Rafał Wądołowski wrote: > Okey, but how can I create certificate for domain intra.example.com? > > I can't create host, because the hostname is required. When I try to add > service, I got output that principal is required.
Like I said, every cert needs to live in a bucket (user, service, etc) so since domain can't fit into one, you can't issue a cert for it. What would it be used for? I'm not sure how meaningful a domain name in a cert is, but it could be a use-case we missed. rob > > > Pozdrawiam, > > Rafał Wądołowski > > On 02/08/17 15:55, Rob Crittenden via FreeIPA-users wrote: >> Rafał Wądołowski via FreeIPA-users wrote: >>> Hi, >>> >>> I have freeipa 4.4 cluster with CN intra.example.com. >>> >>> We developed intranet on this same domain, but I can't create a valid >>> certificate for it. >>> >>> I can't create service, because hostname is required. Is it other way to >>> sign the CSR? >>> >>> What is the good practice for creating https certificates? >>> >> I don't understand the question. >> >> A certificate can only be issued for objects that IPA knows about, a >> service, host or user. >> >> rob >> _______________________________________________ >> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org >> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org > _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org