commit 5015475c6084d9397017e5531299f1545fae2a33
Author: Matthew Harmsen <mharmsen@redhat.com>
Date: Fri Aug 7 13:20:22 2015 -0600
remove more inaccessible URLs from server.xml
- PKI TRAC Ticket #1443 - pkidaemon status tomcat list URLs under PKI
subsystems which are not accessible
- PKI TRAC Ticket #1518 - OCSP ee url returned by pkidaemon status tomcat
shows an error page
diff --git a/base/server/man/man1/pkidaemon.1 b/base/server/man/man1/pkidaemon.1
index 9b4eb46..35c04e5 100644
--- a/base/server/man/man1/pkidaemon.1
+++ b/base/server/man/man1/pkidaemon.1
@@ -39,6 +39,8 @@ As stated above, the only optional argument to \fBpkidaemon\fR is \fB[instance-n
For the following examples, two instances were installed. The first contained a CA, KRA, OCSP, TKS and TPS in a shared PKI instance named 'pki-tomcat', while the second simply contained a CA running on different ports and named 'pki-tomcat-2'.
+For the OCSP 'Unsecure URL' and the OCSP 'Secure EE URL' which both specify a static string of '<ocsp request blob>', the intention is for the user to replace this static string with an actual OCSP request blob relevant to their particular deployment.
+
.SS Listing the status of all local PKI instances on this machine:
.BR
.PP
@@ -57,22 +59,20 @@ Status for pki-tomcat: pki-tomcat is running ..
Tomcat Port = 8005 (for shutdown)
[DRM Status Definitions]
- Unsecure URL = http://pki.example.com:8080/kra/ee/kra
Secure Agent URL = https://pki.example.com:8443/kra/agent/kra
Secure Admin URL = https://pki.example.com:8443/kra/services
PKI Console Command = pkiconsole https://pki.example.com:8443/kra
Tomcat Port = 8005 (for shutdown)
[OCSP Status Definitions]
- Unsecure URL = http://pki.example.com:8080/ocsp/ee/ocsp
+ Unsecure URL = http://pki.example.com:8080/ocsp/ee/ocsp/<ocsp request blob>
Secure Agent URL = https://pki.example.com:8443/ocsp/agent/ocsp
- Secure EE URL = https://pki.example.com:8443/ocsp/ee/ocsp
+ Secure EE URL = https://pki.example.com:8443/ocsp/ee/ocsp/<ocsp request blob>
Secure Admin URL = https://pki.example.com:8443/ocsp/services
PKI Console Command = pkiconsole https://pki.example.com:8443/ocsp
Tomcat Port = 8005 (for shutdown)
[TKS Status Definitions]
- Unsecure URL = http://pki.example.com:8080/tks/ee/tks
Secure Agent URL = https://pki.example.com:8443/tks/agent/tks
Secure Admin URL = https://pki.example.com:8443/tks/services
PKI Console Command = pkiconsole https://pki.example.com:8443/tks
@@ -179,22 +179,20 @@ Status for pki-tomcat: pki-tomcat is running ..
Tomcat Port = 8005 (for shutdown)
[DRM Status Definitions]
- Unsecure URL = http://pki.example.com:8080/kra/ee/kra
Secure Agent URL = https://pki.example.com:8443/kra/agent/kra
Secure Admin URL = https://pki.example.com:8443/kra/services
PKI Console Command = pkiconsole https://pki.example.com:8443/kra
Tomcat Port = 8005 (for shutdown)
[OCSP Status Definitions]
- Unsecure URL = http://pki.example.com:8080/ocsp/ee/ocsp
+ Unsecure URL = http://pki.example.com:8080/ocsp/ee/ocsp/<ocsp request blob>
Secure Agent URL = https://pki.example.com:8443/ocsp/agent/ocsp
- Secure EE URL = https://pki.example.com:8443/ocsp/ee/ocsp
+ Secure EE URL = https://pki.example.com:8443/ocsp/ee/ocsp/<ocsp request blob>
Secure Admin URL = https://pki.example.com:8443/ocsp/services
PKI Console Command = pkiconsole https://pki.example.com:8443/ocsp
Tomcat Port = 8005 (for shutdown)
[TKS Status Definitions]
- Unsecure URL = http://pki.example.com:8080/tks/ee/tks
Secure Agent URL = https://pki.example.com:8443/tks/agent/tks
Secure Admin URL = https://pki.example.com:8443/tks/services
PKI Console Command = pkiconsole https://pki.example.com:8443/tks
diff --git a/base/server/tomcat7/conf/server.xml b/base/server/tomcat7/conf/server.xml
index 81a8016..d944d32 100644
--- a/base/server/tomcat7/conf/server.xml
+++ b/base/server/tomcat7/conf/server.xml
@@ -37,7 +37,6 @@ Tomcat Port = [TOMCAT_SERVER_PORT] (for shutdown)
-->
<!-- KRA Status Definitions -->
<!--
-Unsecure URL = http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/kra/ee/kra
Secure Agent URL = https://[PKI_HOSTNAME]:[PKI_AGENT_SECURE_PORT]/kra/agent/kra
Secure Admin URL = https://[PKI_HOSTNAME]:[PKI_ADMIN_SECURE_PORT]/kra/services
PKI Console Command = pkiconsole https://[PKI_HOSTNAME]:[PKI_ADMIN_SECURE_PORT]/kra
@@ -45,16 +44,15 @@ Tomcat Port = [TOMCAT_SERVER_PORT] (for shutdown)
-->
<!-- OCSP Status Definitions -->
<!--
-Unsecure URL = http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/ocsp/ee/ocsp
+Unsecure URL = http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/ocsp/ee/ocsp/<ocsp request blob>
Secure Agent URL = https://[PKI_HOSTNAME]:[PKI_AGENT_SECURE_PORT]/ocsp/agent/ocsp
-Secure EE URL = https://[PKI_HOSTNAME]:[PKI_EE_SECURE_PORT]/ocsp/ee/ocsp
+Secure EE URL = https://[PKI_HOSTNAME]:[PKI_EE_SECURE_PORT]/ocsp/ee/ocsp/<ocsp request blob>
Secure Admin URL = https://[PKI_HOSTNAME]:[PKI_ADMIN_SECURE_PORT]/ocsp/services
PKI Console Command = pkiconsole https://[PKI_HOSTNAME]:[PKI_ADMIN_SECURE_PORT]/ocsp
Tomcat Port = [TOMCAT_SERVER_PORT] (for shutdown)
-->
<!-- TKS Status Definitions -->
<!--
-Unsecure URL = http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/tks/ee/tks
Secure Agent URL = https://[PKI_HOSTNAME]:[PKI_AGENT_SECURE_PORT]/tks/agent/tks
Secure Admin URL = https://[PKI_HOSTNAME]:[PKI_ADMIN_SECURE_PORT]/tks/services
PKI Console Command = pkiconsole https://[PKI_HOSTNAME]:[PKI_ADMIN_SECURE_PORT]/tks
diff --git a/base/server/tomcat8/conf/server.xml b/base/server/tomcat8/conf/server.xml
index c482fc1..2c2536b 100644
--- a/base/server/tomcat8/conf/server.xml
+++ b/base/server/tomcat8/conf/server.xml
@@ -37,7 +37,6 @@ Tomcat Port = [TOMCAT_SERVER_PORT] (for shutdown)
-->
<!-- KRA Status Definitions -->
<!--
-Unsecure URL = http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/kra/ee/kra
Secure Agent URL = https://[PKI_HOSTNAME]:[PKI_AGENT_SECURE_PORT]/kra/agent/kra
Secure Admin URL = https://[PKI_HOSTNAME]:[PKI_ADMIN_SECURE_PORT]/kra/services
PKI Console Command = pkiconsole https://[PKI_HOSTNAME]:[PKI_ADMIN_SECURE_PORT]/kra
@@ -45,16 +44,15 @@ Tomcat Port = [TOMCAT_SERVER_PORT] (for shutdown)
-->
<!-- OCSP Status Definitions -->
<!--
-Unsecure URL = http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/ocsp/ee/ocsp
+Unsecure URL = http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/ocsp/ee/ocsp/<ocsp request blob>
Secure Agent URL = https://[PKI_HOSTNAME]:[PKI_AGENT_SECURE_PORT]/ocsp/agent/ocsp
-Secure EE URL = https://[PKI_HOSTNAME]:[PKI_EE_SECURE_PORT]/ocsp/ee/ocsp
+Secure EE URL = https://[PKI_HOSTNAME]:[PKI_EE_SECURE_PORT]/ocsp/ee/ocsp/<ocsp request blob>
Secure Admin URL = https://[PKI_HOSTNAME]:[PKI_ADMIN_SECURE_PORT]/ocsp/services
PKI Console Command = pkiconsole https://[PKI_HOSTNAME]:[PKI_ADMIN_SECURE_PORT]/ocsp
Tomcat Port = [TOMCAT_SERVER_PORT] (for shutdown)
-->
<!-- TKS Status Definitions -->
<!--
-Unsecure URL = http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/tks/ee/tks
Secure Agent URL = https://[PKI_HOSTNAME]:[PKI_AGENT_SECURE_PORT]/tks/agent/tks
Secure Admin URL = https://[PKI_HOSTNAME]:[PKI_ADMIN_SECURE_PORT]/tks/services
PKI Console Command = pkiconsole https://[PKI_HOSTNAME]:[PKI_ADMIN_SECURE_PORT]/tks
diff --git a/base/server/upgrade/10.2.6/01-RemoveInaccessableURLsFromServerXML b/base/server/upgrade/10.2.6/01-RemoveInaccessableURLsFromServerXML
index e27cfc4..240fd28 100755
--- a/base/server/upgrade/10.2.6/01-RemoveInaccessableURLsFromServerXML
+++ b/base/server/upgrade/10.2.6/01-RemoveInaccessableURLsFromServerXML
@@ -35,7 +35,9 @@ class RemoveInaccessableURLsFromServerXML(
subprocess.check_call([
'sed', '-i',
'-e', '\|^.*EE Client Auth URL.*ca/eeca/ca.*$|d',
+ '-e', '\|^.*Unsecure URL.*kra/ee/kra.*$|d',
'-e', '\|^.*Secure EE URL.*kra/ee/kra.*$|d',
+ '-e', '\|^.*Unsecure URL.*tks/ee/tks.*$|d',
'-e', '\|^.*Secure EE URL.*tks/ee/tks.*$|d',
'/etc/pki/{0}/server.xml'.format(instance.name)
])