From 5275342b691b2f74b365cb3422459779544be16a Mon Sep 17 00:00:00 2001 From: Fraser Tweedale Date: Jun 07 2020 07:38:27 +0000 Subject: httpinstance: add ipa-ca.$DOMAIN alias in initial request For detailed discussion on the purpose of this change and the design decisions made, see `git log -1 $THIS_COMMIT~2`. For new server/replica installation, issue the HTTP server certificate with the 'ipa-ca.$DOMAIN' SAN dNSName. This is accomplished by adding the name to the Certmonger tracking request. Part of: https://pagure.io/freeipa/issue/8186 Reviewed-By: Rob Crittenden Reviewed-By: Rob Crittenden --- diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py index 6c7365d..9cc5c92 100644 --- a/ipaserver/install/httpinstance.py +++ b/ipaserver/install/httpinstance.py @@ -381,7 +381,7 @@ class HTTPInstance(service.Service): subject=str(DN(('CN', self.fqdn), self.subject_base)), ca='IPA', profile=dogtag.DEFAULT_PROFILE, - dns=[self.fqdn], + dns=[self.fqdn, f'{IPA_CA_RECORD}.{api.env.domain}'], post_command='restart_httpd', storage='FILE', passwd_fname=key_passwd_file,