<div dir="ltr">Hi,<div><br></div><div>I have a ipa.my.lan and a cname gitserver.my.lan pointing to ipa.my.lan<br><div><br></div><div>I recently started to get nss error "SSL peer has no certificate for the requested DNS name." when I'm accesing my <a href="https://gitserver.my.lan">https://gitserver.my.lan</a></div><div><br></div><div>Previously this worked fine if I had set "<span style="color:rgb(0,0,0);font-family:Times">git config --global http.sslVerify false" according to </span></div><div><font color="#000000" face="Times"><a href="https://www.redhat.com/archives/freeipa-users/2015-November/msg00213.html">https://www.redhat.com/archives/freeipa-users/2015-November/msg00213.html</a></font><br></div><div><font color="#000000" face="Times"><br></font></div><div><font color="#000000" face="Times">Now I tried to solve this by adding a SubjectAltName to the HTTP/ipa.my.lan certitficate like this:</font></div><div><font color="#000000" face="Times"><br></font></div><div>
<p class=""><span class="">status: MONITORING<br></span>stuck: no<br>key pair storage: type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cert',token='NSS Certificate DB',pinfile='/etc/httpd/alias/pwdfile.txt'<br>certificate: type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cert',token='NSS Certificate DB'<br>CA: IPA<br>issuer: CN=Certificate Authority,O=MY.LAN<br>subject: CN=ipa.my.lan,O=MY.LAN<br>expires: 2018-02-06 19:24:52 UTC<br>dns: gitserver.my.lan,ipa.my.lan<br>principal name: http/ipa.my.lan@MY.LAN<br>key usage: digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment<br>eku: id-kp-serverAuth,id-kp-clientAuth<br>pre-save command: <br>post-save command: /usr/lib64/ipa/certmonger/restart_httpd<br>track: yes<br>auto-renew: yes</p><p class="">But I still get the below error: <br></p><p class=""><span class="">* NSS error -12182 (SSL_ERROR_UNRECOGNIZED_NAME_ALERT)<br></span>* SSL peer has no certificate for the requested DNS name</p><p class=""><br></p><p class="">Any ideas why?</p><p class="">-- john</p></div>
</div></div>