Alessandro De Maria wrote:

I am running the following command to create a certificate for etcd

ipa-getcert", "request", "-w", "-r", "-f", "/etc/etcd/ssl/server.crt",
"-k", "/etc/etcd/ssl/server.key", "-N", "", "-D",
"", "-A", "", "-K", "etcd/"

    ca-error: Server at denied our
    request, giving up: 2100 (RPC failed at server.  Insufficient
    access: Subject alt name type IP Address is forbidden).

I believe FreeIPA does not currently support IPs as the SAN of a

Is this still the case? is there a workaroud?

Still the case (and not likely to change AFAIK) and the only workaround is in code.


Manage your subscription for the Freeipa-users mailing list:
Go to for more info on the project

Reply via email to