On Tue, 2015-09-15 at 13:01 +0200, Martin Kosek wrote:
> BTW, there was related thread on freeipa-users in the past, with some
> links to
> related information:
>
> https://www.redhat.com/archives/freeipa-users/2012-June/msg00216.html
So this writeup seems to ignore the fact that Apache and the
c
On 09/15/2015 12:35 PM, Brian J. Murrell wrote:
> On Sat, 2015-09-12 at 08:57 -0400, Brian J. Murrell wrote:
>> Due to the bug in mod_nss that prevents SNI from functioning (i.e.
>> limits a port to a single certificate) I need to add SANs
>> (SubjectAltName) to the certificate that freeipa created
On Sat, 2015-09-12 at 08:57 -0400, Brian J. Murrell wrote:
> Due to the bug in mod_nss that prevents SNI from functioning (i.e.
> limits a port to a single certificate) I need to add SANs
> (SubjectAltName) to the certificate that freeipa created for the
> webserver (Server-Cert) so that I can add
On Mon, 2015-09-14 at 08:28 +0200, Martin Kosek wrote:
> Hello,
Hi,
> It is the right way to do it AFAIK,
Indeed, no. It's a hack around the lack of SNI support in mod_nss.
> however it would only work with FreeIPA 4.0
> or older:
>
> https://fedorahosted.org/freeipa/ticket/3977
That's righ
On 09/12/2015 02:57 PM, Brian J. Murrell wrote:
> Due to the bug in mod_nss that prevents SNI from functioning (i.e.
> limits a port to a single certificate) I need to add SANs
> (SubjectAltName) to the certificate that freeipa created for the
> webserver (Server-Cert) so that I can add more virtua
Due to the bug in mod_nss that prevents SNI from functioning (i.e.
limits a port to a single certificate) I need to add SANs
(SubjectAltName) to the certificate that freeipa created for the
webserver (Server-Cert) so that I can add more virtual hosts to the
same Apache instance (yes, I know this is