Disregard my question.
I had to realize that ocsp responder is on plain http, so no need to hassle
there with additional certs there.
--
*Sándor Juhász*
System Administrator
*ChemAxon* *Kft*.
Building Hx, GraphiSoft Park, Záhony utca 7, Budapest, Hungary, H-1031
Cell: +36704258964
On Mon, Oct 28, 2019 at 2:10 PM Rob Crittenden <rcritten(a)redhat.com> wrote:
Sandor Juhasz via FreeIPA-users wrote:
> Hi,
>
> we are running freeipa server 4.6.5.
> Facing the issue, where the ocsp responder in the Server-Cert is set
> to
> Name: Authority Information Access
> Method: PKIX Online Certificate Status Protocol
> Location:
> URI: "http://ipa-ca.bpo.cxn/ca/ocsp"
>
> Where the hosts cert's subject is
> Subject: "CN=ipa14.bpo.cxn,O=CXN"
>
> I have added DNS alias for the given machine, but the httpd shows only
> cert for the subject, but cannot add the ocsp. Tried with certutil, with
> ipa-getcert, but i was not
> able to add the alias to the given cert.
> Is there a way to fix this?
I'm unclear what you are trying to do. You want the OCSP AVA to point to
a specific host? If so, for what reason?
rob