12:08 p.m.
Hello again,
I just used pkicreate to create another CA instance and still don't see how to
configure the new CA to use an IPv6 address. Is there a way to configure the new CA to use
the IPv6 address?
# service pki-ca2 status
pki-ca2 (pid 7867) is running ...
Unsecure Port = http://fed10.tpn-af.mil:9280/ca/ee/ca
Secure Agent Port = https://fed10.tpn-af.mil:9544/ca/agent/ca
Secure EE Port = https://fed10.tpn-af.mil:9543/ca/ee/ca
Secure Admin Port = https://fed10.tpn-af.mil:9545/ca/services
Secure Admin Port = pkiconsole https://fed10.tpn-af.mil:9545/ca
Tomcat Port = 9801 (for shutdown)
Only the 1) Unsecure Port entry and 2) the Tomcat Port appears to be listening on IPv6.
# netstat -tlpn
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
PID/Program name
tcp 0 0 0.0.0.0:9443 0.0.0.0:* LISTEN
9061/java
tcp 0 0 0.0.0.0:9444 0.0.0.0:* LISTEN
9061/java
tcp 0 0 0.0.0.0:9445 0.0.0.0:* LISTEN
9061/java
tcp 0 0 0.0.0.0:9543 0.0.0.0:* LISTEN
7867/java
tcp 0 0 0.0.0.0:9544 0.0.0.0:* LISTEN
7867/java
tcp 0 0 0.0.0.0:9545 0.0.0.0:* LISTEN
7867/java
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN
2121/rpcbind
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
2883/sshd
tcp 0 0 0.0.0.0:41495 0.0.0.0:* LISTEN
2134/rpc.statd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
2900/sendmail: acce
tcp 0 0 :::9280 :::* LISTEN
7867/java
tcp 0 0 ::ffff:127.0.0.1:9701 :::* LISTEN
9061/java
tcp 0 0 :::389 :::* LISTEN
2471/ns-slapd
tcp 0 0 :::9830 :::* LISTEN
2572/httpd.worker
tcp 0 0 ::ffff:127.0.0.1:9801 :::* LISTEN
7867/java
tcp 0 0 :::111 :::* LISTEN
2121/rpcbind
tcp 0 0 :::22 :::* LISTEN
2883/sshd
tcp 0 0 :::9180 :::* LISTEN
9061/java
The file /etc/pki-ca2/CS.cfg appears to have places for localhost or machinename
(hostname) but the settings are sprinkled all over the file.
Any ideas?
As an observation, I so far see IPv6 support as somewhat limited and arbitrary considering
the way 9180 was selected and the weird 9801 address.
1:49 p.m.
Fortunato wrote:
Hello again,
I just used pkicreate to create another CA instance and still don't see how to
configure the new CA to use an IPv6 address. Is there a way to configure the new CA to use
the IPv6 address?
# service pki-ca2 status
pki-ca2 (pid 7867) is running ...
Unsecure Port = http://fed10.tpn-af.mil:9280/ca/ee/ca
Secure Agent Port = https://fed10.tpn-af.mil:9544/ca/agent/ca
Secure EE Port = https://fed10.tpn-af.mil:9543/ca/ee/ca
Secure Admin Port = https://fed10.tpn-af.mil:9545/ca/services
Secure Admin Port = pkiconsole https://fed10.tpn-af.mil:9545/ca
Tomcat Port = 9801 (for shutdown)
Only the 1) Unsecure Port entry and 2) the Tomcat Port appears to be listening on IPv6.
# netstat -tlpn
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
PID/Program name
tcp 0 0 0.0.0.0:9443 0.0.0.0:* LISTEN
9061/java
tcp 0 0 0.0.0.0:9444 0.0.0.0:* LISTEN
9061/java
tcp 0 0 0.0.0.0:9445 0.0.0.0:* LISTEN
9061/java
tcp 0 0 0.0.0.0:9543 0.0.0.0:* LISTEN
7867/java
tcp 0 0 0.0.0.0:9544 0.0.0.0:* LISTEN
7867/java
tcp 0 0 0.0.0.0:9545 0.0.0.0:* LISTEN
7867/java
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN
2121/rpcbind
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
2883/sshd
tcp 0 0 0.0.0.0:41495 0.0.0.0:* LISTEN
2134/rpc.statd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
2900/sendmail: acce
tcp 0 0 :::9280 :::* LISTEN
7867/java
tcp 0 0 ::ffff:127.0.0.1:9701 :::* LISTEN
9061/java
tcp 0 0 :::389 :::* LISTEN
2471/ns-slapd
tcp 0 0 :::9830 :::* LISTEN
2572/httpd.worker
tcp 0 0 ::ffff:127.0.0.1:9801 :::* LISTEN
7867/java
tcp 0 0 :::111 :::* LISTEN
2121/rpcbind
tcp 0 0 :::22 :::* LISTEN
2883/sshd
tcp 0 0 :::9180 :::* LISTEN
9061/java
The file /etc/pki-ca2/CS.cfg appears to have places for localhost or machinename
(hostname) but the settings are sprinkled all over the file.
Any ideas?
As an observation, I so far see IPv6 support as somewhat limited and arbitrary
considering the way 9180 was selected and the weird 9801 address.
Hi Fortuanto,
We still have a few pending fixes to be done for JSS, which should be
coming soon.
Thanks,
Kashyap
ps: that was intended here :)
_______________________________________________
Pki-users mailing list
Pki-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/pki-users
5715
days inactive
5716
days old
1 comments
2 participants
participants (2)
-
Fortunato -
kashyap chamarthy