Simon Williams wrote:

Possibly a bit of a strange requirement, I don't really know!  I have a
small business and am using IPA to manage our network.  I have migrated
from an LDAP setup with a variety of different certificates lying around
for different applications and find IPA much easier to administer,
despite the fact that it probably overkill for a couple of users using
half a dozen hosts.

I have a few named virtual hosts that provide access to web based
systems from outside the local network, but I do not have sufficient
control over the external domain's DNS to add a subdomain with it's own
DNS.  I can add A records and CNAME records to point to the virtual
hosts, but I cannot add NS records to delegate name resolution to my own
DNS.  The ISP I use does not allow dynamic DNS updates.  I would like to
use FreeIPA to manage the SSL certificates for these virtual hosts using
mod_nss and have already implemented this successfully for virtual hosts
on the local domain, but since I do not control the public domain, I
can't see how to achieve this.

Please forgive me if I am missing something obvious, but I've only been
using FreeIPA for two weeks and it is a testament to it's ease of use
that I have managed to get as far as I have with it in that time unaided!

So the problem is your domain is and is managed by IPA and you want to create certificates for

You should be able to use the --force flag to create a host and create services/issue certificates from that point.


Freeipa-users mailing list

Reply via email to