diff options
author | mharmsen <mharmsen@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2009-05-07 22:37:08 +0000 |
---|---|---|
committer | mharmsen <mharmsen@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2009-05-07 22:37:08 +0000 |
commit | 466202e75665108f5c51c5d602d2afaabed4a027 (patch) | |
tree | 9e953e972da8074d7fc4dfcc02f0d1a96f57db34 /pki/base/ocsp/shared/conf | |
parent | 2963ca4c6381e7a43fff0457fb0135476874830f (diff) | |
download | pki-466202e75665108f5c51c5d602d2afaabed4a027.tar.gz pki-466202e75665108f5c51c5d602d2afaabed4a027.tar.xz pki-466202e75665108f5c51c5d602d2afaabed4a027.zip |
Bugzilla Bug #492735 - Configuration wizard stores certain incorrect port
values within TPS "CS.cfg" . . .
Bugzilla Bug #495597 - Unable to access Agent page using a configured CA/KRA
containing an HSM
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@431 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
Diffstat (limited to 'pki/base/ocsp/shared/conf')
-rw-r--r-- | pki/base/ocsp/shared/conf/CS.cfg | 31 | ||||
-rw-r--r-- | pki/base/ocsp/shared/conf/schema.ldif | 17 | ||||
-rw-r--r-- | pki/base/ocsp/shared/conf/server.xml | 2 |
3 files changed, 35 insertions, 15 deletions
diff --git a/pki/base/ocsp/shared/conf/CS.cfg b/pki/base/ocsp/shared/conf/CS.cfg index 59185dd8e..0544fc632 100644 --- a/pki/base/ocsp/shared/conf/CS.cfg +++ b/pki/base/ocsp/shared/conf/CS.cfg @@ -3,17 +3,17 @@ # All rights reserved. # --- END COPYRIGHT BLOCK --- # -pkicreate.arg01.pki_instance_root=[PKI_INSTANCE_ROOT] -pkicreate.arg02.pki_instance_name=[PKI_INSTANCE_ID] -pkicreate.arg03.subsystem_type=[PKI_SUBSYSTEM_TYPE] -pkicreate.arg04.agent_secure_port=[PKI_AGENT_SECURE_PORT] -pkicreate.arg05.ee_secure_port=[PKI_EE_SECURE_PORT] -pkicreate.arg06.admin_secure_port=[PKI_ADMIN_SECURE_PORT] -pkicreate.arg07.secure_port=[PKI_SECURE_PORT] -pkicreate.arg08.unsecure_port=[PKI_UNSECURE_PORT] -pkicreate.arg09.tomcat_server_port=[TOMCAT_SERVER_PORT] -pkicreate.arg10.user=[PKI_USER] -pkicreate.arg11.group=[PKI_GROUP] +pkicreate.pki_instance_root=[PKI_INSTANCE_ROOT] +pkicreate.pki_instance_name=[PKI_INSTANCE_ID] +pkicreate.subsystem_type=[PKI_SUBSYSTEM_TYPE] +pkicreate.agent_secure_port=[PKI_AGENT_SECURE_PORT] +pkicreate.ee_secure_port=[PKI_EE_SECURE_PORT] +pkicreate.admin_secure_port=[PKI_ADMIN_SECURE_PORT] +pkicreate.secure_port=[PKI_SECURE_PORT] +pkicreate.unsecure_port=[PKI_UNSECURE_PORT] +pkicreate.tomcat_server_port=[TOMCAT_SERVER_PORT] +pkicreate.user=[PKI_USER] +pkicreate.group=[PKI_GROUP] installDate=[INSTALL_TIME] cs.type=OCSP admin.interface.uri=ocsp/admin/console/config/wizard @@ -21,7 +21,7 @@ agent.interface.uri=ocsp/agent/ocsp preop.admin.name=Online Certificate Status Manager Administrator preop.admin.group=Online Certificate Status Manager Agents preop.admincert.profile=caAdminCert -preop.securitydomain.url=https://[PKI_MACHINE_NAME]:9444 +preop.securitydomain.admin_url=https://[PKI_MACHINE_NAME]:9445 preop.wizard.name=OCSP Setup Wizard preop.product.name=CS preop.product.version= @@ -88,7 +88,12 @@ authType=pwd instanceRoot=[PKI_INSTANCE_PATH] machineName=[PKI_MACHINE_NAME] instanceId=[PKI_INSTANCE_ID] -service.securePort=[PKI_SECURE_PORT] +service.machineName=[PKI_MACHINE_NAME] +service.instanceDir=[PKI_INSTANCE_ROOT] +service.securePort=[PKI_AGENT_SECURE_PORT] +service.non_clientauth_securePort=[PKI_EE_SECURE_PORT] +service.unsecurePort=[PKI_UNSECURE_PORT] +service.instanceID=[PKI_INSTANCE_ID] preop.pin=[PKI_RANDOM_NUMBER] passwordFile=[PKI_INSTANCE_PATH]/conf/password.conf passwordClass=com.netscape.cmsutil.password.PlainPasswordFile diff --git a/pki/base/ocsp/shared/conf/schema.ldif b/pki/base/ocsp/shared/conf/schema.ldif index 823543dcf..d61f83dd6 100644 --- a/pki/base/ocsp/shared/conf/schema.ldif +++ b/pki/base/ocsp/shared/conf/schema.ldif @@ -381,6 +381,21 @@ attributeTypes: ( SecurePort-oid NAME 'SecurePort' SYNTAX 1.3.6.1.4.1.1466.115. dn: cn=schema changetype: modify add: attributeTypes +attributeTypes: ( SecureAgentPort-oid NAME 'SecureAgentPort' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'user defined' ) + +dn: cn=schema +changetype: modify +add: attributeTypes +attributeTypes: ( SecureAdminPort-oid NAME 'SecureAdminPort' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'user defined' ) + +dn: cn=schema +changetype: modify +add: attributeTypes +attributeTypes: ( UnSecurePort-oid NAME 'UnSecurePort' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'user defined' ) + +dn: cn=schema +changetype: modify +add: attributeTypes attributeTypes: ( SubsystemName-oid NAME 'SubsystemName' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'user defined' ) dn: cn=schema @@ -441,7 +456,7 @@ objectClasses: ( pkiSecurityGroup-oid NAME 'pkiSecurityGroup' DESC 'CMS defined dn: cn=schema changetype: modify add: objectClasses -objectClasses: ( pkiSubsystem-oid NAME 'pkiSubsystem' DESC 'CMS defined class' SUP top STRUCTURAL MUST ( cn $ Host $ SecurePort $ SubsystemName $ Clone ) MAY ( DomainManager ) X-ORIGIN 'user defined' ) +objectClasses: ( pkiSubsystem-oid NAME 'pkiSubsystem' DESC 'CMS defined class' SUP top STRUCTURAL MUST ( cn $ Host $ SecurePort $ SubsystemName $ Clone ) MAY ( DomainManager $ SecureAgentPort $ SecureAdminPort $ UnSecurePort ) X-ORIGIN 'user defined' ) dn: cn=schema changetype: modify diff --git a/pki/base/ocsp/shared/conf/server.xml b/pki/base/ocsp/shared/conf/server.xml index 7dd9f6ccd..58cd61666 100644 --- a/pki/base/ocsp/shared/conf/server.xml +++ b/pki/base/ocsp/shared/conf/server.xml @@ -98,7 +98,7 @@ Tomcat Port = [TOMCAT_SERVER_PORT] (for shutdown) maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true" - clientAuth="true" sslProtocol="SSL" + clientAuth="[PKI_AGENT_CLIENTAUTH]" sslProtocol="SSL" sslOptions="ssl2=true,ssl3=true,tls=true" ssl2Ciphers="-SSL2_RC4_128_WITH_MD5,-SSL2_RC4_128_EXPORT40_WITH_MD5,-SSL2_RC2_128_CBC_WITH_MD5,-SSL2_RC2_128_CBC_EXPORT40_WITH_MD5,-SSL2_DES_64_CBC_WITH_MD5,-SSL2_DES_192_EDE3_CBC_WITH_MD5" ssl3Ciphers="-SSL3_FORTEZZA_DMS_WITH_NULL_SHA,-SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA,+SSL3_RSA_WITH_RC4_128_SHA,-SSL3_RSA_EXPORT_WITH_RC4_40_MD5,+SSL3_RSA_WITH_3DES_EDE_CBC_SHA,+SSL3_RSA_WITH_DES_CBC_SHA,-SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5,-SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA,-SSL_RSA_FIPS_WITH_DES_CBC_SHA,+SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,-SSL3_RSA_WITH_NULL_MD5,-TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,+TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA" |