[Freeipa-users] Why is port 80 needed for replication?
Alexander Bokovoy
abokovoy at redhat.com
Thu Mar 30 06:25:15 UTC 2017
On ke, 29 maalis 2017, Chris Herdt wrote:
>I'm curious as to why HTTP (port 80) is needed for IPA server
>replication, particularly since HTTPS (port 443) is also used. What
>unencrypted data is exchanged?
Because you need to access OCSP endpoint without going into chicken and
egg problem of trusting or not a certificate:
# openssl x509 -in /etc/ipa/ca.crt -noout -ocsp_uri
http://ipa-ca.example.com/ca/ocsp
See https://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol
--
/ Alexander Bokovoy
More information about the Freeipa-users
mailing list