Fantastic, I knew about the flag, but thought it only worked on hosts. It
works on services too, which solves the problem.
Thank you.
-- Forwarded message --
From: Rob Crittenden rcrit...@redhat.com
Date: Oct 1, 2012 3:23 PM
Subject: Re: [Freeipa-users] Certificates for public facing web sites
To: Simon Williams simon.willi...@thehelpfulcat.com
Cc: freeipa-users@redhat.com
Simon Williams wrote:
Hi
Possibly a bit of a strange requirement, I don't really know! I have a
small business and am using IPA to manage our network. I have migrated
from an LDAP setup with a variety of different certificates lying around
for different applications and find IPA much easier to administer,
despite the fact that it probably overkill for a couple of users using
half a dozen hosts.
I have a few named virtual hosts that provide access to web based
systems from outside the local network, but I do not have sufficient
control over the external domain's DNS to add a subdomain with it's own
DNS. I can add A records and CNAME records to point to the virtual
hosts, but I cannot add NS records to delegate name resolution to my own
DNS. The ISP I use does not allow dynamic DNS updates. I would like to
use FreeIPA to manage the SSL certificates for these virtual hosts using
mod_nss and have already implemented this successfully for virtual hosts
on the local domain, but since I do not control the public domain, I
can't see how to achieve this.
Please forgive me if I am missing something obvious, but I've only been
using FreeIPA for two weeks and it is a testament to it's ease of use
that I have managed to get as far as I have with it in that time unaided!
So the problem is your domain is example.com and is managed by IPA and you
want to create certificates for someothercorp.com?
You should be able to use the --force flag to create a host and create
services/issue certificates from that point.
rob
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
