. If I cannot issue a certificate from the FreeIPA, what alternatives do I have?
Generate a CSR from any linux box and just sign it?
12:20 p.m.
New subject: Create Certificate for Load Balancer & end2end HTTPS traffic
I think you can do this if you upload your certificate and key to ACM in AWS, and then use
the ACM ARN for your uploaded certificate as the certificate for the ALB.
You do need to generate the CSR separately indeed.
John
On 25 Oct 2018, at 19:10, Peter Tselios via FreeIPA-users
<freeipa-users(a)lists.fedorahosted.org> wrote:
Hello,
I want to create an AWS Load Balancer that will use HTTPS end to end.
I want to use my FreeIPA to generate the certificates for the instances and for the ALB.
My questions:
1. Is it possible to issue a certificate from FreeIPA for the AWS ALB since the later
will not be a FreeIPA client?
If so, how?
2. If I cannot issue a certificate from the FreeIPA, what alternatives do I have?
Generate a CSR from any linux box and just sign it?
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...
12:22 p.m.
New subject: Create Certificate for Load Balancer & end2end HTTPS traffic
Thanks John.
It would be nice to create the certificate from the FreeIPA without any external tool
though :(
P.
1:10 p.m.
New subject: Create Certificate for Load Balancer & end2end HTTPS traffic
Peter Tselios via FreeIPA-users wrote:
Thanks John.
It would be nice to create the certificate from the FreeIPA without any external tool
though :(
A certificate has two keys, a public and a private key.
You need to generate the private key somewhere. It is best practice to
generate the key where it will be used and never transport it. IPA
enforces this by not providing a way for the IPA server to generate the
private key for you.
Look at most every public CA and there is a big text box where you paste
a CSR.
rob
2007
days inactive
2007
days old
freeipa-users@lists.fedorahosted.org
3 comments
3 participants
participants (3)
-
John Keates -
Peter Tselios -
Rob Crittenden