I'd like to ask if it possible to add (after deployment is finished) an
AltSubjectName to fIPA master?
I don't see why not, they are just certs after all. You would need to be
careful to get the certmonger tracking right but it should be doable.
I shall say what I'm hoping to achieve - having 3 servers I hope to have
in IPA's DNS a host, A record that will be resolving to three server's
IPs. Like eg. ipa-ca which seems to hold all servers IPs.
I started with:
$ ipa dnsrecord-add private.my.dom.priv linux --a-ip-address
10.5.6.100(which is master's IP)
For what purpose, to make it easier for users to find the IPA server?
but I feel I got of the wrong foot there, I see with ipa command:
ipa: ERROR: cert validation failed for...
((SEC_ERROR_UNTRUSTED_ISSUER) Peer's certificate issuer has been marked
as not trusted by the user.)
I assume you've already played with the certificates? The DNS change you
made wouldn't cause this error.
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project