I am trying to get OpenShift to use my FreeIPA installation
(ipa-server-4.6.5-11.el7.centos.4.x86_64) as an identity provider.
OpenShift is refusing to talk to the LDAP server, because its
certificate doesn't contain a subjectAltName.
So I need to re-request/re-issue the certificate with the SAN. Will it
be sufficient to modify the caIPAserviceCert profile to copy the host-
name from the CN to the SAN (as discussed in [1]) and then use
ipa-getcert resubmit?
Will this break anything? (I only have a single IPA server/CA.)
Thanks!
[1]
https://frasertweedale.github.io/blog-redhat/posts/2017-07-11-cn-deprecat...
--
========================================================================
In Soviet Russia, Google searches you!
========================================================================