Good afternoon, The configuration seem to have been put in /etc/httpd/client.conf see below:
> <IfModule mod_nss.c> > <VirtualHost *:443> > ServerName client > > NSSEnforceValidCerts off > > NSSEngine on > > NSSCipherSuite > +aes_128_sha_256,+aes_256_sha_256,+ecdhe_ecdsa_aes_128_gcm_sha_256,+ecdhe_ecdsa_aes_128_sha,+ecdhe_ecdsa_aes_256_sha,+ecdhe_rsa_aes_128_gcm_sha_256,+ecdhe_rsa_aes_128_sha,+ecdhe_rsa_aes_256_sha,+rsa_aes_128_gcm_sh$ > NSSProtocol TLSv1.0,TLSv1.1,TLSv1.2 > > NSSNickname Server-Cert > > NSSCertificateDatabase /etc/httpd/nssdb > > Redirect permanent / https://client.qc.lrtech.ca/ > </VirtualHost> > > <VirtualHost *:443> > ServerName client.qc.lrtech.ca > > NSSEnforceValidCerts off > > NSSEngine on > > NSSCipherSuite > +aes_128_sha_256,+aes_256_sha_256,+ecdhe_ecdsa_aes_128_gcm_sha_256,+ecdhe_ecdsa_aes_128_sha$ > NSSProtocol TLSv1.0,TLSv1.1,TLSv1.2 > > NSSNickname Server-Cert > > NSSCertificateDatabase /etc/httpd/nssdb > ProxyRequests Off > > ProxyPreserveHost On > <Proxy *> > Order deny,allow > #Deny from all > Allow from all > </Proxy> > ProxyPass / http://127.0.0.1:8169/ retry=0 > ProxyPassReverse / http://127.0.0.1:8169/ retry=0 > </VirtualHost> > </IfModule> I tried to restart httpd, certmonger, and my browser but without success. When I do ipa-getcert resubmit -i <id> am I suppose to see something change freeipa.qc.lrtech.ca/ipa/ui/#/e/cert/search? All I can see is Expired, Revoked and greyed out certificates. Eric _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
