On ke, 17 tammi 2018, Callum Guy via FreeIPA-users wrote:
Hi All,

I'm planning to add a subdomain certificate for an internal web service
using FreeIPA CA however in my example I am applying the certificate to an
interim proxy server.

For example I want to sign a certificate for "web.domain.com" and serve it
on host "proxy.domain.com".

Based on what I have learnt from using FreeIPA so far I presume the correct
way to do this is via service principal: HTTP/proxy.domain....@domain.com

When I attempt to create the certificate from my CSR I get the following
error report:

"invalid 'csr': hostname in subject of request 'web.domain.com' does not
match name or aliases of principal 'HTTP/proxy.domain....@domain.com'"

Ii have tried adding aliases to the principal however I haven't been able
to make it work - a lack of understanding I think!

I am sure that I am just doing something wrong and it would be great if
someone could help explain what I should be doing.
See the thread at
https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/message/IO6BSB6K76E5XRM4IQEFJRTIPK6KKXFX/
for details on how to achieve that.

--
/ Alexander Bokovoy
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to