On ke, 17 tammi 2018, Callum Guy via FreeIPA-users wrote:
I'm planning to add a subdomain certificate for an internal web service
using FreeIPA CA however in my example I am applying the certificate to an
interim proxy server.
For example I want to sign a certificate for "web.domain.com" and serve it
on host "proxy.domain.com".
Based on what I have learnt from using FreeIPA so far I presume the correct
way to do this is via service principal: HTTP/proxy.domain....@domain.com
When I attempt to create the certificate from my CSR I get the following
"invalid 'csr': hostname in subject of request 'web.domain.com' does not
match name or aliases of principal 'HTTP/proxy.domain....@domain.com'"
Ii have tried adding aliases to the principal however I haven't been able
to make it work - a lack of understanding I think!
I am sure that I am just doing something wrong and it would be great if
someone could help explain what I should be doing.
See the thread at
for details on how to achieve that.
/ Alexander Bokovoy
FreeIPA-users mailing list -- email@example.com
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org