Stephen Ingram wrote:
> On Fri, Jan 2, 2015 at 10:02 AM, Rob Crittenden <rcrit...@redhat.com
> <mailto:rcrit...@redhat.com>> wrote:
> Stephen Ingram wrote:
> > On Mon, Dec 15, 2014 at 6:40 PM, Stephen Ingram <sbing...@gmail.com
> > <mailto:sbing...@gmail.com <mailto:sbing...@gmail.com>>> wrote:
> > I have one client using a certificate issued by a third party
> > provider such that any secure (TLS) LDAP queries are refused since
> > the certificates were not issued by IPA. Since there are only
> a few
> > clients with foreign certificates, can the CA simply be added
> to the
> > NSS database used by the 389 directory server so IPA will
> > a secure connection with them?
> > I should have added, "or do I have to somehow add the certificate
> to the
> > IPA directory?"
> Need a little more context here. IPA doesn't use SSL client
> authentication so it shouldn't be an issue. Can you provide more details
> on what the client side is doing and what errors you are seeing?
> Thanks Rob. I imported the CA into both the httpd and ldap NSS databases
> and it works. Interestingly, I'm currently using version 3.0 of IPA
> which still has the split directories. The CA imported properly into the
> main IPA directory, but would not import into the PKI directory without
> errors on restart. As I only really needed it in the main directory, I'm
> OK for now, however, I'm wondering if this will be a problem when we
> move to version 3.3 and the two directories are combined.
I'd need to see the errors you were getting. I don't see why the
existence of a trusted CA cert would cause a service to not start.
Manage your subscription for the Freeipa-users mailing list:
Go To http://freeipa.org for more info on the project