Thanks, I saw that ticket but didn't got to the wiki part yet.
What I wonder in Step 6:
6. Request a signed certificate for the service and see the entry in
Certmonger. In case you created a NSS database with a PIN (see the
step 3.), use -P $PIN or -p /etc/httpd/nssdb/pwdfile.txt option to
tell certmonger about it: # ipa-getcert request -d /etc/httpd/nssdb -n
Server-Cert -K HTTP/`hostname` -N CN=`hostname`,O=EXAMPLE.COM -g 2048
SAN names: in FreeIPA 4.0 and later, you can add optional SAN DNS
names to your request with -D. Note that you need to first create
respective host or service objects and configure that given host can
manage them with service-add-host or host-add-managedby command. These
objects are being verified when FreeIPA cert-req command authorizes
the SAN names.
Can I just add the alt names in that command, how should I proceed ? I
added the host like
ldap.domain... where my ldap servers are ldap-01 and ldap-02
2015-03-06 14:08 GMT+01:00 Martin Kosek <mko...@redhat.com>:
> On 03/06/2015 01:30 PM, Matt . wrote:
>> I'm figuring out how to regenerate the webserver certificates so I can
>> use a loadbalancer in front of my ipa servers.
>> I see in the docs there is information about this, but not for the
>> webservice. Does anyone have some directions ?
> Certificate SubjectAltName was fixed in FreeIPA 4.0, this is the upstream
> The procedure is described in upstream wiki for example:
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project