On ke, 17 tammi 2018, Callum Guy via FreeIPA-users wrote:
Hi All,
I'm planning to add a subdomain certificate for an internal web service
using FreeIPA CA however in my example I am applying the certificate to an
interim proxy server.
For example I want to sign a certificate for "web.domain.com" and serve it
on host "proxy.domain.com".
Based on what I have learnt from using FreeIPA so far I presume the correct
way to do this is via service principal: HTTP/proxy.domain.com(a)DOMAIN.COM
When I attempt to create the certificate from my CSR I get the following
error report:
"invalid 'csr': hostname in subject of request 'web.domain.com' does
not
match name or aliases of principal 'HTTP/proxy.domain.com(a)DOMAIN.COM'"
Ii have tried adding aliases to the principal however I haven't been able
to make it work - a lack of understanding I think!
I am sure that I am just doing something wrong and it would be great if
someone could help explain what I should be doing.
See the thread at
https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorah...
for details on how to achieve that.
--
/ Alexander Bokovoy