lejeczek wrote:
hi users,

I'd like to ask if it possible to add (after deployment is finished) an
AltSubjectName to fIPA master?

I don't see why not, they are just certs after all. You would need to be careful to get the certmonger tracking right but it should be doable.

I shall say what I'm hoping to achieve - having 3 servers I hope to have
in IPA's DNS a host, A record that will be resolving to three server's
IPs. Like eg. ipa-ca which seems to hold all servers IPs.

I started with:

$ ipa dnsrecord-add private.my.dom.priv linux --a-ip-address
10.5.6.100(which is master's IP)

For what purpose, to make it easier for users to find the IPA server?

but I feel I got of the wrong foot there, I see with ipa command:

ipa: ERROR: cert validation failed for...

((SEC_ERROR_UNTRUSTED_ISSUER) Peer's certificate issuer has been marked
as not trusted by the user.)

I assume you've already played with the certificates? The DNS change you made wouldn't cause this error.

rob

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to