Dear list,
one of my IPA masters (master.example.com, IPA 4.5) runs a Dokuwiki and a
DAViCal instance besides IPA. DNS is external (not managed by IPA) and I
asked the DNS admin to create CNAMEs wiki.example.com and cal.example.com
that point to master.example.com).
That works, but my users get browser warnings "SSL_ERROR_BAD_CERT_DOMAIN"
upon first connect via the CNAMEs and have to allow exceptions.
Unbeautiful.
Therefore, I force-created dummy hosts in IPA and let them be managed by
master.example.com:
$ ipa host-add wiki.example.com --force
$ ipa service-add HTTP/wiki.example.com --force
$ ipa service-add-host HTTP/wiki.example.com --host master.example.com
If i would revoke the certificate for HTTP/master.example.com now (didn't
dare yet), will a new certificate be created that contains
wiki.example.com as X509v3 Subject Alternative Name? It probably isn't
that easy, right?
Mit freundlichen Gruessen/With best regards,
--Daniel.
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org