[Pki-users] pkicreate and IPv6

Fortunato fortunato.montresor at earthlink.net
Tue Apr 28 17:08:40 UTC 2009 

Hello again,

I just used pkicreate to create another CA instance and still don't see how to configure the new CA to use an IPv6 address. Is there a way to configure the new CA to use the IPv6 address?

  # service pki-ca2 status
  pki-ca2 (pid 7867) is running ...

    Unsecure Port     = http://fed10.tpn-af.mil:9280/ca/ee/ca
    Secure Agent Port = https://fed10.tpn-af.mil:9544/ca/agent/ca
    Secure EE Port    = https://fed10.tpn-af.mil:9543/ca/ee/ca
    Secure Admin Port = https://fed10.tpn-af.mil:9545/ca/services
    Secure Admin Port = pkiconsole https://fed10.tpn-af.mil:9545/ca
    Tomcat Port       = 9801 (for shutdown)

Only the 1) Unsecure Port entry and 2) the Tomcat Port appears to be listening on IPv6.

  # netstat -tlpn
  Active Internet connections (only servers)
  Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name   
  tcp        0      0 0.0.0.0:9443                0.0.0.0:*                   LISTEN      9061/java           
  tcp        0      0 0.0.0.0:9444                0.0.0.0:*                   LISTEN      9061/java           
  tcp        0      0 0.0.0.0:9445                0.0.0.0:*                   LISTEN      9061/java           
  tcp        0      0 0.0.0.0:9543                0.0.0.0:*                   LISTEN      7867/java           
  tcp        0      0 0.0.0.0:9544                0.0.0.0:*                   LISTEN      7867/java           
  tcp        0      0 0.0.0.0:9545                0.0.0.0:*                   LISTEN      7867/java           
  tcp        0      0 0.0.0.0:111                 0.0.0.0:*                   LISTEN      2121/rpcbind        
  tcp        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN      2883/sshd           
  tcp        0      0 0.0.0.0:41495               0.0.0.0:*                   LISTEN      2134/rpc.statd      
  tcp        0      0 127.0.0.1:25                0.0.0.0:*                   LISTEN      2900/sendmail: acce 
  tcp        0      0 :::9280                     :::*                        LISTEN      7867/java           
  tcp        0      0 ::ffff:127.0.0.1:9701       :::*                        LISTEN      9061/java           
  tcp        0      0 :::389                      :::*                        LISTEN      2471/ns-slapd       
  tcp        0      0 :::9830                     :::*                        LISTEN      2572/httpd.worker   
  tcp        0      0 ::ffff:127.0.0.1:9801       :::*                        LISTEN      7867/java           
  tcp        0      0 :::111                      :::*                        LISTEN      2121/rpcbind        
  tcp        0      0 :::22                       :::*                        LISTEN      2883/sshd           
  tcp        0      0 :::9180                     :::*                        LISTEN      9061/java 

The file /etc/pki-ca2/CS.cfg appears to have places for localhost or machinename (hostname) but the settings are sprinkled all over the file.

Any ideas?

As an observation, I so far see IPv6 support as somewhat limited and arbitrary considering the way 9180 was selected and the weird 9801 address.

More information about the Pki-users mailing list