diff options
author | Matthew Harmsen <mharmsen@redhat.com> | 2015-08-07 13:20:22 -0600 |
---|---|---|
committer | Matthew Harmsen <mharmsen@redhat.com> | 2015-08-07 17:32:58 -0600 |
commit | 5015475c6084d9397017e5531299f1545fae2a33 (patch) | |
tree | 71fd24290243fc2c69827a0ca124c94f911eea8f | |
parent | c13593770108b6d683ab3d3b43b92d67ac64a1ef (diff) | |
download | pki-5015475c6084d9397017e5531299f1545fae2a33.tar.gz pki-5015475c6084d9397017e5531299f1545fae2a33.tar.xz pki-5015475c6084d9397017e5531299f1545fae2a33.zip |
remove more inaccessible URLs from server.xml
- PKI TRAC Ticket #1443 - pkidaemon status tomcat list URLs under PKI
subsystems which are not accessible
- PKI TRAC Ticket #1518 - OCSP ee url returned by pkidaemon status tomcat
shows an error page
-rw-r--r-- | base/server/man/man1/pkidaemon.1 | 14 | ||||
-rw-r--r-- | base/server/tomcat7/conf/server.xml | 6 | ||||
-rw-r--r-- | base/server/tomcat8/conf/server.xml | 6 | ||||
-rwxr-xr-x | base/server/upgrade/10.2.6/01-RemoveInaccessableURLsFromServerXML | 2 |
4 files changed, 12 insertions, 16 deletions
diff --git a/base/server/man/man1/pkidaemon.1 b/base/server/man/man1/pkidaemon.1 index 9b4eb4685..35c04e558 100644 --- a/base/server/man/man1/pkidaemon.1 +++ b/base/server/man/man1/pkidaemon.1 @@ -39,6 +39,8 @@ As stated above, the only optional argument to \fBpkidaemon\fR is \fB[instance-n For the following examples, two instances were installed. The first contained a CA, KRA, OCSP, TKS and TPS in a shared PKI instance named 'pki-tomcat', while the second simply contained a CA running on different ports and named 'pki-tomcat-2'. +For the OCSP 'Unsecure URL' and the OCSP 'Secure EE URL' which both specify a static string of '<ocsp request blob>', the intention is for the user to replace this static string with an actual OCSP request blob relevant to their particular deployment. + .SS Listing the status of all local PKI instances on this machine: .BR .PP @@ -57,22 +59,20 @@ Status for pki-tomcat: pki-tomcat is running .. Tomcat Port = 8005 (for shutdown) [DRM Status Definitions] - Unsecure URL = http://pki.example.com:8080/kra/ee/kra Secure Agent URL = https://pki.example.com:8443/kra/agent/kra Secure Admin URL = https://pki.example.com:8443/kra/services PKI Console Command = pkiconsole https://pki.example.com:8443/kra Tomcat Port = 8005 (for shutdown) [OCSP Status Definitions] - Unsecure URL = http://pki.example.com:8080/ocsp/ee/ocsp + Unsecure URL = http://pki.example.com:8080/ocsp/ee/ocsp/<ocsp request blob> Secure Agent URL = https://pki.example.com:8443/ocsp/agent/ocsp - Secure EE URL = https://pki.example.com:8443/ocsp/ee/ocsp + Secure EE URL = https://pki.example.com:8443/ocsp/ee/ocsp/<ocsp request blob> Secure Admin URL = https://pki.example.com:8443/ocsp/services PKI Console Command = pkiconsole https://pki.example.com:8443/ocsp Tomcat Port = 8005 (for shutdown) [TKS Status Definitions] - Unsecure URL = http://pki.example.com:8080/tks/ee/tks Secure Agent URL = https://pki.example.com:8443/tks/agent/tks Secure Admin URL = https://pki.example.com:8443/tks/services PKI Console Command = pkiconsole https://pki.example.com:8443/tks @@ -179,22 +179,20 @@ Status for pki-tomcat: pki-tomcat is running .. Tomcat Port = 8005 (for shutdown) [DRM Status Definitions] - Unsecure URL = http://pki.example.com:8080/kra/ee/kra Secure Agent URL = https://pki.example.com:8443/kra/agent/kra Secure Admin URL = https://pki.example.com:8443/kra/services PKI Console Command = pkiconsole https://pki.example.com:8443/kra Tomcat Port = 8005 (for shutdown) [OCSP Status Definitions] - Unsecure URL = http://pki.example.com:8080/ocsp/ee/ocsp + Unsecure URL = http://pki.example.com:8080/ocsp/ee/ocsp/<ocsp request blob> Secure Agent URL = https://pki.example.com:8443/ocsp/agent/ocsp - Secure EE URL = https://pki.example.com:8443/ocsp/ee/ocsp + Secure EE URL = https://pki.example.com:8443/ocsp/ee/ocsp/<ocsp request blob> Secure Admin URL = https://pki.example.com:8443/ocsp/services PKI Console Command = pkiconsole https://pki.example.com:8443/ocsp Tomcat Port = 8005 (for shutdown) [TKS Status Definitions] - Unsecure URL = http://pki.example.com:8080/tks/ee/tks Secure Agent URL = https://pki.example.com:8443/tks/agent/tks Secure Admin URL = https://pki.example.com:8443/tks/services PKI Console Command = pkiconsole https://pki.example.com:8443/tks diff --git a/base/server/tomcat7/conf/server.xml b/base/server/tomcat7/conf/server.xml index 81a801628..d944d324b 100644 --- a/base/server/tomcat7/conf/server.xml +++ b/base/server/tomcat7/conf/server.xml @@ -37,7 +37,6 @@ Tomcat Port = [TOMCAT_SERVER_PORT] (for shutdown) --> <!-- KRA Status Definitions --> <!-- -Unsecure URL = http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/kra/ee/kra Secure Agent URL = https://[PKI_HOSTNAME]:[PKI_AGENT_SECURE_PORT]/kra/agent/kra Secure Admin URL = https://[PKI_HOSTNAME]:[PKI_ADMIN_SECURE_PORT]/kra/services PKI Console Command = pkiconsole https://[PKI_HOSTNAME]:[PKI_ADMIN_SECURE_PORT]/kra @@ -45,16 +44,15 @@ Tomcat Port = [TOMCAT_SERVER_PORT] (for shutdown) --> <!-- OCSP Status Definitions --> <!-- -Unsecure URL = http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/ocsp/ee/ocsp +Unsecure URL = http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/ocsp/ee/ocsp/<ocsp request blob> Secure Agent URL = https://[PKI_HOSTNAME]:[PKI_AGENT_SECURE_PORT]/ocsp/agent/ocsp -Secure EE URL = https://[PKI_HOSTNAME]:[PKI_EE_SECURE_PORT]/ocsp/ee/ocsp +Secure EE URL = https://[PKI_HOSTNAME]:[PKI_EE_SECURE_PORT]/ocsp/ee/ocsp/<ocsp request blob> Secure Admin URL = https://[PKI_HOSTNAME]:[PKI_ADMIN_SECURE_PORT]/ocsp/services PKI Console Command = pkiconsole https://[PKI_HOSTNAME]:[PKI_ADMIN_SECURE_PORT]/ocsp Tomcat Port = [TOMCAT_SERVER_PORT] (for shutdown) --> <!-- TKS Status Definitions --> <!-- -Unsecure URL = http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/tks/ee/tks Secure Agent URL = https://[PKI_HOSTNAME]:[PKI_AGENT_SECURE_PORT]/tks/agent/tks Secure Admin URL = https://[PKI_HOSTNAME]:[PKI_ADMIN_SECURE_PORT]/tks/services PKI Console Command = pkiconsole https://[PKI_HOSTNAME]:[PKI_ADMIN_SECURE_PORT]/tks diff --git a/base/server/tomcat8/conf/server.xml b/base/server/tomcat8/conf/server.xml index c482fc138..2c2536b7f 100644 --- a/base/server/tomcat8/conf/server.xml +++ b/base/server/tomcat8/conf/server.xml @@ -37,7 +37,6 @@ Tomcat Port = [TOMCAT_SERVER_PORT] (for shutdown) --> <!-- KRA Status Definitions --> <!-- -Unsecure URL = http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/kra/ee/kra Secure Agent URL = https://[PKI_HOSTNAME]:[PKI_AGENT_SECURE_PORT]/kra/agent/kra Secure Admin URL = https://[PKI_HOSTNAME]:[PKI_ADMIN_SECURE_PORT]/kra/services PKI Console Command = pkiconsole https://[PKI_HOSTNAME]:[PKI_ADMIN_SECURE_PORT]/kra @@ -45,16 +44,15 @@ Tomcat Port = [TOMCAT_SERVER_PORT] (for shutdown) --> <!-- OCSP Status Definitions --> <!-- -Unsecure URL = http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/ocsp/ee/ocsp +Unsecure URL = http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/ocsp/ee/ocsp/<ocsp request blob> Secure Agent URL = https://[PKI_HOSTNAME]:[PKI_AGENT_SECURE_PORT]/ocsp/agent/ocsp -Secure EE URL = https://[PKI_HOSTNAME]:[PKI_EE_SECURE_PORT]/ocsp/ee/ocsp +Secure EE URL = https://[PKI_HOSTNAME]:[PKI_EE_SECURE_PORT]/ocsp/ee/ocsp/<ocsp request blob> Secure Admin URL = https://[PKI_HOSTNAME]:[PKI_ADMIN_SECURE_PORT]/ocsp/services PKI Console Command = pkiconsole https://[PKI_HOSTNAME]:[PKI_ADMIN_SECURE_PORT]/ocsp Tomcat Port = [TOMCAT_SERVER_PORT] (for shutdown) --> <!-- TKS Status Definitions --> <!-- -Unsecure URL = http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/tks/ee/tks Secure Agent URL = https://[PKI_HOSTNAME]:[PKI_AGENT_SECURE_PORT]/tks/agent/tks Secure Admin URL = https://[PKI_HOSTNAME]:[PKI_ADMIN_SECURE_PORT]/tks/services PKI Console Command = pkiconsole https://[PKI_HOSTNAME]:[PKI_ADMIN_SECURE_PORT]/tks diff --git a/base/server/upgrade/10.2.6/01-RemoveInaccessableURLsFromServerXML b/base/server/upgrade/10.2.6/01-RemoveInaccessableURLsFromServerXML index e27cfc43e..240fd28fc 100755 --- a/base/server/upgrade/10.2.6/01-RemoveInaccessableURLsFromServerXML +++ b/base/server/upgrade/10.2.6/01-RemoveInaccessableURLsFromServerXML @@ -35,7 +35,9 @@ class RemoveInaccessableURLsFromServerXML( subprocess.check_call([ 'sed', '-i', '-e', '\|^.*EE Client Auth URL.*ca/eeca/ca.*$|d', + '-e', '\|^.*Unsecure URL.*kra/ee/kra.*$|d', '-e', '\|^.*Secure EE URL.*kra/ee/kra.*$|d', + '-e', '\|^.*Unsecure URL.*tks/ee/tks.*$|d', '-e', '\|^.*Secure EE URL.*tks/ee/tks.*$|d', '/etc/pki/{0}/server.xml'.format(instance.name) ]) |