----- 17 cze 2015 o 15:51, Alexander Bokovoy aboko...@redhat.com napisał(a):

> On Wed, 17 Jun 2015, Piotr Baranowski wrote:
>>----- Oryginalna wiadomość -----
>>> Od: "Alexander Bokovoy" <aboko...@redhat.com>
>>> So you have two different certificates in use here and your client
>>> doesn't know about the other certificate (from your proxy). You need
>>> either to deliver that certificate to the client by yourself or change
>>> your proxying technology to something different.
>>>
>>> For example, you can use sniproxy which doesn't require in-the-middle
>>> certificate. https://github.com/dlundquist/sniproxy
>>
>>Thanks for that hint. I'll have a look at that.
>>
>>However I have an Idea:
>>If I could export ipa's mod_nss cert+key and then use them on my proxy running
>>mod_ssl that probably could solve the issue.
>>
>>Right?
> Sort of. Now you would have an issue of maintaining the certificate in
> multiple locations which would make rotation of it "interesting", so to
> say.

Those would be only TWO certificates to manage. What's the challenge here?

Piotr

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to