Brodie, Kent wrote:
>> So did I give you the wrong host to add or was the wrong host reported in the
>> healthcheck output?
>
> Not sure--- this again is the error: I saw it and thought, "why not try
> the HOSTNAME reported and not the SAN name " ?
>
> (misleading: the actual name of the server/host is indeed voq.rgd.mcw.edu).
> ipa-ca is an alias required by IPA somewhere)
I got it. It lists the SAN that are already in the cert, not what is
missing.
rob
>
>
>
> [
> {
> "source": "ipahealthcheck.ipa.certs",
> "check": "IPACertDNSSAN",
> "result": "ERROR",
> "uuid": "5576f96d-cee4-475e-b5ee-0466fe6bfa58",
> "when": "20221007165940Z",
> "duration": "0.422118",
> "kw": {
> "key": "20221006190547",
> "hostname": "ipa-ca.rgd.mcw.edu",
> "san": [
> "voq.rgd.mcw.edu"
> ],
> "ca": "IPA",
> "profile": "caIPAserviceCert",
> "msg": "Certificate request id {key} with profile {profile} for CA {ca}
> does not have a DNS SAN {san} matching name {hostname}"
> }
> }
> ]
>
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
