[Pki-devel] [Freeipa-devel] [PATCH] 0283-enable-proxy-for-dogtag
Adam Young
ayoung at redhat.com
Tue Aug 23 02:42:02 UTC 2011
With this version, and Ade's patch posted to the PKI list, we have a
functioning proxy.
I still need to do some cleanup in the /etc/httpd/conf.d directory: the
modifications to nss.conf are not removed in uninstall, nor is the
symlink to /etc/pki-ca/proxy.conf.
We also need to limit the number of suburls of the PKI CA that the proxy
exposes. This version exposes all of the. I think we need a very
limited subset.
I've created a replica --no-pki and successfully requested a
certificate on it.
On 08/19/2011 01:57 PM, Dmitri Pal wrote:
> On 08/19/2011 01:19 PM, Adam Young wrote:
>> The complete solution for this patch requires changes in Dogtag that
>> Ade Lee is working on right now. In order to test, I have provided a
>> couple of files that I have been using:
>>
>>
>> 1. Apply patch, build and install IPA rpms, run ipaserver-install as
>> per usual.
>> 2. Move the dogtag.conf file into /etc/httpd/conf.d directorys
>> 3. Run the proxy_dogtag.py script to modify the Dogtag instance to
>> accept AJP connections from httpd so httpd can act as a proxy
>> 4. Restart IPA
>>
>>
>> To test:
>>
>> 1. add a host.
>> 2. Generate a csr:
>> http://freeipa.org/page/Certificate_Authority#Request_a_certificate
>> 3. request a certificate for the newly added host.
>> 4. Optionally, Revoke the certificate for the host
>>
>
>
> Please do not forget to test the proxy test when replica does not have
> the CA installed and has to forward the request to the one that has.
>
>>
>>
>> _______________________________________________
>> Freeipa-devel mailing list
>> Freeipa-devel at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-devel
>
>
> --
> Thank you,
> Dmitri Pal
>
> Sr. Engineering Manager IPA project,
> Red Hat Inc.
>
>
> -------------------------------
> Looking to carve out IT costs?
> www.redhat.com/carveoutcosts/
>
>
>
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20110822/30df5279/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-admiyo-0283-1-enable-proxy-for-dogtag.patch
Type: text/x-patch
Size: 9680 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20110822/30df5279/attachment.bin>
More information about the Pki-devel
mailing list