<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="comment">
<p>Siggi,<br>
</p>
<p>This is my comment in the ticket:
<a class="moz-txt-link-freetext" href="https://fedorahosted.org/freeipa/ticket/1889">https://fedorahosted.org/freeipa/ticket/1889</a><br>
</p>
<p>We are working on a tool in the PKI project that will perform
these steps in an automated fashion.<br>
</p>
<p><br>
</p>
<p>There are three files that need to be addressed.
</p>
<p>
On the tomcat side, the files are in the Tomcat instance managed
by IPA in /var/lib/pki-ca. The first is </p>
<p>
/var/lib/pki-ca/conf/server.xml
</p>
<p>
It needs the addition:
</p>
<p>
+ <Connector port="9447" protocol="AJP/1.3"
redirectPort="9444" />
</p>
<p>
You can place it around line 281, above the comment for the line
<Engine name="Catalina" defaultHost="localhost">
</p>
<p>
Second is:
/var/lib/pki-ca/webapps/ca/WEB-INF/web.xml
</p>
<p>
For each of the filter entries it needs the code addition below:
</p>
<blockquote>
<p>
<init-param>
</p>
<blockquote>
<p>
<param-name>proxy_port</param-name>
<param-value>443</param-value>
</p>
</blockquote>
<p>
</init-param>
</p>
</blockquote>
<p>
+ <init-param>
+ <param-name>proxy_port</param-name>
+ <param-value>443</param-value>
+ </init-param>
</p>
<blockquote>
<p>
<init-param>
</p>
<blockquote>
<p>
<param-name>active</param-name>
<param-value>true</param-value>
</p>
</blockquote>
<p>
</init-param>
</p>
</blockquote>
<blockquote>
<p>
</filter>
</p>
</blockquote>
<p>
The third change is creating a symlink to /etc/pki-ca/proxy.conf
in the directory /etc/httpd/conf.d
</p>
</div>
<br>
<br>
</body>
</html>