Bret Wortman via FreeIPA-users wrote: > When I try adding it as an alt name: > > # certutil -R -d . -a -g 2048 -s "cn=elastic.our.net,o=our.net" \ > -8 > elastic.our.net,\*.elastic.our.net,zsece01.our.net,zsece02.our.net,zsece03.our.net > \ >> elastic.our.net.csr > # ipa cert-request elastic.our.net.csr --principal host/elastic.our.net > --profile wildcard > ipa: ERROR: The service principal for subject alt name *.elastic.spx.net in > certificate request does not exist > > I'm not sure how to add a wildcard host principal... >
I think that like using a profile to reset the CN in the subject you'd need to add the wildcard as a SAN in a profile. I don't know whether that is possible or not. IPA won't issue certificates for things it doesn't know about. rob _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
