[Pki-devel] [PATCH] Fix 'status' command in 'pkidaemon' . . .
Ade Lee
alee at redhat.com
Wed Dec 19 17:29:05 UTC 2012
I found the following issues:
Issue 1:
Lets say I have the following setup:
instance A with subsystems CA, KRA, OCSP
instance B with subsystem CA, KRA
Then for instance B, I see the following error message:
grep: /var/lib/pki/pki-tomcat27/conf/ocsp/CS.cfg: No such file or directory
pki-tomcat27 Configuration Definitions not found for ocsp
It appears that if any instance has a subsystem, then it is assumed that
all instances have that subsystem because you use a global list of
subsystems.
Issue 2:
This may be a pkidestroy problem. I did a pkidestroy of the OCSP on
instance A. Now I see the following:
[CA Status Definitions]
Unsecure Port = http://alee-workpc.redhat.com:8220/ca/ee/ca
Secure Agent Port = https://alee-workpc.redhat.com:8223/ca/agent/ca
Secure EE Port = https://alee-workpc.redhat.com:8223/ca/ee/ca
Secure Admin Port = https://alee-workpc.redhat.com:8223/ca/services
EE Client Auth Port = https://alee-workpc.redhat.com:8223/ca/eeca/ca
PKI Console Port = pkiconsole https://alee-workpc.redhat.com:8223/ca
Tomcat Port = 8225 (for shutdown)
[DRM Status Definitions]
Unsecure Port = http://alee-workpc.redhat.com:8220/kra/ee/kra
Secure Agent Port = https://alee-workpc.redhat.com:8223/kra/agent/kra
Secure EE Port = https://alee-workpc.redhat.com:8223/kra/ee/kra
Secure Admin Port = https://alee-workpc.redhat.com:8223/kra/services
PKI Console Port = pkiconsole https://alee-workpc.redhat.com:8223/kra
Tomcat Port = 8225 (for shutdown)
Unsecure Port = http://alee-workpc.redhat.com:8220/ocsp/ee/ocsp
Secure Agent Port = https://alee-workpc.redhat.com:8223/ocsp/agent/ocsp
Secure EE Port = https://alee-workpc.redhat.com:8223/ocsp/ee/ocsp
Secure Admin Port = https://alee-workpc.redhat.com:8223/ocsp/services
PKI Console Port = pkiconsole https://alee-workpc.redhat.com:8223/ocsp
Tomcat Port = 8225 (for shutdown)
That is -- I still see definitions from the removed OCSP. Ditto if I
remove the KRA.
Maybe this is a weird instance. Still testing ..
On Tue, 2012-12-18 at 19:36 -0800, Matthew Harmsen wrote:
> The attached patch addresses the following PKI issue:
> * TRAC Ticket #271 - Dogtag 10: Fix 'status' command in
> 'pkidaemon' . . .
>
> _______________________________________________
> Pki-devel mailing list
> Pki-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-devel
More information about the Pki-devel
mailing list