Hello David, Am Donnerstag, 26. Mai 2016, 08:09:17 CEST schrieb David Kupka: > On 26/05/16 07:42, Günther J. Niederwimmer wrote: > > Hello, > > > > can any help to find the correct way to configure a Webserver with IPA. > > (mod_nss) > > > > I can't create a correct DB in /etc/httpd/alias > > > > I search on the INet and read the install Log from ipa-server but it is > > for me not possible to found a working way :-(. > > > > Thanks for a answer ? > > Hello Günther, > > I'm not sure if I understand your question. What I take from you message is: > > I want a IPA webserver with NSSDB in /etc/httpd/alias.
;-) No and Yes. I want a new WEBSERVER on a ipa-client with IPA Certificate ? Afterward I like to create a "DANE" Entry from this Certificate for this webserver ? Bat I fail with the first configuration > The answer then is: > > ipa-server-install creates that DB for apache and populates it with > certificates. So there is nothing to do. Yes, and I can't found the way IPA create this ... > From one of my test servers: > > # certutil -d /etc/httpd/alias/ -L > > Certificate Nickname Trust > Attributes > > SSL,S/MIME,JAR/XPI > > ipaCert u,u,u > Server-Cert u,u,u > EXAMPLE.TEST IPA CA CT,C,C > Signing-Cert u,u,u > > > If this is not what you was asking please try to explain what you want > to achieve with more details. Thanks David for the answer, I have on the Master also Signing-Cert u,u,u ipaCert u,u,u Server-Cert u,u,u XXXX.XXX CA CT,C,C and on the replica this, Server-Cert u,u,u XXXX.XXX IPA CA CT,C,C ipaCert u,u,u I mean I must have a NSSDB like this from the replica, on my Webserver ? -- mit freundlichen Grüßen / best regards, Günther J. Niederwimmer -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project