Dear list,

one of my IPA masters (master.example.com, IPA 4.5) runs a Dokuwiki and a DAViCal instance besides IPA. DNS is external (not managed by IPA) and I asked the DNS admin to create CNAMEs wiki.example.com and cal.example.com that point to master.example.com).


That works, but my users get browser warnings "SSL_ERROR_BAD_CERT_DOMAIN" upon first connect via the CNAMEs and have to allow exceptions. Unbeautiful.

Therefore, I force-created dummy hosts in IPA and let them be managed by master.example.com:

$ ipa host-add wiki.example.com --force
$ ipa service-add HTTP/wiki.example.com --force
$ ipa service-add-host HTTP/wiki.example.com --host master.example.com

If i would revoke the certificate for HTTP/master.example.com now (didn't dare yet), will a new certificate be created that contains wiki.example.com as X509v3 Subject Alternative Name? It probably isn't that easy, right?


Mit freundlichen Gruessen/With best regards,

--Daniel.
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to