Hey Martin, I have FreeIPA currently operating with a self-signed certificate and my linux clients operating with FreeIPA do not have any issues. What I'm attempting to do is integrate a ZFS appliance in with the IPA server for LDAP services. I have examined the exchange between the ZFS appliance and the IPA server and the issue appeared to be related to the ZFS appliance providing a self-signed certificate, though I may be wrong in the nature of the failure. I'll re-create the exchange and capture the message and put it in-line of this messaging.
V/r, Eric On Fri, Sep 12, 2014 at 8:41 AM, Martin Kosek <[email protected]> wrote: > On 09/09/2014 06:01 PM, Eric Hart wrote: > >> I'm trying to find a way to enable FreeIPA to allow Self-Signed >> Certificates. >> I haven't found a way to enable that capability yet.. >> >> I've manually edited configuration files within >> /etc/dirsrv/slapd-EXAMPLE-COM, >> specifically the nsslapd-ssl-check-hostname, nsslapd-validate-cert >> options set >> to off and warn respectively. >> >> Not allowing self-signed certificates has caused me to not be able to >> establish >> a replicated server or integrate a device for SSO that provides a self >> signed >> certificate. >> >> Thanks for any input or insight, >> Eric >> > > I do not entirely understand the use case. So you want to run FreeIPA > without CA, with httpd+dirsrv running with self-signed certificates or you > want FreeIPA CA to issue a self signed certificate for your service (which > does not make much sense to me)? > > BTW relevant training material: > http://www.freeipa.org/images/b/b3/FreeIPA33-blending-in-a- > certificate-infrastructure.pdf > > HTH, > Martin >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
