[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Freeipa-users] add SubjectAltName (SAN) to IPA certificate



On Mon, 2015-09-14 at 08:28 +0200, Martin Kosek wrote:
> Hello,

Hi,

> It is the right way to do it AFAIK,

Indeed, no.  It's a hack around the lack of SNI support in mod_nss.

>  however it would only work with FreeIPA 4.0
> or older:
> 
> https://fedorahosted.org/freeipa/ticket/3977

That's right.  I don't even know what the workaround would be for older
than FreeIPA 4.0.  Probably the only choice left there is to run the
additional virtual hosts on a port other than 443.  But that's an even
uglier hack as it's user-facing.

> Speaking in RHEL/CentOS versions, this is 7.1 or older.

My 7.1 has FreeIPA 4.1.

Cheers,
b.

Attachment: signature.asc
Description: This is a digitally signed message part


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]