Configuration Files For Web Services - Red Hat CERTIFICATE SYSTEM 8.0 - ADMINISTRATION Admin Manual
Hide thumbs
Also See for CERTIFICATE SYSTEM 8.0 - ADMINISTRATION:
- Using manual (48 pages) ,
- Agents manual (146 pages) ,
- Manual (124 pages)
Table of Contents
Advertisement
Chapter 12. Editing Configuration in the CS.cfg File
NOTE
The TPS and RA subsystems do not have a password-quality checker.
The Certificate System enforces password quality on only those passwords that it creates and
manages. Passwords for LDAP directory access are not subjected to quality checks. In an LDAP
directory access, the remote directory enforces the quality of the password because it is created and
managed by the directory.
12.4. Configuration Files for Web Services
All of the agent and administrative services for the subsystems are accessed over web protocols. The
CA, OCSP, DRM, and TKS use Tomcat as their web server, while the RA and TPS use Apache. For
information on configuring and customizing these web services, see the relevant documentation for
http://tomcat.apache.org/
Tomcat at
The CA, OCSP, TKS, and DRM primarily configure their web-based services in the server.xml file,
though they have other files in the /var/lib/subsystem_name/conf directory for configuring their
Tomcat engine. The server.xml file sets the files and ports to use to access all of their end user,
agent, and even administrative services.
<Connector name="Agent" port="9443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="true" sslProtocol="SSL"
sslOptions="ssl2=true,ssl3=true,tls=true"
ssl2Ciphers="-SSL2_RC4_128_WITH_MD5...
ssl3Ciphers="-SSL3_FORTEZZA_DMS_WITH_NULL_SHA,...
tls3Ciphers="-SSL3_FORTEZZA_DMS_WITH_NULL_SHA,...
SSLImplementation="org.apache.tomcat.util.net.jss.JSSImplementation"
serverCertNickFile="/var/lib/pki-ca/conf/serverCertNick.conf"
passwordFile="/var/lib/pki-ca/conf/password.conf"
passwordClass="org.apache.tomcat.util.net.jss.PlainPasswordFile"
certdbDir="/var/lib/pki-ca/alias"/>
The RA and TPS use three files:
• nss.conf
• httpd.conf
• pwcache.conf
As with the server.xml file, the nss.conf file is used to configure the instance ports and SSL/TLS
and certificate settings, while the httpd.conf file is used to configure the docroots for the different
interfaces.
294
and for Apache at http://apache.org/.
Advertisement
Table of Contents
Need help?
Do you have a question about the CERTIFICATE SYSTEM 8.0 - ADMINISTRATION and is the answer not in the manual?