[Pki-devel] The Why's of PKI

Adam Young ayoung at redhat.com
Wed Sep 14 21:16:34 UTC 2011


On 09/14/2011 04:55 PM, Andrew Wnuk wrote:
> On 09/14/2011 01:52 PM, Chandrasekar Kannan wrote:
>> On 09/14/2011 01:44 PM, Adam Young wrote:
>>>
>>>>>
>>>>> Is using different ports for CA and DRM (an so forth)  merely an 
>>>>> artifact of using multiple servers, or is there an additional  
>>>>> reason to do so?
>>>>
>>>> Pkicreate tool allows selecting any ports.  Pkicreate also suggests 
>>>> ports for out of the box ease of use.
>>>
>>> There must be more to the story than this.  I tried running 
>>> pkicreate with two of the subsystems using the same port
>>>
>>>
>>> -agent_secure_port=8443 -ee_secure_port=8443
>>>
>>> And when it runs I get the error
>>>
>>> [error] Invalid port numbers submitted!
>>>
>>>
>>> Is there some reason that these cannot be the same port, or is it 
>>> just convention.  Does the agent use some protocol other than HTTP?  
>>> I get this error is I try to use the same port for any two 
>>> *_secure_port  values.
>>
>> one is for regular ssl. other is for ssl with "client auth".
>>
>> - Chandra
>>
>
> Adam can also check docs for more details:
> http://docs.redhat.com/docs/en-US/Red_Hat_Certificate_System/8.1/html/Command-Line_Tools_Guide/Create_and_Remove_Instance_Tools.html#Create_and_Remove_Instance_Tools-pkicreate 
>

And there I see that specifying the separate ports is an option, but 
that the first line of the script is for it all to use 3 ports:  
Unsecure, SSL, startup/shutdown.  So multiple ports is not required.



>
>>
>>>
>>>
>>>
>>> _______________________________________________
>>> Pki-devel mailing list
>>> Pki-devel at redhat.com
>>> https://www.redhat.com/mailman/listinfo/pki-devel
>>
>> _______________________________________________
>> Pki-devel mailing list
>> Pki-devel at redhat.com
>> https://www.redhat.com/mailman/listinfo/pki-devel
>
> _______________________________________________
> Pki-devel mailing list
> Pki-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-devel




More information about the Pki-devel mailing list