diff options
author | Fraser Tweedale <ftweedal@redhat.com> | 2016-08-26 10:02:21 +1000 |
---|---|---|
committer | Martin Babinsky <mbabinsk@redhat.com> | 2016-09-07 12:49:28 +0200 |
commit | 4c35afccf3cf3a5176e598872c4fcff80b416335 (patch) | |
tree | c9cc16c35e19d81d4a492c084bfa2ba39d3699ee /install/conf | |
parent | c5cbc8de89c7d88c443bff937fe9aa965e4c1c94 (diff) | |
download | freeipa-4c35afccf3cf3a5176e598872c4fcff80b416335.tar.gz freeipa-4c35afccf3cf3a5176e598872c4fcff80b416335.tar.xz freeipa-4c35afccf3cf3a5176e598872c4fcff80b416335.zip |
Use Dogtag REST API for certificate requests
The Dogtag REST API gives better responses statuses than the RPC API
and properly reports failure due to disabled CA (status 409). Make
'ra' extend 'RestClient' and refactor the 'request_certificate'
method to use Dogtag's REST API.
Part of: https://fedorahosted.org/freeipa/ticket/6260
Part of: https://fedorahosted.org/freeipa/ticket/3473
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
Diffstat (limited to 'install/conf')
-rw-r--r-- | install/conf/ipa-pki-proxy.conf | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/install/conf/ipa-pki-proxy.conf b/install/conf/ipa-pki-proxy.conf index 545f21253..b48a3020d 100644 --- a/install/conf/ipa-pki-proxy.conf +++ b/install/conf/ipa-pki-proxy.conf @@ -1,4 +1,4 @@ -# VERSION 9 - DO NOT REMOVE THIS LINE +# VERSION 10 - DO NOT REMOVE THIS LINE ProxyRequests Off @@ -27,7 +27,7 @@ ProxyRequests Off </LocationMatch> # matches for CA REST API -<LocationMatch "^/ca/rest/account/login|^/ca/rest/account/logout|^/ca/rest/installer/installToken|^/ca/rest/securityDomain/domainInfo|^/ca/rest/securityDomain/installToken|^/ca/rest/profiles|^/ca/rest/authorities|^/ca/rest/admin/kraconnector/remove"> +<LocationMatch "^/ca/rest/account/login|^/ca/rest/account/logout|^/ca/rest/installer/installToken|^/ca/rest/securityDomain/domainInfo|^/ca/rest/securityDomain/installToken|^/ca/rest/profiles|^/ca/rest/authorities|^/ca/rest/certrequests|^/ca/rest/admin/kraconnector/remove"> NSSOptions +StdEnvVars +ExportCertData +StrictRequire +OptRenegotiate NSSVerifyClient optional ProxyPassMatch ajp://localhost:$DOGTAG_PORT |