ipa-getcert shows a misleading error message when a certificate is requested with the -D option but without -K option.
# ipa-getcert request -d /etc/httpd/alias -n 'Server-Cert' -t 'NSS Certificate DB' -T caIPAserviceCert -D fileserver.ipa.example -C /usr/libexec/ipa/certmonger/restart_httpd The IPA backend requires the use of the -K option (principal name) when the -N option (subject name) is used.
A better error message would be:
The IPA backend requires the use of the -K option (principal name) when the -N option (subject name) or -D option (DNS name) is used.
Rob told me that FreeIPA is the wrong project. I have opened a certmonger bug instead, https://fedorahosted.org/certmonger/ticket/46
Metadata Update from @cheimes: - Issue assigned to someone - Issue set to the milestone: 0.0 NEEDS_TRIAGE
Login to comment on this ticket.