[Freeipa-users] Fwd: Re: Certificates for public facing web sites
Simon Williams
simon.williams at thehelpfulcat.com
Mon Oct 1 22:31:10 UTC 2012
Fantastic, I knew about the flag, but thought it only worked on hosts. It
works on services too, which solves the problem.
Thank you.
---------- Forwarded message ----------
From: "Rob Crittenden" <rcritten at redhat.com>
Date: Oct 1, 2012 3:23 PM
Subject: Re: [Freeipa-users] Certificates for public facing web sites
To: "Simon Williams" <simon.williams at thehelpfulcat.com>
Cc: <freeipa-users at redhat.com>
Simon Williams wrote:
> Hi
>
> Possibly a bit of a strange requirement, I don't really know! I have a
> small business and am using IPA to manage our network. I have migrated
> from an LDAP setup with a variety of different certificates lying around
> for different applications and find IPA much easier to administer,
> despite the fact that it probably overkill for a couple of users using
> half a dozen hosts.
>
> I have a few named virtual hosts that provide access to web based
> systems from outside the local network, but I do not have sufficient
> control over the external domain's DNS to add a subdomain with it's own
> DNS. I can add A records and CNAME records to point to the virtual
> hosts, but I cannot add NS records to delegate name resolution to my own
> DNS. The ISP I use does not allow dynamic DNS updates. I would like to
> use FreeIPA to manage the SSL certificates for these virtual hosts using
> mod_nss and have already implemented this successfully for virtual hosts
> on the local domain, but since I do not control the public domain, I
> can't see how to achieve this.
>
> Please forgive me if I am missing something obvious, but I've only been
> using FreeIPA for two weeks and it is a testament to it's ease of use
> that I have managed to get as far as I have with it in that time unaided!
>
So the problem is your domain is example.com and is managed by IPA and you
want to create certificates for someothercorp.com?
You should be able to use the --force flag to create a host and create
services/issue certificates from that point.
rob
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20121001/c70742ec/attachment.htm>
More information about the Freeipa-users
mailing list