$ rpm -q ipa-server ipa-server-3.0.0-42.el6.x86_64 I tend to revert to openssl as I have some familiarity with it.
ipa service-add HTTP/p1nxut01.stt.local excellent except we wanted human friendly certificates/SSL So I created a one-off openssl.cnf file with subjectAltName configured and generated csr and key files... grep subjectAltName openssl.cnf subjectAltName="nexus.stt.local" openssl req -new -config /etc/ssl/openssl.cnf -out p1nxut01.csr -keyout p1nxut01.key and then passed them on to IPA for signing... ipa cert-request p1nxut01.csr --principal host/[email protected]<mailto:host/[email protected]> and it was reported serial #44 so I retrieved the certificate... ipa cert-show 44 --out=/etc/ssl/p1nxut01.stt.local.crt openssl x509 -in p1nxut01.stt.local.crt -noout -text but no subjectAltNames are listed :-( can someone hit me with a cluestick? Craig White System Administrator O 623-201-8179 M 602-377-9752 [cid:[email protected]] SkyTouch Technology 4225 E. Windrose Dr. Phoenix, AZ 85032
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
