Posted on 08-11-2023 05:10 AM
I have two connectors, primary and failover that are load balaced. The secondary is set up with the same server and client certs as the primary and they sit behind an F5. The both work individually thanks to input from @bradtchapman
I'd like to fire as many CA requests as I can to ensuring timing works. Is Postman the best option? It's unrealistic to set a computer up and have it attempt to grab the cert. I don't have access to the CA.
How can I send multiple requests to the connector to ensure functionality?
Posted on 08-14-2023 05:13 AM
Your best option is to scope to several devices, and make a work flow to loop the configuration profile. For example, make a smart group that look for the cert and exempts the device from the configuration profile that installs the cert. Then target the configuration profile at devices without the cert. This will cause JAMF to automatically install and remove the configuration profile, which should generate a lot of certificate requests. However, don't forget to revoke all the extra certificates you are issuing for your test.
Posted on 08-14-2023 06:33 AM
@AJPinto Wouldn't this depend on whether the CA will reissue a certificate to the same device twice? I don't have access to the CA to revoke anything.
Posted on 03-04-2024 04:27 AM
A bit late to the party, however how do you set-up a failover AD CS server sitting behind a load balancer? I suppose you need to export the certs from one server and import on the other? And when you run the deploy script on the failover server make sure none are created?
Posted on 03-18-2024 06:36 AM
@MMTechno The load balancer has a priority level for each box. If one doesn't respond to the check, the F5 fails over the the second. As long as you have the server cert generated by the installer script - installed to the second server (instead of the one it generates), you'll be good. Support article: Use an alternate Server Certificate