diff options
author | jmagne <jmagne@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2008-08-08 01:36:44 +0000 |
---|---|---|
committer | jmagne <jmagne@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2008-08-08 01:36:44 +0000 |
commit | c128fff4f2356100195f70638269f0eeea2d9742 (patch) | |
tree | b8c3a14ce2eb02e5c7ad790f4228e15554274276 /pki/base/ocsp | |
parent | ec985a5ec4f5a4f95a2f522428fa176d8b23100d (diff) | |
download | pki-c128fff4f2356100195f70638269f0eeea2d9742.tar.gz pki-c128fff4f2356100195f70638269f0eeea2d9742.tar.xz pki-c128fff4f2356100195f70638269f0eeea2d9742.zip |
Fix for #458337, port separation.
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@101 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
Diffstat (limited to 'pki/base/ocsp')
-rw-r--r-- | pki/base/ocsp/shared/conf/server.xml | 87 |
1 files changed, 79 insertions, 8 deletions
diff --git a/pki/base/ocsp/shared/conf/server.xml b/pki/base/ocsp/shared/conf/server.xml index 942374422..9e40e2373 100644 --- a/pki/base/ocsp/shared/conf/server.xml +++ b/pki/base/ocsp/shared/conf/server.xml @@ -1,7 +1,3 @@ -<!-- BEGIN COPYRIGHT BLOCK - Copyright (C) 2006 Red Hat, Inc. - All rights reserved. - END COPYRIGHT BLOCK --> <!-- Example Server Configuration File --> <!-- Note that component elements are nested corresponding to their parent-child relationships with each other --> @@ -92,7 +88,7 @@ maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true" - clientAuth="false" sslProtocol="SSL" + clientAuth="agent" sslProtocol="SSL" sslOptions="ssl2=true,ssl3=true,tls=true" ssl2Ciphers="-SSL2_RC4_128_WITH_MD5,-SSL2_RC4_128_EXPORT40_WITH_MD5,-SSL2_RC2_128_CBC_WITH_MD5,-SSL2_RC2_128_CBC_EXPORT40_WITH_MD5,-SSL2_DES_64_CBC_WITH_MD5,-SSL2_DES_192_EDE3_CBC_WITH_MD5" ssl3Ciphers="-SSL3_FORTEZZA_DMS_WITH_NULL_SHA,-SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA,+SSL3_RSA_WITH_RC4_128_SHA,-SSL3_RSA_EXPORT_WITH_RC4_40_MD5,+SSL3_RSA_WITH_3DES_EDE_CBC_SHA,+SSL3_RSA_WITH_DES_CBC_SHA,-SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5,-SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA,-SSL_RSA_FIPS_WITH_DES_CBC_SHA,+SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,-SSL3_RSA_WITH_NULL_MD5,-TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,+TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA" @@ -104,8 +100,6 @@ certdbDir="[PKI_INSTANCE_PATH]/alias"/> <!-- DO NOT REMOVE - End define PKI secure port --> - - <!-- Note : To disable connection timeouts, set connectionTimeout value to 0 --> @@ -211,7 +205,7 @@ Note: XML Schema validation will not work with Xerces 2.2. --> <Host name="localhost" appBase="webapps" - unpackWARs="true" autoDeploy="true" + unpackWARs="true" autoDeploy="false" xmlValidation="false" xmlNamespaceAware="false"> <!-- Defines a cluster for this node, @@ -390,10 +384,87 @@ pattern="common" resolveHosts="false"/> --> + <!-- <Context docBase="webapps" path="/webapps" reloadable="false"/> --> </Host> </Engine> </Service> +[PKI_OPEN_SEPARATE_PORTS_COMMENT] + +<Service name="CatalinaAdmin"> + +<Connector port="[PKI_ADMIN_SECURE_PORT]" maxHttpHeaderSize="8192" + maxThreads="150" minSpareThreads="25" maxSpareThreads="75" + enableLookups="false" disableUploadTimeout="true" + acceptCount="100" scheme="https" secure="true" + clientAuth="false" sslProtocol="SSL" + sslOptions="ssl2=true,ssl3=true,tls=true" + ssl2Ciphers="-SSL2_RC4_128_WITH_MD5,-SSL2_RC4_128_EXPORT40_WITH_MD5,-SSL2_RC2_128_CBC_WITH_MD5,-SSL2_RC2_128_CBC_EXPORT40_WITH_MD5,-SSL2_DES_64_CBC_WITH_MD5,-SSL2_DES_192_EDE3_CBC_WITH_MD5" + ssl3Ciphers="-SSL3_FORTEZZA_DMS_WITH_NULL_SHA,-SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA,+SSL3_RSA_WITH_RC4_128_SHA,-SSL3_RSA_EXPORT_WITH_RC4_40_MD5,+SSL3_RSA_WITH_3DES_EDE_CBC_SHA,+SSL3_RSA_WITH_DES_CBC_SHA,-SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5,-SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA,-SSL_RSA_FIPS_WITH_DES_CBC_SHA,+SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,-SSL3_RSA_WITH_NULL_MD5,-TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,+TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA" + tls3Ciphers="-SSL3_FORTEZZA_DMS_WITH_NULL_SHA,-SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA,+SSL3_RSA_WITH_RC4_128_SHA,-SSL3_RSA_EXPORT_WITH_RC4_40_MD5,+SSL3_RSA_WITH_3DES_EDE_CBC_SHA,+SSL3_RSA_WITH_DES_CBC_SHA,-SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5,-SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA,-SSL_RSA_FIPS_WITH_DES_CBC_SHA,+SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,-SSL3_RSA_WITH_NULL_MD5,-TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,+TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA" + SSLImplementation="org.apache.tomcat.util.net.jss.JSSImplementation" + serverCertNickFile="[PKI_INSTANCE_PATH]/conf/serverCertNick.conf" + passwordFile="[PKI_INSTANCE_PATH]/conf/password.conf" + passwordClass="org.apache.tomcat.util.net.jss.PlainPasswordFile" + certdbDir="[PKI_INSTANCE_PATH]/alias"/> + + <Engine name="CatalinaAdmin" defaultHost="localhost"> + + <Realm className="org.apache.catalina.realm.UserDatabaseRealm" + resourceName="UserDatabase"/> + + <Host name="localhost" appBase="webapps.admin" + unpackWARs="true" autoDeploy="false" + xmlValidation="false" xmlNamespaceAware="false"> + + <Valve className="org.apache.catalina.valves.AccessLogValve" + directory="logs" prefix="localhost_access_log." suffix=".txt" + pattern="common" resolveHosts="false"/> + + </Host> + + </Engine> + + </Service> + + +<Service name="CatalinaEE"> + +<Connector port="[PKI_EE_SECURE_PORT]" maxHttpHeaderSize="8192" + maxThreads="150" minSpareThreads="25" maxSpareThreads="75" + enableLookups="false" disableUploadTimeout="true" + acceptCount="100" scheme="https" secure="true" + clientAuth="false" sslProtocol="SSL" + sslOptions="ssl2=true,ssl3=true,tls=true" + ssl2Ciphers="-SSL2_RC4_128_WITH_MD5,-SSL2_RC4_128_EXPORT40_WITH_MD5,-SSL2_RC2_128_CBC_WITH_MD5,-SSL2_RC2_128_CBC_EXPORT40_WITH_MD5,-SSL2_DES_64_CBC_WITH_MD5,-SSL2_DES_192_EDE3_CBC_WITH_MD5" + ssl3Ciphers="-SSL3_FORTEZZA_DMS_WITH_NULL_SHA,-SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA,+SSL3_RSA_WITH_RC4_128_SHA,-SSL3_RSA_EXPORT_WITH_RC4_40_MD5,+SSL3_RSA_WITH_3DES_EDE_CBC_SHA,+SSL3_RSA_WITH_DES_CBC_SHA,-SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5,-SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA,-SSL_RSA_FIPS_WITH_DES_CBC_SHA,+SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,-SSL3_RSA_WITH_NULL_MD5,-TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,+TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA" + tls3Ciphers="-SSL3_FORTEZZA_DMS_WITH_NULL_SHA,-SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA,+SSL3_RSA_WITH_RC4_128_SHA,-SSL3_RSA_EXPORT_WITH_RC4_40_MD5,+SSL3_RSA_WITH_3DES_EDE_CBC_SHA,+SSL3_RSA_WITH_DES_CBC_SHA,-SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5,-SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA,-SSL_RSA_FIPS_WITH_DES_CBC_SHA,+SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,-SSL3_RSA_WITH_NULL_MD5,-TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,+TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA" + SSLImplementation="org.apache.tomcat.util.net.jss.JSSImplementation" + serverCertNickFile="[PKI_INSTANCE_PATH]/conf/serverCertNick.conf" + passwordFile="[PKI_INSTANCE_PATH]/conf/password.conf" + passwordClass="org.apache.tomcat.util.net.jss.PlainPasswordFile" + certdbDir="[PKI_INSTANCE_PATH]/alias"/> + + <Engine name="CatalinaEE" defaultHost="localhost"> + + <Realm className="org.apache.catalina.realm.UserDatabaseRealm" + resourceName="UserDatabase"/> + + <Host name="localhost" appBase="webapps.ee" + unpackWARs="true" autoDeploy="false" + xmlValidation="false" xmlNamespaceAware="false"> + + + <Valve className="org.apache.catalina.valves.AccessLogValve" + directory="logs" prefix="localhost_access_log." suffix=".txt" + pattern="common" resolveHosts="false"/> + + </Host> + + </Engine> + + </Service> +[PKI_CLOSE_SEPARATE_PORTS_COMMENT] </Server> |