Prashant Bapat wrote:
I tried the steps documented on a test VM. Looks like I ended up in the
situation described here

Please be careful when pointing back at old threads. This issue was about expired certs. I suspect you found it because of a similar error message, but the underlying cause is completely unrelated.

You probably just need to add in the CA cert that issued the server certificate. I'd have thought that ipa-server-certinstall would enforce that but perhaps not.

I have one more question. Is there a way to disable HTTPS completely on
the WebUI. I can add HTTPS on a load balancer in front of the UI to
handle SSL.

It would be a rather terrible idea. You'd still have a lot of in-the-clear messaging between the IPA web server and the load balancer. I wouldn't recommend that there are real replay issues possible. You should re-encrypt, so terminate SSL at the load balancer and then open a new SSL session to IPA.


On 18 June 2015 at 19:03, Rob Crittenden <
<>> wrote:

    Prashant Bapat wrote:

        Hi All,

        There is a way to change the certificate for the web UI.

        I went with a standard install with a self signed CA etc. Now I
        want to
        install a cert from a commercial CA. I don't mind using the IPA
        CA certs
        for the 389 DS, just want to change the cert for the UI.

        Any pointers on how to do this ?

Manage your subscription for the Freeipa-users mailing list:
Go to for more info on the project

Reply via email to