[Freeipa-users] How to remove bad cert renewal from certmonger?
Tikkanen, Tuomo (Nokia - FI/Espoo)
Tuomo.Tikkanen at nokia.com
Mon Apr 25 14:40:48 UTC 2016
On 23.4.2016 1:23, EXT Rob Crittenden wrote:
> Tikkanen, Tuomo (Nokia - FI/Espoo) wrote:
........
>> Repetitio est mater studiorum:
>>
>> How I can clean this defective state of certmonger?
>
> # ipa-getcert stop-tracking -i 20160212110456
>
Ah! That was obvious! Thanks a lot Rob.
>>
>> Second question if/when the above urgent problem is solved:
>>
>> Is there any way to get IP address to SAN field for the IPA Server-Certs?
>
> Not without changing code. IP address SAN are explicitly forbidden:
> Subject alt name type IP Address is forbidden
>
> rob
Is there any true reason why IP Address is forbidden by certmonger /
freeipa? Or is it just "not implemented" kind of restriction?
--
Tuomo.Tikkanen at nokia.com
More information about the Freeipa-users
mailing list