On 09/12/2015 02:57 PM, Brian J. Murrell wrote: > Due to the bug in mod_nss that prevents SNI from functioning (i.e. > limits a port to a single certificate) I need to add SANs > (SubjectAltName) to the certificate that freeipa created for the > webserver (Server-Cert) so that I can add more virtual hosts to the > same Apache instance (yes, I know this is not advised but budgetary > constraints are at play here). > > How do I go about that? Do I want to resubmit the certificate request > with some -D alt.name1 -D alt.name2, etc. parameters as such: > > # ipa-getcert resubmit -i <Request ID> -D alt.name1 -D alt.name2 > > Is that the correct operation? If so, is there anything more I need to > do after that? > > Cheers, > b.
Hello, It is the right way to do it AFAIK, however it would only work with FreeIPA 4.0 or older: https://fedorahosted.org/freeipa/ticket/3977 Speaking in RHEL/CentOS versions, this is 7.1 or older. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project