On 09/09/2014 06:01 PM, Eric Hart wrote:
I'm trying to find a way to enable FreeIPA to allow Self-Signed Certificates.
I haven't found a way to enable that capability yet..
I've manually edited configuration files within /etc/dirsrv/slapd-EXAMPLE-COM,
specifically the nsslapd-ssl-check-hostname, nsslapd-validate-cert options set
to off and warn respectively.
Not allowing self-signed certificates has caused me to not be able to establish
a replicated server or integrate a device for SSO that provides a self signed
Thanks for any input or insight,
I do not entirely understand the use case. So you want to run FreeIPA without
CA, with httpd+dirsrv running with self-signed certificates or you want FreeIPA
CA to issue a self signed certificate for your service (which does not make
much sense to me)?
BTW relevant training material:
Manage your subscription for the Freeipa-users mailing list:
Go To http://freeipa.org for more info on the project