[Freeipa-users] add SubjectAltName (SAN) to IPA certificate
Martin Kosek
mkosek at redhat.com
Mon Sep 14 06:28:36 UTC 2015
On 09/12/2015 02:57 PM, Brian J. Murrell wrote:
> Due to the bug in mod_nss that prevents SNI from functioning (i.e.
> limits a port to a single certificate) I need to add SANs
> (SubjectAltName) to the certificate that freeipa created for the
> webserver (Server-Cert) so that I can add more virtual hosts to the
> same Apache instance (yes, I know this is not advised but budgetary
> constraints are at play here).
>
> How do I go about that? Do I want to resubmit the certificate request
> with some -D alt.name1 -D alt.name2, etc. parameters as such:
>
> # ipa-getcert resubmit -i <Request ID> -D alt.name1 -D alt.name2
>
> Is that the correct operation? If so, is there anything more I need to
> do after that?
>
> Cheers,
> b.
Hello,
It is the right way to do it AFAIK, however it would only work with FreeIPA 4.0
or older:
https://fedorahosted.org/freeipa/ticket/3977
Speaking in RHEL/CentOS versions, this is 7.1 or older.
More information about the Freeipa-users
mailing list