[Freeipa-users] add SubjectAltName (SAN) to IPA certificate
Brian J. Murrell
brian at interlinx.bc.ca
Tue Sep 15 10:35:40 UTC 2015
On Sat, 2015-09-12 at 08:57 -0400, Brian J. Murrell wrote:
> Due to the bug in mod_nss that prevents SNI from functioning (i.e.
> limits a port to a single certificate) I need to add SANs
> (SubjectAltName) to the certificate that freeipa created for the
> webserver (Server-Cert) so that I can add more virtual hosts to the
> same Apache instance (yes, I know this is not advised but budgetary
> constraints are at play here).
>
> How do I go about that? Do I want to resubmit the certificate
> request
> with some -D alt.name1 -D alt.name2, etc. parameters as such:
>
> # ipa-getcert resubmit -i <Request ID> -D alt.name1 -D alt.name2
>
> Is that the correct operation? If so, is there anything more I need
> to
> do after that?
Nobody knows? I would have thought that this would be one of the
easier routines in IPA certificate handling, no?
Cheers,
b.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150915/2a65f1a5/attachment.sig>
More information about the Freeipa-users
mailing list