Fil Di Noto wrote:
> In my imagination, I see IPA for whatever reason comes accross a cert
> it signed in the past and decides it needs to compare the SAN to the
> directory. Then it sees the SAN doesn't have an associated principal
> in the directory. Who does IPA trust? (the directory obviously).
On Tue, Oct 25, 2016 at 11:02:44AM -0700, Fil Di Noto wrote:
> On Mon, Oct 24, 2016 at 9:55 PM, Fraser Tweedale wrote:
> > On Mon, Oct 24, 2016 at 12:30:10AM -0700, Fil Di Noto wrote:
> >> On Sun, Oct 23, 2016 at 9:53 PM, Fraser Tweedale
> >> wrote:
> >> > On Sun, Oct 23, 2016 at 08:37:15PM -070
On Mon, Oct 24, 2016 at 9:55 PM, Fraser Tweedale wrote:
> On Mon, Oct 24, 2016 at 12:30:10AM -0700, Fil Di Noto wrote:
>> On Sun, Oct 23, 2016 at 9:53 PM, Fraser Tweedale wrote:
>> > On Sun, Oct 23, 2016 at 08:37:15PM -0700, Fil Di Noto wrote:
>> >> Hello,
>> >>
>> >>
>> >>
>> >> I would like to
On Tue, 2016-10-25 at 09:02 +0300, Alexander Bokovoy wrote:
> On ti, 25 loka 2016, Fraser Tweedale wrote:
> >On Tue, Oct 25, 2016 at 08:01:59AM +0300, Alexander Bokovoy wrote:
> >> On ti, 25 loka 2016, Fraser Tweedale wrote:
> >> > On Mon, Oct 24, 2016 at 12:30:10AM -0700, Fil Di Noto wrote:
> >> >
On ti, 25 loka 2016, Fraser Tweedale wrote:
On Tue, Oct 25, 2016 at 08:01:59AM +0300, Alexander Bokovoy wrote:
On ti, 25 loka 2016, Fraser Tweedale wrote:
> On Mon, Oct 24, 2016 at 12:30:10AM -0700, Fil Di Noto wrote:
> > On Sun, Oct 23, 2016 at 9:53 PM, Fraser Tweedale
wrote:
> > > On Sun, Oc
On Tue, Oct 25, 2016 at 08:01:59AM +0300, Alexander Bokovoy wrote:
> On ti, 25 loka 2016, Fraser Tweedale wrote:
> > On Mon, Oct 24, 2016 at 12:30:10AM -0700, Fil Di Noto wrote:
> > > On Sun, Oct 23, 2016 at 9:53 PM, Fraser Tweedale
> > > wrote:
> > > > On Sun, Oct 23, 2016 at 08:37:15PM -0700, F
On ti, 25 loka 2016, Fraser Tweedale wrote:
On Mon, Oct 24, 2016 at 12:30:10AM -0700, Fil Di Noto wrote:
On Sun, Oct 23, 2016 at 9:53 PM, Fraser Tweedale wrote:
> On Sun, Oct 23, 2016 at 08:37:15PM -0700, Fil Di Noto wrote:
>> Hello,
>>
>>
>>
>> I would like to better understand why IPA require
On Mon, Oct 24, 2016 at 12:30:10AM -0700, Fil Di Noto wrote:
> On Sun, Oct 23, 2016 at 9:53 PM, Fraser Tweedale wrote:
> > On Sun, Oct 23, 2016 at 08:37:15PM -0700, Fil Di Noto wrote:
> >> Hello,
> >>
> >>
> >>
> >> I would like to better understand why IPA requires SAN (subject alternative
> >> n
On Sun, Oct 23, 2016 at 9:53 PM, Fraser Tweedale wrote:
> On Sun, Oct 23, 2016 at 08:37:15PM -0700, Fil Di Noto wrote:
>> Hello,
>>
>>
>>
>> I would like to better understand why IPA requires SAN (subject alternative
>> name) entries to have a backing host record. In order to sign a certificate
>>
On ma, 24 loka 2016, Fraser Tweedale wrote:
On Sun, Oct 23, 2016 at 08:37:15PM -0700, Fil Di Noto wrote:
Hello,
I would like to better understand why IPA requires SAN (subject alternative
name) entries to have a backing host record. In order to sign a certificate
with a SAN that corresponded
On Sun, Oct 23, 2016 at 08:37:15PM -0700, Fil Di Noto wrote:
> Hello,
>
>
>
> I would like to better understand why IPA requires SAN (subject alternative
> name) entries to have a backing host record. In order to sign a certificate
> with a SAN that corresponded to a user friendly CNAME I had to
Hello,
I would like to better understand why IPA requires SAN (subject alternative
name) entries to have a backing host record. In order to sign a certificate
with a SAN that corresponded to a user friendly CNAME I had to add a host
record (ipa host) for that DNS name (use force option to create
12 matches
Mail list logo