Hi. I'm trying to use FreeIPA as a certificate authority. My goal is to issue certificates for patroni cluster nodes and postgres user, and use certmonger afterwards for they renewal. While issuing the certificates for hosts is nobrainer I'm having troubles with postgres client certificate.
How would you recommend to approach my issue? I'm confused with HTTP/service abstraction and think that for my case it's impossible, cause I can't have multiple "postgres" services, or multiple postgres aliases (idea is to use postgres SAN name, but I'm not even sure auth will work). I'm also can't have just one postgres user and therefore certificate for every database cluster.
_______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
