On ke, 29 maalis 2017, Chris Herdt wrote:
I'm curious as to why HTTP (port 80) is needed for IPA server
replication, particularly since HTTPS (port 443) is also used. What
unencrypted data is exchanged?
Because you need to access OCSP endpoint without going into chicken and
egg problem of trusting or not a certificate:

# openssl x509 -in /etc/ipa/ca.crt -noout -ocsp_uri
http://ipa-ca.example.com/ca/ocsp

See https://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol


--
/ Alexander Bokovoy

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to