Installation guide
a. At the top of the file, replace the PKI status definitions with the following section, with the
correct hostname and ports. Replace all the lines with the exact excerpt because there are
important spacing differences in the definitions.
<!-- DO NOT REMOVE - Begin PKI Status Definitions -->
<!--
Unsecure Port = http://server.example.com:9180/ca/ee/ca
Secure Agent Port = https://server.example.com:9443/ca/agent/ca
Secure EE Port = https://server.example.com:9444/ca/ee/ca
Secure Admin Port = https://server.example.com:9445/ca/services
EE Client Auth Port = https://server.exam ple.com :9446/ca/eeca/ca
PKI Console Port = pkiconsole https://server.exam ple.com :9445/ca
Tomcat Port = 9802 (for shutdown)
-->
<!-- DO NOT REMOVE - End PKI Status Definitions -->
b. Add a section for the new port. Make sure that the clientAuth value is set to true. (T he
port number and serverCertNickFile and passwordFile directives should all match
your instance information.)
<!-- Port Separation: EE Secure Client Auth Port Connector -->
<Connector name="EEClientAuth" port="9446" maxHttpHeaderSize="8192"
m axThreads="150" m inSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="true" sslProtocol="SSL"
sslOptions="ssl2=true,ssl3=true,tls=true"
ssl2Ciphers="-SSL2_RC4_128_WITH_MD5,-
SSL2_RC4_128_EXPORT40_WITH_MD5,-SSL2_RC2_128_CBC_WITH_MD5,-
SSL2_RC2_128_CBC_EXPORT40_WITH_MD5,-SSL2_DES_64_CBC_WITH_MD5,-
SSL2_DES_192_EDE3_CBC_WITH_MD5"
ssl3Ciphers="-SSL3_FORTEZZA_DMS_WITH_NULL_SHA,-
SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA,+SSL3_RSA_WITH_RC4_128_SHA,-
SSL3_RSA_EXPORT_WITH_RC4_40_MD5,+SSL3_RSA_WITH_3DES_EDE_CBC_SHA,+SSL3_R
SA_WITH_DES_CBC_SHA,-SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5,-
SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA,-
SSL_RSA_FIPS_WITH_DES_CBC_SHA,+SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,-
SSL3_RSA_WITH_NULL_MD5,-TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,-
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,+TLS_ECDHE_ECDSA_WITH_AES_256_CBC_S
HA"
tls3Ciphers="-SSL3_FORTEZZA_DMS_WITH_NULL_SHA,-
SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA,+SSL3_RSA_WITH_RC4_128_SHA,-
SSL3_RSA_EXPORT_WITH_RC4_40_MD5,+SSL3_RSA_WITH_3DES_EDE_CBC_SHA,+SSL3_R
SA_WITH_DES_CBC_SHA,-SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5,-
SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA,-
SSL_RSA_FIPS_WITH_DES_CBC_SHA,+SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,-
SSL3_RSA_WITH_NULL_MD5,-TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,-
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,+TLS_ECDHE_ECDSA_WITH_AES_256_CBC_S
HA"
SSLIm plementation="org.apache.tomcat.util.net.jss.JSSImplementation"
serverCertNickFil e="/var/lib/pki-
ca/conf/serverCertNick.conf"
passwordFile="/var/l ib/pki-ca/conf/password.conf"
passwordClass="org.apache.tomcat.util.net.jss.PlainPasswordFile"
certdbDir="/var/lib/pki-ca/alias"/>
Red Hat Certificate System 8.0 Red Hat Certificate System 8.0
24