Hi there, our IPA servers' https port is exposed to internet. I wanted to restrict access to Web UI by requesting a user certificate issued by IPA and enabling Apache setting "NSSVerifyClient require" (or "optional") in /etc/httpd/conf.d/nss.conf This, however, broke "ipa" command, which now started to fail like: [user@im conf.d]$ ipa user-show user ipa: ERROR: cannot connect to 'https://a.b.c.d/ipa/json': (SSL_ERROR_BAD_CERT_ALERT) SSL peer cannot verify your certificate.
Questions: Is it possible for "ipa" command to present sertificate to Apache server? Anything else is going to break by such approach? Thanks, Ivars _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
