With this version, and Ade's patch posted to the PKI list, we have a
I still need to do some cleanup in the /etc/httpd/conf.d directory: the
modifications to nss.conf are not removed in uninstall, nor is the
symlink to /etc/pki-ca/proxy.conf.
We also need to limit the number of suburls of the PKI CA that the proxy
exposes. This version exposes all of the. I think we need a very
I've created a replica --no-pki and successfully requested a
certificate on it.
On 08/19/2011 01:57 PM, Dmitri Pal wrote:
On 08/19/2011 01:19 PM, Adam Young wrote:
> The complete solution for this patch requires changes in Dogtag that
> Ade Lee is working on right now. In order to test, I have provided a
> couple of files that I have been using:
> 1. Apply patch, build and install IPA rpms, run ipaserver-install as
> per usual.
> 2. Move the dogtag.conf file into /etc/httpd/conf.d directorys
> 3. Run the proxy_dogtag.py script to modify the Dogtag instance to
> accept AJP connections from httpd so httpd can act as a proxy
> 4. Restart IPA
> To test:
> 1. add a host.
> 2. Generate a csr:
> 3. request a certificate for the newly added host.
> 4. Optionally, Revoke the certificate for the host
Please do not forget to test the proxy test when replica does not have
the CA installed and has to forward the request to the one that has.
> Freeipa-devel mailing list
Sr. Engineering Manager IPA project,
Red Hat Inc.
Looking to carve out IT costs?
Freeipa-devel mailing list