[Pki-devel] The Why's of PKI
Adam Young
ayoung at redhat.com
Wed Sep 14 21:16:34 UTC 2011
On 09/14/2011 04:55 PM, Andrew Wnuk wrote:
> On 09/14/2011 01:52 PM, Chandrasekar Kannan wrote:
>> On 09/14/2011 01:44 PM, Adam Young wrote:
>>>
>>>>>
>>>>> Is using different ports for CA and DRM (an so forth) merely an
>>>>> artifact of using multiple servers, or is there an additional
>>>>> reason to do so?
>>>>
>>>> Pkicreate tool allows selecting any ports. Pkicreate also suggests
>>>> ports for out of the box ease of use.
>>>
>>> There must be more to the story than this. I tried running
>>> pkicreate with two of the subsystems using the same port
>>>
>>>
>>> -agent_secure_port=8443 -ee_secure_port=8443
>>>
>>> And when it runs I get the error
>>>
>>> [error] Invalid port numbers submitted!
>>>
>>>
>>> Is there some reason that these cannot be the same port, or is it
>>> just convention. Does the agent use some protocol other than HTTP?
>>> I get this error is I try to use the same port for any two
>>> *_secure_port values.
>>
>> one is for regular ssl. other is for ssl with "client auth".
>>
>> - Chandra
>>
>
> Adam can also check docs for more details:
> http://docs.redhat.com/docs/en-US/Red_Hat_Certificate_System/8.1/html/Command-Line_Tools_Guide/Create_and_Remove_Instance_Tools.html#Create_and_Remove_Instance_Tools-pkicreate
>
And there I see that specifying the separate ports is an option, but
that the first line of the script is for it all to use 3 ports:
Unsecure, SSL, startup/shutdown. So multiple ports is not required.
>
>>
>>>
>>>
>>>
>>> _______________________________________________
>>> Pki-devel mailing list
>>> Pki-devel at redhat.com
>>> https://www.redhat.com/mailman/listinfo/pki-devel
>>
>> _______________________________________________
>> Pki-devel mailing list
>> Pki-devel at redhat.com
>> https://www.redhat.com/mailman/listinfo/pki-devel
>
> _______________________________________________
> Pki-devel mailing list
> Pki-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-devel
More information about the Pki-devel
mailing list