Thank you for your prompt reply. I modified my SSH config and replaced the last line
with:
LocalForward 443 127.0.0.1:443
But it still doesn't work and when I try to login to the VM, I get this
error: Privileged ports can only be forwarded by root
Thanks for your help
On Thursday, February 8, 2018, 4:27:27 PM EST, Rob Crittenden via FreeIPA-users
<freeipa-users(a)lists.fedorahosted.org> wrote:
Tezarin via FreeIPA-users wrote:
It's installed on an EC2 instance which is only accessible
through
tunneling and proxy:
So I added an entry in my ~/.ssh/config file like this:
Host ipaserver
HostName [EC2 IP]
ProxyCommand ssh proxy-server -W %h:%p
IdentityFile ~/.ssh/id_rsa
User testuser
LocalForward 8443 127.0.0.1:8443
The GUI comes up but it doesn't show much, only:
You want port 443. 8443 is the CA.
rob
Certificate System <
http://pki.fedoraproject.org/>
Certificate System <
https://127.0.0.1:8443/>
-
The Certificate System is an enterprise-class open source Certificate
Authority (CA). It is a full-featured system, and has been hardened by
real-world deployments. It supports all aspects of certificate lifecycle
management, including key archival, OCSP and smartcard management, and
much more.
*Enter <
https://127.0.0.1:8443/pki/ui/>*
Thanks
On Thursday, February 8, 2018, 3:02:04 PM EST, Rob Crittenden via
FreeIPA-users <freeipa-users(a)lists.fedorahosted.org> wrote:
None via FreeIPA-users wrote:
> Hi all,
>
What URL are you using?
rob
>
> I have installed FreeIPA server on CentOS 6.9 but the GUI is not
coming up completely. It only shows the following certificate system
messages. Not sure why and here are the files in the /etc/httpd/alias:
>
> lrwxrwxrwx 1 root root 24 Jan 30 14:19 libnssckbi.so ->
/usr/lib64/libnssckbi.so
> -rw-r----- 1 root apache 16384 Jan 30 14:19 secmod.db.orig
> -rw-r----- 1 root apache 24576 Jan 30 14:19 key3.db.orig
> -rw-r----- 1 root apache 65536 Jan 30 14:19 cert8.db.orig
> -rw------- 1 root root 5274 Jan 30 14:19 install.log
> -rw------- 1 root root 32 Feb 1 19:32 ipasession.key
> -rw------- 1 root apache 41 Feb 7 16:47 pwdfile.txt.ipasave
> -rw-r----- 1 root apache 16384 Feb 7 16:47 secmod.db.ipasave
> -rw-r----- 1 root apache 16384 Feb 7 17:09 key3.db.ipasave
> -rw-r----- 1 root apache 65536 Feb 7 17:09 cert8.db.ipasave
> -rw------- 1 root apache 41 Feb 7 17:49 pwdfile.txt
> -rw-r----- 1 root apache 16384 Feb 7 17:49 secmod.db
> -rw-r----- 1 root apache 16384 Feb 8 12:00 key3.db
> -rw-r----- 1 root apache 65536 Feb 8 12:00 cert8.db
>
> And here are the certs in my /root directory:
>
> -rw-------. 1 root root 1006 Nov 16 2015 anaconda-ks.cfg
> -rw-r--r-- 1 pkiuser pkiuser 10328 Feb 7 17:48 cacert.p12
> -rw------- 1 root root 2604 Feb 7 17:48 ca-agent.p12
>
> And here is what the GUI shows:
>
>
> Certificate System
> Certificate System
> -
> The Certificate System is an enterprise-class open source Certificate
Authority (CA). It is a full-featured system, and has been hardened by
real-world deployments. It supports all aspects of certificate lifecycle
management, including key archival, OCSP and smartcard management, and
much more.
>
> Enter
>
> Any info would be much appreciated.
>
> Thank you
> _______________________________________________
> FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
<mailto:freeipa-users@lists.fedorahosted.org>
> To unsubscribe send an email to
freeipa-users-leave(a)lists.fedorahosted.org
<mailto:freeipa-users-leave@lists.fedorahosted.org>
>
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
<mailto:freeipa-users@lists.fedorahosted.org>
To unsubscribe send an email to
freeipa-users-leave(a)lists.fedorahosted.org
<mailto:freeipa-users-leave@lists.fedorahosted.org>
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org