summaryrefslogtreecommitdiffstats
path: root/pki/base/ocsp/shared
diff options
context:
space:
mode:
authormharmsen <mharmsen@c9f7a03b-bd48-0410-a16d-cbbf54688b0b>2009-05-07 22:37:08 +0000
committermharmsen <mharmsen@c9f7a03b-bd48-0410-a16d-cbbf54688b0b>2009-05-07 22:37:08 +0000
commit466202e75665108f5c51c5d602d2afaabed4a027 (patch)
tree9e953e972da8074d7fc4dfcc02f0d1a96f57db34 /pki/base/ocsp/shared
parent2963ca4c6381e7a43fff0457fb0135476874830f (diff)
downloadpki-466202e75665108f5c51c5d602d2afaabed4a027.tar.gz
pki-466202e75665108f5c51c5d602d2afaabed4a027.tar.xz
pki-466202e75665108f5c51c5d602d2afaabed4a027.zip
Bugzilla Bug #492735 - Configuration wizard stores certain incorrect port
values within TPS "CS.cfg" . . . Bugzilla Bug #495597 - Unable to access Agent page using a configured CA/KRA containing an HSM git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@431 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
Diffstat (limited to 'pki/base/ocsp/shared')
-rw-r--r--pki/base/ocsp/shared/conf/CS.cfg31
-rw-r--r--pki/base/ocsp/shared/conf/schema.ldif17
-rw-r--r--pki/base/ocsp/shared/conf/server.xml2
-rw-r--r--pki/base/ocsp/shared/webapps/ocsp/WEB-INF/web.xml17
4 files changed, 50 insertions, 17 deletions
diff --git a/pki/base/ocsp/shared/conf/CS.cfg b/pki/base/ocsp/shared/conf/CS.cfg
index 59185dd8e..0544fc632 100644
--- a/pki/base/ocsp/shared/conf/CS.cfg
+++ b/pki/base/ocsp/shared/conf/CS.cfg
@@ -3,17 +3,17 @@
# All rights reserved.
# --- END COPYRIGHT BLOCK ---
#
-pkicreate.arg01.pki_instance_root=[PKI_INSTANCE_ROOT]
-pkicreate.arg02.pki_instance_name=[PKI_INSTANCE_ID]
-pkicreate.arg03.subsystem_type=[PKI_SUBSYSTEM_TYPE]
-pkicreate.arg04.agent_secure_port=[PKI_AGENT_SECURE_PORT]
-pkicreate.arg05.ee_secure_port=[PKI_EE_SECURE_PORT]
-pkicreate.arg06.admin_secure_port=[PKI_ADMIN_SECURE_PORT]
-pkicreate.arg07.secure_port=[PKI_SECURE_PORT]
-pkicreate.arg08.unsecure_port=[PKI_UNSECURE_PORT]
-pkicreate.arg09.tomcat_server_port=[TOMCAT_SERVER_PORT]
-pkicreate.arg10.user=[PKI_USER]
-pkicreate.arg11.group=[PKI_GROUP]
+pkicreate.pki_instance_root=[PKI_INSTANCE_ROOT]
+pkicreate.pki_instance_name=[PKI_INSTANCE_ID]
+pkicreate.subsystem_type=[PKI_SUBSYSTEM_TYPE]
+pkicreate.agent_secure_port=[PKI_AGENT_SECURE_PORT]
+pkicreate.ee_secure_port=[PKI_EE_SECURE_PORT]
+pkicreate.admin_secure_port=[PKI_ADMIN_SECURE_PORT]
+pkicreate.secure_port=[PKI_SECURE_PORT]
+pkicreate.unsecure_port=[PKI_UNSECURE_PORT]
+pkicreate.tomcat_server_port=[TOMCAT_SERVER_PORT]
+pkicreate.user=[PKI_USER]
+pkicreate.group=[PKI_GROUP]
installDate=[INSTALL_TIME]
cs.type=OCSP
admin.interface.uri=ocsp/admin/console/config/wizard
@@ -21,7 +21,7 @@ agent.interface.uri=ocsp/agent/ocsp
preop.admin.name=Online Certificate Status Manager Administrator
preop.admin.group=Online Certificate Status Manager Agents
preop.admincert.profile=caAdminCert
-preop.securitydomain.url=https://[PKI_MACHINE_NAME]:9444
+preop.securitydomain.admin_url=https://[PKI_MACHINE_NAME]:9445
preop.wizard.name=OCSP Setup Wizard
preop.product.name=CS
preop.product.version=
@@ -88,7 +88,12 @@ authType=pwd
instanceRoot=[PKI_INSTANCE_PATH]
machineName=[PKI_MACHINE_NAME]
instanceId=[PKI_INSTANCE_ID]
-service.securePort=[PKI_SECURE_PORT]
+service.machineName=[PKI_MACHINE_NAME]
+service.instanceDir=[PKI_INSTANCE_ROOT]
+service.securePort=[PKI_AGENT_SECURE_PORT]
+service.non_clientauth_securePort=[PKI_EE_SECURE_PORT]
+service.unsecurePort=[PKI_UNSECURE_PORT]
+service.instanceID=[PKI_INSTANCE_ID]
preop.pin=[PKI_RANDOM_NUMBER]
passwordFile=[PKI_INSTANCE_PATH]/conf/password.conf
passwordClass=com.netscape.cmsutil.password.PlainPasswordFile
diff --git a/pki/base/ocsp/shared/conf/schema.ldif b/pki/base/ocsp/shared/conf/schema.ldif
index 823543dcf..d61f83dd6 100644
--- a/pki/base/ocsp/shared/conf/schema.ldif
+++ b/pki/base/ocsp/shared/conf/schema.ldif
@@ -381,6 +381,21 @@ attributeTypes: ( SecurePort-oid NAME 'SecurePort' SYNTAX 1.3.6.1.4.1.1466.115.
dn: cn=schema
changetype: modify
add: attributeTypes
+attributeTypes: ( SecureAgentPort-oid NAME 'SecureAgentPort' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'user defined' )
+
+dn: cn=schema
+changetype: modify
+add: attributeTypes
+attributeTypes: ( SecureAdminPort-oid NAME 'SecureAdminPort' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'user defined' )
+
+dn: cn=schema
+changetype: modify
+add: attributeTypes
+attributeTypes: ( UnSecurePort-oid NAME 'UnSecurePort' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'user defined' )
+
+dn: cn=schema
+changetype: modify
+add: attributeTypes
attributeTypes: ( SubsystemName-oid NAME 'SubsystemName' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'user defined' )
dn: cn=schema
@@ -441,7 +456,7 @@ objectClasses: ( pkiSecurityGroup-oid NAME 'pkiSecurityGroup' DESC 'CMS defined
dn: cn=schema
changetype: modify
add: objectClasses
-objectClasses: ( pkiSubsystem-oid NAME 'pkiSubsystem' DESC 'CMS defined class' SUP top STRUCTURAL MUST ( cn $ Host $ SecurePort $ SubsystemName $ Clone ) MAY ( DomainManager ) X-ORIGIN 'user defined' )
+objectClasses: ( pkiSubsystem-oid NAME 'pkiSubsystem' DESC 'CMS defined class' SUP top STRUCTURAL MUST ( cn $ Host $ SecurePort $ SubsystemName $ Clone ) MAY ( DomainManager $ SecureAgentPort $ SecureAdminPort $ UnSecurePort ) X-ORIGIN 'user defined' )
dn: cn=schema
changetype: modify
diff --git a/pki/base/ocsp/shared/conf/server.xml b/pki/base/ocsp/shared/conf/server.xml
index 7dd9f6ccd..58cd61666 100644
--- a/pki/base/ocsp/shared/conf/server.xml
+++ b/pki/base/ocsp/shared/conf/server.xml
@@ -98,7 +98,7 @@ Tomcat Port = [TOMCAT_SERVER_PORT] (for shutdown)
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
- clientAuth="true" sslProtocol="SSL"
+ clientAuth="[PKI_AGENT_CLIENTAUTH]" sslProtocol="SSL"
sslOptions="ssl2=true,ssl3=true,tls=true"
ssl2Ciphers="-SSL2_RC4_128_WITH_MD5,-SSL2_RC4_128_EXPORT40_WITH_MD5,-SSL2_RC2_128_CBC_WITH_MD5,-SSL2_RC2_128_CBC_EXPORT40_WITH_MD5,-SSL2_DES_64_CBC_WITH_MD5,-SSL2_DES_192_EDE3_CBC_WITH_MD5"
ssl3Ciphers="-SSL3_FORTEZZA_DMS_WITH_NULL_SHA,-SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA,+SSL3_RSA_WITH_RC4_128_SHA,-SSL3_RSA_EXPORT_WITH_RC4_40_MD5,+SSL3_RSA_WITH_3DES_EDE_CBC_SHA,+SSL3_RSA_WITH_DES_CBC_SHA,-SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5,-SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA,-SSL_RSA_FIPS_WITH_DES_CBC_SHA,+SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,-SSL3_RSA_WITH_NULL_MD5,-TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,+TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA"
diff --git a/pki/base/ocsp/shared/webapps/ocsp/WEB-INF/web.xml b/pki/base/ocsp/shared/webapps/ocsp/WEB-INF/web.xml
index a7768b889..37ac36cf6 100644
--- a/pki/base/ocsp/shared/webapps/ocsp/WEB-INF/web.xml
+++ b/pki/base/ocsp/shared/webapps/ocsp/WEB-INF/web.xml
@@ -438,8 +438,6 @@
<param-value> services </param-value> </init-param>
<init-param><param-name> templatePath </param-name>
<param-value> /services.template </param-value> </init-param>
- <init-param><param-name> interface </param-name>
- <param-value> ee </param-value> </init-param>
</servlet>
<servlet>
@@ -491,6 +489,21 @@
[PKI_OPEN_SEPARATE_PORTS_WEB_COMMENT]
<filter-mapping>
+ <filter-name> PassThroughRequestFilter </filter-name>
+ <url-pattern> /registry </url-pattern>
+ <url-pattern> /acl </url-pattern>
+ <url-pattern> /jobsScheduler </url-pattern>
+ <url-pattern> /ug </url-pattern>
+ <url-pattern> /server </url-pattern>
+ <url-pattern> /log </url-pattern>
+ <url-pattern> /ocsp </url-pattern>
+
+ <url-pattern> /services </url-pattern>
+
+ <url-pattern> /start </url-pattern>
+ </filter-mapping>
+
+ <filter-mapping>
<filter-name> AgentRequestFilter </filter-name>
<url-pattern> /agent/* </url-pattern>
</filter-mapping>
generated by cgit (git 2.34.1) at 2024-07-05 23:03:05 +0000