[Freeipa-users] add SubjectAltName (SAN) to IPA certificate
Brian J. Murrell
brian at interlinx.bc.ca
Sat Sep 12 12:57:59 UTC 2015
Due to the bug in mod_nss that prevents SNI from functioning (i.e.
limits a port to a single certificate) I need to add SANs
(SubjectAltName) to the certificate that freeipa created for the
webserver (Server-Cert) so that I can add more virtual hosts to the
same Apache instance (yes, I know this is not advised but budgetary
constraints are at play here).
How do I go about that? Do I want to resubmit the certificate request
with some -D alt.name1 -D alt.name2, etc. parameters as such:
# ipa-getcert resubmit -i <Request ID> -D alt.name1 -D alt.name2
Is that the correct operation? If so, is there anything more I need to
do after that?
Cheers,
b.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150912/04480a97/attachment.sig>
More information about the Freeipa-users
mailing list