For consistency the server.xml templates for Tomcat 7 and 8 have been modified to use the same unsecure port used by the instance in the default OCSP responder URL.
https://fedorahosted.org/pki/ticket/2476 Pushed to master under trivial/one-liner rule. -- Endi S. Dewata
>From 4992365e18eb74ebc4ff84b907e34cfb67218ab9 Mon Sep 17 00:00:00 2001 From: "Endi S. Dewata" <[email protected]> Date: Tue, 1 Nov 2016 19:43:42 +0100 Subject: [PATCH] Fixed default OCSP port in server.xml. For consistency the server.xml templates for Tomcat 7 and 8 have been modified to use the same unsecure port used by the instance in the default OCSP responder URL. https://fedorahosted.org/pki/ticket/2476 --- base/server/tomcat7/conf/server.xml | 2 +- base/server/tomcat8/conf/server.xml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/base/server/tomcat7/conf/server.xml b/base/server/tomcat7/conf/server.xml index c78bdbdc00e5c2f5bcbd2f47638d186352274fa8..cc3160d159d7d862c46ac6eca9f29994885b8b27 100644 --- a/base/server/tomcat7/conf/server.xml +++ b/base/server/tomcat7/conf/server.xml @@ -192,7 +192,7 @@ Tomcat Port = [TOMCAT_SERVER_PORT] (for shutdown) enableLookups="false" disableUploadTimeout="true" sslImplementationName="org.apache.tomcat.util.net.jss.JSSImplementation" enableOCSP="false" - ocspResponderURL="http://[PKI_HOSTNAME]:9080/ca/ocsp"; + ocspResponderURL="http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/ca/ocsp"; ocspResponderCertNickname="ocspSigningCert cert-pki-ca" ocspCacheSize="1000" ocspMinCacheEntryDuration="60" diff --git a/base/server/tomcat8/conf/server.xml b/base/server/tomcat8/conf/server.xml index ddbe009e4159484c84e8fa95e59d6f36318e86b1..af463f52b34fe3186177a2c394dc34a462669764 100644 --- a/base/server/tomcat8/conf/server.xml +++ b/base/server/tomcat8/conf/server.xml @@ -218,7 +218,7 @@ Tomcat Port = [TOMCAT_SERVER_PORT] (for shutdown) enableLookups="false" disableUploadTimeout="true" sslImplementationName="org.apache.tomcat.util.net.jss.JSSImplementation" enableOCSP="false" - ocspResponderURL="http://[PKI_HOSTNAME]:9080/ca/ocsp"; + ocspResponderURL="http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/ca/ocsp"; ocspResponderCertNickname="ocspSigningCert cert-pki-ca" ocspCacheSize="1000" ocspMinCacheEntryDuration="60" -- 2.5.5
_______________________________________________ Pki-devel mailing list [email protected] https://www.redhat.com/mailman/listinfo/pki-devel
