[Pki-users] pkicreate and IPv6
Fortunato
fortunato.montresor at earthlink.net
Tue Apr 28 17:08:40 UTC 2009
Hello again,
I just used pkicreate to create another CA instance and still don't see how to configure the new CA to use an IPv6 address. Is there a way to configure the new CA to use the IPv6 address?
# service pki-ca2 status
pki-ca2 (pid 7867) is running ...
Unsecure Port = http://fed10.tpn-af.mil:9280/ca/ee/ca
Secure Agent Port = https://fed10.tpn-af.mil:9544/ca/agent/ca
Secure EE Port = https://fed10.tpn-af.mil:9543/ca/ee/ca
Secure Admin Port = https://fed10.tpn-af.mil:9545/ca/services
Secure Admin Port = pkiconsole https://fed10.tpn-af.mil:9545/ca
Tomcat Port = 9801 (for shutdown)
Only the 1) Unsecure Port entry and 2) the Tomcat Port appears to be listening on IPv6.
# netstat -tlpn
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:9443 0.0.0.0:* LISTEN 9061/java
tcp 0 0 0.0.0.0:9444 0.0.0.0:* LISTEN 9061/java
tcp 0 0 0.0.0.0:9445 0.0.0.0:* LISTEN 9061/java
tcp 0 0 0.0.0.0:9543 0.0.0.0:* LISTEN 7867/java
tcp 0 0 0.0.0.0:9544 0.0.0.0:* LISTEN 7867/java
tcp 0 0 0.0.0.0:9545 0.0.0.0:* LISTEN 7867/java
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 2121/rpcbind
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 2883/sshd
tcp 0 0 0.0.0.0:41495 0.0.0.0:* LISTEN 2134/rpc.statd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 2900/sendmail: acce
tcp 0 0 :::9280 :::* LISTEN 7867/java
tcp 0 0 ::ffff:127.0.0.1:9701 :::* LISTEN 9061/java
tcp 0 0 :::389 :::* LISTEN 2471/ns-slapd
tcp 0 0 :::9830 :::* LISTEN 2572/httpd.worker
tcp 0 0 ::ffff:127.0.0.1:9801 :::* LISTEN 7867/java
tcp 0 0 :::111 :::* LISTEN 2121/rpcbind
tcp 0 0 :::22 :::* LISTEN 2883/sshd
tcp 0 0 :::9180 :::* LISTEN 9061/java
The file /etc/pki-ca2/CS.cfg appears to have places for localhost or machinename (hostname) but the settings are sprinkled all over the file.
Any ideas?
As an observation, I so far see IPv6 support as somewhat limited and arbitrary considering the way 9180 was selected and the weird 9801 address.
More information about the Pki-users
mailing list