[Pki-devel] [PATCH] Removed more inaccessible URLs from server.xml
Matthew Harmsen
mharmsen at redhat.com
Fri Aug 7 22:36:14 UTC 2015
Per discussions via email and IRC, the attached patch restores and
modifies the two OCSP URL links. Additionally, this patch alters the
pkidaemon man page to reflect these changes.
-- Matt
On 08/04/15 16:43, Matthew Harmsen wrote:
> Please review the attached patch which addresses the following two
> tickets:
>
> * PKI TRAC Ticket #1443 - pkidaemon status tomcat list URLs under
> PKI subsystems which are not accessible
> <https://fedorahosted.org/pki/ticket/1443>
> * PKI TRAC Ticket #1518 - OCSP ee url returned by pkidaemon status
> tomcat shows an error page <https://fedorahosted.org/pki/ticket/1518>
>
> These were tested by installing four new instances and running
> 'pkidaemon status tomcat pki-tomcat'. The following four inaccessible
> URLs no longer showed up:
>
> * *Unsecure URL = http://pki.example.com:8080/kra/ee/kra* (1443)
> * *Unsecure URL = http://pki.example.com:8080/ocsp/ee/ocsp*
> (1518)
> * *Secure EE URL = https://pki.example.com:8443/ocsp/ee/ocsp*
> (1518)
> * *Unsecure URL = http://pki.example.com:8080/tks/ee/tks* (1443)
>
> Additionally, a test was run which showed that the upgrade code worked
> successfully:
>
> # pkidaemon status tomcat pki-tomcat
> Status for pki-tomcat: pki-tomcat is running ..
>
> [CA Status Definitions]
> Unsecure URL = http://pki.example.com:8080/ca/ee/ca
> Secure Agent URL = https://pki.example.com:8443/ca/agent/ca
> Secure EE URL = https://pki.example.com:8443/ca/ee/ca
> Secure Admin URL = https://pki.example.com:8443/ca/services
> PKI Console Command = pkiconsole https://pki.example.com:8443/ca
> Tomcat Port = 8005 (for shutdown)
>
> [DRM Status Definitions]
> * Unsecure URL = http://pki.example.com:8080/kra/ee/kra*
> Secure Agent URL = https://pki.example.com:8443/kra/agent/kra
> Secure Admin URL = https://pki.example.com:8443/kra/services
> PKI Console Command = pkiconsole https://pki.example.com:8443/kra
> Tomcat Port = 8005 (for shutdown)
>
> [OCSP Status Definitions]
> * Unsecure URL = http://pki.example.com:8080/ocsp/ee/ocsp*
> Secure Agent URL = https://pki.example.com:8443/ocsp/agent/ocsp
> * Secure EE URL = https://pki.example.com:8443/ocsp/ee/ocsp*
> Secure Admin URL = https://pki.example.com:8443/ocsp/services
> PKI Console Command = pkiconsole https://pki.example.com:8443/ocsp
> Tomcat Port = 8005 (for shutdown)
>
> [TKS Status Definitions]
> * Unsecure URL = http://pki.example.com:8080/tks/ee/tks*
> Secure Agent URL = https://pki.example.com:8443/tks/agent/tks
> Secure Admin URL = https://pki.example.com:8443/tks/services
> PKI Console Command = pkiconsole https://pki.example.com:8443/tks
> Tomcat Port = 8005 (for shutdown)
>
> [CA Configuration Definitions]
> PKI Instance Name: pki-tomcat
>
> PKI Subsystem Type: Root CA (Security Domain)
>
> Registered PKI Security Domain Information:
> ==========================================================================
> Name: example.com Security Domain
> URL: https://pki.example.com:8443
> ==========================================================================
>
> [DRM Configuration Definitions]
> PKI Instance Name: pki-tomcat
>
> PKI Subsystem Type: DRM
>
> Registered PKI Security Domain Information:
> ==========================================================================
> Name: example.com Security Domain
> URL: https://pki.example.com:8443
> ==========================================================================
>
> [OCSP Configuration Definitions]
> PKI Instance Name: pki-tomcat
>
> PKI Subsystem Type: OCSP
>
> Registered PKI Security Domain Information:
> ==========================================================================
> Name: example.com Security Domain
> URL: https://pki.example.com:8443
> ==========================================================================
>
> [TKS Configuration Definitions]
> PKI Instance Name: pki-tomcat
>
> PKI Subsystem Type: TKS
>
> Registered PKI Security Domain Information:
> ==========================================================================
> Name: example.com Security Domain
> URL: https://pki.example.com:8443
> ==========================================================================
>
> After running the upgrade script, the inaccessible URLs were removed:
>
> # pkidaemon status tomcat pki-tomcat
> Status for pki-tomcat: pki-tomcat is running ..
>
> [CA Status Definitions]
> Unsecure URL = http://pki.example.com:8080/ca/ee/ca
> Secure Agent URL = https://pki.example.com:8443/ca/agent/ca
> Secure EE URL = https://pki.example.com:8443/ca/ee/ca
> Secure Admin URL = https://pki.example.com:8443/ca/services
> PKI Console Command = pkiconsole https://pki.example.com:8443/ca
> Tomcat Port = 8005 (for shutdown)
>
> [DRM Status Definitions]
> Secure Agent URL = https://pki.example.com:8443/kra/agent/kra
> Secure Admin URL = https://pki.example.com:8443/kra/services
> PKI Console Command = pkiconsole https://pki.example.com:8443/kra
> Tomcat Port = 8005 (for shutdown)
>
> [OCSP Status Definitions]
>
* Unsecure URL =
http://pki.example.com:8080/ocsp/ee/ocsp/<ocsp request blob>*
>
> Secure Agent URL = https://pki.example.com:8443/ocsp/agent/ocsp
>
* Secure EE URL =
https://pki.example.com:8443/ocsp/ee/ocsp/<ocsp request blob>*
>
> Secure Admin URL = https://pki.example.com:8443/ocsp/services
> PKI Console Command = pkiconsole https://pki.example.com:8443/ocsp
> Tomcat Port = 8005 (for shutdown)
>
> [TKS Status Definitions]
> Secure Agent URL = https://pki.example.com:8443/tks/agent/tks
> Secure Admin URL = https://pki.example.com:8443/tks/services
> PKI Console Command = pkiconsole https://pki.example.com:8443/tks
> Tomcat Port = 8005 (for shutdown)
>
> [CA Configuration Definitions]
> PKI Instance Name: pki-tomcat
>
> PKI Subsystem Type: Root CA (Security Domain)
>
> Registered PKI Security Domain Information:
> ==========================================================================
> Name: example.com Security Domain
> URL: https://pki.example.com:8443
> ==========================================================================
>
> [DRM Configuration Definitions]
> PKI Instance Name: pki-tomcat
>
> PKI Subsystem Type: DRM
>
> Registered PKI Security Domain Information:
> ==========================================================================
> Name: example.com Security Domain
> URL: https://pki.example.com:8443
> ==========================================================================
>
> [OCSP Configuration Definitions]
> PKI Instance Name: pki-tomcat
>
> PKI Subsystem Type: OCSP
>
> Registered PKI Security Domain Information:
> ==========================================================================
> Name: example.com Security Domain
> URL: https://pki.example.com:8443
> ==========================================================================
>
> [TKS Configuration Definitions]
> PKI Instance Name: pki-tomcat
>
> PKI Subsystem Type: TKS
>
> Registered PKI Security Domain Information:
> ==========================================================================
> Name: example.com Security Domain
> URL: https://pki.example.com:8443
> ==========================================================================
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20150807/05465535/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 20150807-remove-more-inaccessible-URLs-from-server.xml.patch
Type: text/x-patch
Size: 8864 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20150807/05465535/attachment.bin>
More information about the Pki-devel
mailing list