pki.git/base/server/tomcat7/conf, branch master Unnamed repository; edit this file 'description' to name the repository. Fixed SSL connection timeouts. 2017-04-19T23:17:24+00:00 Endi S. Dewata edewata@redhat.com 2017-04-19T23:06:18+00:00 470e6c6724fe59d9db9066971a9f24758d5fe0aa The connectionTimeout parameter has been restored to 80 seconds. The keepAliveTimeout parameter has been set to 5 minutes. https://pagure.io/dogtagpki/issue/2643 Change-Id: I05bca0284ad946d833ed144e2f93a4ef4b9b6f0f 
The connectionTimeout parameter has been restored to 80 seconds.
The keepAliveTimeout parameter has been set to 5 minutes.

https://pagure.io/dogtagpki/issue/2643

Change-Id: I05bca0284ad946d833ed144e2f93a4ef4b9b6f0f
Updated default SSL connection timeout. 2017-04-19T21:58:45+00:00 Endi S. Dewata edewata@redhat.com 2017-04-19T19:35:09+00:00 6817c67bc93e99f36c79838fffc08145e6599580 The default SSL connection timeout has been changed to 5 minutes to improve PKI console usability. https://pagure.io/dogtagpki/issue/2643 Change-Id: I905ca855285ddd655d965488b175c2d11fe407fd 
The default SSL connection timeout has been changed to 5 minutes
to improve PKI console usability.

https://pagure.io/dogtagpki/issue/2643

Change-Id: I905ca855285ddd655d965488b175c2d11fe407fd
Merged /pki webapps. 2017-01-30T20:20:32+00:00 Endi S. Dewata edewata@redhat.com 2017-01-19T19:50:42+00:00 1ee44923b78684229e32301d57e74e770621fe9c Previously the /pki webapp was only added if the theme was present during installation, and there were separate webapps for /pki/admin and /pki/js. If the theme was installed later, the /pki webapp had to be configured manually. To simplify the installation and to support other developments (e.g. login banner), the /pki webapp will always be added during installation regardless of theme, and the /pki/admin and /pki/js webapps are merged into /pki webapp. When the theme package is installed, it will create links in /pki webapp so the theme files will become available without additional configuration. An upgrade script has been added to merge the /pki webapp in existing instances. https://fedorahosted.org/pki/ticket/2582 
Previously the /pki webapp was only added if the theme was present
during installation, and there were separate webapps for /pki/admin
and /pki/js. If the theme was installed later, the /pki webapp had
to be configured manually.

To simplify the installation and to support other developments
(e.g. login banner), the /pki webapp will always be added during
installation regardless of theme, and the /pki/admin and /pki/js
webapps are merged into /pki webapp. When the theme package is
installed, it will create links in /pki webapp so the theme files
will become available without additional configuration.

An upgrade script has been added to merge the /pki webapp in
existing instances.

https://fedorahosted.org/pki/ticket/2582
Fixed default OCSP port in server.xml. 2016-11-02T15:30:28+00:00 Endi S. Dewata edewata@redhat.com 2016-11-01T18:43:42+00:00 5c9198c867e9b88a8bdae53961cb60bff93176e9 For consistency the server.xml templates for Tomcat 7 and 8 have been modified to use the same unsecure port used by the instance in the default OCSP responder URL. https://fedorahosted.org/pki/ticket/2476 
For consistency the server.xml templates for Tomcat 7 and 8 have
been modified to use the same unsecure port used by the instance
in the default OCSP responder URL.

https://fedorahosted.org/pki/ticket/2476
Enableocsp checking on KRA with CA's secure port shows self test failure. 2016-06-16T21:45:37+00:00 Jack Magne jmagne@dhcp-16-206.sjc.redhat.com 2016-06-16T21:40:23+00:00 1b80b8c38be4ad4edf7b8e9d817877225517ca83 Here we will address this by putting a comment in the server.xml, around the area where the ocsp settings are document. 
Here we will address this by putting a comment in the server.xml,
around the area where the ocsp settings are document.
Add option to modify ajp_host to pkispawn 2016-06-03T15:49:15+00:00 Ade Lee alee@redhat.com 2016-06-02T16:20:20+00:00 d77c0f15ad4d51af998b7ab89f7482b7d0b3a370 This allows IPA to handle the case of a pure ipv6 environment in which the ipv4 loopback interface is not available. Ticket 1717 
This allows IPA to handle the case of a pure ipv6
environment in which the ipv4 loopback interface is
not available.

Ticket 1717
Update default values of connectionTimeout to format smart cards 2016-05-12T22:23:40+00:00 Jack Magne jmagne@dhcp-16-206.sjc.redhat.com 2016-05-12T22:21:34+00:00 b0ee4e8ea25f8a645015ace4eb5413fb11e96f50 Ticket #1921 Trivial fix to add or up this connectionTimeout value to 80000 or 80 secs. Fix already tested informally in the field by QE. 
Ticket #1921

Trivial fix to add or up this connectionTimeout value to 80000 or 80 secs.
Fix already tested informally in the field by QE.
Avoid XML parse fail with double-hyphen in hostname 2016-03-03T01:14:09+00:00 Fraser Tweedale ftweedal@redhat.com 2016-03-03T01:14:09+00:00 8beb5cfa4cd81fbf47ea8cd6839b793c2a12284e server.xml contains metadata read by pkidaemon which includes URLs, in XML comments. If the hostname contains `--', the parse fails. Instead of XML comments, put this information in XML Processing instructions[1], which allows double-hyphens to be used. [1] https://www.w3.org/TR/REC-xml/#NT-PI Fixes: https://fedorahosted.org/pki/ticket/1260 
server.xml contains metadata read by pkidaemon which includes URLs,
in XML comments.  If the hostname contains `--', the parse fails.

Instead of XML comments, put this information in XML Processing
instructions[1], which allows double-hyphens to be used.

[1] https://www.w3.org/TR/REC-xml/#NT-PI

Fixes: https://fedorahosted.org/pki/ticket/1260
Ticket #1556 Weak HTTPS TLS ciphers 2015-08-17T19:11:39+00:00 Christina Fu cfu@redhat.com 2015-08-14T17:57:15+00:00 5935b765aaeb0f30844812db057020b1aaea4559 This patch fixes the RSA ciphers that were mistakenly turned on under ECC section, and off under RSA section. A few adjustments have also been made based on Bob Relyea's feedback. A new file, <instance>/conf/ciphers.info was also created to 1. provide info on the ciphers 2. provide default rsa and ecc ciphers for admins to incorporate into earlier instances (as migration script might not be ideal due to possible customization) (cherry picked from commit 67c895851781d69343979cbcff138184803880ea) 
This patch fixes the RSA ciphers that were mistakenly turned on under ECC
section, and off under RSA section. A few adjustments have also been made
based on Bob Relyea's feedback. A new file, <instance>/conf/ciphers.info
was also created to
 1. provide info on the ciphers
 2. provide default rsa and ecc ciphers for admins to incorporate into earlier
    instances (as migration script might not be ideal due to possible customization)

(cherry picked from commit 67c895851781d69343979cbcff138184803880ea)
remove more inaccessible URLs from server.xml 2015-08-07T23:32:58+00:00 Matthew Harmsen mharmsen@redhat.com 2015-08-07T19:20:22+00:00 5015475c6084d9397017e5531299f1545fae2a33 - PKI TRAC Ticket #1443 - pkidaemon status tomcat list URLs under PKI subsystems which are not accessible - PKI TRAC Ticket #1518 - OCSP ee url returned by pkidaemon status tomcat shows an error page 
- PKI TRAC Ticket #1443 - pkidaemon status tomcat list URLs under PKI
  subsystems which are not accessible
- PKI TRAC Ticket #1518 - OCSP ee url returned by pkidaemon status tomcat
  shows an error page