[Pki-devel] patch for review : https://bugzilla.redhat.com/show_bug.cgi?id=712931
Ade Lee
alee at redhat.com
Mon Aug 22 01:47:23 UTC 2011
https://bugzilla.redhat.com/show_bug.cgi?id=712931 - CS requires too
many ports to be opened in firewall.
This patch provides configuration to run the ca behind an apache proxy.
For IPA, once you apply the patch, you will need to update pki-ca,
pki-common, pki-setup, pki-selinux, pki-common-javadoc. The UI changes
are just to remove some annoying 404's in the httpd logs.
Then, you need to call pkicreate with the additional option
-enable_proxy. This will configure the system to run behind a proxy
with ajp port 9447, proxy secure port 443 and proxy unsecure port 80.
Pkisilent can run as before. After pkisilent is complete, the
file /etc/<instance_name/conf/proxy.conf will exist.
Make a symbolic link of this file to /etc/httpd/conf.d/dogtag.conf
Restart httpd and you should be able to browse from httpd.
Adam, please test IPA install and also install of a replica. Remember
that the replica security domain should be at port 443.
Ade
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 712931.patch
Type: text/x-patch
Size: 68797 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20110821/ce7ca356/attachment.bin>
More information about the Pki-devel
mailing list