<html>
  <head>
    <meta content="text/html; charset=ISO-8859-1"
      http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    After talking with the PKI developer that is fixing this, I found
    out that one other file needs to be modified:<br>
    <br>
    <br>
    <p>
      /var/lib/pki-ca/conf/CS.cfg
    </p>
    <p>
      http.port=8080
      <br>
      https.port=8443
    </p>
    <br>
    <br>
    <br>
    <br>
    On 09/27/2011 07:55 PM, Adam Young wrote:
    <blockquote cite="mid:4E826272.7050100@redhat.com" type="cite">
      <meta content="text/html; charset=ISO-8859-1"
        http-equiv="Content-Type">
      <div class="comment">
        <p>Siggi,<br>
        </p>
        <p>This is my comment in the ticket: <a moz-do-not-send="true"
            class="moz-txt-link-freetext"
            href="https://fedorahosted.org/freeipa/ticket/1889">https://fedorahosted.org/freeipa/ticket/1889</a><br>
        </p>
        <p>We are working on a tool in the PKI project that will perform
          these steps in an automated fashion.<br>
        </p>
        <p><br>
        </p>
        <p>There are three files that need to be addressed. </p>
        <p> On the tomcat side, the files are in the Tomcat instance
          managed by IPA in /var/lib/pki-ca. The first is </p>
        <p> /var/lib/pki-ca/conf/server.xml </p>
        <p> It needs the addition: </p>
        <p> + <Connector port="9447" protocol="AJP/1.3"
          redirectPort="9444" /> </p>
        <p> You can place it around line 281, above the comment for the
          line <Engine name="Catalina" defaultHost="localhost"> </p>
        <p> Second is: /var/lib/pki-ca/webapps/ca/WEB-INF/web.xml </p>
        <p> For each of the filter entries it needs the code addition
          below: </p>
        <blockquote>
          <p> <init-param> </p>
          <blockquote>
            <p> <param-name>proxy_port</param-name>
              <param-value>443</param-value> </p>
          </blockquote>
          <p> </init-param> </p>
        </blockquote>
        <p> + <init-param> +
          <param-name>proxy_port</param-name> +
          <param-value>443</param-value> +
          </init-param> </p>
        <blockquote>
          <p> <init-param> </p>
          <blockquote>
            <p> <param-name>active</param-name>
              <param-value>true</param-value> </p>
          </blockquote>
          <p> </init-param> </p>
        </blockquote>
        <blockquote>
          <p> </filter> </p>
        </blockquote>
        <p> The third change is creating a symlink to
          /etc/pki-ca/proxy.conf in the directory /etc/httpd/conf.d </p>
      </div>
      <br>
      <br>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
      <pre wrap="">_______________________________________________
Freeipa-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Freeipa-users@redhat.com">Freeipa-users@redhat.com</a>
<a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/freeipa-users">https://www.redhat.com/mailman/listinfo/freeipa-users</a></pre>
    </blockquote>
    <br>
  </body>
</html>