On 09/09/2014 06:01 PM, Eric Hart wrote:
I'm trying to find a way to enable FreeIPA to allow Self-Signed Certificates.
I haven't found a way to enable that capability yet..
I've manually edited configuration files within /etc/dirsrv/slapd-EXAMPLE-COM,
specifically the nsslapd-ssl-check-hostname, nsslapd-validate-cert options set
to off and warn respectively.
Not allowing self-signed certificates has caused me to not be able to establish
a replicated server or integrate a device for SSO that provides a self signed
certificate.
Thanks for any input or insight,
Eric
I do not entirely understand the use case. So you want to run FreeIPA without
CA, with httpd+dirsrv running with self-signed certificates or you want FreeIPA
CA to issue a self signed certificate for your service (which does not make
much sense to me)?
BTW relevant training material:
http://www.freeipa.org/images/b/b3/FreeIPA33-blending-in-a-certificate-infrastructure.pdf
HTH,
Martin
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project
