Dear list,

one of my IPA masters (, IPA 4.5) runs a Dokuwiki and a DAViCal instance besides IPA. DNS is external (not managed by IPA) and I asked the DNS admin to create CNAMEs and that point to

That works, but my users get browser warnings "SSL_ERROR_BAD_CERT_DOMAIN" upon first connect via the CNAMEs and have to allow exceptions. Unbeautiful.

Therefore, I force-created dummy hosts in IPA and let them be managed by

$ ipa host-add --force
$ ipa service-add HTTP/ --force
$ ipa service-add-host HTTP/ --host

If i would revoke the certificate for HTTP/ now (didn't dare yet), will a new certificate be created that contains as X509v3 Subject Alternative Name? It probably isn't that easy, right?

Mit freundlichen Gruessen/With best regards,

FreeIPA-users mailing list --
To unsubscribe send an email to

Reply via email to