Per discussions via email and IRC, the attached patch restores and
modifies the two OCSP URL links. Additionally, this patch alters the
pkidaemon man page to reflect these changes.
-- Matt
On 08/04/15 16:43, Matthew Harmsen wrote:
Please review the attached patch which addresses the following two
tickets:
* PKI TRAC Ticket #1443 - pkidaemon status tomcat list URLs under
PKI subsystems which are not accessible
<
https://fedorahosted.org/pki/ticket/1443>
* PKI TRAC Ticket #1518 - OCSP ee url returned by pkidaemon status
tomcat shows an error page <
https://fedorahosted.org/pki/ticket/1518>
These were tested by installing four new instances and running
'pkidaemon status tomcat pki-tomcat'. The following four inaccessible
URLs no longer showed up:
* *Unsecure URL =
http://pki.example.com:8080/kra/ee/kra* (1443)
* *Unsecure URL =
http://pki.example.com:8080/ocsp/ee/ocsp*
(1518)
* *Secure EE URL =
https://pki.example.com:8443/ocsp/ee/ocsp*
(1518)
* *Unsecure URL =
http://pki.example.com:8080/tks/ee/tks* (1443)
Additionally, a test was run which showed that the upgrade code worked
successfully:
# pkidaemon status tomcat pki-tomcat
Status for pki-tomcat: pki-tomcat is running ..
[CA Status Definitions]
Unsecure URL =
http://pki.example.com:8080/ca/ee/ca
Secure Agent URL =
https://pki.example.com:8443/ca/agent/ca
Secure EE URL =
https://pki.example.com:8443/ca/ee/ca
Secure Admin URL =
https://pki.example.com:8443/ca/services
PKI Console Command = pkiconsole
https://pki.example.com:8443/ca
Tomcat Port = 8005 (for shutdown)
[DRM Status Definitions]
* Unsecure URL =
http://pki.example.com:8080/kra/ee/kra*
Secure Agent URL =
https://pki.example.com:8443/kra/agent/kra
Secure Admin URL =
https://pki.example.com:8443/kra/services
PKI Console Command = pkiconsole
https://pki.example.com:8443/kra
Tomcat Port = 8005 (for shutdown)
[OCSP Status Definitions]
* Unsecure URL =
http://pki.example.com:8080/ocsp/ee/ocsp*
Secure Agent URL =
https://pki.example.com:8443/ocsp/agent/ocsp
* Secure EE URL =
https://pki.example.com:8443/ocsp/ee/ocsp*
Secure Admin URL =
https://pki.example.com:8443/ocsp/services
PKI Console Command = pkiconsole
https://pki.example.com:8443/ocsp
Tomcat Port = 8005 (for shutdown)
[TKS Status Definitions]
* Unsecure URL =
http://pki.example.com:8080/tks/ee/tks*
Secure Agent URL =
https://pki.example.com:8443/tks/agent/tks
Secure Admin URL =
https://pki.example.com:8443/tks/services
PKI Console Command = pkiconsole
https://pki.example.com:8443/tks
Tomcat Port = 8005 (for shutdown)
[CA Configuration Definitions]
PKI Instance Name: pki-tomcat
PKI Subsystem Type: Root CA (Security Domain)
Registered PKI Security Domain Information:
==========================================================================
Name:
example.com Security Domain
URL:
https://pki.example.com:8443
==========================================================================
[DRM Configuration Definitions]
PKI Instance Name: pki-tomcat
PKI Subsystem Type: DRM
Registered PKI Security Domain Information:
==========================================================================
Name:
example.com Security Domain
URL:
https://pki.example.com:8443
==========================================================================
[OCSP Configuration Definitions]
PKI Instance Name: pki-tomcat
PKI Subsystem Type: OCSP
Registered PKI Security Domain Information:
==========================================================================
Name:
example.com Security Domain
URL:
https://pki.example.com:8443
==========================================================================
[TKS Configuration Definitions]
PKI Instance Name: pki-tomcat
PKI Subsystem Type: TKS
Registered PKI Security Domain Information:
==========================================================================
Name:
example.com Security Domain
URL:
https://pki.example.com:8443
==========================================================================
After running the upgrade script, the inaccessible URLs were removed:
# pkidaemon status tomcat pki-tomcat
Status for pki-tomcat: pki-tomcat is running ..
[CA Status Definitions]
Unsecure URL =
http://pki.example.com:8080/ca/ee/ca
Secure Agent URL =
https://pki.example.com:8443/ca/agent/ca
Secure EE URL =
https://pki.example.com:8443/ca/ee/ca
Secure Admin URL =
https://pki.example.com:8443/ca/services
PKI Console Command = pkiconsole
https://pki.example.com:8443/ca
Tomcat Port = 8005 (for shutdown)
[DRM Status Definitions]
Secure Agent URL =
https://pki.example.com:8443/kra/agent/kra
Secure Admin URL =
https://pki.example.com:8443/kra/services
PKI Console Command = pkiconsole
https://pki.example.com:8443/kra
Tomcat Port = 8005 (for shutdown)
[OCSP Status Definitions]
Secure Admin URL =
https://pki.example.com:8443/ocsp/services
PKI Console Command = pkiconsole
https://pki.example.com:8443/ocsp
Tomcat Port = 8005 (for shutdown)
[TKS Status Definitions]
Secure Agent URL =
https://pki.example.com:8443/tks/agent/tks
Secure Admin URL =
https://pki.example.com:8443/tks/services
PKI Console Command = pkiconsole
https://pki.example.com:8443/tks
Tomcat Port = 8005 (for shutdown)
[CA Configuration Definitions]
PKI Instance Name: pki-tomcat
PKI Subsystem Type: Root CA (Security Domain)
Registered PKI Security Domain Information:
==========================================================================
Name:
example.com Security Domain
URL:
https://pki.example.com:8443
==========================================================================
[DRM Configuration Definitions]
PKI Instance Name: pki-tomcat
PKI Subsystem Type: DRM
Registered PKI Security Domain Information:
==========================================================================
Name:
example.com Security Domain
URL:
https://pki.example.com:8443
==========================================================================
[OCSP Configuration Definitions]
PKI Instance Name: pki-tomcat
PKI Subsystem Type: OCSP
Registered PKI Security Domain Information:
==========================================================================
Name:
example.com Security Domain
URL:
https://pki.example.com:8443
==========================================================================
[TKS Configuration Definitions]
PKI Instance Name: pki-tomcat
PKI Subsystem Type: TKS
Registered PKI Security Domain Information:
==========================================================================
Name:
example.com Security Domain
URL:
https://pki.example.com:8443
==========================================================================