Created
January 17, 2018 13:45
-
-
Save anonymous/0927d65b3e5fbb7dd7b2590a907c8196 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[11:42] root net-ipa1 ~ # kinit admin | |
Password for admin@DOMAIN.NET: | |
[11:42] root net-ipa1 ~ # ipa host-add gogs.domain.net | |
-------------------------------- | |
Added host "gogs.domain.net" | |
-------------------------------- | |
Host name: gogs.domain.net | |
Principal name: host/gogs.domain.net@DOMAIN.NET | |
Principal alias: host/gogs.domain.net@DOMAIN.NET | |
Password: False | |
Keytab: False | |
Managed by: gogs.domain.net | |
[11:43] root net-ipa1 ~ # ipa service-add HTTP/gogs.domain.net | |
------------------------------------------------------- | |
Added service "HTTP/gogs.domain.net@DOMAIN.NET" | |
------------------------------------------------------- | |
Principal name: HTTP/gogs.domain.net@DOMAIN.NET | |
Principal alias: HTTP/gogs.domain.net@DOMAIN.NET | |
Managed by: gogs.domain.net | |
[11:43] root net-ipa1 ~ # ipa service-add-host HTTP/gogs.domain.net --host net-proxy1.domain.net --host net-proxy2.domain.net | |
Principal name: HTTP/gogs.domain.net@DOMAIN.NET | |
Principal alias: HTTP/gogs.domain.net@DOMAIN.NET | |
Managed by: gogs.domain.net, net-proxy1.domain.net, net-proxy2.domain.net | |
------------------------- | |
Number of members added 2 | |
------------------------- | |
[11:43] root net-ipa1 ~ # getcert list -d /etc/httpd/alias | |
Number of certificates and requests being tracked: 9. | |
Request ID '20171211104809': | |
status: MONITORING | |
stuck: no | |
key pair storage: type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cert',token='NSS Certificate DB',pinfile='/etc/httpd/alias/pwdfile.txt' | |
certificate: type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cert',token='NSS Certificate DB' | |
CA: IPA | |
issuer: CN=Certificate Authority,O=domain.NET | |
subject: CN=net-ipa1.domain.net,O=domain.NET | |
expires: 2018-12-01 11:10:36 UTC | |
key usage: digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment | |
eku: id-kp-serverAuth,id-kp-clientAuth | |
pre-save command: | |
post-save command: /usr/libexec/ipa/certmonger/restart_httpd | |
track: yes | |
auto-renew: yes | |
[11:44] root net-ipa1 ~ # getcert resubmit -i "20171211104809" -D net-proxy1.domain.net -D net-proxy2.domain.net -D gogs.domain.net -K HTTP/net-proxy1.domain.net -K HTTP/net-proxy2.domain.net | |
Resubmitting "20171211104809" to "IPA". | |
[11:45] root net-ipa1 ~ # getcert list -i "20171211104809" | |
Number of certificates and requests being tracked: 9. | |
Request ID '20171211104809': | |
status: MONITORING | |
ca-error: Server at https://net-ipa1.domain.net/ipa/xml denied our request, giving up: 3009 (RPC failed at server. invalid 'csr': hostname in subject of request 'net-ipa1.domain.net' does not match name or aliases of principal 'HTTP/net-proxy1.domain.net@DOMAIN.NET'). | |
stuck: no | |
key pair storage: type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cert',token='NSS Certificate DB',pinfile='/etc/httpd/alias/pwdfile.txt' | |
certificate: type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cert',token='NSS Certificate DB' | |
CA: IPA | |
issuer: CN=Certificate Authority,O=domain.NET | |
subject: CN=net-ipa1.domain.net,O=domain.NET | |
expires: 2018-12-01 11:10:36 UTC | |
key usage: digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment | |
eku: id-kp-serverAuth,id-kp-clientAuth | |
pre-save command: | |
post-save command: /usr/libexec/ipa/certmonger/restart_httpd | |
track: yes | |
auto-renew: yes | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment