On Tue, 4 Dec 2018, Fraser Tweedale wrote:
No significant differences for most use cases. If using only host
principals works for you, go ahead.
Probably should've tried it first... A request like this:
ipa-getcert request -f cert -k key -D test.example.com -w
fails with "The IPA backend requires the use of the -K option (principal
name) when the -N option (subject name) is used.", which appears to be
actually due to the use of -D to set subjectAltName.
Is the service principal necessary just to satisfy this requirement?
-Rob
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org