but going back to ipa-rewrite.conf, these 2 seem contradictory:
# Redirect to the fully-qualified hostname. Not redirecting to secure
# port so configuration files can be retrieved without requiring SSL.
RewriteCond %{HTTP_HOST} !^kdc01.unix.iriszorg.nl$ [NC]
RewriteRule ^/ipa/(.*) http://kdc01.unix.iriszorg.nl/ipa/$1 [L,R=301]
# Redirect to the secure port if not displaying an error or retrieving
# configuration.
RewriteCond %{SERVER_PORT} !^443$
RewriteCond %{REQUEST_URI} !^/ipa/(errors|config)
RewriteRule ^/ipa/(.*) https://kdc01.unix.iriszorg.nl/ipa/$1
[L,R=301,NC]
so I modified
RewriteCond %{REQUEST_URI} !^/ipa/(errors|config)
with
RewriteCond %{REQUEST_URI} !^/ipa/(errors|config|crl)
and now it works.
Is this ok?
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
