11:46 a.m.
OK -- I tried this --
1. Install instance A with CA, KRA
2. Install instance B with CA. At this point, status shows me error on
not being able to find KRA files on instance B.
3. Install OCSP on instance A.
4. Remove OCSP on instance A. Other than problem mentioned above, all
looks ok.
5. Install OCSP on instance B.
I see this for B:
Status for pki-tomcat28: pki-tomcat28 is running ..
[CA Status Definitions]
Unsecure Port = http://alee-workpc.redhat.com:8280/ca/ee/ca
Secure Agent Port = https://alee-workpc.redhat.com:8283/ca/agent/ca
Secure EE Port = https://alee-workpc.redhat.com:8283/ca/ee/ca
Secure Admin Port = https://alee-workpc.redhat.com:8283/ca/services
EE Client Auth Port = https://alee-workpc.redhat.com:8283/ca/eeca/ca
PKI Console Port = pkiconsole https://alee-workpc.redhat.com:8283/ca
Tomcat Port = 8285 (for shutdown)
Unsecure Port = http://alee-workpc.redhat.com:8280/kra/ee/kra
Secure Agent Port = https://alee-workpc.redhat.com:8283/kra/agent/kra
Secure EE Port = https://alee-workpc.redhat.com:8283/kra/ee/kra
Secure Admin Port = https://alee-workpc.redhat.com:8283/kra/services
PKI Console Port = pkiconsole https://alee-workpc.redhat.com:8283/kra
Tomcat Port = 8285 (for shutdown)
[OCSP Status Definitions]
Unsecure Port = http://alee-workpc.redhat.com:8280/ocsp/ee/ocsp
Secure Agent Port = https://alee-workpc.redhat.com:8283/ocsp/agent/ocsp
Secure EE Port = https://alee-workpc.redhat.com:8283/ocsp/ee/ocsp
Secure Admin Port = https://alee-workpc.redhat.com:8283/ocsp/services
PKI Console Port = pkiconsole https://alee-workpc.redhat.com:8283/ocsp
Tomcat Port = 8285 (for shutdown)
Looks like you are not parsing the server.conf correctly.
On Wed, 2012-12-19 at 12:29 -0500, Ade Lee wrote:
I found the following issues:
Issue 1:
Lets say I have the following setup:
instance A with subsystems CA, KRA, OCSP
instance B with subsystem CA, KRA
Then for instance B, I see the following error message:
grep: /var/lib/pki/pki-tomcat27/conf/ocsp/CS.cfg: No such file or directory
pki-tomcat27 Configuration Definitions not found for ocsp
It appears that if any instance has a subsystem, then it is assumed that
all instances have that subsystem because you use a global list of
subsystems.
Issue 2:
This may be a pkidestroy problem. I did a pkidestroy of the OCSP on
instance A. Now I see the following:
[CA Status Definitions]
Unsecure Port = http://alee-workpc.redhat.com:8220/ca/ee/ca
Secure Agent Port = https://alee-workpc.redhat.com:8223/ca/agent/ca
Secure EE Port = https://alee-workpc.redhat.com:8223/ca/ee/ca
Secure Admin Port = https://alee-workpc.redhat.com:8223/ca/services
EE Client Auth Port = https://alee-workpc.redhat.com:8223/ca/eeca/ca
PKI Console Port = pkiconsole https://alee-workpc.redhat.com:8223/ca
Tomcat Port = 8225 (for shutdown)
[DRM Status Definitions]
Unsecure Port = http://alee-workpc.redhat.com:8220/kra/ee/kra
Secure Agent Port = https://alee-workpc.redhat.com:8223/kra/agent/kra
Secure EE Port = https://alee-workpc.redhat.com:8223/kra/ee/kra
Secure Admin Port = https://alee-workpc.redhat.com:8223/kra/services
PKI Console Port = pkiconsole https://alee-workpc.redhat.com:8223/kra
Tomcat Port = 8225 (for shutdown)
Unsecure Port = http://alee-workpc.redhat.com:8220/ocsp/ee/ocsp
Secure Agent Port = https://alee-workpc.redhat.com:8223/ocsp/agent/ocsp
Secure EE Port = https://alee-workpc.redhat.com:8223/ocsp/ee/ocsp
Secure Admin Port = https://alee-workpc.redhat.com:8223/ocsp/services
PKI Console Port = pkiconsole https://alee-workpc.redhat.com:8223/ocsp
Tomcat Port = 8225 (for shutdown)
That is -- I still see definitions from the removed OCSP. Ditto if I
remove the KRA.
Maybe this is a weird instance. Still testing ..
On Tue, 2012-12-18 at 19:36 -0800, Matthew Harmsen wrote:
> The attached patch addresses the following PKI issue:
> * TRAC Ticket #271 - Dogtag 10: Fix 'status' command in
> 'pkidaemon' . . .
>
> _______________________________________________
> Pki-devel mailing list
> Pki-devel(a)redhat.com
> https://www.redhat.com/mailman/listinfo/pki-devel
_______________________________________________
Pki-devel mailing list
Pki-devel(a)redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel