Thanks so much Alexander - I'll have a go and come back if I experience any difficulties.Have a good day!On Wed, Jan 17, 2018 at 11:06 AM Alexander Bokovoy <abokovoy@redhat.com> wrote:On ke, 17 tammi 2018, Callum Guy via FreeIPA-users wrote:
>Hi All,
>
>I'm planning to add a subdomain certificate for an internal web service
>using FreeIPA CA however in my example I am applying the certificate to an
>interim proxy server.
>
>For example I want to sign a certificate for "web.domain.com" and serve it
>on host "proxy.domain.com".
>
>Based on what I have learnt from using FreeIPA so far I presume the correct
>way to do this is via service principal: HTTP/proxy.domain.com@DOMAIN.COM
>
>When I attempt to create the certificate from my CSR I get the following
>error report:
>
>"invalid 'csr': hostname in subject of request 'web.domain.com' does not
>match name or aliases of principal 'HTTP/proxy.domain.com@DOMAIN.COM'"
>
>Ii have tried adding aliases to the principal however I haven't been able
>to make it work - a lack of understanding I think!
>
>I am sure that I am just doing something wrong and it would be great if
>someone could help explain what I should be doing.
See the thread at
https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/message/IO6BSB6K76E5XRM4IQEFJRTIPK6KKXFX/
for details on how to achieve that.
--
/ Alexander Bokovoy
--Callum GuyHead of Information SecurityX-on
0333 332 0000 | www.x-on.co.uk |
X-on
is a trading name of Storacall Technology Ltd a limited company registered in
England and Wales.
Registered Office : Avaland House, 110 London Road, Apsley, Hemel Hempstead,
Herts, HP3 9SD. Company Registration No. 2578478.
The information in this e-mail is confidential and for use by the addressee(s)
only. If you are not the intended recipient, please notify X-on immediately on +44(0)333 332 0000 and delete the
message from your computer. If you are not a named addressee you must not use,
disclose, disseminate, distribute, copy, print or reply to this email. Views
or opinions expressed by an individual
within this email may not necessarily
reflect the views of X-on or its associated companies. Although X-on routinely
screens for viruses, addressees should scan this email and any attachments
for
viruses. X-on makes no representation or warranty as to the absence of viruses
in this email or any attachments.