Hey Martin,

I have FreeIPA currently operating with a self-signed certificate and my
linux clients operating with FreeIPA do not have any issues.  What I'm
attempting to do is integrate a ZFS appliance in with the IPA server for
LDAP services.  I have examined the exchange between the ZFS appliance and
the IPA server and the issue appeared to be related to the ZFS appliance
providing a self-signed certificate, though I may be wrong in the nature of
the failure.  I'll re-create the exchange and capture the message and put
it in-line of this messaging.


On Fri, Sep 12, 2014 at 8:41 AM, Martin Kosek <mko...@redhat.com> wrote:

> On 09/09/2014 06:01 PM, Eric Hart wrote:
>> I'm trying to find a way to enable FreeIPA to allow Self-Signed
>> Certificates.
>>   I haven't found a way to enable that capability yet..
>> I've manually edited configuration files within
>> /etc/dirsrv/slapd-EXAMPLE-COM,
>> specifically the nsslapd-ssl-check-hostname, nsslapd-validate-cert
>> options set
>> to off and warn respectively.
>> Not allowing self-signed certificates has caused me to not be able to
>> establish
>> a replicated server or integrate a device for SSO that provides a self
>> signed
>> certificate.
>> Thanks for any input or insight,
>> Eric
> I do not entirely understand the use case. So you want to run FreeIPA
> without CA, with httpd+dirsrv running with self-signed certificates or you
> want FreeIPA CA to issue a self signed certificate for your service (which
> does not make much sense to me)?
> BTW relevant training material:
> http://www.freeipa.org/images/b/b3/FreeIPA33-blending-in-a-
> certificate-infrastructure.pdf
> HTH,
> Martin
Manage your subscription for the Freeipa-users mailing list:
Go To http://freeipa.org for more info on the project

Reply via email to