[Freeipa-users] Re: Host vs. service certificates

Rob Foehl via FreeIPA-users Mon, 03 Dec 2018 22:49:56 -0800

On Tue, 4 Dec 2018, Fraser Tweedale wrote:

No significant differences for most use cases.  If using only host
principals works for you, go ahead.


Probably should've tried it first...  A request like this:

ipa-getcert request -f cert -k key -D test.example.com -w

fails with "The IPA backend requires the use of the -K option (principalname) when the -N option (subject name) is used.", which appears to beactually due to the use of -D to set subjectAltName.


Is the service principal necessary just to satisfy this requirement?

-Rob
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org

[Freeipa-users] Re: Host vs. service certificates

Reply via email to