I have a piece of equipment with a web interface, for which I would like to generate a certificate. The web interface supports generating a CSR, but it's not possible to customize very much, and this gives problems when trying to feed the CSR into FreeIPA.
The relevant parts of the CSR look like this: Certificate Request: Data: Version: 2 (0x2) Subject: emailAddress=redac...@example.com, C=redacted, ST=redacted, L=redacted, O=redacted, OU=redacted, CN=equipment0.example.local Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: ... Exponent: redacted Attributes: Requested Extensions: X509v3 Subject Key Identifier: AB:84:B3:86:45:E9:66:86:F2:35:FB:88:56:B4:36:B4:1A:6A:B1:86 X509v3 Basic Constraints: critical CA:FALSE X509v3 Key Usage: critical Digital Signature, Non Repudiation, Key Encipherment X509v3 Subject Alternative Name: DNS:equipment0.example.local, DNS:169.254.0.1, IP Address:169.254.0.1 Signature Algorithm: sha256WithRSAEncryption ... When feeding this CSR to FreeIPA, I get the following error: The service principal for subject alt name 169.254.0.1 in certificate request does not exist I don't know where this 169.254.0.1 comes from, or how to change this. Is there a workaround to make FreeIPA accept this? Can I create that as a HTTP service and attach to the host? _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure