Hello Everyone,
I have an AlmaLinux 9.0 client enrolled into a 4.9.8 ipa domain running on a Rocky Linux 8.6 server. I'm running the following command on the client to request a cert:
ipa-getcert request -I cockpit -k /etc/cockpit/ws-certs.d/0-cockpit.key -f /etc/cockpit/ws-certs.d/0-cockpit.crt -g 2048 -K HTTP/$(hostname) -D hostname.theinside.rnr -m 640 -M 640 -o root:cockpit-ws -O root:cockpit-ws
The cert gets issued without error. But, I don't see the "dns" line in the ouput:
status: MONITORING stuck: no key pair storage: type=FILE,location='/etc/cockpit/ws- certs.d/0-cockpit.key' certificate: type=FILE,location='/etc/cockpit/ws-certs.d/0- cockpit.crt' CA: IPA issuer: CN=Certificate Authority,O=THEINSIDE.RNR subject: CN=hostname.theinside.rnr,O=THEINSIDE.RNR issued: 2022-06-20 21:31:39 EDT expires: 2024-06-20 21:31:39 EDT principal name: HTTP/hostname.theinside.rnr@THEINSIDE.RNR key usage: digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment eku: id-kp-serverAuth,id-kp-clientAuth pre-save command: post-save command: track: yes auto-renew: yes
The result is Firefox complains about the cert when I try to visit the cockpit web UI.
I've run it now a few times with the same result. Which one of the myriad of logs should I check to maybe understand why this is happening?