On 06/07/16 13:57, Rob Crittenden wrote:
lejeczek wrote:
hi users,
I'd like to ask if it possible to add (after deployment
is finished) an
AltSubjectName to fIPA master?
I don't see why not, they are just certs after all. You
would need to be careful to get the certmonger tracking
right but it should be doable.
I shall say what I'm hoping to achieve - having 3 servers
I hope to have
in IPA's DNS a host, A record that will be resolving to
three server's
IPs. Like eg. ipa-ca which seems to hold all servers IPs.
I started with:
$ ipa dnsrecord-add private.my.dom.priv linux --a-ip-address
10.5.6.100(which is master's IP)
For what purpose, to make it easier for users to find the
IPA server?
not, IPA, simplest thing I'd like have to use same apache
IPA on all serves use - a local yum repos to be served
from/via dns roundrobin.
but I feel I got of the wrong foot there, I see with ipa
command:
ipa: ERROR: cert validation failed for...
((SEC_ERROR_UNTRUSTED_ISSUER) Peer's certificate issuer
has been marked
as not trusted by the user.)
I assume you've already played with the certificates? The
DNS change you made wouldn't cause this error.
no, actually I have not, I did not add a host nor a service
nor a cert, there is no trace of "linux" anywhere, only dns
A record - to get rid of the error I have to remove that new
host & restart IPA.
rob
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
