[Freeipa-users] add SubjectAltName (SAN) to IPA certificate
Brian J. Murrell
brian at interlinx.bc.ca
Mon Sep 14 11:05:16 UTC 2015
On Mon, 2015-09-14 at 08:28 +0200, Martin Kosek wrote:
> Hello,
Hi,
> It is the right way to do it AFAIK,
Indeed, no. It's a hack around the lack of SNI support in mod_nss.
> however it would only work with FreeIPA 4.0
> or older:
>
> https://fedorahosted.org/freeipa/ticket/3977
That's right. I don't even know what the workaround would be for older
than FreeIPA 4.0. Probably the only choice left there is to run the
additional virtual hosts on a port other than 443. But that's an even
uglier hack as it's user-facing.
> Speaking in RHEL/CentOS versions, this is 7.1 or older.
My 7.1 has FreeIPA 4.1.
Cheers,
b.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150914/d49561d5/attachment.sig>
More information about the Freeipa-users
mailing list