[Freeipa-users] nss unrecognized name alert with SAN name
John Obaterspok
john.obaterspok at gmail.com
Sat Feb 6 21:22:39 UTC 2016
Hi,
I have a ipa.my.lan and a cname gitserver.my.lan pointing to ipa.my.lan
I recently started to get nss error "SSL peer has no certificate for the
requested DNS name." when I'm accesing my https://gitserver.my.lan
Previously this worked fine if I had set "git config --global
http.sslVerify false" according to
https://www.redhat.com/archives/freeipa-users/2015-November/msg00213.html
Now I tried to solve this by adding a SubjectAltName to the HTTP/ipa.my.lan
certitficate like this:
status: MONITORING
stuck: no
key pair storage:
type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cert',token='NSS
Certificate DB',pinfile='/etc/httpd/alias/pwdfile.txt'
certificate:
type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cert',token='NSS
Certificate DB'
CA: IPA
issuer: CN=Certificate Authority,O=MY.LAN
subject: CN=ipa.my.lan,O=MY.LAN
expires: 2018-02-06 19:24:52 UTC
dns: gitserver.my.lan,ipa.my.lan
principal name: http/ipa.my.lan at MY.LAN
key usage: digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
eku: id-kp-serverAuth,id-kp-clientAuth
pre-save command:
post-save command: /usr/lib64/ipa/certmonger/restart_httpd
track: yes
auto-renew: yes
But I still get the below error:
* NSS error -12182 (SSL_ERROR_UNRECOGNIZED_NAME_ALERT)
* SSL peer has no certificate for the requested DNS name
Any ideas why?
-- john
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160206/711fc042/attachment.htm>
More information about the Freeipa-users
mailing list