I have FreeIPA currently operating with a self-signed certificate and my
linux clients operating with FreeIPA do not have any issues. What I'm
attempting to do is integrate a ZFS appliance in with the IPA server for
LDAP services. I have examined the exchange between the ZFS appliance and
the IPA server and the issue appeared to be related to the ZFS appliance
providing a self-signed certificate, though I may be wrong in the nature of
the failure. I'll re-create the exchange and capture the message and put
it in-line of this messaging.
On Fri, Sep 12, 2014 at 8:41 AM, Martin Kosek <mko...@redhat.com> wrote:
> On 09/09/2014 06:01 PM, Eric Hart wrote:
>> I'm trying to find a way to enable FreeIPA to allow Self-Signed
>> I haven't found a way to enable that capability yet..
>> I've manually edited configuration files within
>> specifically the nsslapd-ssl-check-hostname, nsslapd-validate-cert
>> options set
>> to off and warn respectively.
>> Not allowing self-signed certificates has caused me to not be able to
>> a replicated server or integrate a device for SSO that provides a self
>> Thanks for any input or insight,
> I do not entirely understand the use case. So you want to run FreeIPA
> without CA, with httpd+dirsrv running with self-signed certificates or you
> want FreeIPA CA to issue a self signed certificate for your service (which
> does not make much sense to me)?
> BTW relevant training material:
Manage your subscription for the Freeipa-users mailing list:
Go To http://freeipa.org for more info on the project