On 08/19/2011 01:19 PM, Adam Young wrote: > The complete solution for this patch requires changes in Dogtag that > Ade Lee is working on right now. In order to test, I have provided a > couple of files that I have been using: > > > 1. Apply patch, build and install IPA rpms, run ipaserver-install as > per usual. > 2. Move the dogtag.conf file into /etc/httpd/conf.d directorys > 3. Run the proxy_dogtag.py script to modify the Dogtag instance to > accept AJP connections from httpd so httpd can act as a proxy > 4. Restart IPA > > > To test: > > 1. add a host. > 2. Generate a csr: > http://freeipa.org/page/Certificate_Authority#Request_a_certificate > 3. request a certificate for the newly added host. > 4. Optionally, Revoke the certificate for the host > Please do not forget to test the proxy test when replica does not have the CA installed and has to forward the request to the one that has. > > > _______________________________________________ > Freeipa-devel mailing list > Freeipa-devel(a)redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-devel -- Thank you, Dmitri Pal Sr. Engineering Manager IPA project, Red Hat Inc. ------------------------------- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ _______________________________________________ Freeipa-devel mailing list Freeipa-devel(a)redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel