Description of problem:
When Installing a second KRA on an IPA Replica, I see this warning:
/usr/lib/python2.7/site-packages/urllib3/connection.py:251: SecurityWarning: Certificate has no `subjectAltName`, falling back to check for a `commonName` for now. This feature is being removed by major browsers and deprecated by RFC 2818. (See https://github.com/shazow/urllib3/issues/497 for details.)
Version-Release number of selected component (if applicable):
Steps to Reproduce:
appears to work but, throws above warning
No warning was expected so I'm raising this here.
If this is a non-issue, we may still want to document this as expected behavior in release notes.
FYI, I saw the same on ipa-ca-install and ipa-replica-install. I missed that before but, looking back through an install, I do see it in both places as well.
This issue was fixed with the fix for https://bugzilla.redhat.com/show_bug.cgi?id=1562423 SAN in internal SSL server certificate in pkispawn configuration step
The fix was done on 7.6 and backported to 7.5 z-stream.
Closing as CURRENTRELEASE.