On 09/09/2014 06:01 PM, Eric Hart wrote:
I'm trying to find a way to enable FreeIPA to allow Self-Signed Certificates.
  I haven't found a way to enable that capability yet..

I've manually edited configuration files within /etc/dirsrv/slapd-EXAMPLE-COM,
specifically the nsslapd-ssl-check-hostname, nsslapd-validate-cert options set
to off and warn respectively.

Not allowing self-signed certificates has caused me to not be able to establish
a replicated server or integrate a device for SSO that provides a self signed
certificate.

Thanks for any input or insight,
Eric

I do not entirely understand the use case. So you want to run FreeIPA without CA, with httpd+dirsrv running with self-signed certificates or you want FreeIPA CA to issue a self signed certificate for your service (which does not make much sense to me)?

BTW relevant training material:
http://www.freeipa.org/images/b/b3/FreeIPA33-blending-in-a-certificate-infrastructure.pdf

HTH,
Martin

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Reply via email to