[Freeipa-users] FreeIPA 4.1.0 server behind apache/mod_proxy
Alexander Bokovoy
abokovoy at redhat.com
Wed Jun 17 13:51:59 UTC 2015
On Wed, 17 Jun 2015, Piotr Baranowski wrote:
>----- Oryginalna wiadomość -----
>> Od: "Alexander Bokovoy" <abokovoy at redhat.com>
>> So you have two different certificates in use here and your client
>> doesn't know about the other certificate (from your proxy). You need
>> either to deliver that certificate to the client by yourself or change
>> your proxying technology to something different.
>>
>> For example, you can use sniproxy which doesn't require in-the-middle
>> certificate. https://github.com/dlundquist/sniproxy
>
>Thanks for that hint. I'll have a look at that.
>
>However I have an Idea:
>If I could export ipa's mod_nss cert+key and then use them on my proxy running mod_ssl that probably could solve the issue.
>
>Right?
Sort of. Now you would have an issue of maintaining the certificate in
multiple locations which would make rotation of it "interesting", so to
say.
--
/ Alexander Bokovoy
More information about the Freeipa-users
mailing list