Hello everyone - I’m trying to create a seed file for a follower and and would like to use the load balancer instead of the master address. I use the command below. When I deploy the follower, for some reason it’s still using the master address instead of the load balancer (the /info url still has the master address information and not load balancer). I’m running 12.0. I appreciate any help, thanks!
evoke seed follower my.follower.fqdn my.master-lb.fqdn
Hi @sonny, that is the correct way to override the master address. The only issue I can think of that could cause this for you would be if the address my.master-lb.fqdn was not listed in the subject alt names of your certificate. You should see an error message in that case though, error: Certificate /opt/conjur/etc/ssl/follower-lb-name.pem already exists, but does not contain the names my.master-lb.fqdn.
By default, evoke uses the CN value from the certificate subject as the master address. If you’re using self-signed certs, you could alternatively reissue the cert, but the approach you are using is the correct approach and should be working.
Regards,
Nate
Thanks for the information Nate. I’m using company’s CA and I was able to fix it by generating new certificate for the master load balancer and loading to Conjur. Thanks for the help!