Clarification on the ejbca three level deployment page #454
Unanswered
maxwellchandler
asked this question in
Q&A
Replies: 1 comment
-
|
Yes, the TLS certificate need to be issued with the DNS name of the host you will be talking to, which in this case is the front-end proxy. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
On this page there is the following:
https://github.com/Keyfactor/keyfactorcommunity/tree/main/deployment-examples/docker-engine/ejbca-ce-three-level-architecture
For this example you will need an existing Management CA that has issued a TLS certificate for the front end:
pem/mycahostname-CA.pem
pem/mycahostname.pem
pem/mycahostname-Key.pem
I am wondering is mycahostname-Key.pem and mycahostname.pem a pkcs10 request with the dns of the reverse proxy? What should mycahostname-CA.pem be? Is it the management ca pem file from the existing installation or the pem of the sub ca that signed mycahostname-Key.pem and mycahostname-Key.pem? What exactly IS mycahostname-CA.pem?
Beta Was this translation helpful? Give feedback.
All reactions