Please review the attached patch which addresses the following two tickets:Unsecure URL = http://pki.example.com:8080/ocsp/ee/ocsp/<ocsp request blob>
- PKI TRAC Ticket #1443 - pkidaemon status tomcat list URLs under PKI subsystems which are not accessible
- PKI TRAC Ticket #1518 - OCSP ee url returned by pkidaemon status tomcat shows an error page
These were tested by installing four new instances and running 'pkidaemon status tomcat pki-tomcat'. The following four inaccessible URLs no longer showed up:
- Unsecure URL = http://pki.example.com:8080/kra/ee/kra (1443)
- Unsecure URL = http://pki.example.com:8080/ocsp/ee/ocsp (1518)
- Secure EE URL = https://pki.example.com:8443/ocsp/ee/ocsp (1518)
- Unsecure URL = http://pki.example.com:8080/tks/ee/tks (1443)
Additionally, a test was run which showed that the upgrade code worked successfully:
# pkidaemon status tomcat pki-tomcatAfter running the upgrade script, the inaccessible URLs were removed:
Status for pki-tomcat: pki-tomcat is running ..
[CA Status Definitions]
Unsecure URL = http://pki.example.com:8080/ca/ee/ca
Secure Agent URL = https://pki.example.com:8443/ca/agent/ca
Secure EE URL = https://pki.example.com:8443/ca/ee/ca
Secure Admin URL = https://pki.example.com:8443/ca/services
PKI Console Command = pkiconsole https://pki.example.com:8443/ca
Tomcat Port = 8005 (for shutdown)
[DRM Status Definitions]
Unsecure URL = http://pki.example.com:8080/kra/ee/kra
Secure Agent URL = https://pki.example.com:8443/kra/agent/kra
Secure Admin URL = https://pki.example.com:8443/kra/services
PKI Console Command = pkiconsole https://pki.example.com:8443/kra
Tomcat Port = 8005 (for shutdown)
[OCSP Status Definitions]
Unsecure URL = http://pki.example.com:8080/ocsp/ee/ocsp
Secure Agent URL = https://pki.example.com:8443/ocsp/agent/ocsp
Secure EE URL = https://pki.example.com:8443/ocsp/ee/ocsp
Secure Admin URL = https://pki.example.com:8443/ocsp/services
PKI Console Command = pkiconsole https://pki.example.com:8443/ocsp
Tomcat Port = 8005 (for shutdown)
[TKS Status Definitions]
Unsecure URL = http://pki.example.com:8080/tks/ee/tks
Secure Agent URL = https://pki.example.com:8443/tks/agent/tks
Secure Admin URL = https://pki.example.com:8443/tks/services
PKI Console Command = pkiconsole https://pki.example.com:8443/tks
Tomcat Port = 8005 (for shutdown)
[CA Configuration Definitions]
PKI Instance Name: pki-tomcat
PKI Subsystem Type: Root CA (Security Domain)
Registered PKI Security Domain Information:
==========================================================================
Name: example.com Security Domain
URL: https://pki.example.com:8443
==========================================================================
[DRM Configuration Definitions]
PKI Instance Name: pki-tomcat
PKI Subsystem Type: DRM
Registered PKI Security Domain Information:
==========================================================================
Name: example.com Security Domain
URL: https://pki.example.com:8443
==========================================================================
[OCSP Configuration Definitions]
PKI Instance Name: pki-tomcat
PKI Subsystem Type: OCSP
Registered PKI Security Domain Information:
==========================================================================
Name: example.com Security Domain
URL: https://pki.example.com:8443
==========================================================================
[TKS Configuration Definitions]
PKI Instance Name: pki-tomcat
PKI Subsystem Type: TKS
Registered PKI Security Domain Information:
==========================================================================
Name: example.com Security Domain
URL: https://pki.example.com:8443
==========================================================================
# pkidaemon status tomcat pki-tomcat
Status for pki-tomcat: pki-tomcat is running ..
[CA Status Definitions]
Unsecure URL = http://pki.example.com:8080/ca/ee/ca
Secure Agent URL = https://pki.example.com:8443/ca/agent/ca
Secure EE URL = https://pki.example.com:8443/ca/ee/ca
Secure Admin URL = https://pki.example.com:8443/ca/services
PKI Console Command = pkiconsole https://pki.example.com:8443/ca
Tomcat Port = 8005 (for shutdown)
[DRM Status Definitions]
Secure Agent URL = https://pki.example.com:8443/kra/agent/kra
Secure Admin URL = https://pki.example.com:8443/kra/services
PKI Console Command = pkiconsole https://pki.example.com:8443/kra
Tomcat Port = 8005 (for shutdown)
[OCSP Status Definitions]
Secure EE URL = https://pki.example.com:8443/ocsp/ee/ocsp/<ocsp request blob>Secure Agent URL = https://pki.example.com:8443/ocsp/agent/ocsp
Secure Admin URL = https://pki.example.com:8443/ocsp/services
PKI Console Command = pkiconsole https://pki.example.com:8443/ocsp
Tomcat Port = 8005 (for shutdown)
[TKS Status Definitions]
Secure Agent URL = https://pki.example.com:8443/tks/agent/tks
Secure Admin URL = https://pki.example.com:8443/tks/services
PKI Console Command = pkiconsole https://pki.example.com:8443/tks
Tomcat Port = 8005 (for shutdown)
[CA Configuration Definitions]
PKI Instance Name: pki-tomcat
PKI Subsystem Type: Root CA (Security Domain)
Registered PKI Security Domain Information:
==========================================================================
Name: example.com Security Domain
URL: https://pki.example.com:8443
==========================================================================
[DRM Configuration Definitions]
PKI Instance Name: pki-tomcat
PKI Subsystem Type: DRM
Registered PKI Security Domain Information:
==========================================================================
Name: example.com Security Domain
URL: https://pki.example.com:8443
==========================================================================
[OCSP Configuration Definitions]
PKI Instance Name: pki-tomcat
PKI Subsystem Type: OCSP
Registered PKI Security Domain Information:
==========================================================================
Name: example.com Security Domain
URL: https://pki.example.com:8443
==========================================================================
[TKS Configuration Definitions]
PKI Instance Name: pki-tomcat
PKI Subsystem Type: TKS
Registered PKI Security Domain Information:
==========================================================================
Name: example.com Security Domain
URL: https://pki.example.com:8443
==========================================================================