I had a few weeks away from this configuration and finally getting back to it. I'm uncertain of the correct path forward. I don't seem to be able to find the documentation on how to install the cert into the Passsync NSS database. I have been following this document:<div>

<br></div><div><a href="http://freeipa.org/docs/1.2/Installation_Deployment_Guide/en-US/html/chap-Installation_and_Deployment_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory.html">http://freeipa.org/docs/1.2/Installation_Deployment_Guide/en-US/html/chap-Installation_and_Deployment_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory.html</a><br>

<br>We are attempting to replicate users from an AD instance to FreeIPA,</div><div>Thanks- Jimmy</div><div><br><div class="gmail_quote">On Fri, Nov 11, 2011 at 4:55 PM, Rob Crittenden <span dir="ltr"><<a href="mailto:rcritten@redhat.com">rcritten@redhat.com</a>></span> wrote:<br>

<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"><div class="im">Rich Megginson wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
On 11/11/2011 02:23 PM, Jimmy wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
I do have the AD SSL cert installed, but from how I read it, I need to<br>
install the cert from the FreeIPA DS into Windows AD certificate store.<br>
</blockquote>
Perhaps for something else, but for windows sync/passsync, you do not<br>
need to install the cert from the FreeIPA DS into Windows AD certificate<br>
store.<br>
</blockquote>
<br></div>
Right, you just need to install it in the Passsync NSS databsae.<span class="HOEnZb"><font color="#888888"><br>
<br>
rob<br>
</font></span></blockquote></div><br></div>