I had the exact same requirement. Since we're on AWS, I ended up putting a ELB in front of each of my IPA servers with a commercial cert for web UI. The communication between ELB and the IPA server is using the IPA CA cert.
On 2 July 2015 at 07:03, Rob Crittenden <rcrit...@redhat.com> wrote: > Stephen Ingram wrote: > >> I setup IPA using the internal CA. I'd like to continue using this CA, >> however, I'd also like to allow authorized external browser users (who >> haven't imported our CA) to access the WebUI without receiving a >> warning. Is it possible to add a 3rd party certificate and CA such that >> it is only used for the WebUI using the instructions at >> http://www.freeipa.org/page/Using_3rd_part_certificates_for_HTTP/LDAP? >> >> Steve >> >> >> > In a word: yes. > > I'd recommend making a backup of /etc/httpd/alias and > /etc/httpd/conf.d/nss.conf before doing this to make rolling back, if > necessary, easier. > > rob > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project