For Trusted Clusters , can "main" and "east" clusters use different CA for https_key_file and https_cert_file config?

brant · November 15, 2019, 11:40am

Hi, Team,
For Trusted Clusters , can “main” and “east” clusters use different CA for https_key_file and https_cert_file config?

Furthermore, any tips solving this problem?

Our company policy requires to use company owned CA. But it’s not capable of rotating certs automatically, which has to be a yearly manual renewal;
Our “main” cluster placed in AWS EC2 is “under our control”, but “east” clusters are scattered all over different places and “are not under our control” unless been asked to “make any changes”. So it’s not practical to rotate certs for “east” clusters manually.

Thanks!

gus · December 3, 2019, 12:30pm

Yes, absolutely. You can set the https_key_file and https_cert_file completely independently on each Teleport proxy server.

It’s worth noting that this certificate is only used to serve the web-based front end of Teleport - the one listening on port 3080 by default.

system · December 3, 2019, 12:30pm

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.