[Freeipa-users] Generate wildcard cert with FreeIPA CA
Rob Crittenden
rcritten at redhat.com
Wed Feb 27 18:54:25 UTC 2013
Schweiss, Chip wrote:
> Is it possible to generate a wild card certificate with the FreeIPA CA?
>
> I tried generating a CSR with *.mydomain.local but 'ipa cert-request
> star.mydomain.local.csr --principal=HTTP/*.mydomain.localr --add'
> returns the error:
>
> ipa: ERROR: The service principal for this request doesn't exist.
>
> No problem generating certs for fqdn of systems I have already joined to
> the domain.
>
> Is there anyway around this to generate a wildcard cert for my local domain?
Not using the IPA interfaces, no. There might be a way to do this by
calling out to the underlying dogtag CA directly but we don't provide
any mechanism to do that. You'd be on your own there.
rob
More information about the Freeipa-users
mailing list