On 9/7/25 23:21, Fraser Tweedale wrote:
On Fri, Aug 29, 2025 at 11:45:20AM -0600, Orion Poplawski via FreeIPA-users
wrote:
That's unfortunate. However, there is a bigger problem - the email address
isn't making it into the certificate.
I generated the request with:
certutil -R -d /etc/pki/nssdb -a -s 'CN=it_help, [email protected],
O=NorthWest Research Associates'
but the cert just has:
Subject: O=NWRA.COM, CN=it_help
Include an RFC822Name in the Subject Alternative Name extension.
It will be validated against the subject principal's 'mail'
attribute values and propagated to the certificate.
Cheers,
Fraser
Thanks, that works for the email address.
--
Orion Poplawski
he/him/his - surely the least important thing about me
IT Systems Manager 720-772-5637
NWRA, Boulder/CoRA Office FAX: 303-415-9702
3380 Mitchell Lane [email protected]
Boulder, CO 80301 https://www.nwra.com/
--
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
