Thanks Rob!
Just to make it clear (at least for me), do I need to add a Principal Alias to
the Host/Service with the new domain?
As in, HOST/[email protected] needs to have an alias to
HTTP/[email protected]?
You should not do that. Instead, create a host object in IPA and a service on
it, then
add your host1 to the list of hosts allowed to manage this service.
Remember that a host object webapp1.example.com does not need to be
enrolled, just has to exist in IPA for access control purposes.
host1.example.com can control webapp1.example.com and its services.
This question is asked often on the list. You can see a follow thread
for a concise description:
https://lists.fedorahosted.org/archives/list/[email protected]/thread/6FISBEB4UCE5IGW2XMVVYRR6Q2WOZG46/
Thanks for the pointer Alexander. I actually did search the list, but searched for
"vhost" :P
Anyway, I did as in the thread you mentioned, the only difference being that I used ipa-getcert and used the HOST key
instead of the HTTP key for the principal name, but certmonger can't seem to find the "webapp1" ?
ca-error: Server at https://ipa01.int.example.com/ipa/json failed request, will retry: 4001 (The service principal for
subject alt name webapp1.int.example.com in certificate request does not exist).
both HTTP/webapp1.int.example.com and HOST/host1.int.example.com exist and the
host object itself for both also exist.
I feel like I'm missing something obvious...
Thanks again!
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
