remove more inaccessible URLs from server.xml

- PKI TRAC Ticket #1443 - pkidaemon status tomcat list URLs under PKI subsystems which are not accessible - PKI TRAC Ticket #1518 - OCSP ee url returned by pkidaemon status tomcat shows an error page
author: Matthew Harmsen <mharmsen@redhat.com> 2015-08-07 13:20:22 -0600
committer: Matthew Harmsen <mharmsen@redhat.com> 2015-08-07 17:32:58 -0600
commit: 5015475c6084d9397017e5531299f1545fae2a33 (patch)
tree: 71fd24290243fc2c69827a0ca124c94f911eea8f
parent: c13593770108b6d683ab3d3b43b92d67ac64a1ef (diff)
download: pki-5015475c6084d9397017e5531299f1545fae2a33.tar.gz
pki-5015475c6084d9397017e5531299f1545fae2a33.tar.xz
pki-5015475c6084d9397017e5531299f1545fae2a33.zip
4 files changed, 12 insertions, 16 deletions
diff --git a/base/server/man/man1/pkidaemon.1 b/base/server/man/man1/pkidaemon.1
index 9b4eb4685..35c04e558 100644
--- a/base/server/man/man1/pkidaemon.1
+++ b/base/server/man/man1/pkidaemon.1
@@ -39,6 +39,8 @@ As stated above, the only optional argument to \fBpkidaemon\fR is \fB[instance-n
 
 For the following examples, two instances were installed.  The first contained a CA, KRA, OCSP, TKS and TPS in a shared PKI instance named 'pki-tomcat', while the second simply contained a CA running on different ports and named 'pki-tomcat-2'.
 
+For the OCSP 'Unsecure URL' and the OCSP 'Secure EE URL' which both specify a static string of '<ocsp request blob>', the intention is for the user to replace this static string with an actual OCSP request blob relevant to their particular deployment.
+
 .SS Listing the status of all local PKI instances on this machine:
 .BR
 .PP
@@ -57,22 +59,20 @@ Status for pki-tomcat: pki-tomcat is running ..
     Tomcat Port         = 8005 (for shutdown)
 
     [DRM Status Definitions]
-    Unsecure URL        = http://pki.example.com:8080/kra/ee/kra
     Secure Agent URL    = https://pki.example.com:8443/kra/agent/kra
     Secure Admin URL    = https://pki.example.com:8443/kra/services
     PKI Console Command = pkiconsole https://pki.example.com:8443/kra
     Tomcat Port         = 8005 (for shutdown)
 
     [OCSP Status Definitions]
-    Unsecure URL        = http://pki.example.com:8080/ocsp/ee/ocsp
+    Unsecure URL        = http://pki.example.com:8080/ocsp/ee/ocsp/<ocsp request blob>
     Secure Agent URL    = https://pki.example.com:8443/ocsp/agent/ocsp
-    Secure EE URL       = https://pki.example.com:8443/ocsp/ee/ocsp
+    Secure EE URL       = https://pki.example.com:8443/ocsp/ee/ocsp/<ocsp request blob>
     Secure Admin URL    = https://pki.example.com:8443/ocsp/services
     PKI Console Command = pkiconsole https://pki.example.com:8443/ocsp
     Tomcat Port         = 8005 (for shutdown)
 
     [TKS Status Definitions]
-    Unsecure URL        = http://pki.example.com:8080/tks/ee/tks
     Secure Agent URL    = https://pki.example.com:8443/tks/agent/tks
     Secure Admin URL    = https://pki.example.com:8443/tks/services
     PKI Console Command = pkiconsole https://pki.example.com:8443/tks
@@ -179,22 +179,20 @@ Status for pki-tomcat: pki-tomcat is running ..
     Tomcat Port         = 8005 (for shutdown)
 
     [DRM Status Definitions]
-    Unsecure URL        = http://pki.example.com:8080/kra/ee/kra
     Secure Agent URL    = https://pki.example.com:8443/kra/agent/kra
     Secure Admin URL    = https://pki.example.com:8443/kra/services
     PKI Console Command = pkiconsole https://pki.example.com:8443/kra
     Tomcat Port         = 8005 (for shutdown)
 
     [OCSP Status Definitions]
-    Unsecure URL        = http://pki.example.com:8080/ocsp/ee/ocsp
+    Unsecure URL        = http://pki.example.com:8080/ocsp/ee/ocsp/<ocsp request blob>
     Secure Agent URL    = https://pki.example.com:8443/ocsp/agent/ocsp
-    Secure EE URL       = https://pki.example.com:8443/ocsp/ee/ocsp
+    Secure EE URL       = https://pki.example.com:8443/ocsp/ee/ocsp/<ocsp request blob>
     Secure Admin URL    = https://pki.example.com:8443/ocsp/services
     PKI Console Command = pkiconsole https://pki.example.com:8443/ocsp
     Tomcat Port         = 8005 (for shutdown)
 
     [TKS Status Definitions]
-    Unsecure URL        = http://pki.example.com:8080/tks/ee/tks
     Secure Agent URL    = https://pki.example.com:8443/tks/agent/tks
     Secure Admin URL    = https://pki.example.com:8443/tks/services
     PKI Console Command = pkiconsole https://pki.example.com:8443/tks
diff --git a/base/server/tomcat7/conf/server.xml b/base/server/tomcat7/conf/server.xml
index 81a801628..d944d324b 100644
--- a/base/server/tomcat7/conf/server.xml
+++ b/base/server/tomcat7/conf/server.xml
@@ -37,7 +37,6 @@ Tomcat Port         = [TOMCAT_SERVER_PORT] (for shutdown)
 -->
 <!-- KRA Status Definitions -->
 <!--
-Unsecure URL        = http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/kra/ee/kra
 Secure Agent URL    = https://[PKI_HOSTNAME]:[PKI_AGENT_SECURE_PORT]/kra/agent/kra
 Secure Admin URL    = https://[PKI_HOSTNAME]:[PKI_ADMIN_SECURE_PORT]/kra/services
 PKI Console Command = pkiconsole https://[PKI_HOSTNAME]:[PKI_ADMIN_SECURE_PORT]/kra
@@ -45,16 +44,15 @@ Tomcat Port         = [TOMCAT_SERVER_PORT] (for shutdown)
 -->
 <!-- OCSP Status Definitions -->
 <!--
-Unsecure URL        = http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/ocsp/ee/ocsp
+Unsecure URL        = http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/ocsp/ee/ocsp/<ocsp request blob>
 Secure Agent URL    = https://[PKI_HOSTNAME]:[PKI_AGENT_SECURE_PORT]/ocsp/agent/ocsp
-Secure EE URL       = https://[PKI_HOSTNAME]:[PKI_EE_SECURE_PORT]/ocsp/ee/ocsp
+Secure EE URL       = https://[PKI_HOSTNAME]:[PKI_EE_SECURE_PORT]/ocsp/ee/ocsp/<ocsp request blob>
 Secure Admin URL    = https://[PKI_HOSTNAME]:[PKI_ADMIN_SECURE_PORT]/ocsp/services
 PKI Console Command = pkiconsole https://[PKI_HOSTNAME]:[PKI_ADMIN_SECURE_PORT]/ocsp
 Tomcat Port         = [TOMCAT_SERVER_PORT] (for shutdown)
 -->
 <!-- TKS Status Definitions -->
 <!--
-Unsecure URL        = http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/tks/ee/tks
 Secure Agent URL    = https://[PKI_HOSTNAME]:[PKI_AGENT_SECURE_PORT]/tks/agent/tks
 Secure Admin URL    = https://[PKI_HOSTNAME]:[PKI_ADMIN_SECURE_PORT]/tks/services
 PKI Console Command = pkiconsole https://[PKI_HOSTNAME]:[PKI_ADMIN_SECURE_PORT]/tks
diff --git a/base/server/tomcat8/conf/server.xml b/base/server/tomcat8/conf/server.xml
index c482fc138..2c2536b7f 100644
--- a/base/server/tomcat8/conf/server.xml
+++ b/base/server/tomcat8/conf/server.xml
@@ -37,7 +37,6 @@ Tomcat Port         = [TOMCAT_SERVER_PORT] (for shutdown)
 -->
 <!-- KRA Status Definitions -->
 <!--
-Unsecure URL        = http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/kra/ee/kra
 Secure Agent URL    = https://[PKI_HOSTNAME]:[PKI_AGENT_SECURE_PORT]/kra/agent/kra
 Secure Admin URL    = https://[PKI_HOSTNAME]:[PKI_ADMIN_SECURE_PORT]/kra/services
 PKI Console Command = pkiconsole https://[PKI_HOSTNAME]:[PKI_ADMIN_SECURE_PORT]/kra
@@ -45,16 +44,15 @@ Tomcat Port         = [TOMCAT_SERVER_PORT] (for shutdown)
 -->
 <!-- OCSP Status Definitions -->
 <!--
-Unsecure URL        = http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/ocsp/ee/ocsp
+Unsecure URL        = http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/ocsp/ee/ocsp/<ocsp request blob>
 Secure Agent URL    = https://[PKI_HOSTNAME]:[PKI_AGENT_SECURE_PORT]/ocsp/agent/ocsp
-Secure EE URL       = https://[PKI_HOSTNAME]:[PKI_EE_SECURE_PORT]/ocsp/ee/ocsp
+Secure EE URL       = https://[PKI_HOSTNAME]:[PKI_EE_SECURE_PORT]/ocsp/ee/ocsp/<ocsp request blob>
 Secure Admin URL    = https://[PKI_HOSTNAME]:[PKI_ADMIN_SECURE_PORT]/ocsp/services
 PKI Console Command = pkiconsole https://[PKI_HOSTNAME]:[PKI_ADMIN_SECURE_PORT]/ocsp
 Tomcat Port         = [TOMCAT_SERVER_PORT] (for shutdown)
 -->
 <!-- TKS Status Definitions -->
 <!--
-Unsecure URL        = http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/tks/ee/tks
 Secure Agent URL    = https://[PKI_HOSTNAME]:[PKI_AGENT_SECURE_PORT]/tks/agent/tks
 Secure Admin URL    = https://[PKI_HOSTNAME]:[PKI_ADMIN_SECURE_PORT]/tks/services
 PKI Console Command = pkiconsole https://[PKI_HOSTNAME]:[PKI_ADMIN_SECURE_PORT]/tks
diff --git a/base/server/upgrade/10.2.6/01-RemoveInaccessableURLsFromServerXML b/base/server/upgrade/10.2.6/01-RemoveInaccessableURLsFromServerXML
index e27cfc43e..240fd28fc 100755
--- a/base/server/upgrade/10.2.6/01-RemoveInaccessableURLsFromServerXML
+++ b/base/server/upgrade/10.2.6/01-RemoveInaccessableURLsFromServerXML
@@ -35,7 +35,9 @@ class RemoveInaccessableURLsFromServerXML(
         subprocess.check_call([
             'sed', '-i',
             '-e', '\|^.*EE Client Auth URL.*ca/eeca/ca.*$|d',
+            '-e', '\|^.*Unsecure URL.*kra/ee/kra.*$|d',
             '-e', '\|^.*Secure EE URL.*kra/ee/kra.*$|d',
+            '-e', '\|^.*Unsecure URL.*tks/ee/tks.*$|d',
             '-e', '\|^.*Secure EE URL.*tks/ee/tks.*$|d',
             '/etc/pki/{0}/server.xml'.format(instance.name)
         ])
author	Matthew Harmsen <mharmsen@redhat.com>	2015-08-07 13:20:22 -0600
committer	Matthew Harmsen <mharmsen@redhat.com>	2015-08-07 17:32:58 -0600
commit	5015475c6084d9397017e5531299f1545fae2a33 (patch)
tree	71fd24290243fc2c69827a0ca124c94f911eea8f
parent	c13593770108b6d683ab3d3b43b92d67ac64a1ef (diff)
download	pki-5015475c6084d9397017e5531299f1545fae2a33.tar.gz pki-5015475c6084d9397017e5531299f1545fae2a33.tar.xz pki-5015475c6084d9397017e5531299f1545fae2a33.zip