diff options
Diffstat (limited to 'install')
-rw-r--r-- | install/conf/Makefile.am | 1 | ||||
-rw-r--r-- | install/conf/ipa-pki-proxy.conf | 25 | ||||
-rwxr-xr-x | install/tools/ipa-ca-install | 4 |
3 files changed, 30 insertions, 0 deletions
diff --git a/install/conf/Makefile.am b/install/conf/Makefile.am index e00ad618f..5ee3eddb5 100644 --- a/install/conf/Makefile.am +++ b/install/conf/Makefile.am @@ -3,6 +3,7 @@ NULL = appdir = $(IPA_DATA_DIR) app_DATA = \ ipa.conf \ + ipa-pki-proxy.conf \ ipa-rewrite.conf \ $(NULL) diff --git a/install/conf/ipa-pki-proxy.conf b/install/conf/ipa-pki-proxy.conf new file mode 100644 index 000000000..275f32645 --- /dev/null +++ b/install/conf/ipa-pki-proxy.conf @@ -0,0 +1,25 @@ +ProxyRequests Off + +# matches for ee port +<LocationMatch "^/ca/ee/ca/checkRequest|^/ca/ee/ca/getCertChain|^/ca/ee/ca/getTokenInfo|^/ca/ee/ca/tokenAuthenticate|^/ca/ocsp|^/ca/ee/ca/updateNumberRange"> + NSSOptions +StdEnvVars +ExportCertData +StrictRequire +OptRenegotiate + NSSVerifyClient none + ProxyPassMatch ajp://localhost:9447/ + ProxyPassReverse ajp://localhost:9447/ +</LocationMatch> + +# matches for admin port +<LocationMatch "^/ca/admin/ca/getCertChain|^/ca/admin/ca/getConfigEntries|^/ca/admin/ca/getCookie|^/ca/admin/ca/getStatus|^/ca/admin/ca/securityDomainLogin|^/ca/admin/ca/getDomainXML"> + NSSOptions +StdEnvVars +ExportCertData +StrictRequire +OptRenegotiate + NSSVerifyClient none + ProxyPassMatch ajp://localhost:9447/ + ProxyPassReverse ajp://localhost:9447/ +</LocationMatch> + +# matches for agent port and eeca port +<LocationMatch "^/ca/agent/ca/displayBySerial|^/ca/agent/ca/doRevoke|^/ca/agent/ca/doUnrevoke|^/ca/agent/ca/updateDomainXML|^/ca/eeca/ca/profileSubmitSSLClient"> + NSSOptions +StdEnvVars +ExportCertData +StrictRequire +OptRenegotiate + NSSVerifyClient require + ProxyPassMatch ajp://localhost:9447/ + ProxyPassReverse ajp://localhost:9447/ +</LocationMatch> diff --git a/install/tools/ipa-ca-install b/install/tools/ipa-ca-install index 7bbba4b14..05a05dce9 100755 --- a/install/tools/ipa-ca-install +++ b/install/tools/ipa-ca-install @@ -36,6 +36,7 @@ from ipapython import version from ipalib import api, util from ipapython.config import IPAOptionParser from ipapython import sysrestore +from ipapython import ipautil CACERT="/etc/ipa/ca.crt" REPLICA_INFO_TOP_DIR=None @@ -144,6 +145,9 @@ def main(): cs.add_simple_service('dogtagldap/%s@%s' % (config.host_name, config.realm_name)) cs.add_cert_to_service() + # We need to restart apache as we drop a new config file in there + ipautil.service_restart('httpd', '', True) + try: if not os.geteuid()==0: sys.exit("\nYou must be root to run this script.\n") |