Jake via FreeIPA-users wrote:
> Worked! Thanks!
> 
> I Suppose there isn't a way to get the output of getcert as JSON/object? I 
> would prefer to do this with ansible =)

Not at the moment, just human-readable. You could file an RFE on the
certmonger pagure site.

> 
> Also, "sudo systemctl restart httpd" post renewal (looks like the hooks 
> aren't configured for the cert renewal to restart dependent services.)

This isn't renewal, it's a new cert.

IPA does configure restart for its services on renewal.

rob

> 
> ----- Original Message -----
> From: "Alexander Bokovoy" <aboko...@redhat.com>
> To: "Jake" <em...@ml.jacobdevans.com>, "freeipa-users" 
> <freeipa-users@lists.fedorahosted.org>
> Sent: Tuesday, May 23, 2017 2:20:06 PM
> Subject: Re: [Freeipa-users] Chrome 58 - CN for IPA management console to 
> include SANs
> 
> On ti, 23 touko 2017, Jake via FreeIPA-users wrote:
>> Hey All,
>> I think this is fixed in 4.4.2 but since we use centos upstream we are
>> limited to 4.4.0, is there a way to manually re-issue the SSL
>> Certificates used for apache on the IPA masters for the web interface
>> to include the DNS Names as Subject Alternative Names?
> https://access.redhat.com/solutions/3027401
> 
> Basically,
> 
>   # getcert list -d /etc/httpd/alias -n "Server-Cert"
>    ... output ...
> 
>   # getcert resubmit -i <ID> -D `hostname -f`
> 
> where <ID> is the request ID from the output of 'getcert list'.
> 
> Perform this on all IPA masters.
> 
> See man page for getcert-resubmit for details on what SAN extensions
> could be added.
> 
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to