Alessandro De Maria wrote:
Hello,
I am running the following command to create a certificate for etcd
ipa-getcert", "request", "-w", "-r", "-f", "/etc/etcd/ssl/server.crt",
"-k", "/etc/etcd/ssl/server.key", "-N", "CN=dock07.prod.zzzzzz", "-D",
"dock07.prod.zzzz", "-A", "10.0.1.67", "-K", "etcd/dock07.prod.zzzz"
ca-error: Server at https://id1.prod.zzzzzz/ipa/xml denied our
request, giving up: 2100 (RPC failed at server. Insufficient
access: Subject alt name type IP Address is forbidden).
I believe FreeIPA does not currently support IPs as the SAN of a
certificate.
Is this still the case? is there a workaroud?
Still the case (and not likely to change AFAIK) and the only workaround
is in code.
rob
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project