For Trusted Clusters , can "main" and "east" clusters use different CA for https_key_file and https_cert_file config?

Hi, Team,
For Trusted Clusters , can “main” and “east” clusters use different CA for https_key_file and https_cert_file config?

Furthermore, any tips solving this problem?

  1. Our company policy requires to use company owned CA. But it’s not capable of rotating certs automatically, which has to be a yearly manual renewal;
  2. Our “main” cluster placed in AWS EC2 is “under our control”, but “east” clusters are scattered all over different places and “are not under our control” unless been asked to “make any changes”. So it’s not practical to rotate certs for “east” clusters manually.

Thanks!

Yes, absolutely. You can set the https_key_file and https_cert_file completely independently on each Teleport proxy server.

It’s worth noting that this certificate is only used to serve the web-based front end of Teleport - the one listening on port 3080 by default.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.