[Freeipa-users] mod_nss FreeIPA
Günther J. Niederwimmer
gjn at gjn.priv.at
Thu May 26 06:46:34 UTC 2016
Hello David,
Am Donnerstag, 26. Mai 2016, 08:09:17 CEST schrieb David Kupka:
> On 26/05/16 07:42, Günther J. Niederwimmer wrote:
> > Hello,
> >
> > can any help to find the correct way to configure a Webserver with IPA.
> > (mod_nss)
> >
> > I can't create a correct DB in /etc/httpd/alias
> >
> > I search on the INet and read the install Log from ipa-server but it is
> > for me not possible to found a working way :-(.
> >
> > Thanks for a answer ?
>
> Hello Günther,
>
> I'm not sure if I understand your question. What I take from you message is:
>
> I want a IPA webserver with NSSDB in /etc/httpd/alias.
;-) No and Yes.
I want a new WEBSERVER on a ipa-client with IPA Certificate ?
Afterward I like to create a "DANE" Entry from this Certificate for this
webserver ?
Bat I fail with the first configuration
> The answer then is:
>
> ipa-server-install creates that DB for apache and populates it with
> certificates. So there is nothing to do.
Yes, and I can't found the way IPA create this ...
> From one of my test servers:
>
> # certutil -d /etc/httpd/alias/ -L
>
> Certificate Nickname Trust
> Attributes
>
> SSL,S/MIME,JAR/XPI
>
> ipaCert u,u,u
> Server-Cert u,u,u
> EXAMPLE.TEST IPA CA CT,C,C
> Signing-Cert u,u,u
>
>
> If this is not what you was asking please try to explain what you want
> to achieve with more details.
Thanks David for the answer,
I have on the Master also
Signing-Cert u,u,u
ipaCert u,u,u
Server-Cert u,u,u
XXXX.XXX CA CT,C,C
and on the replica this,
Server-Cert u,u,u
XXXX.XXX IPA CA CT,C,C
ipaCert u,u,u
I mean I must have a NSSDB like this from the replica, on my Webserver ?
--
mit freundlichen Grüßen / best regards,
Günther J. Niederwimmer
More information about the Freeipa-users
mailing list