On la, 12 elo 2017, Harald Dunkel via FreeIPA-users wrote:
Hi Fraser,
On Fri, 11 Aug 2017 18:48:29 +1000 Fraser Tweedale via FreeIPA-users freeipa-users@lists.fedorahosted.org wrote:
On Fri, Aug 11, 2017 at 09:40:56AM +0200, Harald Dunkel via FreeIPA-users wrote:
https://support.google.com/chrome/a/answer/7391219?hl=en
How can I tell freeipa?
Hi Harald,
Use `getcert resubmit -i REQUEST-ID -D DNS-NAME` to request a new HTTP certificate with the appropriate DNS-NAME Subject Alt Name value(s). Use `getcert list` to find the REQUEST-ID to use; it will be the certificate in NSSDB `/etc/httpd/alias` with nickname `Server-Cert`.
This worked, thanx very much.
I would suggest to create web server certificate with appropriate SubjectAltName right from the start by ipa-server-install, but maybe this has alredy been fixed?
Yes, it is fixed in 4.5.3 and is going to be part of RHEL 7.4.z at some point: https://bugzilla.redhat.com/show_bug.cgi?id=1477046
See https://pagure.io/freeipa/issue/7007 for more upstream details.