Please keep replies on the list. [email protected] wrote:
Is it meant that i cannot use def.abc.net <http://def.abc.net> cert for the host def.abc.com <http://def.abc.com> ???
Correct.
only i can used is same as hostname and domain ...or wildcard *.abc,com ?
For now yes. Eventually we may be able to use SNI to use certificates with multiple names but we aren't there yet.
rob
Thanks 2014-04-11 20:47 GMT+08:00 Rob Crittenden <[email protected] <mailto:[email protected]>>: [email protected] <mailto:[email protected]> wrote: Dear all: I added *.abc.net <http://abc.net> <http://abc.net> cet to certutil -d /etc/httpd/alias and /etc/dirsrv/slapd-ABC-COM But error comes out after when i login the UI of service and cick in entry . cannot connect to 'https://cert1.abc.com:443/ca/__agent/ca/displayBySerial <https://cert1.abc.com:443/ca/agent/ca/displayBySerial>': [Errno -12276] (SSL_ERROR_BAD_CERT_DOMAIN) Unable to communicate securely with peer: requested domain name does not match the server's certificate. This is the SSL MITM protection. The subject of the certificate on the server needs to match the hostname that the client is requesting. You can't just change the domain name of your installation by replacing the certificates. rob
_______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
