Anwar El fatayri wrote: > *Hello everyone...* > * > * > *I'm trying to request SSL Certificates from my machines (ex : > vadqualif02) for a specific service (ex : Syslog-ng).* > * > * > *I would like to distinguish between my client and server certificates > by changing the DN. The problem is that when I try to do that (see the > command below), I'm still getting the default DN (CN=hostname).* > * > * > * > sudo ipa-getcert request -r -f > /etc/pki/tls/certs/syslog-ng_vadqualif02.lbg.office.lyra.crt -k > /etc/pki/tls/private/syslog-ng_vadqualif02.lbg.office.lyra.key -N > OU=toto,CN=roro -K SYSLOG-NG_CLIENT/vadqualif02.lbg.office.l...@office.lyra > > Any ideas ?
I'm surprised this isn't just being rejected instead. IPA requires that the CN of the CSR match the host/service being requested for. It will also drop anything other than CN and replace it with the subject of the CA (usually O=EXAMPLE.COM). There is no way around this. rob -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project