Fantastic, I knew about the flag, but thought it only worked on hosts. It works on services too, which solves the problem.
Thank you. ---------- Forwarded message ---------- From: "Rob Crittenden" <rcrit...@redhat.com> Date: Oct 1, 2012 3:23 PM Subject: Re: [Freeipa-users] Certificates for public facing web sites To: "Simon Williams" <simon.willi...@thehelpfulcat.com> Cc: <freeipa-users@redhat.com> Simon Williams wrote: > Hi > > Possibly a bit of a strange requirement, I don't really know! I have a > small business and am using IPA to manage our network. I have migrated > from an LDAP setup with a variety of different certificates lying around > for different applications and find IPA much easier to administer, > despite the fact that it probably overkill for a couple of users using > half a dozen hosts. > > I have a few named virtual hosts that provide access to web based > systems from outside the local network, but I do not have sufficient > control over the external domain's DNS to add a subdomain with it's own > DNS. I can add A records and CNAME records to point to the virtual > hosts, but I cannot add NS records to delegate name resolution to my own > DNS. The ISP I use does not allow dynamic DNS updates. I would like to > use FreeIPA to manage the SSL certificates for these virtual hosts using > mod_nss and have already implemented this successfully for virtual hosts > on the local domain, but since I do not control the public domain, I > can't see how to achieve this. > > Please forgive me if I am missing something obvious, but I've only been > using FreeIPA for two weeks and it is a testament to it's ease of use > that I have managed to get as far as I have with it in that time unaided! > So the problem is your domain is example.com and is managed by IPA and you want to create certificates for someothercorp.com? You should be able to use the --force flag to create a host and create services/issue certificates from that point. rob
_______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users