On ti, 23 touko 2017, Jake via FreeIPA-users wrote:
Hey All,
I think this is fixed in 4.4.2 but since we use centos upstream we are
limited to 4.4.0, is there a way to manually re-issue the SSL
Certificates used for apache on the IPA masters for the web interface
to include the DNS Names as Subject Alternative Names?
https://access.redhat.com/solutions/3027401

Basically,

 # getcert list -d /etc/httpd/alias -n "Server-Cert"
  ... output ...

 # getcert resubmit -i <ID> -D `hostname -f`

where <ID> is the request ID from the output of 'getcert list'.

Perform this on all IPA masters.

See man page for getcert-resubmit for details on what SAN extensions
could be added.

--
/ Alexander Bokovoy
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to