Success with these additional changes:
[root@ipa-server-3 python2.7]# diff /etc/httpd/conf.d/nss.conf.orig
/etc/httpd/conf.d/nss.conf
74c74
< NSSRenegotiation off
---
> NSSRenegotiation on
[root@ipa-server-3 python2.7]# diff -u
./site-packages/ipapython/nsslib.py.orig ./site-packages/ipapyth
Just to keep the lists informed:
We found a couple more things out after that last posting:
The suburl /ca/ee/ca/ works fine, so mod_proxcy_ajp does work in some
cases.
Calling the CA from IPA does not work as we get the error:
[Mon Aug 15 22:44:17 2011] [debug] nss_engine_kernel.c(418):
On 08/15/2011 12:00 PM, Ade Lee wrote:
Adam,
As you know, I have been testing putting a dogtag CA behind an apache
instance - and using the standard ports to contact the CA. The basic
idea is to let apache handle the client authentication required, and
then to pass the relevant parameters to to
Cross posting to the freeipa devel list, as I think this is where people
are going to be most interested.
On 08/15/2011 12:00 PM, Ade Lee wrote:
Adam,
As you know, I have been testing putting a dogtag CA behind an apache
instance - and using the standard ports to contact the CA. The basic
i
