I have a couple of RHEL server "clusters" - I'd call these loosely-coupled; they run artifactory and artifactory itself binds them together, rather than being coupled at an OS level - which have had new TLS certs issued by our internal CA (these are internally-facing but still use TLS). One cluster is in our "prod" domain with the other in "devtest" - as is pretty typical for these kinds of things.
We recently had some changes and certificates were invalid and so on. I have successfully installed the new root and intermediate certificates (using update-ca-trust). Part of this process had me restart the nginx service so I assume this plays some role as well.
I have new SAN certs intended to allow the clusters to work behind a load-balancer. This load-balancer does no TSL work at all. It's setup correctly and totally out of my control.
My question, and this has been very difficult for me to find an answer to, hence the question, is how do I install the SAN certificate? I have a the key and the cert, etc ...
The confounding element of this process is that all traffic in and out of the domains my servers are running on pass through a proxy. This proxy actually re-certifies the server's certificate so that it matches the correct chain of trust. Does the same cert/process get repeated on each server in the "cluster"?
To my mind, this means the certificate chain might be unnecessary. I also don't know how to create that chain, since I didn't get a chain with the new cert (but I do have a new root and intermediate certificate, as mentioned earlier)
To make matters a bit more constrained, I have no control over anything except the process of installing the certs.
Any assistance would be greatly appreciated.
