Hi there,
our IPA servers' https port is exposed to internet. I wanted to restrict access 
to Web UI by requesting a user certificate issued by IPA and enabling Apache 
setting "NSSVerifyClient require" (or "optional") in /etc/httpd/conf.d/nss.conf
This, however, broke "ipa" command, which now started to fail like:
[user@im conf.d]$ ipa user-show user
ipa: ERROR: cannot connect to 'https://a.b.c.d/ipa/json': 
(SSL_ERROR_BAD_CERT_ALERT) SSL peer cannot verify your certificate.

Is it possible for "ipa" command to present sertificate to Apache server?
Anything else is going to break by such approach?

FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to