our IPA servers' https port is exposed to internet. I wanted to restrict access
to Web UI by requesting a user certificate issued by IPA and enabling Apache
setting "NSSVerifyClient require" (or "optional") in /etc/httpd/conf.d/nss.conf
This, however, broke "ipa" command, which now started to fail like:
[user@im conf.d]$ ipa user-show user
ipa: ERROR: cannot connect to 'https://a.b.c.d/ipa/json':
(SSL_ERROR_BAD_CERT_ALERT) SSL peer cannot verify your certificate.
Is it possible for "ipa" command to present sertificate to Apache server?
Anything else is going to break by such approach?
FreeIPA-users mailing list -- email@example.com
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org