That worked. Thanks you. Two additional questions:
1) I have only 1 cert, so I used the same for http and dirsrv. I'm thinking that perhaps I should have separate ones? What at the implications of having or not having separate certs for these two services. 2) I'm trying to understand KDC pkinit extensions. Is this an AD/Microsoft specific extension. Reading the referenced page doesn't tell me much: https://access.redhat.com/solutions/6280501 _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue