Re: [Pki-devel] The Why's of PKI
On 09/14/2011 04:55 PM, Andrew Wnuk wrote:
On 09/14/2011 01:52 PM, Chandrasekar Kannan wrote:
> On 09/14/2011 01:44 PM, Adam Young wrote:
>>
>>>>
>>>> Is using different ports for CA and DRM (an so forth) merely an
>>>> artifact of using multiple servers, or is there an additional
>>>> reason to do so?
>>>
>>> Pkicreate tool allows selecting any ports. Pkicreate also suggests
>>> ports for out of the box ease of use.
>>
>> There must be more to the story than this. I tried running
>> pkicreate with two of the subsystems using the same port
>>
>>
>> -agent_secure_port=8443 -ee_secure_port=8443
>>
>> And when it runs I get the error
>>
>> [error] Invalid port numbers submitted!
>>
>>
>> Is there some reason that these cannot be the same port, or is it
>> just convention. Does the agent use some protocol other than HTTP?
>> I get this error is I try to use the same port for any two
>> *_secure_port values.
>
> one is for regular ssl. other is for ssl with "client auth".
>
> - Chandra
>
Adam can also check docs for more details:
http://docs.redhat.com/docs/en-US/Red_Hat_Certificate_System/8.1/html/Com...
And there I see that specifying the separate ports is an option, but
that the first line of the script is for it all to use 3 ports:
Unsecure, SSL, startup/shutdown. So multiple ports is not required.
>
>>
>>
>>
>> _______________________________________________
>> Pki-devel mailing list
>> Pki-devel(a)redhat.com
>> https://www.redhat.com/mailman/listinfo/pki-devel
>
> _______________________________________________
> Pki-devel mailing list
> Pki-devel(a)redhat.com
> https://www.redhat.com/mailman/listinfo/pki-devel
_______________________________________________
Pki-devel mailing list
Pki-devel(a)redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel