Hi
I am using the IPA server as the CA for our Apache SSL's, but I am wondering if it's possible to have a second SSL that's not the same as the hostname, meaning I have already sub1.mydomain.com but I would like to add also sub2.mydomain.com for another site, is this possible? I have tried adding the hostname so ipa host-add sub2.mydomain.com then ipa service-add HTTP/sub2.mydomain.com, but when I do: ipa-getcert request -K HTTP/sub2.mydomain.com -k /ssl/sub2.mydomaincom.key -f /ssl/sub2.mydomain.com.csr -N sub2.mydomain.com then ipa-getcert list says it fails with: status: CA_REJECTED ca-error: Server at https://ipaserver.mydomain.com/ipa/json denied our request, giving up: 2100 (Insufficient access: Insufficient 'write' privilege to the 'userCertificate' attribute of entry 'krbprincipalname=HTTP/sub2.mydomain....@mydomain.com,cn=services,cn=accounts,dc=mydomain,dc=com'.) How can I resolve this? Regards Per
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure