1 files changed, 2 insertions, 12 deletions

diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py
index f31bdc6d2..69921a33a 100644
--- a/ipaserver/install/cainstance.py
+++ b/ipaserver/install/cainstance.py
@@ -56,6 +56,7 @@ PKI_INSTANCE_NAME="pki-ca"
 AGENT_SECURE_PORT=9443
 EE_SECURE_PORT=9444
 ADMIN_SECURE_PORT=9445
+EE_CLIENT_AUTH_PORT=9446
 UNSECURE_PORT=9180
 TOMCAT_SERVER_PORT=9701
 
@@ -482,6 +483,7 @@ class CAInstance(service.Service):
                 '-agent_secure_port', str(AGENT_SECURE_PORT),
                 '-ee_secure_port', str(EE_SECURE_PORT),
                 '-admin_secure_port', str(ADMIN_SECURE_PORT),
+                '-ee_secure_client_auth_port', str(EE_CLIENT_AUTH_PORT),
                 '-unsecure_port', str(UNSECURE_PORT),
                 '-tomcat_server_port', str(TOMCAT_SERVER_PORT),
                 '-redirect', 'conf=/etc/pki-ca',
@@ -518,18 +520,6 @@ class CAInstance(service.Service):
         pent = pwd.getpwnam(self.pki_user)
         os.chown('/var/lib/pki-ca/conf/CS.cfg', pent.pw_uid, pent.pw_gid )
 
-        # Update the servlet mapping to so we use the agent interface rather
-        # than the end-user interface. The agent interface always requires
-        # client auth which lets us work work around the NSS change which
-        # disallows renegotation (CVE-2009-3555)
-        #
-        # The spaces here, while ugly, are required because update_file()
-        # escapes the incoming string.
-        installutils.update_file('/var/lib/%s/webapps/ca/WEB-INF/web.xml' % PKI_INSTANCE_NAME,
-            '      <url-pattern>   /ee/ca/profileSubmitSSLClient  </url-pattern>',
-            '      <url-pattern>   /agent/ca/profileSubmitSSLClient  </url-pattern>'
-)
-
         logging.debug("restarting ca instance")
         try:
             self.restart()