On Tue, 27 Jan 2015, Craig White wrote:
$ rpm -q ipa-server

I tend to revert to openssl as I have some familiarity with it.

ipa service-add HTTP/p1nxut01.stt.local

excellent except we wanted human friendly certificates/SSL

So I created a one-off openssl.cnf file with subjectAltName configured and 
generated csr and key files...
grep subjectAltName openssl.cnf
openssl req -new -config /etc/ssl/openssl.cnf -out p1nxut01.csr -keyout 

and then passed them on to IPA for signing...
ipa cert-request p1nxut01.csr --principal 
and it was reported serial #44

so I retrieved the certificate...
ipa cert-show 44 --out=/etc/ssl/p1nxut01.stt.local.crt

openssl x509 -in p1nxut01.stt.local.crt -noout -text

but no subjectAltNames are listed  :-(

can someone hit me with a cluestick?
Yes, this is not supported in 3.0.0.
We implemented support for it in 4.1, see

/ Alexander Bokovoy

Manage your subscription for the Freeipa-users mailing list:
Go To http://freeipa.org for more info on the project

Reply via email to