Please review the attached patches for:
Thanks,
-- Matt
P. S. - The patches were tested on a FIPS-enabled box, and the output looks similar to the following:
pkispawn : INFO ... finalizing 'pki.server.deployment.scriptlets.finalization'
pkispawn : INFO ....... executing 'systemctl enable pki-tomcatd.target'
Created symlink from /etc/systemd/system/multi-user.target.wants/pki-tomcatd.target to /usr/lib/systemd/system/pki-tomcatd.target.
pkispawn : INFO ....... executing 'systemctl daemon-reload'
pkispawn : INFO ....... executing 'systemctl restart pki-tomcatd@pki-tomcat.service'
pkispawn : INFO ........... FIPS mode is enabled on this operating system.
pkispawn : DEBUG ........... No connection - server may still be down
pkispawn : DEBUG ........... No connection - exception thrown: ('Connection aborted.', error(111, 'Connection refused'))
pkispawn : DEBUG ........... No connection - server may still be down
pkispawn : DEBUG ........... No connection - exception thrown: ('Connection aborted.', error(111, 'Connection refused'))
pkispawn : DEBUG ........... <?xml version="1.0" encoding="UTF-8" standalone="no"?><XMLResponse><State>1</State><Type>CA</Type><Status>running</Status><Version>10.4.1-4.el7</Version></XMLResponse>
pkispawn : INFO ....... rm -rf /opt/RootCA/ca
pkispawn : INFO END spawning subsystem 'CA' of instance 'pki-tomcat'
pkispawn : INFO ... archiving configuration into '/var/log/pki/pki-tomcat/ca/archive/spawn_deployment.cfg.20170515223006'
pkispawn : INFO ....... cp -p /etc/sysconfig/pki/tomcat/pki-tomcat/ca/deployment.cfg /var/log/pki/pki-tomcat/ca/archive/spawn_deployment.cfg.20170515223006
pkispawn : DEBUG ........... chmod 660 /var/log/pki/pki-tomcat/ca/archive/spawn_deployment.cfg.20170515223006
pkispawn : DEBUG ........... chown 17:17 /var/log/pki/pki-tomcat/ca/archive/spawn_deployment.cfg.20170515223006
pkispawn : INFO ... archiving manifest into '/var/log/pki/pki-tomcat/ca/archive/spawn_manifest.20170515223006'
pkispawn : INFO ....... cp -p /etc/sysconfig/pki/tomcat/pki-tomcat/ca/manifest /var/log/pki/pki-tomcat/ca/archive/spawn_manifest.20170515223006
pkispawn : DEBUG ........... chmod 660 /var/log/pki/pki-tomcat/ca/archive/spawn_manifest.20170515223006
pkispawn : DEBUG ........... chown 17:17 /var/log/pki/pki-tomcat/ca/archive/spawn_manifest.20170515223006
==========================================================================
INSTALLATION SUMMARY
==========================================================================
Administrator's username: caadmin
Administrator's PKCS #12 file:
/opt/RootCA/caadmincert.p12
This CA subsystem of the 'pki-tomcat' instance
has FIPS mode enabled on this operating system.
REMINDER: Don't forget to update the appropriate FIPS
algorithms in server.xml in the 'pki-tomcat' instance.
To check the status of the subsystem:
systemctl status pki-tomcatd@pki-tomcat.service
To restart the subsystem:
systemctl restart pki-tomcatd@pki-tomcat.service
The URL for the subsystem is:
https://pki.example.com:8443/ca
PKI instances will be enabled upon system boot
==========================================================================