[Freeipa-users] Certificates for public facing web sites

[Rob Crittenden]

Simon Williams wrote:
> Hi
>
> Possibly a bit of a strange requirement, I don't really know!  I have a
> small business and am using IPA to manage our network.  I have migrated
> from an LDAP setup with a variety of different certificates lying around
> for different applications and find IPA much easier to administer,
> despite the fact that it probably overkill for a couple of users using
> half a dozen hosts.
>
> I have a few named virtual hosts that provide access to web based
> systems from outside the local network, but I do not have sufficient
> control over the external domain's DNS to add a subdomain with it's own
> DNS.  I can add A records and CNAME records to point to the virtual
> hosts, but I cannot add NS records to delegate name resolution to my own
> DNS.  The ISP I use does not allow dynamic DNS updates.  I would like to
> use FreeIPA to manage the SSL certificates for these virtual hosts using
> mod_nss and have already implemented this successfully for virtual hosts
> on the local domain, but since I do not control the public domain, I
> can't see how to achieve this.
>
> Please forgive me if I am missing something obvious, but I've only been
> using FreeIPA for two weeks and it is a testament to it's ease of use
> that I have managed to get as far as I have with it in that time unaided!

So the problem is your domain is example.com and is managed by IPA and 
you want to create certificates for someothercorp.com?

You should be able to use the --force flag to create a host and create 
services/issue certificates from that point.

rob