[Freeipa-devel] ipa-server conflicts with mod_ssl

Rob Crittenden rcritten at redhat.com
Sat Apr 26 02:13:00 UTC 2008

Joe Harnish wrote:
> All,
> I just installed Fedora 9 Preview, updated went to install ipa-server.
>  It complained that ipa-server conflicts with mod_ssl.  Is the this
> expected behaviour?

Yes. We use mod_proxy which has only one set of hooks to do SSL 
proxying. Because we use mod_nss for SSL we have to disable mod_ssl.

Unfortunately this can be problematic if mod_ssl is upgraded (and a new 
ssl.conf is installed) so for now the two can't co-exist.

It isn't enough to set the mod_ssl SSLEngine off either. If the .so is 
loaded by Apache then mod_proxy will try to use mod_ssl instead of 
mod_nss for SSL proxying. Perhaps we can come up with a better way of 
doing this so that mod_ssl doesn't have to be removed but is still not 

The long-term fix is to patch mod_proxy to be configurable as to the SSL 
engine it uses.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20080425/085201d2/attachment.bin>

More information about the Freeipa-devel mailing list