[Freeipa-users] Generate wildcard cert with FreeIPA CA
Simo Sorce
simo at redhat.com
Wed Feb 27 19:00:38 UTC 2013
On Wed, 2013-02-27 at 13:54 -0500, Rob Crittenden wrote:
> Schweiss, Chip wrote:
> > Is it possible to generate a wild card certificate with the FreeIPA CA?
> >
> > I tried generating a CSR with *.mydomain.local but 'ipa cert-request
> > star.mydomain.local.csr --principal=HTTP/*.mydomain.localr --add'
> > returns the error:
> >
> > ipa: ERROR: The service principal for this request doesn't exist.
> >
> > No problem generating certs for fqdn of systems I have already joined to
> > the domain.
> >
> > Is there anyway around this to generate a wildcard cert for my local domain?
>
> Not using the IPA interfaces, no. There might be a way to do this by
> calling out to the underlying dogtag CA directly but we don't provide
> any mechanism to do that. You'd be on your own there.
Feel free to open a RFE in our trac instance if you need this
functionality.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-users
mailing list