[Bug 553852] Review Request: pki-tps - The Dogtag PKI System Token Processing System
bugzilla at redhat.com
bugzilla at redhat.com
Thu Feb 4 00:40:24 UTC 2010
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=553852
--- Comment #13 from Matthew Harmsen <mharmsen at redhat.com> 2010-02-03 19:40:19 EST ---
The following files:
/usr/share/pki/tps/conf/CS.cfg
/usr/share/pki/tps/conf/httpd.conf
/usr/share/pki/tps/conf/nss.conf
/usr/share/pki/tps/conf/perl.conf
are NOT used directly by Apache at all.
Basically, they are used as "templates" that contain both fixed and substituted
values whenever an "instance" of 'pki-tps' is created by the "pkicreate"
program (which is part of the "pki-setup" runtime dependency used to create all
six different types of Dogtag PKI subsystems - CA, KRA, OCSP, TKS, RA, and
TPS).
CA, KRA, OCSP, and TKS are created as instances of "Tomcat", while RA and TPS
are created as instances of Apache.
Note that many instances of a given Dogtag PKI subsystem may be generated, and
each need to contain their own unique name (and configuration files) - for
example, 'pki-tps', 'pki-tps1', 'pki-tps2', etc.
For example, when creating an initial default instance of PKI TPS called
'pki-tps', the following command may be run:
pkicreate -pki_instance_root=/var/lib \
-pki_instance_name=pki-tps \
-subsystem_type=tps \
-secure_port=7889 \
-non_clientauth_secure_port=7890 \
-unsecure_port=7888 \
-user=pkiuser \
-group=pkiuser \
-redirect conf=/etc/pki-tps \
-redirect logs=/var/log/pki-tps \
-verbose
This will cause these template files to be filled with initial appropriate
values for the 'pki-tps' instance being created. In this example, these
"instance" configuration files used by Apache will be stored under the
following names:
/etc/pki-tps/CS.cfg
/etc/pki-tps/httpd.conf
/etc/pki-tps/nss.conf
/etc/pki-tps/perl.conf
More values will be changed in the "CS.cfg" file once this 'pki-tps' instance
has been configured.
For all PKI TPS instances, start/stop/status control of this Apache module will
be managed by the master '/etc/init.d/pki-tpsd' file utilizing these
instance-specific configuration files (e. g. - service pki-tpsd status
pki-tps).
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
More information about the package-review
mailing list