<div dir="ltr"><br><div class="gmail_extra">but going back to ipa-rewrite.conf, these 2 seem contradictory:<br><br># Redirect to the fully-qualified hostname. Not redirecting to secure<br># port so configuration files can be retrieved without requiring SSL.<br>RewriteCond %{HTTP_HOST}    !^<a href="http://kdc01.unix.iriszorg.nl">kdc01.unix.iriszorg.nl</a>$ [NC]<br>RewriteRule ^/ipa/(.*)      <a href="http://kdc01.unix.iriszorg.nl/ipa/$1">http://kdc01.unix.iriszorg.nl/ipa/$1</a> [L,R=301]<br><br># Redirect to the secure port if not displaying an error or retrieving<br># configuration.<br>RewriteCond %{SERVER_PORT}  !^443$<br>RewriteCond %{REQUEST_URI}  !^/ipa/(errors|config)<br>RewriteRule ^/ipa/(.*)      <a href="https://kdc01.unix.iriszorg.nl/ipa/$1">https://kdc01.unix.iriszorg.nl/ipa/$1</a> [L,R=301,NC]<br><br></div><div class="gmail_extra">so I modified <br><br>RewriteCond %{REQUEST_URI}  !^/ipa/(errors|config)<br><br></div><div class="gmail_extra">with <br><br>RewriteCond %{REQUEST_URI}  !^/ipa/(errors|config|crl)<br><br></div><div class="gmail_extra">and now it works.<br><br></div><div class="gmail_extra">Is this ok? <br></div></div>