Hey Martin,

I have FreeIPA currently operating with a self-signed certificate and my
linux clients operating with FreeIPA do not have any issues.  What I'm
attempting to do is integrate a ZFS appliance in with the IPA server for
LDAP services.  I have examined the exchange between the ZFS appliance and
the IPA server and the issue appeared to be related to the ZFS appliance
providing a self-signed certificate, though I may be wrong in the nature of
the failure.  I'll re-create the exchange and capture the message and put
it in-line of this messaging.

V/r,
Eric

On Fri, Sep 12, 2014 at 8:41 AM, Martin Kosek <mko...@redhat.com> wrote:

> On 09/09/2014 06:01 PM, Eric Hart wrote:
>
>> I'm trying to find a way to enable FreeIPA to allow Self-Signed
>> Certificates.
>>   I haven't found a way to enable that capability yet..
>>
>> I've manually edited configuration files within
>> /etc/dirsrv/slapd-EXAMPLE-COM,
>> specifically the nsslapd-ssl-check-hostname, nsslapd-validate-cert
>> options set
>> to off and warn respectively.
>>
>> Not allowing self-signed certificates has caused me to not be able to
>> establish
>> a replicated server or integrate a device for SSO that provides a self
>> signed
>> certificate.
>>
>> Thanks for any input or insight,
>> Eric
>>
>
> I do not entirely understand the use case. So you want to run FreeIPA
> without CA, with httpd+dirsrv running with self-signed certificates or you
> want FreeIPA CA to issue a self signed certificate for your service (which
> does not make much sense to me)?
>
> BTW relevant training material:
> http://www.freeipa.org/images/b/b3/FreeIPA33-blending-in-a-
> certificate-infrastructure.pdf
>
> HTH,
> Martin
>
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Reply via email to