The Dogtag Certificate System is an enterprise-class Certificate Authority (CA) which supports all aspects of certificate lifecycle management, including key archival, OCSP and smartcard management.
This issue was migrated from Pagure Issue #1078. Originally filed by mharmsen (@mharmsen) on 2014-07-23 19:31:41:
Assigned to nobody
When originally designed (see PKI Instance Deployment), it was believed that the contents which eventually ended up in the 'default.cfg' file as used by the pkispawn/pkidestroy framework would need to support Java-based Tomcat PKI subsystems (CA, KRA, OCSP, and TKS), as well as native-based Apache PKI subsystems (RA, TPS).
Additionally, it was originally believed that this framework should be made flexible enough to support additional web-based services from other external applications such as JBoss.
Since that time, TPS is in the late stages of being moved from an Apache-based process to a Tomcat-based process, the existing RA will continue to utilize the legacy pkicreate/pkiremove framework until such time as it too is re-architected, and interest appears to have waned in the need to support JBoss-based instances.
Consequently, we should consider:
moving the contents of the [Tomcat] section to the [Default] section of 'default.cfg'
re-factoring the pkispawn/pkidestroy Python installation scripts to make certain that these Tomcat-based variables are accounted for under default variable handling
re-factoring the pkispawn/pkidestroy Python installation scripts to remove any conditionals based-upon Tomcat-based PKI subsystems since the pkispawn/pkidestroy framework will no longer be intended to support multiple distinct web servers (e. g. - Apache, JBoss, Tomcat, etc.)
This issue was migrated from Pagure Issue #1078. Originally filed by mharmsen (@mharmsen) on 2014-07-23 19:31:41:
When originally designed (see PKI Instance Deployment), it was believed that the contents which eventually ended up in the 'default.cfg' file as used by the pkispawn/pkidestroy framework would need to support Java-based Tomcat PKI subsystems (CA, KRA, OCSP, and TKS), as well as native-based Apache PKI subsystems (RA, TPS).
Additionally, it was originally believed that this framework should be made flexible enough to support additional web-based services from other external applications such as JBoss.
Since that time, TPS is in the late stages of being moved from an Apache-based process to a Tomcat-based process, the existing RA will continue to utilize the legacy pkicreate/pkiremove framework until such time as it too is re-architected, and interest appears to have waned in the need to support JBoss-based instances.
Consequently, we should consider:
Proposed Milestone: 10.3