Anwar El fatayri wrote:
> *Hello everyone...*
> *
> *
> *I'm trying to request SSL Certificates from my machines (ex :
> vadqualif02) for a specific service (ex : Syslog-ng).*
> *
> *
> *I would like to distinguish  between my client and server certificates
> by changing the DN. The problem is that when I try to do that (see the
> command below), I'm still getting the default DN (CN=hostname).*
> *
> *
> *
> sudo ipa-getcert request -r -f
> /etc/pki/tls/certs/ -k
> /etc/pki/tls/private/ -N
> OU=toto,CN=roro  -K SYSLOG-NG_CLIENT/
> Any ideas ? 

I'm surprised this isn't just being rejected instead.

IPA requires that the CN of the CSR match the host/service being
requested for. It will also drop anything other than CN and replace it
with the subject of the CA (usually O=EXAMPLE.COM).

There is no way around this.


Manage your subscription for the Freeipa-users mailing list:
Go To for more info on the project

Reply via email to