Just about every https+apache configuration I've seen in the last many years used mod_ssl. This requirement on ipa-server means I cannot use mod_ssl, this is sub-optimal as I now have to learn a new system to put our purchased fedora-cert on this system so https:// doesn't throw a self-signed error for users browsers. -Mike
On Thu, Apr 09, 2009 at 02:38:31PM -0500, Mike McGrath wrote:> Just about every https+apache configuration I've seen in the last many > years used mod_ssl. This requirement on ipa-server means I cannot use > mod_ssl, this is sub-optimal as I now have to learn a new system to put > our purchased fedora-cert on this system so https:// doesn't throw a > self-signed error for users browsers. > > -MikeSimo, can you elaborate on why IPA requires mod_nss instead of mod_ssl? ISTR there was some reasonably good reason. Mike, you're not actually sharing an httpd instance with some other fedora app, right? Just oVirt? Thanks, --Hugh
On Thu, Apr 09, 2009 at 02:38:31PM -0500, Mike McGrath wrote:> Just about every https+apache configuration I've seen in the last many > years used mod_ssl. This requirement on ipa-server means I cannot use > mod_ssl, this is sub-optimal as I now have to learn a new system to put > our purchased fedora-cert on this system so https:// doesn't throw a > self-signed error for users browsers.This is a really bad packaging decision from Fedora/IPA server. There are two competing SSL plugins for Apache, mod_ssl and mod_nss. Fedora and IPA should standardize on one, and ditch the other and make sure everything works with the chosen one. I've no idea why IPA wants mod_nss instead of mod_ssl - particularly with everyone else in the world mostly using mod_ssl it is certainly a PITA having this imposition from IPA. Daniel -- |: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :| |: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|