Re: [Freeipa-users] Generate wildcard cert with FreeIPA CA
On Wed, 2013-02-27 at 13:54 -0500, Rob Crittenden wrote: > Schweiss, Chip wrote: > > Is it possible to generate a wild card certificate with the FreeIPA CA? > > > > I tried generating a CSR with *.mydomain.local but 'ipa cert-request > > star.mydomain.local.csr --principal=HTTP/*.mydomain.localr --add' > > returns the error: > > > > ipa: ERROR: The service principal for this request doesn't exist. > > > > No problem generating certs for fqdn of systems I have already joined to > > the domain. > > > > Is there anyway around this to generate a wildcard cert for my local domain? > > Not using the IPA interfaces, no. There might be a way to do this by > calling out to the underlying dogtag CA directly but we don't provide > any mechanism to do that. You'd be on your own there. Feel free to open a RFE in our trac instance if you need this functionality. Simo. -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Generate wildcard cert with FreeIPA CA
Schweiss, Chip wrote: Is it possible to generate a wild card certificate with the FreeIPA CA? I tried generating a CSR with *.mydomain.local but 'ipa cert-request star.mydomain.local.csr --principal=HTTP/*.mydomain.localr --add' returns the error: ipa: ERROR: The service principal for this request doesn't exist. No problem generating certs for fqdn of systems I have already joined to the domain. Is there anyway around this to generate a wildcard cert for my local domain? Not using the IPA interfaces, no. There might be a way to do this by calling out to the underlying dogtag CA directly but we don't provide any mechanism to do that. You'd be on your own there. rob ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
[Freeipa-users] Generate wildcard cert with FreeIPA CA
Is it possible to generate a wild card certificate with the FreeIPA CA? I tried generating a CSR with *.mydomain.local but 'ipa cert-request star.mydomain.local.csr --principal=HTTP/*.mydomain.localr --add' returns the error: ipa: ERROR: The service principal for this request doesn't exist. No problem generating certs for fqdn of systems I have already joined to the domain. Is there anyway around this to generate a wildcard cert for my local domain? Thanks! -Chip ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users