Due to the bug in mod_nss that prevents SNI from functioning (i.e.
limits a port to a single certificate) I need to add SANs
(SubjectAltName) to the certificate that freeipa created for the
webserver (Server-Cert) so that I can add more virtual hosts to the
same Apache instance (yes, I know this is not advised but budgetary
constraints are at play here).

How do I go about that?  Do I want to resubmit the certificate request
with some -D alt.name1 -D alt.name2, etc. parameters as such:

# ipa-getcert resubmit -i <Request ID> -D alt.name1 -D alt.name2

Is that the correct operation?  If so, is there anything more I need to
do after that?


Attachment: signature.asc
Description: This is a digitally signed message part

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to