AJP connector protection for Dogtag/FreeIPA communication for CVE-2020-1938 mitigation. Fedora and RHEL do not force encrypted AJP connector by default with 9.0.31 but FreeIPA 4.8.5 will convert to encrypted AJP channel on upgrade or at a new deployment. Use of AJP is limited to localhost connections with integrated CA already.
BZ#1812169 Running ipa-replica-install fails with Certificate issuance failed (CA_UNREACHABLE: Server at https://ipa-master.example.test/ipa/xml failed request, will retry: 4016 (RPC failed at server. Failed to authenticate to CA REST API).)