I had the exact same requirement. Since we're on AWS, I ended up putting a
ELB in front of each of my IPA servers with a commercial cert for web UI.
The communication between ELB and the IPA server is using the IPA CA cert.
On 2 July 2015 at 07:03, Rob Crittenden <rcrit...@redhat.com> wrote:
> Stephen Ingram wrote:
>> I setup IPA using the internal CA. I'd like to continue using this CA,
>> however, I'd also like to allow authorized external browser users (who
>> haven't imported our CA) to access the WebUI without receiving a
>> warning. Is it possible to add a 3rd party certificate and CA such that
>> it is only used for the WebUI using the instructions at
> In a word: yes.
> I'd recommend making a backup of /etc/httpd/alias and
> /etc/httpd/conf.d/nss.conf before doing this to make rolling back, if
> necessary, easier.
> Manage your subscription for the Freeipa-users mailing list:
> Go to http://freeipa.org for more info on the project
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project