Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1029046
+++ This bug was initially created as a clone of Bug #1023168 +++ Description of problem: This is a follow up for Bug 1018172. As Joe Orton commented, "Listen X https" or simply "Listen 443" now means an implicit "SSLEngine on" for the vhost. This does not play well when the HTTPS vhost is processed with mod_ssl and httpd won't start: [Tue Oct 15 07:19:56.815573 2013] [ssl:emerg] [pid 4757] AH02240: Server should be SSL-aware but has no certificate configured [Hint: SSLCertificateFile] ((null):0) [Tue Oct 15 07:19:56.815594 2013] [ssl:emerg] [pid 4757] AH02312: Fatal error initialising mod_ssl, exiting. We should be able to at least set "SSLEngine off" in the mod_nss config to avoid this error. Additional Note: Our current workaround is to use "Listen 443 http". +++++++++++++++++++++++++++ With httpd-2.4.6-6.fc20/httpd-2.4.6-7.el7, mod_nss can add <IfModule mod_ssl.c> SSLEngine off </IfModule> to vhosts in the default mod_nss.conf to avoid the "Listen X http" hack. See Bug 1029042 and Bug 1029043 filed for mod_nss. When this is fixed in mod_nss, IPA should remove the "Listen 443 http" hack.
Reverted the change in ipa-3-3; the required version of httpd is not available for Fedora 19.
Metadata Update from @mkosek: - Issue assigned to jcholast - Issue set to the milestone: FreeIPA 3.3.x - 2013/11 (bug fixing)
Login to comment on this ticket.