diff options
author | Martin Kosek <mkosek@redhat.com> | 2014-03-20 09:34:53 +0100 |
---|---|---|
committer | Petr Viktorin <pviktori@redhat.com> | 2014-03-25 14:06:35 +0100 |
commit | 6ecc4600e9370a637916360396f18699e4b7f59b (patch) | |
tree | 78a1b3e42039656dcad85b78802bfc3b5875e0e7 /install/conf/ipa-pki-proxy.conf | |
parent | c885bc3e49b41490668ed8b62989d71ec1cadf34 (diff) | |
download | freeipa-6ecc4600e9370a637916360396f18699e4b7f59b.tar.gz freeipa-6ecc4600e9370a637916360396f18699e4b7f59b.tar.xz freeipa-6ecc4600e9370a637916360396f18699e4b7f59b.zip |
Proxy PKI clone /ca/ee/ca/profileSubmit URI
PKI change done in ticket https://fedorahosted.org/pki/ticket/816
requires the PKI Clone's SSL Server certificate to be issued by
it's associated PKI master.
Allow this call on IPA master.
https://fedorahosted.org/freeipa/ticket/4265
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Diffstat (limited to 'install/conf/ipa-pki-proxy.conf')
-rw-r--r-- | install/conf/ipa-pki-proxy.conf | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/install/conf/ipa-pki-proxy.conf b/install/conf/ipa-pki-proxy.conf index 6f0463242..224cdd45b 100644 --- a/install/conf/ipa-pki-proxy.conf +++ b/install/conf/ipa-pki-proxy.conf @@ -1,9 +1,9 @@ -# VERSION 3 - DO NOT REMOVE THIS LINE +# VERSION 4 - DO NOT REMOVE THIS LINE ProxyRequests Off # matches for ee port -<LocationMatch "^/ca/ee/ca/checkRequest|^/ca/ee/ca/getCertChain|^/ca/ee/ca/getTokenInfo|^/ca/ee/ca/tokenAuthenticate|^/ca/ocsp|^/ca/ee/ca/updateNumberRange|^/ca/ee/ca/getCRL"> +<LocationMatch "^/ca/ee/ca/checkRequest|^/ca/ee/ca/getCertChain|^/ca/ee/ca/getTokenInfo|^/ca/ee/ca/tokenAuthenticate|^/ca/ocsp|^/ca/ee/ca/updateNumberRange|^/ca/ee/ca/getCRL|^/ca/ee/ca/profileSubmit"> NSSOptions +StdEnvVars +ExportCertData +StrictRequire +OptRenegotiate NSSVerifyClient none ProxyPassMatch ajp://localhost:$DOGTAG_PORT |