diff options
author | mharmsen <mharmsen@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2009-03-29 03:53:19 +0000 |
---|---|---|
committer | mharmsen <mharmsen@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2009-03-29 03:53:19 +0000 |
commit | 6c20ba0ca3f1eba1ebe9483f21143f37b54e3197 (patch) | |
tree | 7d667ce6c2c9630872773455312b7e49b13f1635 /pki/base/ra | |
parent | ea9e8b305e9a50f45d79738389aca4df6bf52aaf (diff) | |
download | pki-6c20ba0ca3f1eba1ebe9483f21143f37b54e3197.tar.gz pki-6c20ba0ca3f1eba1ebe9483f21143f37b54e3197.tar.xz pki-6c20ba0ca3f1eba1ebe9483f21143f37b54e3197.zip |
Bugzilla Bug #492503 - Integrate "mod_revocator" as a runtime dependency for
RA and TPS
Bugzilla Bug #492180 - Security officer: token recovery for a security officer
throws error 28 'connection to server lost'.
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@348 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
Diffstat (limited to 'pki/base/ra')
-rw-r--r-- | pki/base/ra/apache/conf/httpd.conf | 2 | ||||
-rw-r--r-- | pki/base/ra/apache/conf/revocator.conf | 19 | ||||
-rwxr-xr-x | pki/base/ra/lib/perl/PKI/RA/DonePanel.pm | 6 |
3 files changed, 27 insertions, 0 deletions
diff --git a/pki/base/ra/apache/conf/httpd.conf b/pki/base/ra/apache/conf/httpd.conf index b3e36d27..e3b244b5 100644 --- a/pki/base/ra/apache/conf/httpd.conf +++ b/pki/base/ra/apache/conf/httpd.conf @@ -254,6 +254,8 @@ LoadModule negotiation_module [FORTITUDE_LIB_DIR]/modules/mod_negotiation.so LoadModule cgi_module [FORTITUDE_LIB_DIR]/modules/mod_cgi.so # Required module for commands in nss.conf: [FORTITUDE_NSS_MODULES] +# Required module for commands in revocator.conf: +[FORTITUDE_REVOCATOR_MODULES] <Location /nk_service> SetHandler nk_service diff --git a/pki/base/ra/apache/conf/revocator.conf b/pki/base/ra/apache/conf/revocator.conf new file mode 100644 index 00000000..dda30132 --- /dev/null +++ b/pki/base/ra/apache/conf/revocator.conf @@ -0,0 +1,19 @@ +# CRL Engine Switch: +# Enable/Disable CRL retrieval + +CRLEngine on + +# CRL Age Check Switch: +# Shut the server down if a CRL expires +CRLAgeCheck off + +# CRL Update Critical Switch: +# Shut the server down if a CRL cannot be retrieved +CRLUpdateCritical off + +# CRL URLs: +# A space delimited list of URLs to retrieve and install. +# protocol://urldata;update_interval;max_age +#CRLFile "ldap://ldap.example.com:5000/o=example.net?usercertificate%3binary?sub?(sn=Jensen)??;30;30" +#CRLFile "exec:///usr/sbin/ldapget|ldap://ldap.example.com:3389/o=example.com?userCertificate%3bbinary?sub?(uid=crl)??;30;30" +#CRLFile "https://ca.example.com:1025/getCRL?op=getCRL&issuepoint=MasterCRL;30;30" diff --git a/pki/base/ra/lib/perl/PKI/RA/DonePanel.pm b/pki/base/ra/lib/perl/PKI/RA/DonePanel.pm index 727181df..eda7745c 100755 --- a/pki/base/ra/lib/perl/PKI/RA/DonePanel.pm +++ b/pki/base/ra/lib/perl/PKI/RA/DonePanel.pm @@ -327,6 +327,12 @@ sub display system( "rm $instDir/conf/nss.conf.tmp" ); } + # Append security domain getCRL URL to end of "revocator.conf" + open(REVOCATOR_CONF, ">>$instDir/conf/revocator.conf"); + print REVOCATOR_CONF "CRLFile \"" . $sdom + . "/ca/ee/ca/getCRL?op=getCRL&crlIssuingPoint=MasterCRL;60;60\"\n"; + close(REVOCATOR_CONF); + &PKI::RA::Wizard::debug_log("DonePanel: Connecting to Security Domain"); my $machineName = $::config->get("service.machineName"); |