[Pki-devel] [PATCH - RHCS 8.1 ONLY] Bugzilla Bug #979559 - Parameter --ca_domain_url should be optional [REVISED]
Matthew Harmsen
mharmsen at redhat.com
Fri Aug 2 03:41:24 UTC 2013
Please review the attached patch for the following RHCS 8.1 bug:
* *Bugzilla Bug #979559*
<https://bugzilla.redhat.com/show_bug.cgi?id=979559>-Parameter
--ca_domain_url should be optional
This bug addresses the problem of attempting to configure an instance
using a version of pki-silent which contains the new code with expanded
parameters while using an old template from a previous version of
pki-silent which did not contain these parameters.
Tested by installing and successfully configuring a CA, KRA, TKS, and
TPS using legacy templates as well as successfully configuring a CA,
KRA, TKS, and TPS using the new templates.
The attached code was revised to exclude the DRM/TKS agent hostname:port
and provide more verbose help messages regarding the optional new URL
parameters.
For readability sake, the new URL help messages follow:
# pkisilent ConfigureCA -help | grep _url
-ca_domain_url <string> CA Subject Names Panel -
'https://<ca_ee_hostname>:<ca_ee_port>' URL to EE CA used to Issue
Certificates for Creation of this CA Instance (optional but
recommended for IP Port Separation)
# pkisilent ConfigureDRM -help | grep _url
-ca_domain_url <string> DRM Subject Names Panel -
'https://<ca_ee_hostname>:<ca_ee_port>' URL to EE CA used to Issue
Certificates for Creation of this DRM Instance (optional but
recommended for IP Port Separation)
# pkisilent ConfigureOCSP -help | grep _url
-ca_domain_url <string> OCSP Subject Names Panel -
'https://<ca_ee_hostname>:<ca_ee_port>' URL to EE CA used to Issue
Certificates for Creation of this OCSP Instance (optional but
recommended for IP Port Separation)
# pkisilent ConfigureTKS -help | grep _url
-ca_domain_url <string> TKS Subject Names Panel -
'https://<ca_ee_hostname>:<ca_ee_port>' URL to EE CA used to Issue
Certificates for Creation of this TKS Instance (optional but
recommended for IP Port Separation)
# pkisilent ConfigureRA -help | grep _url
-ca_issuance_url <string> CA Choice Panel -
'https://<ca_ee_hostname>:<ca_ee_port>' URL to EE CA used to Issue
Certificates (optional but recommended if used with IP Port
Separated CA)
-ca_domain_url <string> RA Subject Names Panel -
'https://<ca_ee_hostname>:<ca_ee_port>' URL to EE CA used to Issue
Certificates for Creation of this RA Instance (optional but
recommended if used with IP Port Separated CA)
# pkisilent ConfigureTPS -help | grep _url
-ca_issuance_url <string> CA Choice Panel -
'https://<ca_ee_hostname>:<ca_ee_port>' URL to EE CA registered in
this security domain used to Issue Certificates for use by an ESC
(optional but recommended if used with IP Port Separated CA)
-tks_key_management_url <string> TKS Choice Panel -
'https://<tks_agent_hostname>:<tks_agent_port>' URL to Agent TKS
used for Key Management (optional but recommended if used with IP
Port Separated TKS)
-drm_server_side_keygen_url <string> DRM Choice Panel -
'https://<drm_agent_hostname>:<drm_agent_port>' URL to Agent DRM
used for Server-Side Keygen (optional but recommended if used with
IP Port Separated DRM)
-ca_domain_url <string> TPS Subject Names Panel -
'https://<ca_ee_hostname>:<ca_ee_port>' URL to EE CA used to Issue
Certificates for Creation of this TPS Instance (optional but
recommended if used with IP Port Separated CA)
# pkisilent ConfigureSubCA -help | grep _url
-ca_domain_url <string> SubCA Subject Names Panel -
'https://<ca_ee_hostname>:<ca_ee_port>' URL to EE CA used to Issue
Certificates for Creation of this SubCA Instance (optional but
recommended for IP Port Separation)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20130801/0c488664/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: silent.patch
Type: text/x-patch
Size: 26644 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20130801/0c488664/attachment.bin>
More information about the Pki-devel
mailing list