[Freeipa-users] IPA port 80
Peter Fern
freeipa at 0xc0dedbad.com
Wed Aug 31 22:16:08 UTC 2016
You need to serve CRLs and OCSP via HTTP to avoid clients failing to
verify the cert of the host serving the CRL/OCSP when the cert on that
host needs to be verified at itself.
I'm not sure why you'd particularly care though - reading the Apache
configs and you should see that other than a couple of exceptions, all
HTTP traffic is redirected to HTTPS.
On 01/09/16 07:22, Sean Hogan wrote:
>
> Hi all,
>
> Been reading a lot about Port 80 for IPA and firewalls but have not
> found a concrete answer. I know the redhat docs indicate port 80 is
> required bidirectional however I need to investigate if it is truly
> needed.
>
> GUI only responds to 443 so not sure what else would be utilizing port
> 80. I have seen some references that dogtag proxies its ports to 80
> and 443 but if the gui is running on 443 does that mean dogtag is
> proxying via 443 only? Or is there a way to tell? Has anyone attempted
> not opening port 80 from IPA Server to IPA Server and clients to IPA
> server?
> ipa-server-3.0.0-50.el6.1.x86_64
>
>
>
>
> Sean Hogan
>
>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160901/86f85ebd/attachment.htm>
More information about the Freeipa-users
mailing list