On 09/15/2015 12:35 PM, Brian J. Murrell wrote:
> On Sat, 2015-09-12 at 08:57 -0400, Brian J. Murrell wrote:
>> Due to the bug in mod_nss that prevents SNI from functioning (i.e.
>> limits a port to a single certificate) I need to add SANs
>> (SubjectAltName) to the certificate that freeipa created for the
>> webserver (Server-Cert) so that I can add more virtual hosts to the
>> same Apache instance (yes, I know this is not advised but budgetary
>> constraints are at play here).
>> How do I go about that?  Do I want to resubmit the certificate
>> request
>> with some -D alt.name1 -D alt.name2, etc. parameters as such:
>> # ipa-getcert resubmit -i <Request ID> -D alt.name1 -D alt.name2
>> Is that the correct operation?  If so, is there anything more I need
>> to
>> do after that?
> Nobody knows?  I would have thought that this would be one of the
> easier routines in IPA certificate handling, no?

BTW, there was related thread on freeipa-users in the past, with some links to
related information:


I assume the only change since then is that FreeIPA now supports proper SAN

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to