[Freeipa-users] IPA Version 3.0.0 Allow Self-Signed Certificates
Martin Kosek
mkosek at redhat.com
Fri Sep 12 12:41:51 UTC 2014
On 09/09/2014 06:01 PM, Eric Hart wrote:
> I'm trying to find a way to enable FreeIPA to allow Self-Signed Certificates.
> I haven't found a way to enable that capability yet..
>
> I've manually edited configuration files within /etc/dirsrv/slapd-EXAMPLE-COM,
> specifically the nsslapd-ssl-check-hostname, nsslapd-validate-cert options set
> to off and warn respectively.
>
> Not allowing self-signed certificates has caused me to not be able to establish
> a replicated server or integrate a device for SSO that provides a self signed
> certificate.
>
> Thanks for any input or insight,
> Eric
I do not entirely understand the use case. So you want to run FreeIPA without
CA, with httpd+dirsrv running with self-signed certificates or you want FreeIPA
CA to issue a self signed certificate for your service (which does not make
much sense to me)?
BTW relevant training material:
http://www.freeipa.org/images/b/b3/FreeIPA33-blending-in-a-certificate-infrastructure.pdf
HTH,
Martin
More information about the Freeipa-users
mailing list