[Pki-users] pkicreate and IPv6

kashyap chamarthy kchamart at redhat.com
Wed Apr 29 18:49:30 UTC 2009


Fortunato wrote:
> Hello again,
>
> I just used pkicreate to create another CA instance and still don't see how to configure the new CA to use an IPv6 address. Is there a way to configure the new CA to use the IPv6 address?
>
>   # service pki-ca2 status
>   pki-ca2 (pid 7867) is running ...
>
>     Unsecure Port     = http://fed10.tpn-af.mil:9280/ca/ee/ca
>     Secure Agent Port = https://fed10.tpn-af.mil:9544/ca/agent/ca
>     Secure EE Port    = https://fed10.tpn-af.mil:9543/ca/ee/ca
>     Secure Admin Port = https://fed10.tpn-af.mil:9545/ca/services
>     Secure Admin Port = pkiconsole https://fed10.tpn-af.mil:9545/ca
>     Tomcat Port       = 9801 (for shutdown)
>
> Only the 1) Unsecure Port entry and 2) the Tomcat Port appears to be listening on IPv6.
>
>   # netstat -tlpn
>   Active Internet connections (only servers)
>   Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name   
>   tcp        0      0 0.0.0.0:9443                0.0.0.0:*                   LISTEN      9061/java           
>   tcp        0      0 0.0.0.0:9444                0.0.0.0:*                   LISTEN      9061/java           
>   tcp        0      0 0.0.0.0:9445                0.0.0.0:*                   LISTEN      9061/java           
>   tcp        0      0 0.0.0.0:9543                0.0.0.0:*                   LISTEN      7867/java           
>   tcp        0      0 0.0.0.0:9544                0.0.0.0:*                   LISTEN      7867/java           
>   tcp        0      0 0.0.0.0:9545                0.0.0.0:*                   LISTEN      7867/java           
>   tcp        0      0 0.0.0.0:111                 0.0.0.0:*                   LISTEN      2121/rpcbind        
>   tcp        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN      2883/sshd           
>   tcp        0      0 0.0.0.0:41495               0.0.0.0:*                   LISTEN      2134/rpc.statd      
>   tcp        0      0 127.0.0.1:25                0.0.0.0:*                   LISTEN      2900/sendmail: acce 
>   tcp        0      0 :::9280                     :::*                        LISTEN      7867/java           
>   tcp        0      0 ::ffff:127.0.0.1:9701       :::*                        LISTEN      9061/java           
>   tcp        0      0 :::389                      :::*                        LISTEN      2471/ns-slapd       
>   tcp        0      0 :::9830                     :::*                        LISTEN      2572/httpd.worker   
>   tcp        0      0 ::ffff:127.0.0.1:9801       :::*                        LISTEN      7867/java           
>   tcp        0      0 :::111                      :::*                        LISTEN      2121/rpcbind        
>   tcp        0      0 :::22                       :::*                        LISTEN      2883/sshd           
>   tcp        0      0 :::9180                     :::*                        LISTEN      9061/java 
>
> The file /etc/pki-ca2/CS.cfg appears to have places for localhost or machinename (hostname) but the settings are sprinkled all over the file.
>
> Any ideas?
>
> As an observation, I so far see IPv6 support as somewhat limited and arbitrary considering the way 9180 was selected and the weird 9801 address.
>
>
>   
Hi Fortuanto, 

We still have a few pending fixes to be done for JSS, which should be 
coming soon. 

Thanks,
Kashyap

ps: that was intended here :)
> _______________________________________________
> Pki-users mailing list
> Pki-users at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-users
>
>   




More information about the Pki-users mailing list