<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">Per discussions via email and IRC, the
attached patch restores and modifies the two OCSP URL links.
Additionally, this patch alters the pkidaemon man page to reflect
these changes.<br>
<br>
-- Matt<br>
<br>
<br>
On 08/04/15 16:43, Matthew Harmsen wrote:<br>
</div>
<blockquote cite="mid:55C14007.4000306@redhat.com" type="cite">
<meta http-equiv="content-type" content="text/html; charset=utf-8">
Please review the attached patch which addresses the following two
tickets:<br>
<ul>
<li><a moz-do-not-send="true"
href="https://fedorahosted.org/pki/ticket/1443">PKI TRAC
Ticket #1443 - pkidaemon status tomcat list URLs under PKI
subsystems which are not accessible</a></li>
<li><a moz-do-not-send="true"
href="https://fedorahosted.org/pki/ticket/1518">PKI TRAC
Ticket #1518 - OCSP ee url returned by pkidaemon status
tomcat shows an error page</a></li>
</ul>
<p>These were tested by installing four new instances and running
'pkidaemon status tomcat pki-tomcat'. The following four
inaccessible URLs no longer showed up:<br>
</p>
<ul>
<li><b>Unsecure URL = <a moz-do-not-send="true"
class="moz-txt-link-freetext"
href="http://pki.example.com:8080/kra/ee/kra">http://pki.example.com:8080/kra/ee/kra</a></b>
(1443)<br>
</li>
<li><b>Unsecure URL = <a moz-do-not-send="true"
class="moz-txt-link-freetext"
href="http://pki.example.com:8080/ocsp/ee/ocsp">http://pki.example.com:8080/ocsp/ee/ocsp</a></b>
(1518)<br>
</li>
<li><b>Secure EE URL = <a moz-do-not-send="true"
class="moz-txt-link-freetext"
href="https://pki.example.com:8443/ocsp/ee/ocsp">https://pki.example.com:8443/ocsp/ee/ocsp</a></b>
(1518)<br>
</li>
<li><b>Unsecure URL = <a moz-do-not-send="true"
class="moz-txt-link-freetext"
href="http://pki.example.com:8080/tks/ee/tks">http://pki.example.com:8080/tks/ee/tks</a></b>
(1443)</li>
</ul>
<p>Additionally, a test was run which showed that the upgrade code
worked successfully:<br>
</p>
<blockquote># pkidaemon status tomcat pki-tomcat<br>
Status for pki-tomcat: pki-tomcat is running ..<br>
<br>
[CA Status Definitions]<br>
Unsecure URL = <a moz-do-not-send="true"
class="moz-txt-link-freetext"
href="http://pki.example.com:8080/ca/ee/ca">http://pki.example.com:8080/ca/ee/ca</a><br>
Secure Agent URL = <a moz-do-not-send="true"
class="moz-txt-link-freetext"
href="https://pki.example.com:8443/ca/agent/ca">https://pki.example.com:8443/ca/agent/ca</a><br>
Secure EE URL = <a moz-do-not-send="true"
class="moz-txt-link-freetext"
href="https://pki.example.com:8443/ca/ee/ca">https://pki.example.com:8443/ca/ee/ca</a><br>
Secure Admin URL = <a moz-do-not-send="true"
class="moz-txt-link-freetext"
href="https://pki.example.com:8443/ca/services">https://pki.example.com:8443/ca/services</a><br>
PKI Console Command = pkiconsole <a moz-do-not-send="true"
class="moz-txt-link-freetext"
href="https://pki.example.com:8443/ca">https://pki.example.com:8443/ca</a><br>
Tomcat Port = 8005 (for shutdown)<br>
<br>
[DRM Status Definitions]<br>
<b> Unsecure URL = <a moz-do-not-send="true"
class="moz-txt-link-freetext"
href="http://pki.example.com:8080/kra/ee/kra">http://pki.example.com:8080/kra/ee/kra</a></b><br>
Secure Agent URL = <a moz-do-not-send="true"
class="moz-txt-link-freetext"
href="https://pki.example.com:8443/kra/agent/kra">https://pki.example.com:8443/kra/agent/kra</a><br>
Secure Admin URL = <a moz-do-not-send="true"
class="moz-txt-link-freetext"
href="https://pki.example.com:8443/kra/services">https://pki.example.com:8443/kra/services</a><br>
PKI Console Command = pkiconsole <a moz-do-not-send="true"
class="moz-txt-link-freetext"
href="https://pki.example.com:8443/kra">https://pki.example.com:8443/kra</a><br>
Tomcat Port = 8005 (for shutdown)<br>
<br>
[OCSP Status Definitions]<br>
<b> Unsecure URL = <a moz-do-not-send="true"
class="moz-txt-link-freetext"
href="http://pki.example.com:8080/ocsp/ee/ocsp">http://pki.example.com:8080/ocsp/ee/ocsp</a></b><br>
Secure Agent URL = <a moz-do-not-send="true"
class="moz-txt-link-freetext"
href="https://pki.example.com:8443/ocsp/agent/ocsp">https://pki.example.com:8443/ocsp/agent/ocsp</a><br>
<b> Secure EE URL = <a moz-do-not-send="true"
class="moz-txt-link-freetext"
href="https://pki.example.com:8443/ocsp/ee/ocsp">https://pki.example.com:8443/ocsp/ee/ocsp</a></b><br>
Secure Admin URL = <a moz-do-not-send="true"
class="moz-txt-link-freetext"
href="https://pki.example.com:8443/ocsp/services">https://pki.example.com:8443/ocsp/services</a><br>
PKI Console Command = pkiconsole <a moz-do-not-send="true"
class="moz-txt-link-freetext"
href="https://pki.example.com:8443/ocsp">https://pki.example.com:8443/ocsp</a><br>
Tomcat Port = 8005 (for shutdown)<br>
<br>
[TKS Status Definitions]<br>
<b> Unsecure URL = <a moz-do-not-send="true"
class="moz-txt-link-freetext"
href="http://pki.example.com:8080/tks/ee/tks">http://pki.example.com:8080/tks/ee/tks</a></b><br>
Secure Agent URL = <a moz-do-not-send="true"
class="moz-txt-link-freetext"
href="https://pki.example.com:8443/tks/agent/tks">https://pki.example.com:8443/tks/agent/tks</a><br>
Secure Admin URL = <a moz-do-not-send="true"
class="moz-txt-link-freetext"
href="https://pki.example.com:8443/tks/services">https://pki.example.com:8443/tks/services</a><br>
PKI Console Command = pkiconsole <a moz-do-not-send="true"
class="moz-txt-link-freetext"
href="https://pki.example.com:8443/tks">https://pki.example.com:8443/tks</a><br>
Tomcat Port = 8005 (for shutdown)<br>
<br>
[CA Configuration Definitions]<br>
PKI Instance Name: pki-tomcat<br>
<br>
PKI Subsystem Type: Root CA (Security Domain)<br>
<br>
Registered PKI Security Domain Information:<br>
==========================================================================<br>
Name: example.com Security Domain<br>
URL: <a moz-do-not-send="true"
class="moz-txt-link-freetext"
href="https://pki.example.com:8443">https://pki.example.com:8443</a><br>
==========================================================================<br>
<br>
[DRM Configuration Definitions]<br>
PKI Instance Name: pki-tomcat<br>
<br>
PKI Subsystem Type: DRM<br>
<br>
Registered PKI Security Domain Information:<br>
==========================================================================<br>
Name: example.com Security Domain<br>
URL: <a moz-do-not-send="true"
class="moz-txt-link-freetext"
href="https://pki.example.com:8443">https://pki.example.com:8443</a><br>
==========================================================================<br>
<br>
[OCSP Configuration Definitions]<br>
PKI Instance Name: pki-tomcat<br>
<br>
PKI Subsystem Type: OCSP<br>
<br>
Registered PKI Security Domain Information:<br>
==========================================================================<br>
Name: example.com Security Domain<br>
URL: <a moz-do-not-send="true"
class="moz-txt-link-freetext"
href="https://pki.example.com:8443">https://pki.example.com:8443</a><br>
==========================================================================<br>
<br>
[TKS Configuration Definitions]<br>
PKI Instance Name: pki-tomcat<br>
<br>
PKI Subsystem Type: TKS<br>
<br>
Registered PKI Security Domain Information:<br>
==========================================================================<br>
Name: example.com Security Domain<br>
URL: <a moz-do-not-send="true"
class="moz-txt-link-freetext"
href="https://pki.example.com:8443">https://pki.example.com:8443</a><br>
==========================================================================<br>
</blockquote>
After running the upgrade script, the inaccessible URLs were
removed:<br>
<blockquote># pkidaemon status tomcat pki-tomcat<br>
Status for pki-tomcat: pki-tomcat is running ..<br>
<br>
[CA Status Definitions]<br>
Unsecure URL = <a moz-do-not-send="true"
class="moz-txt-link-freetext"
href="http://pki.example.com:8080/ca/ee/ca">http://pki.example.com:8080/ca/ee/ca</a><br>
Secure Agent URL = <a moz-do-not-send="true"
class="moz-txt-link-freetext"
href="https://pki.example.com:8443/ca/agent/ca">https://pki.example.com:8443/ca/agent/ca</a><br>
Secure EE URL = <a moz-do-not-send="true"
class="moz-txt-link-freetext"
href="https://pki.example.com:8443/ca/ee/ca">https://pki.example.com:8443/ca/ee/ca</a><br>
Secure Admin URL = <a moz-do-not-send="true"
class="moz-txt-link-freetext"
href="https://pki.example.com:8443/ca/services">https://pki.example.com:8443/ca/services</a><br>
PKI Console Command = pkiconsole <a moz-do-not-send="true"
class="moz-txt-link-freetext"
href="https://pki.example.com:8443/ca">https://pki.example.com:8443/ca</a><br>
Tomcat Port = 8005 (for shutdown)<br>
<br>
[DRM Status Definitions]<br>
Secure Agent URL = <a moz-do-not-send="true"
class="moz-txt-link-freetext"
href="https://pki.example.com:8443/kra/agent/kra">https://pki.example.com:8443/kra/agent/kra</a><br>
Secure Admin URL = <a moz-do-not-send="true"
class="moz-txt-link-freetext"
href="https://pki.example.com:8443/kra/services">https://pki.example.com:8443/kra/services</a><br>
PKI Console Command = pkiconsole <a moz-do-not-send="true"
class="moz-txt-link-freetext"
href="https://pki.example.com:8443/kra">https://pki.example.com:8443/kra</a><br>
Tomcat Port = 8005 (for shutdown)<br>
<br>
[OCSP Status Definitions]<br>
</blockquote>
</blockquote>
<b> Unsecure URL = <a moz-do-not-send="true"
class="moz-txt-link-freetext"
href="http://pki.example.com:8080/ocsp/ee/ocsp">http://pki.example.com:8080/ocsp/ee/ocsp</a>/<ocsp
request blob></b><br>
<blockquote cite="mid:55C14007.4000306@redhat.com" type="cite">
<blockquote> Secure Agent URL = <a moz-do-not-send="true"
class="moz-txt-link-freetext"
href="https://pki.example.com:8443/ocsp/agent/ocsp">https://pki.example.com:8443/ocsp/agent/ocsp</a><br>
</blockquote>
</blockquote>
<b> Secure EE URL = <a moz-do-not-send="true"
class="moz-txt-link-freetext"
href="https://pki.example.com:8443/ocsp/ee/ocsp">https://pki.example.com:8443/ocsp/ee/ocsp</a>/<ocsp
request blob></b><br>
<blockquote cite="mid:55C14007.4000306@redhat.com" type="cite">
<blockquote> Secure Admin URL = <a moz-do-not-send="true"
class="moz-txt-link-freetext"
href="https://pki.example.com:8443/ocsp/services">https://pki.example.com:8443/ocsp/services</a><br>
PKI Console Command = pkiconsole <a moz-do-not-send="true"
class="moz-txt-link-freetext"
href="https://pki.example.com:8443/ocsp">https://pki.example.com:8443/ocsp</a><br>
Tomcat Port = 8005 (for shutdown)<br>
<br>
[TKS Status Definitions]<br>
Secure Agent URL = <a moz-do-not-send="true"
class="moz-txt-link-freetext"
href="https://pki.example.com:8443/tks/agent/tks">https://pki.example.com:8443/tks/agent/tks</a><br>
Secure Admin URL = <a moz-do-not-send="true"
class="moz-txt-link-freetext"
href="https://pki.example.com:8443/tks/services">https://pki.example.com:8443/tks/services</a><br>
PKI Console Command = pkiconsole <a moz-do-not-send="true"
class="moz-txt-link-freetext"
href="https://pki.example.com:8443/tks">https://pki.example.com:8443/tks</a><br>
Tomcat Port = 8005 (for shutdown)<br>
<br>
[CA Configuration Definitions]<br>
PKI Instance Name: pki-tomcat<br>
<br>
PKI Subsystem Type: Root CA (Security Domain)<br>
<br>
Registered PKI Security Domain Information:<br>
==========================================================================<br>
Name: example.com Security Domain<br>
URL: <a moz-do-not-send="true"
class="moz-txt-link-freetext"
href="https://pki.example.com:8443">https://pki.example.com:8443</a><br>
==========================================================================<br>
<br>
[DRM Configuration Definitions]<br>
PKI Instance Name: pki-tomcat<br>
<br>
PKI Subsystem Type: DRM<br>
<br>
Registered PKI Security Domain Information:<br>
==========================================================================<br>
Name: example.com Security Domain<br>
URL: <a moz-do-not-send="true"
class="moz-txt-link-freetext"
href="https://pki.example.com:8443">https://pki.example.com:8443</a><br>
==========================================================================<br>
<br>
[OCSP Configuration Definitions]<br>
PKI Instance Name: pki-tomcat<br>
<br>
PKI Subsystem Type: OCSP<br>
<br>
Registered PKI Security Domain Information:<br>
==========================================================================<br>
Name: example.com Security Domain<br>
URL: <a moz-do-not-send="true"
class="moz-txt-link-freetext"
href="https://pki.example.com:8443">https://pki.example.com:8443</a><br>
==========================================================================<br>
<br>
[TKS Configuration Definitions]<br>
PKI Instance Name: pki-tomcat<br>
<br>
PKI Subsystem Type: TKS<br>
<br>
Registered PKI Security Domain Information:<br>
==========================================================================<br>
Name: example.com Security Domain<br>
URL: <a moz-do-not-send="true"
class="moz-txt-link-freetext"
href="https://pki.example.com:8443">https://pki.example.com:8443</a><br>
==========================================================================<br>
<br>
</blockquote>
</blockquote>
<br>
</body>
</html>