On 09/12/2015 02:57 PM, Brian J. Murrell wrote:
> Due to the bug in mod_nss that prevents SNI from functioning (i.e.
> limits a port to a single certificate) I need to add SANs
> (SubjectAltName) to the certificate that freeipa created for the
> webserver (Server-Cert) so that I can add more virtual hosts to the
> same Apache instance (yes, I know this is not advised but budgetary
> constraints are at play here).
> How do I go about that?  Do I want to resubmit the certificate request
> with some -D alt.name1 -D alt.name2, etc. parameters as such:
> # ipa-getcert resubmit -i <Request ID> -D alt.name1 -D alt.name2
> Is that the correct operation?  If so, is there anything more I need to
> do after that?
> Cheers,
> b.


It is the right way to do it AFAIK, however it would only work with FreeIPA 4.0
or older:


Speaking in RHEL/CentOS versions, this is 7.1 or older.

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to