Rafał Wądołowski wrote:
Okey, but how can I create certificate for domain intra.example.com?
I can't create host, because the hostname is required. When I try to add
service, I got output that principal is required.
Like I said, every cert needs to live in a bucket (user, service, etc)
so since domain can't fit into one, you can't issue a cert for it.
What would it be used for? I'm not sure how meaningful a domain name in
a cert is, but it could be a use-case we missed.
rob
Pozdrawiam,
Rafał Wądołowski
On 02/08/17 15:55, Rob Crittenden via FreeIPA-users wrote:
> Rafał Wądołowski via FreeIPA-users wrote:
>> Hi,
>>
>> I have freeipa 4.4 cluster with CN
intra.example.com.
>>
>> We developed intranet on this same domain, but I can't create a valid
>> certificate for it.
>>
>> I can't create service, because hostname is required. Is it other way to
>> sign the CSR?
>>
>> What is the good practice for creating https certificates?
>>
> I don't understand the question.
>
> A certificate can only be issued for objects that IPA knows about, a
> service, host or user.
>
> rob
> _______________________________________________
> FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org