Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[ipasmartcard_server] Role does not include configuration of SSLOCSPEnable and SSLProtocol in ssl.conf #1251

Open
EmptyByte opened this issue Jun 22, 2024 · 1 comment
Open

[ipasmartcard_server] Role does not include configuration of SSLOCSPEnable and SSLProtocol in ssl.conf #1251

EmptyByte opened this issue Jun 22, 2024 · 1 comment

Comments

@EmptyByte
Copy link

EmptyByte commented Jun 22, 2024
edited
Loading

The role to setup smartcard authentication should provide the ability to tune the SSLOCSPEnable option and SSLProtocol on server:

Refer to the following links for more information:

Accessing the IPA Web UI in a Web Browser - Red Hat Enterprise Linux 9

Bugzilla Report - Bug 1775158

Getting IPA error when TLS v1.3 is enabled

    - name: Ensure OCSP configuration is set to Leaf
      ansible.builtin.lineinfile:
        path: /etc/httpd/conf.d/ssl.conf
        regexp: '^\s*#?\s*SSLOCSPEnable\s+.*$'
        line: SSLOCSPEnable leaf
      notify: Restart IPA

    - name: Ensure SSLProtocol excludes SSLv3, TLSv1, TLSv1.1, TLSv1.3
      ansible.builtin.lineinfile:
        path: /etc/httpd/conf.d/ssl.conf
        regexp: '^\s*#?\s*SSLProtocol\s+.*$'
        line: 'SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 -TLSv1.3'
        backrefs: yes
      notify: Restart IPA
@EmptyByte EmptyByte changed the title [ipasmartcard_server] Role to setup Smart card on IPA server should include tuning of SSLOCSPEnable and SSLProtocol [ipasmartcard_server] Role should include configuration of SSLOCSPEnable and SSLProtocol in ssl.conf Jun 22, 2024
@EmptyByte EmptyByte changed the title [ipasmartcard_server] Role should include configuration of SSLOCSPEnable and SSLProtocol in ssl.conf [ipasmartcard_server] Role does not include configuration of SSLOCSPEnable and SSLProtocol in ssl.conf Jun 22, 2024
@EmptyByte
Copy link
Author

EmptyByte commented Jul 13, 2024
edited
Loading

partial duplicate of #970

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@EmptyByte