summaryrefslogtreecommitdiffstats
path: root/base/ca/shared/conf
diff options
context:
space:
mode:
Diffstat (limited to 'base/ca/shared/conf')
-rw-r--r--base/ca/shared/conf/acl.ldif3
-rw-r--r--base/ca/shared/conf/server.xml2
2 files changed, 4 insertions, 1 deletions
diff --git a/base/ca/shared/conf/acl.ldif b/base/ca/shared/conf/acl.ldif
index ceea1f27a..aec1447e5 100644
--- a/base/ca/shared/conf/acl.ldif
+++ b/base/ca/shared/conf/acl.ldif
@@ -51,3 +51,6 @@ resourceACLS: certServer.ca.connectorInfo:read,modify:allow (modify,read) group=
resourceACLS: certServer.ca.registerUser:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators":Only Enterprise Administrators are allowed to register a new agent
resourceACLS: certServer.clone.configuration:read,modify:allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise RA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators":Only Enterprise Administrators are allowed to clone the configuration.
resourceACLS: certServer.admin.ocsp:read,modify:allow (modify,read) group="Enterprise OCSP Administrators":Only Enterprise Administrators are allowed to read or update the OCSP configuration.
+resourceACLS: certServer.ca.certs:execute:allow (execute) group="Certificate Manager Agents":Agents may execute cert operations
+resourceACLS: certServer.ca.groups:execute:allow (execute) group="Administrators":Admins may execute group operations
+resourceACLS: certServer.ca.users:execute:allow (execute) group="Administrators":Admins may execute user operations
diff --git a/base/ca/shared/conf/server.xml b/base/ca/shared/conf/server.xml
index 4056fbbb7..60317d2fa 100644
--- a/base/ca/shared/conf/server.xml
+++ b/base/ca/shared/conf/server.xml
@@ -84,7 +84,7 @@ Tomcat Port = [TOMCAT_SERVER_PORT] (for shutdown)
-->
[PKI_UNSECURE_PORT_SERVER_COMMENT]
- <Connector name="[PKI_UNSECURE_PORT_CONNECTOR_NAME]" port="[PKI_UNSECURE_PORT]" protocol="HTTP/1.1" redirectPort="8443"
+ <Connector name="[PKI_UNSECURE_PORT_CONNECTOR_NAME]" port="[PKI_UNSECURE_PORT]" protocol="HTTP/1.1" redirectPort="[PKI_SECURE_PORT]"
maxHttpHeaderSize="8192"
acceptCount="100" maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" connectionTimeout="20000" disableUploadTimeout="true"
generated by cgit (git 2.34.1) at 2024-06-16 19:03:46 +0000