[Freeipa-users] add a cert of .net insetad of .com error ?
Rob Crittenden
rcritten at redhat.com
Mon Apr 14 13:37:22 UTC 2014
Please keep replies on the list.
barrykfl at gmail.com wrote:
> Is it meant that i cannot use def.abc.net <http://def.abc.net> cert for
> the host def.abc.com <http://def.abc.com> ???
Correct.
> only i can used is same as hostname and domain ...or wildcard *.abc,com ?
For now yes. Eventually we may be able to use SNI to use certificates
with multiple names but we aren't there yet.
rob
>
> Thanks
>
>
>
> 2014-04-11 20:47 GMT+08:00 Rob Crittenden <rcritten at redhat.com
> <mailto:rcritten at redhat.com>>:
>
> barrykfl at gmail.com <mailto:barrykfl at gmail.com> wrote:
>
> Dear all:
>
> I added *.abc.net <http://abc.net> <http://abc.net> cet to
> certutil -d /etc/httpd/alias
>
> and /etc/dirsrv/slapd-ABC-COM
>
> But error comes out after when i login the UI of service and
> cick in entry .
>
> cannot connect to
> 'https://cert1.abc.com:443/ca/__agent/ca/displayBySerial
> <https://cert1.abc.com:443/ca/agent/ca/displayBySerial>': [Errno
> -12276]
> (SSL_ERROR_BAD_CERT_DOMAIN) Unable to communicate securely with
> peer:
> requested domain name does not match the server's certificate.
>
>
> This is the SSL MITM protection. The subject of the certificate on
> the server needs to match the hostname that the client is requesting.
>
> You can't just change the domain name of your installation by
> replacing the certificates.
>
> rob
>
>
More information about the Freeipa-users
mailing list