[Freeipa-users] 3rd party certificate for WebUI only
Prashant Bapat
prashant at apigee.com
Thu Jul 2 06:27:00 UTC 2015
Since the commercial cert is outside IPA renewing that cert would not
impact IPA at all.
On 2 July 2015 at 11:50, Prasun Gera <prasun.gera at gmail.com> wrote:
> How smooth is the renewal process ? if the webui cert expires, does it
> affect the core ipa functionality in any way ? Also, when ipa does it's own
> auto-renewal, does it leave the webui alone if set up this way ?
>
> On Wed, Jul 1, 2015 at 9:16 PM, Prashant Bapat <prashant at apigee.com>
> wrote:
>
>> I had the exact same requirement. Since we're on AWS, I ended up putting
>> a ELB in front of each of my IPA servers with a commercial cert for web UI.
>> The communication between ELB and the IPA server is using the IPA CA cert.
>>
>> On 2 July 2015 at 07:03, Rob Crittenden <rcritten at redhat.com> wrote:
>>
>>> Stephen Ingram wrote:
>>>
>>>> I setup IPA using the internal CA. I'd like to continue using this CA,
>>>> however, I'd also like to allow authorized external browser users (who
>>>> haven't imported our CA) to access the WebUI without receiving a
>>>> warning. Is it possible to add a 3rd party certificate and CA such that
>>>> it is only used for the WebUI using the instructions at
>>>> http://www.freeipa.org/page/Using_3rd_part_certificates_for_HTTP/LDAP?
>>>>
>>>> Steve
>>>>
>>>>
>>>>
>>> In a word: yes.
>>>
>>> I'd recommend making a backup of /etc/httpd/alias and
>>> /etc/httpd/conf.d/nss.conf before doing this to make rolling back, if
>>> necessary, easier.
>>>
>>> rob
>>>
>>> --
>>> Manage your subscription for the Freeipa-users mailing list:
>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>> Go to http://freeipa.org for more info on the project
>>>
>>
>>
>> --
>> Manage your subscription for the Freeipa-users mailing list:
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>> Go to http://freeipa.org for more info on the project
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150702/8b19f372/attachment.htm>
More information about the Freeipa-users
mailing list