Hello,
current help text is:
1. Create a certificate database or use an existing one. To create a new database: # certutil -N -d <database path> 2. Create a CSR with subject CN=<common name>,O=<realm>, for example: # certutil -R -d <database path> -a -g <key size> -s 'CN=<common name>,O=ABC.IDM.LAB.ENG.BRQ.REDHAT.COM' 3. Copy and paste the CSR (from -----BEGIN NEW CERTIFICATE REQUEST----- to -----END NEW CERTIFICATE REQUEST-----) into the text area below:
The problem is that use of cn= was deprecated long ago. We should recommend people to add subjectAltName instead.
cn=
subjectAltName
Triage:
This is related to http://www.freeipa.org/page/V4/RFC_2818_certificate_compliance
master:
Metadata Update from @pspacek: - Issue assigned to pvomacka - Issue set to the milestone: FreeIPA 4.4
Login to comment on this ticket.