Stephen Ingram wrote:
I setup IPA using the internal CA. I'd like to continue using this CA,
however, I'd also like to allow authorized external browser users (who
haven't imported our CA) to access the WebUI without receiving a
warning. Is it possible to add a 3rd party certificate and CA such that
it is only used for the WebUI using the instructions at


In a word: yes.

I'd recommend making a backup of /etc/httpd/alias and /etc/httpd/conf.d/nss.conf before doing this to make rolling back, if necessary, easier.


Manage your subscription for the Freeipa-users mailing list:
Go to for more info on the project

Reply via email to