[Freeipa-users] Sign certificates with subjectAltName
Craig White
CWhite at skytouchtechnology.com
Tue Jan 27 20:49:36 UTC 2015
$ rpm -q ipa-server
ipa-server-3.0.0-42.el6.x86_64
I tend to revert to openssl as I have some familiarity with it.
ipa service-add HTTP/p1nxut01.stt.local
excellent except we wanted human friendly certificates/SSL
So I created a one-off openssl.cnf file with subjectAltName configured and generated csr and key files...
grep subjectAltName openssl.cnf
subjectAltName="nexus.stt.local"
openssl req -new -config /etc/ssl/openssl.cnf -out p1nxut01.csr -keyout p1nxut01.key
and then passed them on to IPA for signing...
ipa cert-request p1nxut01.csr --principal host/p1nxut01.stt.local at STT.LOCAL<mailto:host/p1nxut01.stt.local at STT.LOCAL>
and it was reported serial #44
so I retrieved the certificate...
ipa cert-show 44 --out=/etc/ssl/p1nxut01.stt.local.crt
openssl x509 -in p1nxut01.stt.local.crt -noout -text
but no subjectAltNames are listed :-(
can someone hit me with a cluestick?
Craig White
System Administrator
O 623-201-8179 M 602-377-9752
[cid:image001.png at 01CF86FE.42D51630]
SkyTouch Technology 4225 E. Windrose Dr. Phoenix, AZ 85032
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150127/4f53aa0e/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 7660 bytes
Desc: image001.png
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150127/4f53aa0e/attachment.png>
More information about the Freeipa-users
mailing list