I have a piece of equipment with a web interface, for which I would like to
generate a certificate. The web interface supports generating a CSR, but it's
not possible to customize very much, and this gives problems when trying to
feed the CSR into FreeIPA.
The relevant parts of the CSR look like this:
Certificate Request:
Data:
Version: 2 (0x2)
Subject: emailAddress=redac...@example.com, C=redacted, ST=redacted,
L=redacted, O=redacted, OU=redacted, CN=equipment0.example.local
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
...
Exponent: redacted
Attributes:
Requested Extensions:
X509v3 Subject Key Identifier:
AB:84:B3:86:45:E9:66:86:F2:35:FB:88:56:B4:36:B4:1A:6A:B1:86
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Key Usage: critical
Digital Signature, Non Repudiation, Key Encipherment
X509v3 Subject Alternative Name:
DNS:equipment0.example.local, DNS:169.254.0.1, IP
Address:169.254.0.1
Signature Algorithm: sha256WithRSAEncryption
...
When feeding this CSR to FreeIPA, I get the following error:
The service principal for subject alt name 169.254.0.1 in certificate request
does not exist
I don't know where this 169.254.0.1 comes from, or how to change this. Is there
a workaround to make FreeIPA accept this? Can I create that as a HTTP service
and attach to the host?
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
