[Bug 553852] Review Request: pki-tps - The Dogtag PKI System Token Processing System

bugzilla at redhat.com bugzilla at redhat.com
Thu Feb 4 00:40:24 UTC 2010 

Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.


https://bugzilla.redhat.com/show_bug.cgi?id=553852

--- Comment #13 from Matthew Harmsen <mharmsen at redhat.com> 2010-02-03 19:40:19 EST ---
The following files:

    /usr/share/pki/tps/conf/CS.cfg
    /usr/share/pki/tps/conf/httpd.conf
    /usr/share/pki/tps/conf/nss.conf
    /usr/share/pki/tps/conf/perl.conf

are NOT used directly by Apache at all.

Basically, they are used as "templates" that contain both fixed and substituted
values whenever an "instance" of 'pki-tps' is created by the "pkicreate"
program (which is part of the "pki-setup" runtime dependency used to create all
six different types of Dogtag PKI subsystems - CA, KRA, OCSP, TKS, RA, and
TPS).  

CA, KRA, OCSP, and TKS are created as instances of "Tomcat", while RA and TPS
are created as instances of Apache.

Note that many instances of a given Dogtag PKI subsystem may be generated, and
each need to contain their own unique name (and configuration files) - for
example, 'pki-tps', 'pki-tps1', 'pki-tps2', etc.

For example, when creating an initial default instance of PKI TPS called
'pki-tps', the following command may be run:

pkicreate -pki_instance_root=/var/lib        \
          -pki_instance_name=pki-tps         \
          -subsystem_type=tps                \
          -secure_port=7889                  \
          -non_clientauth_secure_port=7890   \
          -unsecure_port=7888                \
          -user=pkiuser                      \
          -group=pkiuser                     \
          -redirect conf=/etc/pki-tps        \
          -redirect logs=/var/log/pki-tps    \
          -verbose

This will cause these template files to be filled with initial appropriate
values for the 'pki-tps' instance being created.  In this example, these
"instance" configuration files used by Apache will be stored under the
following names:

    /etc/pki-tps/CS.cfg
    /etc/pki-tps/httpd.conf
    /etc/pki-tps/nss.conf
    /etc/pki-tps/perl.conf

More values will be changed in the "CS.cfg" file once this 'pki-tps' instance
has been configured.

For all PKI TPS instances, start/stop/status control of this Apache module will
be managed by the master '/etc/init.d/pki-tpsd' file utilizing these
instance-specific configuration files (e. g. - service pki-tpsd status
pki-tps).

-- 
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

More information about the package-review mailing list