On 5/12/21 4:06 PM, Ian Pilcher wrote:
I am getting an odd error when trying to issue a certificate with an IP
address in its SAN. I am using IPA 4.6.8 on RHEL 7.9, so it's a bit
old, but it should work, AFAIK.
This was a user error. I had the wrong object type for the IP address
in the SAN in the CSR.
Certificate Request:
Data:
Version: 0 (0x0)
Subject: CN=node01-idrac.pemlab.rdu2.redhat.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
⋮
Exponent: 65537 (0x10001)
Attributes:
Requested Extensions:
X509v3 Subject Alternative Name:
DNS:node01-idrac.pemlab.rdu2.redhat.com,
DNS:node01-idrac, DNS:10.11.173.11
^^^
It needs to be IP:10.11.173.11.
--
========================================================================
Ian Pilcher arequip...@gmail.com
-------- "I grew up before Mark Zuckerberg invented friendship" --------
========================================================================
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
