Schweiss, Chip wrote:
Is it possible to generate a wild card certificate with the FreeIPA CA?

I tried generating a CSR with *.mydomain.local but 'ipa cert-request
star.mydomain.local.csr --principal=HTTP/*.mydomain.localr --add'
returns the error:

ipa: ERROR: The service principal for this request doesn't exist.

No problem generating certs for fqdn of systems I have already joined to
the domain.

Is there anyway around this to generate a wildcard cert for my local domain?

Not using the IPA interfaces, no. There might be a way to do this by calling out to the underlying dogtag CA directly but we don't provide any mechanism to do that. You'd be on your own there.

rob

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to