Fantastic, I knew about the flag, but thought it only worked on hosts. It
works on services too, which solves the problem.

Thank you.
---------- Forwarded message ----------
From: "Rob Crittenden" <>
Date: Oct 1, 2012 3:23 PM
Subject: Re: [Freeipa-users] Certificates for public facing web sites
To: "Simon Williams" <>
Cc: <>

Simon Williams wrote:

> Hi
> Possibly a bit of a strange requirement, I don't really know!  I have a
> small business and am using IPA to manage our network.  I have migrated
> from an LDAP setup with a variety of different certificates lying around
> for different applications and find IPA much easier to administer,
> despite the fact that it probably overkill for a couple of users using
> half a dozen hosts.
> I have a few named virtual hosts that provide access to web based
> systems from outside the local network, but I do not have sufficient
> control over the external domain's DNS to add a subdomain with it's own
> DNS.  I can add A records and CNAME records to point to the virtual
> hosts, but I cannot add NS records to delegate name resolution to my own
> DNS.  The ISP I use does not allow dynamic DNS updates.  I would like to
> use FreeIPA to manage the SSL certificates for these virtual hosts using
> mod_nss and have already implemented this successfully for virtual hosts
> on the local domain, but since I do not control the public domain, I
> can't see how to achieve this.
> Please forgive me if I am missing something obvious, but I've only been
> using FreeIPA for two weeks and it is a testament to it's ease of use
> that I have managed to get as far as I have with it in that time unaided!

So the problem is your domain is and is managed by IPA and you
want to create certificates for

You should be able to use the --force flag to create a host and create
services/issue certificates from that point.

Freeipa-users mailing list

Reply via email to