After talking with the PKI developer that is fixing this, I found out that one other file needs to be modified:



On 09/27/2011 07:55 PM, Adam Young wrote:


This is my comment in the ticket:

We are working on a tool in the PKI project that will perform these steps in an automated fashion.

There are three files that need to be addressed.

On the tomcat side, the files are in the Tomcat instance managed by IPA in /var/lib/pki-ca. The first is


It needs the addition:

+ <Connector port="9447" protocol="AJP/1.3" redirectPort="9444" />

You can place it around line 281, above the comment for the line <Engine name="Catalina" defaultHost="localhost">

Second is: /var/lib/pki-ca/webapps/ca/WEB-INF/web.xml

For each of the filter entries it needs the code addition below:




+ <init-param> + <param-name>proxy_port</param-name> + <param-value>443</param-value> + </init-param>


        <param-name>active</param-name> <param-value>true</param-value>



The third change is creating a symlink to /etc/pki-ca/proxy.conf in the directory /etc/httpd/conf.d

Freeipa-users mailing list

Freeipa-users mailing list

Reply via email to