freeipa.git/install/tools/ipa-ca-install, branch platform-master FreeIPA project Convert installation tools to platform-independent access to system services 2011-09-13T09:15:50+00:00 Alexander Bokovoy abokovoy@redhat.com 2011-09-12T21:11:54+00:00 bbbb550aaa13eb2ebdb113ff8738ed5c8f5277aa http://fedorahosted.org/freeipa/ticket/1605 
http://fedorahosted.org/freeipa/ticket/1605
enable proxy for dogtag 2011-08-29T21:54:49+00:00 Adam Young ayoung@redhat.com 2011-08-17T19:36:18+00:00 5ee93349f6700d024fa4db68c960951d9964504b Dogtag is going to be proxied through httpd. To make this work, it has to support renegotiation of the SSL connection. This patch enables renegotiate in the nss configuration file during during apache configuration, as well as modifies libnss to set the appropriate optins on the ssl connection in order to renegotiate. The IPA install uses the internal ports instead of proxying through httpd since httpd is not set up yet. IPA needs to Request the certificate through a port that uses authentication. On the Dogtag side, they provide an additional mapping for this: /ca/eeca/ca as opposed tp /ca/ee/ca just for this purpose. https://fedorahosted.org/freeipa/ticket/1334 add flag to pkicreate in order to enable using proxy. add the proxy file in /etc/http/conf.d/ Signed-off-by: Simo Sorce <ssorce@redhat.com> 
Dogtag is going to be proxied through httpd.  To make this work, it has to support renegotiation of the SSL
connection.  This patch enables renegotiate in the nss configuration file during during apache configuration,
as well as modifies libnss to set the appropriate optins on the ssl connection in order to  renegotiate.

The IPA install uses the internal ports instead of proxying through
httpd since  httpd is not set up yet.

IPA needs to Request the certificate through a port that uses authentication.  On the Dogtag side, they provide an additional mapping for this:   /ca/eeca/ca as opposed tp /ca/ee/ca  just for this purpose.

https://fedorahosted.org/freeipa/ticket/1334

add flag to pkicreate in order to enable using proxy.

add the proxy file in  /etc/http/conf.d/

Signed-off-by: Simo Sorce <ssorce@redhat.com>
Re-arrange CA configuration code to reduce the number of restarts. 2011-08-04T00:38:07+00:00 Rob Crittenden rcritten@redhat.com 2011-08-01T19:16:24+00:00 8495af1a50faca496fe2ce425b9b3a7f21ba1ea6 Ade Lee from the dogtag team looked at the configuration code and determined that a number of restarts were not needed and recommended re-arranging other code to reduce the number of restarts to one. https://fedorahosted.org/freeipa/ticket/1555 
Ade Lee from the dogtag team looked at the configuration code and
determined that a number of restarts were not needed and recommended
re-arranging other code to reduce the number of restarts to one.

https://fedorahosted.org/freeipa/ticket/1555
Fix self-signed replica installation 2011-07-15T02:36:53+00:00 Martin Kosek mkosek@redhat.com 2011-07-14T12:09:53+00:00 d802aa57f16e3267b4db739721a56e041e5f888e When a replica for self-signed server is being installed, the installer crashes with "Not a dogtag CA installation". Make sure that installation is handled correctly for both dogtag and self-signed replicas. https://fedorahosted.org/freeipa/ticket/1479 
When a replica for self-signed server is being installed, the
installer crashes with "Not a dogtag CA installation". Make sure
that installation is handled correctly for both dogtag and
self-signed replicas.

https://fedorahosted.org/freeipa/ticket/1479
Make dogtag an optional (and default un-) installed component in a replica. 2011-06-23T23:04:33+00:00 Rob Crittenden rcritten@redhat.com 2011-06-17T20:47:39+00:00 8a32bb3746802a29b2655e4ad2cbbba8481e1eaf A dogtag replica file is created as usual. When the replica is installed dogtag is optional and not installed by default. Adding the --setup-ca option will configure it when the replica is installed. A new tool ipa-ca-install will configure dogtag if it wasn't configured when the replica was initially installed. This moves a fair bit of code out of ipa-replica-install into installutils and cainstance to avoid duplication. https://fedorahosted.org/freeipa/ticket/1251 
A dogtag replica file is created as usual. When the replica is installed
dogtag is optional and not installed by default. Adding the --setup-ca
option will configure it when the replica is installed.

A new tool ipa-ca-install will configure dogtag if it wasn't configured
when the replica was initially installed.

This moves a fair bit of code out of ipa-replica-install into
installutils and cainstance to avoid duplication.

https://fedorahosted.org/freeipa/ticket/1251