[Freeipa-users] [Fwd: [Freeipa-devel] script to proxy-ize a dogtag instance]
Sigbjorn Lie
sigbjorn at nixtra.com
Thu Sep 29 21:36:17 UTC 2011
On 09/28/2011 11:36 PM, Ade Lee wrote:
> Cross-posting to freeipa-users.
>
> In addition, Adam determined that the following dirctives need to be
> enabled in /etc/httpd/conf.d/nss.conf :
>
> NSSRenegotiation on
> NSSRequireSafeNegotiation on
>
> Ade
>
I have manually verified the files from reading your script, while cross
referencing with the replies from Adam Young. I am still receiveing an
error both in the webui and the cli: "ipa: ERROR: Certificate operation
cannot be completed: Unable to communicate with CMS (Bad Request)".
Have you verified this script as working in another environment? ...
Meaning there would be something wrong with the changes I've done
manually along the way...
I have done these changes on one IPA server only so far for testing, I
don't see the any traffic going to the other IPA servers while I'm doing
ipa cert-show or ipa host-disable. Does it need to be done on the IPA
servers all to work successfully?
Rgds,
Siggi
More information about the Freeipa-users
mailing list