rcritten
commented
3 years ago - See
x509v3_config(5)for details on subjectaltname config. For multiple entries you need to do something like:
subjectAltName = @alt_names
[alt_names]
DNS.1 = ipa.example.com
DNS.2 = wwwl.example.com- Yes but don't confuse this with an expiration check. It requires that the cert be at least two days old before trying to renew.
allenconevilla
First of all, thank you for taking the time to write and share this with the community. This script is extremely helpful. I do have a couple of questions:
I see reference to subject alternative names in the ipa-httpd.cnf file. Is it possible to add altnames, and if so, what is the correct syntax for doing so?
The standard 2-day check in the renewal script: If I want to change this to a longer value, say 7 days, would I just [ "$diff" -lt "2" ] to [ "$diff" -lt "7" ]?
Thanks again.