[Pki-users] pkicreate and IPv6
kashyap chamarthy
kchamart at redhat.com
Wed Apr 29 18:49:30 UTC 2009
Fortunato wrote:
> Hello again,
>
> I just used pkicreate to create another CA instance and still don't see how to configure the new CA to use an IPv6 address. Is there a way to configure the new CA to use the IPv6 address?
>
> # service pki-ca2 status
> pki-ca2 (pid 7867) is running ...
>
> Unsecure Port = http://fed10.tpn-af.mil:9280/ca/ee/ca
> Secure Agent Port = https://fed10.tpn-af.mil:9544/ca/agent/ca
> Secure EE Port = https://fed10.tpn-af.mil:9543/ca/ee/ca
> Secure Admin Port = https://fed10.tpn-af.mil:9545/ca/services
> Secure Admin Port = pkiconsole https://fed10.tpn-af.mil:9545/ca
> Tomcat Port = 9801 (for shutdown)
>
> Only the 1) Unsecure Port entry and 2) the Tomcat Port appears to be listening on IPv6.
>
> # netstat -tlpn
> Active Internet connections (only servers)
> Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
> tcp 0 0 0.0.0.0:9443 0.0.0.0:* LISTEN 9061/java
> tcp 0 0 0.0.0.0:9444 0.0.0.0:* LISTEN 9061/java
> tcp 0 0 0.0.0.0:9445 0.0.0.0:* LISTEN 9061/java
> tcp 0 0 0.0.0.0:9543 0.0.0.0:* LISTEN 7867/java
> tcp 0 0 0.0.0.0:9544 0.0.0.0:* LISTEN 7867/java
> tcp 0 0 0.0.0.0:9545 0.0.0.0:* LISTEN 7867/java
> tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 2121/rpcbind
> tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 2883/sshd
> tcp 0 0 0.0.0.0:41495 0.0.0.0:* LISTEN 2134/rpc.statd
> tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 2900/sendmail: acce
> tcp 0 0 :::9280 :::* LISTEN 7867/java
> tcp 0 0 ::ffff:127.0.0.1:9701 :::* LISTEN 9061/java
> tcp 0 0 :::389 :::* LISTEN 2471/ns-slapd
> tcp 0 0 :::9830 :::* LISTEN 2572/httpd.worker
> tcp 0 0 ::ffff:127.0.0.1:9801 :::* LISTEN 7867/java
> tcp 0 0 :::111 :::* LISTEN 2121/rpcbind
> tcp 0 0 :::22 :::* LISTEN 2883/sshd
> tcp 0 0 :::9180 :::* LISTEN 9061/java
>
> The file /etc/pki-ca2/CS.cfg appears to have places for localhost or machinename (hostname) but the settings are sprinkled all over the file.
>
> Any ideas?
>
> As an observation, I so far see IPv6 support as somewhat limited and arbitrary considering the way 9180 was selected and the weird 9801 address.
>
>
>
Hi Fortuanto,
We still have a few pending fixes to be done for JSS, which should be
coming soon.
Thanks,
Kashyap
ps: that was intended here :)
> _______________________________________________
> Pki-users mailing list
> Pki-users at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-users
>
>
More information about the Pki-users
mailing list