diff options
author | Jack Magne <jmagne@dhcp-16-206.sjc.redhat.com> | 2016-06-16 14:40:23 -0700 |
---|---|---|
committer | Jack Magne <jmagne@dhcp-16-206.sjc.redhat.com> | 2016-06-16 14:45:37 -0700 |
commit | 1b80b8c38be4ad4edf7b8e9d817877225517ca83 (patch) | |
tree | 440e1074b27250108619d7122eacc53f0a888275 /base/server/tomcat8 | |
parent | dc80efadfcccdcef4d9f45b1d350e71f54ed952e (diff) | |
download | pki-1b80b8c38be4ad4edf7b8e9d817877225517ca83.tar.gz pki-1b80b8c38be4ad4edf7b8e9d817877225517ca83.tar.xz pki-1b80b8c38be4ad4edf7b8e9d817877225517ca83.zip |
Enableocsp checking on KRA with CA's secure port shows self test failure.
Here we will address this by putting a comment in the server.xml,
around the area where the ocsp settings are document.
Diffstat (limited to 'base/server/tomcat8')
-rw-r--r-- | base/server/tomcat8/conf/server.xml | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/base/server/tomcat8/conf/server.xml b/base/server/tomcat8/conf/server.xml index a9d338fa1..ddbe009e4 100644 --- a/base/server/tomcat8/conf/server.xml +++ b/base/server/tomcat8/conf/server.xml @@ -186,6 +186,9 @@ Tomcat Port = [TOMCAT_SERVER_PORT] (for shutdown) Here are the definition to all the OCSP-related settings: enableOCSP - turns on/off the ocsp check ocspResponderURL - sets the url where the ocsp requests are sent + Make sure this URL uses the NON SSL or HTTP port for the OCSP interface. + Ex: use 8080 instead of say 8443. + ocspResponderCertNickname - sets the nickname of the cert that is either CA's signing certificate or the OCSP server's signing certificate. |