Ian Pilcher wrote:
On 08/24/2015 01:47 AM, Martin Kosek wrote:
FreeIPA can play well with other stuff running on the same Apache as
long as
you do not break it's Apache configuration - like mod_nss running on
port 443,
CA proxy or the RPC connection URIs used by "ipa" tool or other tools.

So the answer is - it is possible, but there are dragons lurking on the
shadows, so please be careful.

So I think that I have this working.  I've been able to set up a
"default" named virtual host on port 80 that does the IPA web UI
redirection, along with a separate named virtual host that redirects
to a reverse proxy (SSL endpoint)/static content server on a random
high port.

(This will all be used to secure access to my new OpenSprinkler
controller when it arrives.)

I've posted a sanitized version of the config file at:


I've tested both "redirection" servers on port 80, using both short
hostnames and FQDNs, and I've verified that the correct certificates
and CA chains are being served on ports 443 and 59872.

How can I test the CA proxy and RPC URIs?  Is there anything else I
should check before I declare victory and start drinking?


This will exercise the basics:

ipa cert-show 1

As long as /ca is opened by IPA you should be ok.


Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to