We have host which is registered and have http service with one domain e.g. xyz.intra.example.com.
But we want to add another site with domain intra.example.com, and we need to enroll certificate for that domain, but we can't because the hostname of these host is xyz.intra.example.com. Is it possible to force client service with specified domain? and create certificate for it? BR, Rafał On 03/08/17 16:03, Rob Crittenden via FreeIPA-users wrote: > Rafał Wądołowski wrote: >> Okey, but how can I create certificate for domain intra.example.com? >> >> I can't create host, because the hostname is required. When I try to add >> service, I got output that principal is required. > Like I said, every cert needs to live in a bucket (user, service, etc) > so since domain can't fit into one, you can't issue a cert for it. > > What would it be used for? I'm not sure how meaningful a domain name in > a cert is, but it could be a use-case we missed. > > rob > >> >> Pozdrawiam, >> >> Rafał Wądołowski >> >> On 02/08/17 15:55, Rob Crittenden via FreeIPA-users wrote: >>> Rafał Wądołowski via FreeIPA-users wrote: >>>> Hi, >>>> >>>> I have freeipa 4.4 cluster with CN intra.example.com. >>>> >>>> We developed intranet on this same domain, but I can't create a valid >>>> certificate for it. >>>> >>>> I can't create service, because hostname is required. Is it other way to >>>> sign the CSR? >>>> >>>> What is the good practice for creating https certificates? >>>> >>> I don't understand the question. >>> >>> A certificate can only be issued for objects that IPA knows about, a >>> service, host or user. >>> >>> rob >>> _______________________________________________ >>> FreeIPA-users mailing list -- email@example.com >>> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org > _______________________________________________ > FreeIPA-users mailing list -- firstname.lastname@example.org > To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org _______________________________________________ FreeIPA-users mailing list -- email@example.com To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org