On ke, 29 maalis 2017, Chris Herdt wrote:
I'm curious as to why HTTP (port 80) is needed for IPA server
replication, particularly since HTTPS (port 443) is also used. What
unencrypted data is exchanged?
Because you need to access OCSP endpoint without going into chicken and
egg problem of trusting or not a certificate:

# openssl x509 -in /etc/ipa/ca.crt -noout -ocsp_uri

See https://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol

/ Alexander Bokovoy

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to