Please keep replies on the list.

barry...@gmail.com wrote:
Is it meant that i cannot use def.abc.net <http://def.abc.net> cert for
the host def.abc.com <http://def.abc.com> ???

Correct.

only i can used is same as hostname and domain ...or wildcard *.abc,com ?

For now yes. Eventually we may be able to use SNI to use certificates with multiple names but we aren't there yet.

rob


Thanks



2014-04-11 20:47 GMT+08:00 Rob Crittenden <rcrit...@redhat.com
<mailto:rcrit...@redhat.com>>:

    barry...@gmail.com <mailto:barry...@gmail.com> wrote:

        Dear all:

        I added *.abc.net <http://abc.net> <http://abc.net> cet to
          certutil -d /etc/httpd/alias

        and /etc/dirsrv/slapd-ABC-COM

        But error comes out after when i login the UI of service and
        cick in entry .

        cannot connect to
        'https://cert1.abc.com:443/ca/__agent/ca/displayBySerial
        <https://cert1.abc.com:443/ca/agent/ca/displayBySerial>': [Errno
        -12276]
        (SSL_ERROR_BAD_CERT_DOMAIN) Unable to communicate securely with
        peer:
        requested domain name does not match the server's certificate.


    This is the SSL MITM protection. The subject of the certificate on
    the server needs to match the hostname that the client is requesting.

    You can't just change the domain name of your installation by
    replacing the certificates.

    rob



_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to