Thomas Boroske via FreeIPA-users wrote: > Flo always solves my IPA problems, even with a 4 year old answer :-) > > Thanks again for that. > > For people searching this later: The problem can be fixed using: > > $ getcert list -f /var/kerberos/krb5kdc/kdc.crt > (note the request Id) > $ getcert resubmit -i <request id> > $ getcert list -i <request id> > > After that, the kdc.crt is a new one, and this one contains the Subject > Alternative Name field. > > And web logins immediately work again. >
To throw in a little certmonger tip, you can do it all in one step: # getcert resubmit -f /var/kerberos/krb5kdc/kdc.crt -v -w resubmit and list can take more or less the same options. -v is verbose mode and will display the states of the request. -w will wait for it to pass or fail. rob -- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
