diff options
author | Endi Sukma Dewata <edewata@redhat.com> | 2013-05-20 22:59:15 -0400 |
---|---|---|
committer | Endi Sukma Dewata <edewata@redhat.com> | 2013-05-30 12:00:36 -0400 |
commit | d78d7442be02b6b83d9dad3fc089fa9f9d8ceb48 (patch) | |
tree | 27816db3b38935f4e4c05bdfd5f347fd7ec4669e /base | |
parent | 1d53a9dd567f395bcaf65376be9f6c3319ba51ce (diff) | |
download | pki-d78d7442be02b6b83d9dad3fc089fa9f9d8ceb48.tar.gz pki-d78d7442be02b6b83d9dad3fc089fa9f9d8ceb48.tar.xz pki-d78d7442be02b6b83d9dad3fc089fa9f9d8ceb48.zip |
Renamed SERVER_NAME and PKI_MACHINE_NAME into PKI_HOSTNAME.
The SERVER_NAME and PKI_MACHINE_NAME variables have been renamed
into PKI_HOSTNAME for consistency.
Diffstat (limited to 'base')
30 files changed, 137 insertions, 138 deletions
diff --git a/base/ca/shared/conf/CS.cfg.in b/base/ca/shared/conf/CS.cfg.in index 1316e9b23..61e1ac4ff 100644 --- a/base/ca/shared/conf/CS.cfg.in +++ b/base/ca/shared/conf/CS.cfg.in @@ -33,17 +33,17 @@ authType=pwd admin.interface.uri=ca/admin/console/config/wizard ee.interface.uri=ca/ee/ca agent.interface.uri=ca/agent/ca -preop.securitydomain.admin_url=https://[PKI_MACHINE_NAME]:9445 +preop.securitydomain.admin_url=https://[PKI_HOSTNAME]:9445 securitydomain.checkIP=false securitydomain.flushinterval=86400000 securitydomain.source=ldap securitydomain.checkinterval=300000 instanceRoot=[PKI_INSTANCE_PATH] configurationRoot=/[PKI_SUBSYSTEM_DIR]conf/ -machineName=[PKI_MACHINE_NAME] +machineName=[PKI_HOSTNAME] instanceId=[PKI_INSTANCE_ID] pidDir=[PKI_PIDDIR] -service.machineName=[PKI_MACHINE_NAME] +service.machineName=[PKI_HOSTNAME] service.instanceDir=[PKI_INSTANCE_ROOT] service.securePort=[PKI_AGENT_SECURE_PORT] service.non_clientauth_securePort=[PKI_EE_SECURE_PORT] @@ -101,7 +101,7 @@ preop.cert.ocsp_signing.type=local preop.cert.ocsp_signing.userfriendlyname=OCSP Signing Certificate preop.cert.ocsp_signing.cncomponent.override=true preop.cert.sslserver.defaultSigningAlgorithm=SHA256withRSA -preop.cert.sslserver.dn=CN=[PKI_MACHINE_NAME] +preop.cert.sslserver.dn=CN=[PKI_HOSTNAME] preop.cert.sslserver.keysize.custom_size=2048 preop.cert.sslserver.keysize.size=2048 preop.cert.sslserver.nickname=Server-Cert cert-[PKI_INSTANCE_ID] @@ -140,7 +140,7 @@ preop.configModules.module2.imagePath=/pki/images/clearpixel.gif preop.configModules.count=3 preop.module.token=Internal Key Storage Token preop.name.caDN=CN=Certificate Authority -preop.name.sslDN=CN=[PKI_MACHINE_NAME] +preop.name.sslDN=CN=[PKI_HOSTNAME] preop.name.ocspDN=CN=OCSP Signing Certificate preop.name.subsystemDN=CN=CA Subsystem Certificate preop.name.canickname=caSigningCert cert-[PKI_INSTANCE_ID] @@ -287,7 +287,7 @@ ca.Policy.impl.SubjectDirectoryAttributesExt.class=com.netscape.cms.policy.exten ca.Policy.impl.SubjectKeyIdentifierExt.class=com.netscape.cms.policy.extensions.SubjectKeyIdentifierExt ca.Policy.impl.UniqueSubjectNameConstraints.class=com.netscape.cms.policy.constraints.UniqueSubjectNameConstraints ca.Policy.impl.ValidityConstraints.class=com.netscape.cms.policy.constraints.ValidityConstraints -ca.Policy.rule.AuthInfoAccessExt.ad0_location=http://[PKI_MACHINE_NAME]:8080/ocsp +ca.Policy.rule.AuthInfoAccessExt.ad0_location=http://[PKI_HOSTNAME]:8080/ocsp ca.Policy.rule.AuthInfoAccessExt.ad0_location_type=URL ca.Policy.rule.AuthInfoAccessExt.ad0_method=ocsp ca.Policy.rule.AuthInfoAccessExt.enable=false @@ -753,12 +753,12 @@ cmsgateway._013=## (4) Type: 'service [PKI_INSTANCE_ID] start' cmsgateway._014=## (5) Launch a browser and re-enroll for cmsgateway._015=## a new Admin Certificate by typing: cmsgateway._016=## -cmsgateway._017=## https://[PKI_MACHINE_NAME]:[PKI_ADMIN_SECURE_PORT]/ca/admin/ca/adminEnroll.html +cmsgateway._017=## https://[PKI_HOSTNAME]:[PKI_ADMIN_SECURE_PORT]/ca/admin/ca/adminEnroll.html cmsgateway._018=## cmsgateway._019=## (6) Verify that the browser contains the new cmsgateway._020=## Admin Certificate by successfully navigating to: cmsgateway._021=## -cmsgateway._022=## https://[PKI_MACHINE_NAME]:[PKI_AGENT_SECURE_PORT]/ca/agent/ca/ +cmsgateway._022=## https://[PKI_HOSTNAME]:[PKI_AGENT_SECURE_PORT]/ca/agent/ca/ cmsgateway._023=## cmsgateway._024=## (7) Optionally, disable the Certificate Policies Framework cmsgateway._025=## by following steps (1) - (4), but ONLY resetting diff --git a/base/ca/shared/conf/proxy.conf b/base/ca/shared/conf/proxy.conf index 663ba5722..9f57c63a4 100644 --- a/base/ca/shared/conf/proxy.conf +++ b/base/ca/shared/conf/proxy.conf @@ -4,31 +4,31 @@ ProxyRequests Off <LocationMatch "^/ca/ee/*|^/ca/renewal|^/ca/certbasedenrollment|^/ca/ocsp|^/ca/enrollment|^/ca/profileSubmit|^/ca/cgi-bin/pkiclient.exe"> NSSOptions +StdEnvVars +ExportCertData +StrictRequire +OptRenegotiate NSSVerifyClient none - ProxyPassMatch ajp://[PKI_MACHINE_NAME]:[PKI_AJP_PORT]/ - ProxyPassReverse ajp://[PKI_MACHINE_NAME]:[PKI_AJP_PORT]/ + ProxyPassMatch ajp://[PKI_HOSTNAME]:[PKI_AJP_PORT]/ + ProxyPassReverse ajp://[PKI_HOSTNAME]:[PKI_AJP_PORT]/ </LocationMatch> # matches for admin port <LocationMatch "^/ca/admin/*|^/ca/auths|^/ca/acl|^/ca/server|^/ca/caadmin|^/ca/caprofile|^/ca/jobsScheduler|^/ca/capublisher|^/ca/log|^/ca/ug"> NSSOptions +StdEnvVars +ExportCertData +StrictRequire +OptRenegotiate NSSVerifyClient none - ProxyPassMatch ajp://[PKI_MACHINE_NAME]:[PKI_AJP_PORT]/ - ProxyPassReverse ajp://[PKI_MACHINE_NAME]:[PKI_AJP_PORT]/ + ProxyPassMatch ajp://[PKI_HOSTNAME]:[PKI_AJP_PORT]/ + ProxyPassReverse ajp://[PKI_HOSTNAME]:[PKI_AJP_PORT]/ </LocationMatch> # matches for agent port and eeca port <LocationMatch "^/ca/agent/*|^/ca/ca/getCertFromRequest|^/ca/ca/GetBySerial|^/ca/ca/connector|/ca/ca/displayCertFromRequest|^/ca/doRevoke|^/ca/eeca/*"> NSSOptions +StdEnvVars +ExportCertData +StrictRequire +OptRenegotiate NSSVerifyClient require - ProxyPassMatch ajp://[PKI_MACHINE_NAME]:[PKI_AJP_PORT]/ - ProxyPassReverse ajp://[PKI_MACHINE_NAME]:[PKI_AJP_PORT]/ + ProxyPassMatch ajp://[PKI_HOSTNAME]:[PKI_AJP_PORT]/ + ProxyPassReverse ajp://[PKI_HOSTNAME]:[PKI_AJP_PORT]/ </LocationMatch> # static content <LocationMatch "^/graphics/*"> NSSOptions +StdEnvVars +ExportCertData +StrictRequire +OptRenegotiate NSSVerifyClient none - ProxyPassMatch ajp://[PKI_MACHINE_NAME]:[PKI_AJP_PORT]/ - ProxyPassReverse ajp://[PKI_MACHINE_NAME]:[PKI_AJP_PORT]/ + ProxyPassMatch ajp://[PKI_HOSTNAME]:[PKI_AJP_PORT]/ + ProxyPassReverse ajp://[PKI_HOSTNAME]:[PKI_AJP_PORT]/ </LocationMatch> diff --git a/base/ca/shared/conf/server.xml b/base/ca/shared/conf/server.xml index 1ae2decea..2ccdb4d40 100644 --- a/base/ca/shared/conf/server.xml +++ b/base/ca/shared/conf/server.xml @@ -27,12 +27,12 @@ <!-- DO NOT REMOVE - Begin PKI Status Definitions --> <!-- -Unsecure Port = http://[PKI_MACHINE_NAME]:[PKI_UNSECURE_PORT]/[PKI_SUBSYSTEM_TYPE]/ee/[PKI_SUBSYSTEM_TYPE] -Secure Agent Port = https://[PKI_MACHINE_NAME]:[PKI_AGENT_SECURE_PORT]/[PKI_SUBSYSTEM_TYPE]/agent/[PKI_SUBSYSTEM_TYPE] -Secure EE Port = https://[PKI_MACHINE_NAME]:[PKI_EE_SECURE_PORT]/[PKI_SUBSYSTEM_TYPE]/ee/[PKI_SUBSYSTEM_TYPE] -Secure Admin Port = https://[PKI_MACHINE_NAME]:[PKI_ADMIN_SECURE_PORT]/[PKI_SUBSYSTEM_TYPE]/services -EE Client Auth Port = https://[PKI_MACHINE_NAME]:[PKI_EE_SECURE_CLIENT_AUTH_PORT]/[PKI_SUBSYSTEM_TYPE]/eeca/[PKI_SUBSYSTEM_TYPE] -PKI Console Port = pkiconsole https://[PKI_MACHINE_NAME]:[PKI_ADMIN_SECURE_PORT]/[PKI_SUBSYSTEM_TYPE] +Unsecure Port = http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/[PKI_SUBSYSTEM_TYPE]/ee/[PKI_SUBSYSTEM_TYPE] +Secure Agent Port = https://[PKI_HOSTNAME]:[PKI_AGENT_SECURE_PORT]/[PKI_SUBSYSTEM_TYPE]/agent/[PKI_SUBSYSTEM_TYPE] +Secure EE Port = https://[PKI_HOSTNAME]:[PKI_EE_SECURE_PORT]/[PKI_SUBSYSTEM_TYPE]/ee/[PKI_SUBSYSTEM_TYPE] +Secure Admin Port = https://[PKI_HOSTNAME]:[PKI_ADMIN_SECURE_PORT]/[PKI_SUBSYSTEM_TYPE]/services +EE Client Auth Port = https://[PKI_HOSTNAME]:[PKI_EE_SECURE_CLIENT_AUTH_PORT]/[PKI_SUBSYSTEM_TYPE]/eeca/[PKI_SUBSYSTEM_TYPE] +PKI Console Port = pkiconsole https://[PKI_HOSTNAME]:[PKI_ADMIN_SECURE_PORT]/[PKI_SUBSYSTEM_TYPE] Tomcat Port = [TOMCAT_SERVER_PORT] (for shutdown) --> <!-- DO NOT REMOVE - End PKI Status Definitions --> @@ -123,7 +123,7 @@ Tomcat Port = [TOMCAT_SERVER_PORT] (for shutdown) enableLookups="false" disableUploadTimeout="true" SSLImplementation="org.apache.tomcat.util.net.jss.JSSImplementation" enableOCSP="false" - ocspResponderURL="http://[PKI_MACHINE_NAME]:9080/ca/ocsp" + ocspResponderURL="http://[PKI_HOSTNAME]:9080/ca/ocsp" ocspResponderCertNickname="ocspSigningCert cert-pki-ca" ocspCacheSize="1000" ocspMinCacheEntryDuration="60" diff --git a/base/ca/shared/webapps/ca/ee/ca/ProfileSelect.template b/base/ca/shared/webapps/ca/ee/ca/ProfileSelect.template index bcb047dbf..18ef7c2f6 100644 --- a/base/ca/shared/webapps/ca/ee/ca/ProfileSelect.template +++ b/base/ca/shared/webapps/ca/ee/ca/ProfileSelect.template @@ -345,7 +345,7 @@ function setCRMFRequest() var uri = 'profileSubmit'; if (typeof(authName) != "undefined") { if (authIsSSLClientRequired == 'true') { - uri = 'https://[PKI_MACHINE_NAME]:[PKI_EE_SECURE_CLIENT_AUTH_PORT_UI]/[PKI_SUBSYSTEM_TYPE]/eeca/[PKI_SUBSYSTEM_TYPE]/profileSubmitSSLClient'; + uri = 'https://[PKI_HOSTNAME]:[PKI_EE_SECURE_CLIENT_AUTH_PORT_UI]/[PKI_SUBSYSTEM_TYPE]/eeca/[PKI_SUBSYSTEM_TYPE]/profileSubmitSSLClient'; } } if (navigator.appName == "Microsoft Internet Explorer") { diff --git a/base/common/shared/conf/server.xml b/base/common/shared/conf/server.xml index 86eea5bf9..93af08b19 100644 --- a/base/common/shared/conf/server.xml +++ b/base/common/shared/conf/server.xml @@ -28,39 +28,39 @@ <!-- DO NOT REMOVE - Begin PKI Status Definitions --> <!-- CA Status Definitions --> <!-- -Unsecure Port = http://[PKI_MACHINE_NAME]:[PKI_UNSECURE_PORT]/ca/ee/ca -Secure Agent Port = https://[PKI_MACHINE_NAME]:[PKI_AGENT_SECURE_PORT]/ca/agent/ca -Secure EE Port = https://[PKI_MACHINE_NAME]:[PKI_EE_SECURE_PORT]/ca/ee/ca -Secure Admin Port = https://[PKI_MACHINE_NAME]:[PKI_ADMIN_SECURE_PORT]/ca/services -EE Client Auth Port = https://[PKI_MACHINE_NAME]:[PKI_EE_SECURE_CLIENT_AUTH_PORT]/ca/eeca/ca -PKI Console Port = pkiconsole https://[PKI_MACHINE_NAME]:[PKI_ADMIN_SECURE_PORT]/ca +Unsecure Port = http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/ca/ee/ca +Secure Agent Port = https://[PKI_HOSTNAME]:[PKI_AGENT_SECURE_PORT]/ca/agent/ca +Secure EE Port = https://[PKI_HOSTNAME]:[PKI_EE_SECURE_PORT]/ca/ee/ca +Secure Admin Port = https://[PKI_HOSTNAME]:[PKI_ADMIN_SECURE_PORT]/ca/services +EE Client Auth Port = https://[PKI_HOSTNAME]:[PKI_EE_SECURE_CLIENT_AUTH_PORT]/ca/eeca/ca +PKI Console Port = pkiconsole https://[PKI_HOSTNAME]:[PKI_ADMIN_SECURE_PORT]/ca Tomcat Port = [TOMCAT_SERVER_PORT] (for shutdown) --> <!-- KRA Status Definitions --> <!-- -Unsecure Port = http://[PKI_MACHINE_NAME]:[PKI_UNSECURE_PORT]/kra/ee/kra -Secure Agent Port = https://[PKI_MACHINE_NAME]:[PKI_AGENT_SECURE_PORT]/kra/agent/kra -Secure EE Port = https://[PKI_MACHINE_NAME]:[PKI_EE_SECURE_PORT]/kra/ee/kra -Secure Admin Port = https://[PKI_MACHINE_NAME]:[PKI_ADMIN_SECURE_PORT]/kra/services -PKI Console Port = pkiconsole https://[PKI_MACHINE_NAME]:[PKI_ADMIN_SECURE_PORT]/kra +Unsecure Port = http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/kra/ee/kra +Secure Agent Port = https://[PKI_HOSTNAME]:[PKI_AGENT_SECURE_PORT]/kra/agent/kra +Secure EE Port = https://[PKI_HOSTNAME]:[PKI_EE_SECURE_PORT]/kra/ee/kra +Secure Admin Port = https://[PKI_HOSTNAME]:[PKI_ADMIN_SECURE_PORT]/kra/services +PKI Console Port = pkiconsole https://[PKI_HOSTNAME]:[PKI_ADMIN_SECURE_PORT]/kra Tomcat Port = [TOMCAT_SERVER_PORT] (for shutdown) --> <!-- OCSP Status Definitions --> <!-- -Unsecure Port = http://[PKI_MACHINE_NAME]:[PKI_UNSECURE_PORT]/ocsp/ee/ocsp -Secure Agent Port = https://[PKI_MACHINE_NAME]:[PKI_AGENT_SECURE_PORT]/ocsp/agent/ocsp -Secure EE Port = https://[PKI_MACHINE_NAME]:[PKI_EE_SECURE_PORT]/ocsp/ee/ocsp -Secure Admin Port = https://[PKI_MACHINE_NAME]:[PKI_ADMIN_SECURE_PORT]/ocsp/services -PKI Console Port = pkiconsole https://[PKI_MACHINE_NAME]:[PKI_ADMIN_SECURE_PORT]/ocsp +Unsecure Port = http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/ocsp/ee/ocsp +Secure Agent Port = https://[PKI_HOSTNAME]:[PKI_AGENT_SECURE_PORT]/ocsp/agent/ocsp +Secure EE Port = https://[PKI_HOSTNAME]:[PKI_EE_SECURE_PORT]/ocsp/ee/ocsp +Secure Admin Port = https://[PKI_HOSTNAME]:[PKI_ADMIN_SECURE_PORT]/ocsp/services +PKI Console Port = pkiconsole https://[PKI_HOSTNAME]:[PKI_ADMIN_SECURE_PORT]/ocsp Tomcat Port = [TOMCAT_SERVER_PORT] (for shutdown) --> <!-- TKS Status Definitions --> <!-- -Unsecure Port = http://[PKI_MACHINE_NAME]:[PKI_UNSECURE_PORT]/tks/ee/tks -Secure Agent Port = https://[PKI_MACHINE_NAME]:[PKI_AGENT_SECURE_PORT]/tks/agent/tks -Secure EE Port = https://[PKI_MACHINE_NAME]:[PKI_EE_SECURE_PORT]/tks/ee/tks -Secure Admin Port = https://[PKI_MACHINE_NAME]:[PKI_ADMIN_SECURE_PORT]/tks/services -PKI Console Port = pkiconsole https://[PKI_MACHINE_NAME]:[PKI_ADMIN_SECURE_PORT]/tks +Unsecure Port = http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/tks/ee/tks +Secure Agent Port = https://[PKI_HOSTNAME]:[PKI_AGENT_SECURE_PORT]/tks/agent/tks +Secure EE Port = https://[PKI_HOSTNAME]:[PKI_EE_SECURE_PORT]/tks/ee/tks +Secure Admin Port = https://[PKI_HOSTNAME]:[PKI_ADMIN_SECURE_PORT]/tks/services +PKI Console Port = pkiconsole https://[PKI_HOSTNAME]:[PKI_ADMIN_SECURE_PORT]/tks Tomcat Port = [TOMCAT_SERVER_PORT] (for shutdown) --> <!-- DO NOT REMOVE - End PKI Status Definitions --> @@ -178,7 +178,7 @@ Tomcat Port = [TOMCAT_SERVER_PORT] (for shutdown) enableLookups="false" disableUploadTimeout="true" sslImplementationName="org.apache.tomcat.util.net.jss.JSSImplementation" enableOCSP="false" - ocspResponderURL="http://[PKI_MACHINE_NAME]:9080/ca/ocsp" + ocspResponderURL="http://[PKI_HOSTNAME]:9080/ca/ocsp" ocspResponderCertNickname="ocspSigningCert cert-pki-ca" ocspCacheSize="1000" ocspMinCacheEntryDuration="60" diff --git a/base/kra/shared/conf/CS.cfg.in b/base/kra/shared/conf/CS.cfg.in index 3e40267b6..7e7006a97 100644 --- a/base/kra/shared/conf/CS.cfg.in +++ b/base/kra/shared/conf/CS.cfg.in @@ -27,13 +27,13 @@ cs.type=KRA admin.interface.uri=kra/admin/console/config/wizard agent.interface.uri=kra/agent/kra authType=pwd -preop.securitydomain.admin_url=https://[PKI_MACHINE_NAME]:9445 +preop.securitydomain.admin_url=https://[PKI_HOSTNAME]:9445 instanceRoot=[PKI_INSTANCE_PATH] configurationRoot=/[PKI_SUBSYSTEM_DIR]conf/ -machineName=[PKI_MACHINE_NAME] +machineName=[PKI_HOSTNAME] instanceId=[PKI_INSTANCE_ID] pidDir=[PKI_PIDDIR] -service.machineName=[PKI_MACHINE_NAME] +service.machineName=[PKI_HOSTNAME] service.instanceDir=[PKI_INSTANCE_ROOT] service.securePort=[PKI_AGENT_SECURE_PORT] service.non_clientauth_securePort=[PKI_EE_SECURE_PORT] @@ -90,7 +90,7 @@ preop.cert.transport.type=remote preop.cert.transport.userfriendlyname=Transport Certificate preop.cert.transport.cncomponent.override=true preop.cert.sslserver.defaultSigningAlgorithm=SHA256withRSA -preop.cert.sslserver.dn=CN=[PKI_MACHINE_NAME] +preop.cert.sslserver.dn=CN=[PKI_HOSTNAME] preop.cert.sslserver.keysize.custom_size=2048 preop.cert.sslserver.keysize.size=2048 preop.cert.sslserver.nickname=Server-Cert cert-[PKI_INSTANCE_ID] diff --git a/base/kra/shared/conf/server.xml b/base/kra/shared/conf/server.xml index 1cd6ef333..53cb364c5 100644 --- a/base/kra/shared/conf/server.xml +++ b/base/kra/shared/conf/server.xml @@ -27,11 +27,11 @@ <!-- DO NOT REMOVE - Begin PKI Status Definitions --> <!-- -Unsecure Port = http://[PKI_MACHINE_NAME]:[PKI_UNSECURE_PORT]/[PKI_SUBSYSTEM_TYPE]/ee/[PKI_SUBSYSTEM_TYPE] -Secure Agent Port = https://[PKI_MACHINE_NAME]:[PKI_AGENT_SECURE_PORT]/[PKI_SUBSYSTEM_TYPE]/agent/[PKI_SUBSYSTEM_TYPE] -Secure EE Port = https://[PKI_MACHINE_NAME]:[PKI_EE_SECURE_PORT]/[PKI_SUBSYSTEM_TYPE]/ee/[PKI_SUBSYSTEM_TYPE] -Secure Admin Port = https://[PKI_MACHINE_NAME]:[PKI_ADMIN_SECURE_PORT]/[PKI_SUBSYSTEM_TYPE]/services -PKI Console Port = pkiconsole https://[PKI_MACHINE_NAME]:[PKI_ADMIN_SECURE_PORT]/[PKI_SUBSYSTEM_TYPE] +Unsecure Port = http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/[PKI_SUBSYSTEM_TYPE]/ee/[PKI_SUBSYSTEM_TYPE] +Secure Agent Port = https://[PKI_HOSTNAME]:[PKI_AGENT_SECURE_PORT]/[PKI_SUBSYSTEM_TYPE]/agent/[PKI_SUBSYSTEM_TYPE] +Secure EE Port = https://[PKI_HOSTNAME]:[PKI_EE_SECURE_PORT]/[PKI_SUBSYSTEM_TYPE]/ee/[PKI_SUBSYSTEM_TYPE] +Secure Admin Port = https://[PKI_HOSTNAME]:[PKI_ADMIN_SECURE_PORT]/[PKI_SUBSYSTEM_TYPE]/services +PKI Console Port = pkiconsole https://[PKI_HOSTNAME]:[PKI_ADMIN_SECURE_PORT]/[PKI_SUBSYSTEM_TYPE] Tomcat Port = [TOMCAT_SERVER_PORT] (for shutdown) --> <!-- DO NOT REMOVE - End PKI Status Definitions --> @@ -122,7 +122,7 @@ Tomcat Port = [TOMCAT_SERVER_PORT] (for shutdown) enableLookups="false" disableUploadTimeout="true" SSLImplementation="org.apache.tomcat.util.net.jss.JSSImplementation" enableOCSP="false" - ocspResponderURL="http://[PKI_MACHINE_NAME]:9080/ca/ocsp" + ocspResponderURL="http://[PKI_HOSTNAME]:9080/ca/ocsp" ocspResponderCertNickname="ocspSigningCert cert-pki-ca" ocspCacheSize="1000" ocspMinCacheEntryDuration="60" diff --git a/base/ocsp/shared/conf/CS.cfg.in b/base/ocsp/shared/conf/CS.cfg.in index 09ce2bdc4..29fb8e7e6 100644 --- a/base/ocsp/shared/conf/CS.cfg.in +++ b/base/ocsp/shared/conf/CS.cfg.in @@ -22,7 +22,7 @@ agent.interface.uri=ocsp/agent/ocsp preop.admin.name=Online Certificate Status Manager Administrator preop.admin.group=Online Certificate Status Manager Agents preop.admincert.profile=caAdminCert -preop.securitydomain.admin_url=https://[PKI_MACHINE_NAME]:9445 +preop.securitydomain.admin_url=https://[PKI_HOSTNAME]:9445 preop.wizard.name=OCSP Setup Wizard preop.product.name=CS cms.product.version=@APPLICATION_VERSION@ @@ -75,7 +75,7 @@ preop.cert.signing.type=remote preop.cert.signing.userfriendlyname=OCSP Signing Certificate preop.cert.signing.cncomponent.override=true preop.cert.sslserver.defaultSigningAlgorithm=SHA256withRSA -preop.cert.sslserver.dn=CN=[PKI_MACHINE_NAME] +preop.cert.sslserver.dn=CN=[PKI_HOSTNAME] preop.cert.sslserver.keysize.custom_size=2048 preop.cert.sslserver.keysize.size=2048 preop.cert.sslserver.nickname=Server-Cert cert-[PKI_INSTANCE_ID] @@ -100,9 +100,9 @@ cs.state=0 authType=pwd instanceRoot=[PKI_INSTANCE_PATH] configurationRoot=/[PKI_SUBSYSTEM_DIR]conf/ -machineName=[PKI_MACHINE_NAME] +machineName=[PKI_HOSTNAME] instanceId=[PKI_INSTANCE_ID] -service.machineName=[PKI_MACHINE_NAME] +service.machineName=[PKI_HOSTNAME] service.instanceDir=[PKI_INSTANCE_ROOT] service.securePort=[PKI_AGENT_SECURE_PORT] service.non_clientauth_securePort=[PKI_EE_SECURE_PORT] diff --git a/base/ocsp/shared/conf/server.xml b/base/ocsp/shared/conf/server.xml index a8fcaa7a5..29b1777d9 100644 --- a/base/ocsp/shared/conf/server.xml +++ b/base/ocsp/shared/conf/server.xml @@ -27,11 +27,11 @@ <!-- DO NOT REMOVE - Begin PKI Status Definitions --> <!-- -Unsecure Port = http://[PKI_MACHINE_NAME]:[PKI_UNSECURE_PORT]/[PKI_SUBSYSTEM_TYPE]/ee/[PKI_SUBSYSTEM_TYPE] -Secure Agent Port = https://[PKI_MACHINE_NAME]:[PKI_AGENT_SECURE_PORT]/[PKI_SUBSYSTEM_TYPE]/agent/[PKI_SUBSYSTEM_TYPE] -Secure EE Port = https://[PKI_MACHINE_NAME]:[PKI_EE_SECURE_PORT]/[PKI_SUBSYSTEM_TYPE]/ee/[PKI_SUBSYSTEM_TYPE] -Secure Admin Port = https://[PKI_MACHINE_NAME]:[PKI_ADMIN_SECURE_PORT]/[PKI_SUBSYSTEM_TYPE]/services -PKI Console Port = pkiconsole https://[PKI_MACHINE_NAME]:[PKI_ADMIN_SECURE_PORT]/[PKI_SUBSYSTEM_TYPE] +Unsecure Port = http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/[PKI_SUBSYSTEM_TYPE]/ee/[PKI_SUBSYSTEM_TYPE] +Secure Agent Port = https://[PKI_HOSTNAME]:[PKI_AGENT_SECURE_PORT]/[PKI_SUBSYSTEM_TYPE]/agent/[PKI_SUBSYSTEM_TYPE] +Secure EE Port = https://[PKI_HOSTNAME]:[PKI_EE_SECURE_PORT]/[PKI_SUBSYSTEM_TYPE]/ee/[PKI_SUBSYSTEM_TYPE] +Secure Admin Port = https://[PKI_HOSTNAME]:[PKI_ADMIN_SECURE_PORT]/[PKI_SUBSYSTEM_TYPE]/services +PKI Console Port = pkiconsole https://[PKI_HOSTNAME]:[PKI_ADMIN_SECURE_PORT]/[PKI_SUBSYSTEM_TYPE] Tomcat Port = [TOMCAT_SERVER_PORT] (for shutdown) --> <!-- DO NOT REMOVE - End PKI Status Definitions --> @@ -122,7 +122,7 @@ Tomcat Port = [TOMCAT_SERVER_PORT] (for shutdown) enableLookups="false" disableUploadTimeout="true" SSLImplementation="org.apache.tomcat.util.net.jss.JSSImplementation" enableOCSP="false" - ocspResponderURL="http://[PKI_MACHINE_NAME]:9080/ca/ocsp" + ocspResponderURL="http://[PKI_HOSTNAME]:9080/ca/ocsp" ocspResponderCertNickname="ocspSigningCert cert-pki-ca" ocspCacheSize="1000" ocspMinCacheEntryDuration="60" diff --git a/base/ra/apache/conf/httpd.conf b/base/ra/apache/conf/httpd.conf index 2c6cd185d..297a3be2b 100644 --- a/base/ra/apache/conf/httpd.conf +++ b/base/ra/apache/conf/httpd.conf @@ -338,7 +338,7 @@ ServerAdmin you@example.com # # UseCanonicalName: Determines how Apache constructs self-referencing -# URLs and the SERVER_NAME and SERVER_PORT variables. +# URLs and the PKI_HOSTNAME and SERVER_PORT variables. # When set "Off", Apache will use the Hostname and Port supplied # by the client. When set "On", Apache will use the value of the # ServerName directive. diff --git a/base/ra/setup/pkidaemon_registry b/base/ra/setup/pkidaemon_registry index dee8f8dfd..c7a416ab7 100644 --- a/base/ra/setup/pkidaemon_registry +++ b/base/ra/setup/pkidaemon_registry @@ -36,8 +36,8 @@ export PKI_FORTITUDE_DIR PKI_NSS_CONF=[NSS_CONF] export PKI_NSS_CONF -PKI_SERVER_NAME=[SERVER_NAME] -export PKI_SERVER_NAME +PKI_HOSTNAME=[PKI_HOSTNAME] +export PKI_HOSTNAME PKI_LOCK_FILE="[PKI_LOCKDIR]/${PKI_INSTANCE_ID}.pid" export PKI_LOCK_FILE diff --git a/base/ra/setup/registry_instance b/base/ra/setup/registry_instance index 7bc001b1b..927d400cb 100644 --- a/base/ra/setup/registry_instance +++ b/base/ra/setup/registry_instance @@ -33,8 +33,8 @@ export PKI_FORTITUDE_DIR PKI_NSS_CONF=[NSS_CONF] export PKI_NSS_CONF -PKI_SERVER_NAME=[SERVER_NAME] -export PKI_SERVER_NAME +PKI_HOSTNAME=[PKI_HOSTNAME] +export PKI_HOSTNAME PKI_LOCK_FILE="[PKI_LOCKDIR]/${PKI_INSTANCE_ID}.pid" export PKI_LOCK_FILE diff --git a/base/ra/shared/conf/CS.cfg.in b/base/ra/shared/conf/CS.cfg.in index ef4cfd5f2..682af9dc5 100644 --- a/base/ra/shared/conf/CS.cfg.in +++ b/base/ra/shared/conf/CS.cfg.in @@ -96,7 +96,7 @@ request.server.approve_request.1.templateDir=/usr/share/pki/ra/conf request.server.approve_request.1.templateFile=mail_approve_request.vm request.server.reject_request.num_plugins=0 cs.type=RA -service.machineName=[SERVER_NAME] +service.machineName=[PKI_HOSTNAME] service.instanceDir=[PKI_INSTANCE_PATH] service.securePort=[PKI_SECURE_PORT] service.non_clientauth_securePort=[NON_CLIENTAUTH_SECURE_PORT] @@ -198,7 +198,7 @@ preop.cert.list=sslserver,subsystem preop.cert.sslserver.enable=true preop.cert.subsystem.enable=true preop.cert.sslserver.defaultSigningAlgorithm=SHA256withRSA -preop.cert.sslserver.dn=CN=[SERVER_NAME], OU=[PKI_INSTANCE_ID] +preop.cert.sslserver.dn=CN=[PKI_HOSTNAME], OU=[PKI_INSTANCE_ID] preop.cert.sslserver.keysize.customsize=2048 preop.cert.sslserver.keysize.size=2048 preop.cert.sslserver.keysize.select=custom diff --git a/base/server/config/pkislots.cfg b/base/server/config/pkislots.cfg index a68b45ee2..d12a9e52e 100644 --- a/base/server/config/pkislots.cfg +++ b/base/server/config/pkislots.cfg @@ -21,7 +21,7 @@ PROCESS_ID_SLOT=[PROCESS_ID] REQUIRE_CFG_PL_SLOT=[REQUIRE_CFG_PL] SECURE_PORT_SLOT=[SECURE_PORT] SECURITY_LIBRARIES_SLOT=[SECURITY_LIBRARIES] -SERVER_NAME_SLOT=[SERVER_NAME] +PKI_HOSTNAME_SLOT=[PKI_HOSTNAME] SERVER_ROOT_SLOT=[SERVER_ROOT] SYSTEM_LIBRARIES_SLOT=[SYSTEM_LIBRARIES] SYSTEM_USER_LIBRARIES_SLOT=[SYSTEM_USER_LIBRARIES] @@ -57,7 +57,7 @@ PKI_INSTANCE_INITSCRIPT_SLOT=[PKI_INSTANCE_INITSCRIPT] PKI_INSTANCE_PATH_SLOT=[PKI_INSTANCE_PATH] PKI_INSTANCE_ROOT_SLOT=[PKI_INSTANCE_ROOT] PKI_LOCKDIR_SLOT=[PKI_LOCKDIR] -PKI_MACHINE_NAME_SLOT=[PKI_MACHINE_NAME] +PKI_HOSTNAME_SLOT=[PKI_HOSTNAME] PKI_OPEN_AJP_PORT_COMMENT_SLOT=[PKI_OPEN_AJP_PORT_COMMENT] PKI_OPEN_ENABLE_PROXY_COMMENT_SLOT=[PKI_OPEN_ENABLE_PROXY_COMMENT] PKI_OPEN_SEPARATE_PORTS_SERVER_COMMENT_SLOT=[PKI_OPEN_SEPARATE_PORTS_SERVER_COMMENT] diff --git a/base/server/scripts/operations b/base/server/scripts/operations index c7bbc0a5f..ad69c2dc8 100644 --- a/base/server/scripts/operations +++ b/base/server/scripts/operations @@ -452,9 +452,9 @@ get_pki_status_definitions_ra() for port in `sed -n 's/^[ \t]*Listen[ \t][ \t]*\([^ \t][^ \t]*\)/\1/p' ${PKI_HTTPD_CONF}`; do PKI_UNSECURE_PORT=$port if [ $total_ports -eq 0 ]; then - echo " Unsecure Port = http://${PKI_SERVER_NAME}:${PKI_UNSECURE_PORT}" + echo " Unsecure Port = http://${PKI_HOSTNAME}:${PKI_UNSECURE_PORT}" else - echo "ERROR: extra Unsecure Port = http://${PKI_SERVER_NAME}:${PKI_UNSECURE_PORT}" + echo "ERROR: extra Unsecure Port = http://${PKI_HOSTNAME}:${PKI_UNSECURE_PORT}" fi total_ports=`expr ${total_ports} + 1` @@ -465,11 +465,11 @@ get_pki_status_definitions_ra() PKI_UNSECURE_PORT=$port if [ $total_ports -eq 1 ]; then CLIENTAUTH_PORT=$port - echo " Secure Clientauth Port = https://${PKI_SERVER_NAME}:${CLIENTAUTH_PORT}" + echo " Secure Clientauth Port = https://${PKI_HOSTNAME}:${CLIENTAUTH_PORT}" fi if [ $total_ports -eq 2 ]; then NON_CLIENTAUTH_PORT=$port - echo " Secure Non-Clientauth Port = https://${PKI_SERVER_NAME}:${NON_CLIENTAUTH_PORT}" + echo " Secure Non-Clientauth Port = https://${PKI_HOSTNAME}:${NON_CLIENTAUTH_PORT}" fi total_ports=`expr ${total_ports} + 1` @@ -502,12 +502,12 @@ get_pki_status_definitions_tps() for port in `sed -n 's/^[ \t]*Listen[ \t][ \t]*\([^ \t][^ \t]*\)/\1/p' ${PKI_HTTPD_CONF}`; do PKI_UNSECURE_PORT=$port if [ $total_ports -eq 0 ]; then - echo " Unsecure Port = http://${PKI_SERVER_NAME}:${PKI_UNSECURE_PORT}/cgi-bin/so/enroll.cgi" + echo " Unsecure Port = http://${PKI_HOSTNAME}:${PKI_UNSECURE_PORT}/cgi-bin/so/enroll.cgi" echo " (ESC Security Officer Enrollment)" - echo " Unsecure Port = http://${PKI_SERVER_NAME}:${PKI_UNSECURE_PORT}/cgi-bin/home/index.cgi" + echo " Unsecure Port = http://${PKI_HOSTNAME}:${PKI_UNSECURE_PORT}/cgi-bin/home/index.cgi" echo " (ESC Phone Home)" else - echo "ERROR: extra Unsecure Port = http://${PKI_SERVER_NAME}:${PKI_UNSECURE_PORT}" + echo "ERROR: extra Unsecure Port = http://${PKI_HOSTNAME}:${PKI_UNSECURE_PORT}" fi total_ports=`expr ${total_ports} + 1` @@ -518,16 +518,16 @@ get_pki_status_definitions_tps() PKI_UNSECURE_PORT=$port if [ $total_ports -eq 1 ]; then CLIENTAUTH_PORT=$port - echo " Secure Clientauth Port = https://${PKI_SERVER_NAME}:${CLIENTAUTH_PORT}/cgi-bin/sow/welcome.cgi" + echo " Secure Clientauth Port = https://${PKI_HOSTNAME}:${CLIENTAUTH_PORT}/cgi-bin/sow/welcome.cgi" echo " (ESC Security Officer Workstation)" - echo " Secure Clientauth Port = https://${PKI_SERVER_NAME}:${CLIENTAUTH_PORT}/tus" + echo " Secure Clientauth Port = https://${PKI_HOSTNAME}:${CLIENTAUTH_PORT}/tus" echo " (TPS Roles - Operator/Administrator/Agent)" fi if [ $total_ports -eq 2 ]; then NON_CLIENTAUTH_PORT=$port - echo " Secure Non-Clientauth Port = https://${PKI_SERVER_NAME}:${NON_CLIENTAUTH_PORT}/cgi-bin/so/enroll.cgi" + echo " Secure Non-Clientauth Port = https://${PKI_HOSTNAME}:${NON_CLIENTAUTH_PORT}/cgi-bin/so/enroll.cgi" echo " (ESC Security Officer Enrollment)" - echo " Secure Non-Clientauth Port = https://${PKI_SERVER_NAME}:${NON_CLIENTAUTH_PORT}/cgi-bin/home/index.cgi" + echo " Secure Non-Clientauth Port = https://${PKI_HOSTNAME}:${NON_CLIENTAUTH_PORT}/cgi-bin/home/index.cgi" echo " (ESC Phone Home)" fi total_ports=`expr ${total_ports} + 1` diff --git a/base/server/src/engine/pkiparser.py b/base/server/src/engine/pkiparser.py index e121c8625..f82ef4084 100644 --- a/base/server/src/engine/pkiparser.py +++ b/base/server/src/engine/pkiparser.py @@ -628,7 +628,7 @@ class PKIConfigParser: config.pki_master_dict['REQUIRE_CFG_PL_SLOT'] = None config.pki_master_dict['SECURE_PORT_SLOT'] = None config.pki_master_dict['SECURITY_LIBRARIES_SLOT'] = None - config.pki_master_dict['SERVER_NAME_SLOT'] = None + config.pki_master_dict['PKI_HOSTNAME_SLOT'] = None config.pki_master_dict['SERVER_ROOT_SLOT'] = None config.pki_master_dict['SYSTEM_LIBRARIES_SLOT'] = None config.pki_master_dict['SYSTEM_USER_LIBRARIES_SLOT'] = None @@ -689,7 +689,7 @@ class PKIConfigParser: config.pki_master_dict['PKI_LOCKDIR_SLOT'] =\ os.path.join("/var/lock/pki", "tomcat") - config.pki_master_dict['PKI_MACHINE_NAME_SLOT'] =\ + config.pki_master_dict['PKI_HOSTNAME_SLOT'] =\ config.pki_master_dict['pki_hostname'] config.pki_master_dict\ ['PKI_OPEN_SEPARATE_PORTS_SERVER_COMMENT_SLOT'] =\ diff --git a/base/setup/pki-setup-proxy b/base/setup/pki-setup-proxy index 0222eab46..c3bcde3b9 100755 --- a/base/setup/pki-setup-proxy +++ b/base/setup/pki-setup-proxy @@ -343,7 +343,7 @@ sub update_proxy_conf my $data = read_file $template_file; my $host = hostname; - $data =~ s/\[PKI_MACHINE_NAME\]/$host/g; + $data =~ s/\[PKI_HOSTNAME\]/$host/g; $data =~ s/\[PKI_AJP_PORT\]/$ajp_port/g; write_file($server_file, $data); diff --git a/base/setup/pkicreate b/base/setup/pkicreate index acf32c081..76a7d5afa 100755 --- a/base/setup/pkicreate +++ b/base/setup/pkicreate @@ -268,7 +268,6 @@ my $OBJ_EXT = "OBJ_EXT"; my $PROCESS_ID = "PROCESS_ID"; my $NON_CLIENTAUTH_SECURE_PORT = "NON_CLIENTAUTH_SECURE_PORT"; my $SECURITY_LIBRARIES = "SECURITY_LIBRARIES"; -my $SERVER_NAME = "SERVER_NAME"; my $SYSTEM_LIBRARIES = "SYSTEM_LIBRARIES"; my $SYSTEM_USER_LIBRARIES = "SYSTEM_USER_LIBRARIES"; my $TMP_DIR = "TMP_DIR"; @@ -289,6 +288,7 @@ my $PKI_REGISTRY_FILE_SLOT = "PKI_REGISTRY_FILE"; my $PKI_SECURE_PORT_SLOT = "PKI_SECURE_PORT"; my $PKI_UNSECURE_PORT_SLOT = "PKI_UNSECURE_PORT"; my $PKI_INSTANCE_PATH_SLOT = "PKI_INSTANCE_PATH"; +my $PKI_HOSTNAME_SLOT = "PKI_HOSTNAME"; # Template slot constants (CA, KRA, OCSP, TKS) my $INSTALL_TIME = "INSTALL_TIME"; @@ -297,7 +297,6 @@ my $PKI_CERT_DB_PASSWORD_SLOT = "PKI_CERT_DB_PASSWORD"; my $PKI_CFG_PATH_NAME_SLOT = "PKI_CFG_PATH_NAME"; my $PKI_GROUP_SLOT = "PKI_GROUP"; my $PKI_INSTANCE_ROOT_SLOT = "PKI_INSTANCE_ROOT"; -my $PKI_MACHINE_NAME_SLOT = "PKI_MACHINE_NAME"; my $PKI_RANDOM_NUMBER_SLOT = "PKI_RANDOM_NUMBER"; my $PKI_EE_SECURE_PORT_SLOT = "PKI_EE_SECURE_PORT"; my $PKI_EE_SECURE_CLIENT_AUTH_PORT_SLOT = "PKI_EE_SECURE_CLIENT_AUTH_PORT"; @@ -2274,7 +2273,7 @@ sub process_pki_templates $slot_hash{$PKI_SECURE_PORT_SLOT} = $secure_port; $slot_hash{$NON_CLIENTAUTH_SECURE_PORT} = $non_clientauth_secure_port; $slot_hash{$SECURITY_LIBRARIES} = $default_security_libraries; - $slot_hash{$SERVER_NAME} = $host; + $slot_hash{$PKI_HOSTNAME_SLOT} = $host; $slot_hash{$PKI_INSTANCE_PATH_SLOT}= $pki_instance_path; $slot_hash{$SYSTEM_LIBRARIES} = $default_system_libraries; $slot_hash{$SYSTEM_USER_LIBRARIES} = $default_system_user_libraries; @@ -2320,7 +2319,7 @@ LoadModule nss_module /opt/fortitude/modules.local/libmodnss.so $slot_hash{$INSTALL_TIME} = localtime; $slot_hash{$PKI_CERT_DB_PASSWORD_SLOT} = $db_password; $slot_hash{$PKI_CFG_PATH_NAME_SLOT} = $pki_cfg_instance_file_path; - $slot_hash{$PKI_MACHINE_NAME_SLOT} = $host; + $slot_hash{$PKI_HOSTNAME_SLOT} = $host; $slot_hash{$PKI_RANDOM_NUMBER_SLOT} = $random; $slot_hash{$PKI_SERVER_XML_CONF} = $server_xml_instance_file_path; $slot_hash{$PKI_UNSECURE_PORT_SLOT} = $unsecure_port; diff --git a/base/setup/scripts/functions b/base/setup/scripts/functions index 82988fc10..ff9594621 100644 --- a/base/setup/scripts/functions +++ b/base/setup/scripts/functions @@ -349,9 +349,9 @@ get_pki_status_definitions_ra() for port in `sed -n 's/^[ \t]*Listen[ \t][ \t]*\([^ \t][^ \t]*\)/\1/p' ${PKI_HTTPD_CONF}`; do PKI_UNSECURE_PORT=$port if [ $total_ports -eq 0 ]; then - echo " Unsecure Port = http://${PKI_SERVER_NAME}:${PKI_UNSECURE_PORT}" + echo " Unsecure Port = http://${PKI_HOSTNAME}:${PKI_UNSECURE_PORT}" else - echo "ERROR: extra Unsecure Port = http://${PKI_SERVER_NAME}:${PKI_UNSECURE_PORT}" + echo "ERROR: extra Unsecure Port = http://${PKI_HOSTNAME}:${PKI_UNSECURE_PORT}" fi total_ports=`expr ${total_ports} + 1` @@ -362,11 +362,11 @@ get_pki_status_definitions_ra() PKI_UNSECURE_PORT=$port if [ $total_ports -eq 1 ]; then CLIENTAUTH_PORT=$port - echo " Secure Clientauth Port = https://${PKI_SERVER_NAME}:${CLIENTAUTH_PORT}" + echo " Secure Clientauth Port = https://${PKI_HOSTNAME}:${CLIENTAUTH_PORT}" fi if [ $total_ports -eq 2 ]; then NON_CLIENTAUTH_PORT=$port - echo " Secure Non-Clientauth Port = https://${PKI_SERVER_NAME}:${NON_CLIENTAUTH_PORT}" + echo " Secure Non-Clientauth Port = https://${PKI_HOSTNAME}:${NON_CLIENTAUTH_PORT}" fi total_ports=`expr ${total_ports} + 1` @@ -399,12 +399,12 @@ get_pki_status_definitions_tps() for port in `sed -n 's/^[ \t]*Listen[ \t][ \t]*\([^ \t][^ \t]*\)/\1/p' ${PKI_HTTPD_CONF}`; do PKI_UNSECURE_PORT=$port if [ $total_ports -eq 0 ]; then - echo " Unsecure Port = http://${PKI_SERVER_NAME}:${PKI_UNSECURE_PORT}/cgi-bin/so/enroll.cgi" + echo " Unsecure Port = http://${PKI_HOSTNAME}:${PKI_UNSECURE_PORT}/cgi-bin/so/enroll.cgi" echo " (ESC Security Officer Enrollment)" - echo " Unsecure Port = http://${PKI_SERVER_NAME}:${PKI_UNSECURE_PORT}/cgi-bin/home/index.cgi" + echo " Unsecure Port = http://${PKI_HOSTNAME}:${PKI_UNSECURE_PORT}/cgi-bin/home/index.cgi" echo " (ESC Phone Home)" else - echo "ERROR: extra Unsecure Port = http://${PKI_SERVER_NAME}:${PKI_UNSECURE_PORT}" + echo "ERROR: extra Unsecure Port = http://${PKI_HOSTNAME}:${PKI_UNSECURE_PORT}" fi total_ports=`expr ${total_ports} + 1` @@ -415,16 +415,16 @@ get_pki_status_definitions_tps() PKI_UNSECURE_PORT=$port if [ $total_ports -eq 1 ]; then CLIENTAUTH_PORT=$port - echo " Secure Clientauth Port = https://${PKI_SERVER_NAME}:${CLIENTAUTH_PORT}/cgi-bin/sow/welcome.cgi" + echo " Secure Clientauth Port = https://${PKI_HOSTNAME}:${CLIENTAUTH_PORT}/cgi-bin/sow/welcome.cgi" echo " (ESC Security Officer Workstation)" - echo " Secure Clientauth Port = https://${PKI_SERVER_NAME}:${CLIENTAUTH_PORT}/tus" + echo " Secure Clientauth Port = https://${PKI_HOSTNAME}:${CLIENTAUTH_PORT}/tus" echo " (TPS Roles - Operator/Administrator/Agent)" fi if [ $total_ports -eq 2 ]; then NON_CLIENTAUTH_PORT=$port - echo " Secure Non-Clientauth Port = https://${PKI_SERVER_NAME}:${NON_CLIENTAUTH_PORT}/cgi-bin/so/enroll.cgi" + echo " Secure Non-Clientauth Port = https://${PKI_HOSTNAME}:${NON_CLIENTAUTH_PORT}/cgi-bin/so/enroll.cgi" echo " (ESC Security Officer Enrollment)" - echo " Secure Non-Clientauth Port = https://${PKI_SERVER_NAME}:${NON_CLIENTAUTH_PORT}/cgi-bin/home/index.cgi" + echo " Secure Non-Clientauth Port = https://${PKI_HOSTNAME}:${NON_CLIENTAUTH_PORT}/cgi-bin/home/index.cgi" echo " (ESC Phone Home)" fi total_ports=`expr ${total_ports} + 1` diff --git a/base/tks/shared/conf/CS.cfg.in b/base/tks/shared/conf/CS.cfg.in index bb913dd60..dc3eb3751 100644 --- a/base/tks/shared/conf/CS.cfg.in +++ b/base/tks/shared/conf/CS.cfg.in @@ -21,7 +21,7 @@ admin.interface.uri=tks/admin/console/config/wizard preop.admin.name=Token Key Service Manager Administrator preop.admin.group=Token Key Service Manager Agents preop.admincert.profile=caAdminCert -preop.securitydomain.admin_url=https://[PKI_MACHINE_NAME]:9445 +preop.securitydomain.admin_url=https://[PKI_HOSTNAME]:9445 preop.wizard.name=TKS Setup Wizard preop.system.name=TKS preop.product.name=CS @@ -50,7 +50,7 @@ preop.cert.audit_signing.type=remote preop.cert.audit_signing.userfriendlyname=TKS Audit Signing Certificate preop.cert.audit_signing.cncomponent.override=true preop.cert.sslserver.defaultSigningAlgorithm=SHA256withRSA -preop.cert.sslserver.dn=CN=[PKI_MACHINE_NAME] +preop.cert.sslserver.dn=CN=[PKI_HOSTNAME] preop.cert.sslserver.keysize.custom_size=2048 preop.cert.sslserver.keysize.size=2048 preop.cert.sslserver.nickname=Server-Cert cert-[PKI_INSTANCE_ID] @@ -92,10 +92,10 @@ cs.state=0 authType=pwd instanceRoot=[PKI_INSTANCE_PATH] configurationRoot=/[PKI_SUBSYSTEM_DIR]conf/ -machineName=[PKI_MACHINE_NAME] +machineName=[PKI_HOSTNAME] instanceId=[PKI_INSTANCE_ID] preop.pin=[PKI_RANDOM_NUMBER] -service.machineName=[PKI_MACHINE_NAME] +service.machineName=[PKI_HOSTNAME] service.instanceDir=[PKI_INSTANCE_ROOT] service.securePort=[PKI_AGENT_SECURE_PORT] service.non_clientauth_securePort=[PKI_EE_SECURE_PORT] diff --git a/base/tks/shared/conf/server.xml b/base/tks/shared/conf/server.xml index a8fcaa7a5..29b1777d9 100644 --- a/base/tks/shared/conf/server.xml +++ b/base/tks/shared/conf/server.xml @@ -27,11 +27,11 @@ <!-- DO NOT REMOVE - Begin PKI Status Definitions --> <!-- -Unsecure Port = http://[PKI_MACHINE_NAME]:[PKI_UNSECURE_PORT]/[PKI_SUBSYSTEM_TYPE]/ee/[PKI_SUBSYSTEM_TYPE] -Secure Agent Port = https://[PKI_MACHINE_NAME]:[PKI_AGENT_SECURE_PORT]/[PKI_SUBSYSTEM_TYPE]/agent/[PKI_SUBSYSTEM_TYPE] -Secure EE Port = https://[PKI_MACHINE_NAME]:[PKI_EE_SECURE_PORT]/[PKI_SUBSYSTEM_TYPE]/ee/[PKI_SUBSYSTEM_TYPE] -Secure Admin Port = https://[PKI_MACHINE_NAME]:[PKI_ADMIN_SECURE_PORT]/[PKI_SUBSYSTEM_TYPE]/services -PKI Console Port = pkiconsole https://[PKI_MACHINE_NAME]:[PKI_ADMIN_SECURE_PORT]/[PKI_SUBSYSTEM_TYPE] +Unsecure Port = http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/[PKI_SUBSYSTEM_TYPE]/ee/[PKI_SUBSYSTEM_TYPE] +Secure Agent Port = https://[PKI_HOSTNAME]:[PKI_AGENT_SECURE_PORT]/[PKI_SUBSYSTEM_TYPE]/agent/[PKI_SUBSYSTEM_TYPE] +Secure EE Port = https://[PKI_HOSTNAME]:[PKI_EE_SECURE_PORT]/[PKI_SUBSYSTEM_TYPE]/ee/[PKI_SUBSYSTEM_TYPE] +Secure Admin Port = https://[PKI_HOSTNAME]:[PKI_ADMIN_SECURE_PORT]/[PKI_SUBSYSTEM_TYPE]/services +PKI Console Port = pkiconsole https://[PKI_HOSTNAME]:[PKI_ADMIN_SECURE_PORT]/[PKI_SUBSYSTEM_TYPE] Tomcat Port = [TOMCAT_SERVER_PORT] (for shutdown) --> <!-- DO NOT REMOVE - End PKI Status Definitions --> @@ -122,7 +122,7 @@ Tomcat Port = [TOMCAT_SERVER_PORT] (for shutdown) enableLookups="false" disableUploadTimeout="true" SSLImplementation="org.apache.tomcat.util.net.jss.JSSImplementation" enableOCSP="false" - ocspResponderURL="http://[PKI_MACHINE_NAME]:9080/ca/ocsp" + ocspResponderURL="http://[PKI_HOSTNAME]:9080/ca/ocsp" ocspResponderCertNickname="ocspSigningCert cert-pki-ca" ocspCacheSize="1000" ocspMinCacheEntryDuration="60" diff --git a/base/tps/apache/cgi-bin/demo/index.cgi b/base/tps/apache/cgi-bin/demo/index.cgi index 17a0c24d6..635057182 100755 --- a/base/tps/apache/cgi-bin/demo/index.cgi +++ b/base/tps/apache/cgi-bin/demo/index.cgi @@ -31,10 +31,10 @@ print "Fedora Project"; # Vendor print "</IssuerName>\n"; print "<Services>"; print "<Operation>"; -print "http://[SERVER_NAME]:[PKI_UNSECURE_PORT]/nk_service"; +print "http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/nk_service"; print "</Operation>"; print "<UI>"; -print "http://[SERVER_NAME]:[PKI_UNSECURE_PORT]/cgi-bin/demo/enroll.cgi"; +print "http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/cgi-bin/demo/enroll.cgi"; print "</UI>"; print "<EnrolledTokenBrowserURL>"; print "</EnrolledTokenBrowserURL>"; diff --git a/base/tps/apache/cgi-bin/home/index.cgi b/base/tps/apache/cgi-bin/home/index.cgi index 983a34095..e347f6720 100755 --- a/base/tps/apache/cgi-bin/home/index.cgi +++ b/base/tps/apache/cgi-bin/home/index.cgi @@ -31,10 +31,10 @@ print "Fedora Project"; # Vendor print "</IssuerName>\n"; print "<Services>"; print "<Operation>"; -print "http://[SERVER_NAME]:[PKI_UNSECURE_PORT]/nk_service"; +print "http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/nk_service"; print "</Operation>"; print "<UI>"; -print "http://[SERVER_NAME]:[PKI_UNSECURE_PORT]/cgi-bin/home/enroll.cgi"; +print "http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/cgi-bin/home/enroll.cgi"; print "</UI>"; print "<EnrolledTokenBrowserURL>"; print "http://www.fedora.redhat.com"; # Company URL @@ -45,7 +45,7 @@ print "<TokenType>"; print "userKey"; print "</TokenType>"; #print "<CAChainUI>"; -#print "http://[SERVER_NAME]:[PKI_UNSECURE_PORT]/cgi-bin/home/cachain.cgi"; +#print "http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/cgi-bin/home/cachain.cgi"; #print "</CAChainUI>"; print "</Services>"; print "</ServiceInfo>"; diff --git a/base/tps/apache/cgi-bin/so/index.cgi b/base/tps/apache/cgi-bin/so/index.cgi index 5b8d8cb6c..923d134ee 100755 --- a/base/tps/apache/cgi-bin/so/index.cgi +++ b/base/tps/apache/cgi-bin/so/index.cgi @@ -31,15 +31,15 @@ print "Fedora Project"; # Vendor print "</IssuerName>\n"; print "<Services>"; print "<Operation>"; -print "http://[SERVER_NAME]:[PKI_UNSECURE_PORT]/nk_service"; +print "http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/nk_service"; print "</Operation>"; print "<UI>"; -print "http://[SERVER_NAME]:[PKI_UNSECURE_PORT]/cgi-bin/so/enroll.cgi"; +print "http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/cgi-bin/so/enroll.cgi"; print "</UI>"; print "<EnrolledTokenBrowserURL>"; print "</EnrolledTokenBrowserURL>"; print "<EnrolledTokenURL>"; -print "http://[SERVER_NAME]:[PKI_UNSECURE_PORT]/cgi-bin/sow/welcome.cgi"; +print "http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/cgi-bin/sow/welcome.cgi"; print "</EnrolledTokenURL>"; print "<TokenType>"; print "soKey"; diff --git a/base/tps/apache/cgi-bin/sow/index.cgi b/base/tps/apache/cgi-bin/sow/index.cgi index a4f1c14a1..454d8ef44 100755 --- a/base/tps/apache/cgi-bin/sow/index.cgi +++ b/base/tps/apache/cgi-bin/sow/index.cgi @@ -31,10 +31,10 @@ print "Fedora Project"; # Vendor print "</IssuerName>\n"; print "<Services>"; print "<Operation>"; -print "https://[SERVER_NAME]:[PKI_SECURE_PORT]/nk_service"; +print "https://[PKI_HOSTNAME]:[PKI_SECURE_PORT]/nk_service"; print "</Operation>"; print "<UI>"; -print "https://[SERVER_NAME]:[PKI_SECURE_PORT]/cgi-bin/sow/search.cgi"; +print "https://[PKI_HOSTNAME]:[PKI_SECURE_PORT]/cgi-bin/sow/search.cgi"; print "</UI>"; print "<EnrolledTokenBrowserURL>"; print "</EnrolledTokenBrowserURL>"; diff --git a/base/tps/apache/conf/httpd.conf b/base/tps/apache/conf/httpd.conf index 43c9bd64e..0874a6422 100644 --- a/base/tps/apache/conf/httpd.conf +++ b/base/tps/apache/conf/httpd.conf @@ -342,7 +342,7 @@ ServerAdmin you@example.com # # UseCanonicalName: Determines how Apache constructs self-referencing -# URLs and the SERVER_NAME and SERVER_PORT variables. +# URLs and the PKI_HOSTNAME and SERVER_PORT variables. # When set "Off", Apache will use the Hostname and Port supplied # by the client. When set "On", Apache will use the value of the # ServerName directive. diff --git a/base/tps/setup/create.pl b/base/tps/setup/create.pl index eb631b27c..8082d5847 100755 --- a/base/tps/setup/create.pl +++ b/base/tps/setup/create.pl @@ -676,7 +676,7 @@ sub CopyTemplate while (<IN>) { s/\[PKI_INSTANCE_PATH\]/$serverRoot/g; s/\[INSTANCE_ID\]/$instanceID/g; - s/\[SERVER_NAME\]/$serverName/g; + s/\[PKI_HOSTNAME\]/$serverName/g; s/\[PORT\]/$port/g; s/\[PKI_SECURE_PORT\]/$securePort/g; s/\[NICKNAME\]/$nickName/g; diff --git a/base/tps/setup/pkidaemon_registry b/base/tps/setup/pkidaemon_registry index f74f6c83c..8b872f8f6 100644 --- a/base/tps/setup/pkidaemon_registry +++ b/base/tps/setup/pkidaemon_registry @@ -36,8 +36,8 @@ export PKI_FORTITUDE_DIR PKI_NSS_CONF=[NSS_CONF] export PKI_NSS_CONF -PKI_SERVER_NAME=[SERVER_NAME] -export PKI_SERVER_NAME +PKI_HOSTNAME=[PKI_HOSTNAME] +export PKI_HOSTNAME PKI_LOCK_FILE="[PKI_LOCKDIR]/${PKI_INSTANCE_ID}.pid" export PKI_LOCK_FILE diff --git a/base/tps/setup/registry_instance b/base/tps/setup/registry_instance index 040beba68..c07668faa 100644 --- a/base/tps/setup/registry_instance +++ b/base/tps/setup/registry_instance @@ -33,8 +33,8 @@ export PKI_FORTITUDE_DIR PKI_NSS_CONF=[NSS_CONF] export PKI_NSS_CONF -PKI_SERVER_NAME=[SERVER_NAME] -export PKI_SERVER_NAME +PKI_HOSTNAME=[PKI_HOSTNAME] +export PKI_HOSTNAME PKI_LOCK_FILE="[PKI_LOCKDIR]/${PKI_INSTANCE_ID}.pid" export PKI_LOCK_FILE diff --git a/base/tps/shared/conf/CS.cfg.in b/base/tps/shared/conf/CS.cfg.in index 00bfba9de..1424fffc6 100644 --- a/base/tps/shared/conf/CS.cfg.in +++ b/base/tps/shared/conf/CS.cfg.in @@ -32,7 +32,7 @@ selftests.container.order.startup=TPSPresence:critical, TPSSystemCertsVerificati selftests.container.order.onDemand=TPSPresence:critical, TPSValidity:critical, TPSSystemCertsVerification:critical selftests.plugin.TPSPresence.nickname=[HSM_LABEL][NICKNAME] selftests.plugin.TPSValidity.nickname=[HSM_LABEL][NICKNAME] -service.machineName=[SERVER_NAME] +service.machineName=[PKI_HOSTNAME] service.instanceDir=[PKI_INSTANCE_PATH] service.securePort=[PKI_SECURE_PORT] service.non_clientauth_securePort=[NON_CLIENTAUTH_SECURE_PORT] @@ -382,7 +382,7 @@ preop.cert.sslserver.enable=true preop.cert.subsystem.enable=true preop.cert.audit_signing.enable=false preop.cert.sslserver.defaultSigningAlgorithm=SHA256withRSA -preop.cert.sslserver.dn=CN=[SERVER_NAME], OU=[PKI_INSTANCE_ID] +preop.cert.sslserver.dn=CN=[PKI_HOSTNAME], OU=[PKI_INSTANCE_ID] preop.cert.sslserver.keysize.customsize=2048 preop.cert.sslserver.keysize.size=2048 preop.cert.sslserver.keysize.select=default @@ -792,7 +792,7 @@ op.enroll.userKey.tks.conn=tks1 op.enroll.userKey.auth.id=ldap1 op.enroll.userKey.auth.enable=true op.enroll.userKey.issuerinfo.enable=true -op.enroll.userKey.issuerinfo.value=http://[SERVER_NAME]:[PKI_UNSECURE_PORT]/cgi-bin/home/index.cgi +op.enroll.userKey.issuerinfo.value=http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/cgi-bin/home/index.cgi op.enroll.userKeyTemporary.keyGen.recovery.onHold.keyType.num=2 op.enroll.userKeyTemporary.keyGen.recovery.onHold.keyType.value.0=signing op.enroll.userKeyTemporary.keyGen.recovery.onHold.keyType.value.1=encryption @@ -1111,7 +1111,7 @@ op.enroll.soKey.tks.conn=tks1 op.enroll.soKey.auth.id=ldap2 op.enroll.soKey.auth.enable=true op.enroll.soKey.issuerinfo.enable=true -op.enroll.soKey.issuerinfo.value=http://[SERVER_NAME]:[PKI_UNSECURE_PORT]/cgi-bin/so/index.cgi +op.enroll.soKey.issuerinfo.value=http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/cgi-bin/so/index.cgi op.enroll.soKeyTemporary.keyGen.recovery.onHold.keyType.num=2 op.enroll.soKeyTemporary.keyGen.recovery.onHold.keyType.value.0=signing op.enroll.soKeyTemporary.keyGen.recovery.onHold.keyType.value.1=encryption @@ -1368,7 +1368,7 @@ op.format.soUserKey.tks.conn=tks1 op.format.soUserKey.auth.id=ldap1 op.format.soUserKey.auth.enable=false op.format.soUserKey.issuerinfo.enable=true -op.format.soUserKey.issuerinfo.value=http://[SERVER_NAME]:[PKI_UNSECURE_PORT]/cgi-bin/home/index.cgi +op.format.soUserKey.issuerinfo.value=http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/cgi-bin/home/index.cgi op.format.soKey.update.applet.emptyToken.enable=true op.format.soKey.update.applet.requiredVersion=1.4.4d40a449 op.format.soKey.update.applet.directory=[TPS_DIR]/applets @@ -1383,7 +1383,7 @@ op.format.soKey.tks.conn=tks1 op.format.soKey.auth.id=ldap2 op.format.soKey.auth.enable=true op.format.soKey.issuerinfo.enable=true -op.format.soKey.issuerinfo.value=http://[SERVER_NAME]:[PKI_UNSECURE_PORT]/cgi-bin/so/index.cgi +op.format.soKey.issuerinfo.value=http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/cgi-bin/so/index.cgi op.format.userKey.update.applet.emptyToken.enable=true op.format.userKey.update.applet.requiredVersion=1.4.4d40a449 op.format.userKey.update.applet.directory=[TPS_DIR]/applets @@ -1398,7 +1398,7 @@ op.format.userKey.tks.conn=tks1 op.format.userKey.auth.id=ldap1 op.format.userKey.auth.enable=true op.format.userKey.issuerinfo.enable=true -op.format.userKey.issuerinfo.value=http://[SERVER_NAME]:[PKI_UNSECURE_PORT]/cgi-bin/home/index.cgi +op.format.userKey.issuerinfo.value=http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/cgi-bin/home/index.cgi op.format.tokenKey.update.applet.emptyToken.enable=true op.format.tokenKey.update.applet.requiredVersion=1.4.4d40a449 op.format.tokenKey.update.applet.directory=[TPS_DIR]/applets @@ -1413,7 +1413,7 @@ op.format.tokenKey.tks.conn=tks1 op.format.tokenKey.auth.id=ldap1 op.format.tokenKey.auth.enable=true op.format.tokenKey.issuerinfo.enable=true -op.format.tokenKey.issuerinfo.value=http://[SERVER_NAME]:[PKI_UNSECURE_PORT]/cgi-bin/home/index.cgi +op.format.tokenKey.issuerinfo.value=http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/cgi-bin/home/index.cgi tokendb._000=######################################### tokendb._001=# tokendb.auditLog: tokendb._002=# - audit log path |