The complete solution for this patch requires changes in Dogtag that Ade
Lee is working on right now. In order to test, I have provided a couple
of files that I have been using:
1. Apply patch, build and install IPA rpms, run ipaserver-install as
per usual.
2. Move the dogtag.conf file into /etc/httpd/conf.d directorys
3. Run the proxy_dogtag.py script to modify the Dogtag instance to
accept AJP connections from httpd so httpd can act as a proxy
4. Restart IPA
To test:
1. add a host.
2. Generate a csr:
http://freeipa.org/page/Certificate_Authority#Request_a_certificate
3. request a certificate for the newly added host.
4. Optionally, Revoke the certificate for the host