[Freeipa-users] ipa server(master) and alternative name
Rob Crittenden
rcritten at redhat.com
Wed Jul 6 12:57:48 UTC 2016
lejeczek wrote:
> hi users,
>
> I'd like to ask if it possible to add (after deployment is finished) an
> AltSubjectName to fIPA master?
I don't see why not, they are just certs after all. You would need to be
careful to get the certmonger tracking right but it should be doable.
> I shall say what I'm hoping to achieve - having 3 servers I hope to have
> in IPA's DNS a host, A record that will be resolving to three server's
> IPs. Like eg. ipa-ca which seems to hold all servers IPs.
>
> I started with:
>
> $ ipa dnsrecord-add private.my.dom.priv linux --a-ip-address
> 10.5.6.100(which is master's IP)
For what purpose, to make it easier for users to find the IPA server?
> but I feel I got of the wrong foot there, I see with ipa command:
>
> ipa: ERROR: cert validation failed for...
>
> ((SEC_ERROR_UNTRUSTED_ISSUER) Peer's certificate issuer has been marked
> as not trusted by the user.)
I assume you've already played with the certificates? The DNS change you
made wouldn't cause this error.
rob
More information about the Freeipa-users
mailing list