----- 17 cze 2015 o 15:51, Alexander Bokovoy [email protected] napisał(a):
> On Wed, 17 Jun 2015, Piotr Baranowski wrote: >>----- Oryginalna wiadomość ----- >>> Od: "Alexander Bokovoy" <[email protected]> >>> So you have two different certificates in use here and your client >>> doesn't know about the other certificate (from your proxy). You need >>> either to deliver that certificate to the client by yourself or change >>> your proxying technology to something different. >>> >>> For example, you can use sniproxy which doesn't require in-the-middle >>> certificate. https://github.com/dlundquist/sniproxy >> >>Thanks for that hint. I'll have a look at that. >> >>However I have an Idea: >>If I could export ipa's mod_nss cert+key and then use them on my proxy running >>mod_ssl that probably could solve the issue. >> >>Right? > Sort of. Now you would have an issue of maintaining the certificate in > multiple locations which would make rotation of it "interesting", so to > say. Those would be only TWO certificates to manage. What's the challenge here? Piotr -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
