On la, 25 helmi 2023, Carlos Mogas da Silva via FreeIPA-users wrote:
> Thanks for the pointer Alexander. I actually did search the list, but searched for
"vhost" :P
>
> Anyway, I did as in the thread you mentioned, the only difference being that I used
ipa-getcert and used the HOST key
> instead of the HTTP key for the principal name, but certmonger can't seem to find
the "webapp1" ?
>
> ca-error: Server at
https://ipa01.int.example.com/ipa/json failed request, will
retry: 4001 (The service principal for
> subject alt name
webapp1.int.example.com in certificate request does not exist).
>
> both HTTP/webapp1.int.example.com and
HOST/host1.int.example.com exist and the host
object itself for both also exist.
>
> I feel like I'm missing something obvious...
Please show exact sequence of what you did.
$ ipa service-add HTTP/webapp1.int.example.com
$ ipa service-add-host HTTP/webapp1.int.example.com --host
$ ipa-getcert request -f webapp1.int.example.com.cert -k webapp1.int.example.com.key -D