Hello Everyone,
I have an AlmaLinux 9.0 client enrolled into a 4.9.8 ipa domain running
on a Rocky Linux 8.6 server. I'm running the following command on the
client to request a cert:
ipa-getcert request -I cockpit -k /etc/cockpit/ws-certs.d/0-cockpit.key
-f /etc/cockpit/ws-certs.d/0-cockpit.crt -g 2048 -K HTTP/$(hostname) -D
hostname.theinside.rnr -m 640 -M 640 -o root:cockpit-ws -O
root:cockpit-ws
The cert gets issued without error. But, I don't see the "dns" line in
the ouput:
status: MONITORING
stuck: no
key pair storage: type=FILE,location='/etc/cockpit/ws-
certs.d/0-cockpit.key'
certificate: type=FILE,location='/etc/cockpit/ws-certs.d/0-
cockpit.crt'
CA: IPA
issuer: CN=Certificate Authority,O=THEINSIDE.RNR
subject: CN=hostname.theinside.rnr,O=THEINSIDE.RNR
issued: 2022-06-20 21:31:39 EDT
expires: 2024-06-20 21:31:39 EDT
principal name: HTTP/hostname.theinside.rnr(a)THEINSIDE.RNR
key usage:
digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
eku: id-kp-serverAuth,id-kp-clientAuth
pre-save command:
post-save command:
track: yes
auto-renew: yes
The result is Firefox complains about the cert when I try to visit the
cockpit web UI.
I've run it now a few times with the same result. Which one of the
myriad of logs should I check to maybe understand why this is
happening?
--
Ranbir