IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2024-12-23 07:33:27 -06:00
Code Issues Packages Projects Releases Wiki Activity

Proxy PKI clone /ca/ee/ca/profileSubmit URI

Browse Source 
PKI change done in ticket https://fedorahosted.org/pki/ticket/816
requires the PKI Clone's SSL Server certificate to be issued by
it's associated PKI master.

Allow this call on IPA master.

https://fedorahosted.org/freeipa/ticket/4265

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
This commit is contained in:
Martin Kosek 2014-03-20 09:34:53 +01:00 committed by Petr Viktorin
parent c885bc3e49
commit 6ecc4600e9
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
install/conf/ipa-pki-proxy.conf
View File

@ -1,9 +1,9 @@
# VERSION 3 - DO NOT REMOVE THIS LINE
# VERSION 4 - DO NOT REMOVE THIS LINE
ProxyRequests Off
# matches for ee port
<LocationMatch "^/ca/ee/ca/checkRequest|^/ca/ee/ca/getCertChain|^/ca/ee/ca/getTokenInfo|^/ca/ee/ca/tokenAuthenticate|^/ca/ocsp|^/ca/ee/ca/updateNumberRange|^/ca/ee/ca/getCRL">
<LocationMatch "^/ca/ee/ca/checkRequest|^/ca/ee/ca/getCertChain|^/ca/ee/ca/getTokenInfo|^/ca/ee/ca/tokenAuthenticate|^/ca/ocsp|^/ca/ee/ca/updateNumberRange|^/ca/ee/ca/getCRL|^/ca/ee/ca/profileSubmit">
NSSOptions +StdEnvVars +ExportCertData +StrictRequire +OptRenegotiate
NSSVerifyClient none
ProxyPassMatch ajp://localhost:$DOGTAG_PORT