On 09/09/2014 06:01 PM, Eric Hart wrote:
I'm trying to find a way to enable FreeIPA to allow Self-Signed Certificates.
  I haven't found a way to enable that capability yet..

I've manually edited configuration files within /etc/dirsrv/slapd-EXAMPLE-COM,
specifically the nsslapd-ssl-check-hostname, nsslapd-validate-cert options set
to off and warn respectively.

Not allowing self-signed certificates has caused me to not be able to establish
a replicated server or integrate a device for SSO that provides a self signed

Thanks for any input or insight,

I do not entirely understand the use case. So you want to run FreeIPA without CA, with httpd+dirsrv running with self-signed certificates or you want FreeIPA CA to issue a self signed certificate for your service (which does not make much sense to me)?

BTW relevant training material:


Manage your subscription for the Freeipa-users mailing list:
Go To http://freeipa.org for more info on the project

Reply via email to