On Wed, 17 Jun 2015, Piotr Baranowski wrote:
----- Oryginalna wiadomość -----
Od: "Alexander Bokovoy" <aboko...@redhat.com>
So you have two different certificates in use here and your client
doesn't know about the other certificate (from your proxy). You need
either to deliver that certificate to the client by yourself or change
your proxying technology to something different.

For example, you can use sniproxy which doesn't require in-the-middle
certificate. https://github.com/dlundquist/sniproxy

Thanks for that hint. I'll have a look at that.

However I have an Idea:
If I could export ipa's mod_nss cert+key and then use them on my proxy running 
mod_ssl that probably could solve the issue.

Right?
Sort of. Now you would have an issue of maintaining the certificate in
multiple locations which would make rotation of it "interesting", so to
say.
--
/ Alexander Bokovoy

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to