PKI Server HTTP Connector CLI - dogtagpki/pki GitHub Wiki
PKI 10.6 provides a CLI to manage the secure and unsecure HTTP connectors.
$ pki-server http-connector-find ----------------- 2 entries matched ----------------- Connector ID: Secure Scheme: https Port: 8443 Protocol: org.apache.coyote.http11.Http11Protocol SSL Implementation: org.apache.tomcat.util.net.jss.JSSImplementation SSL Version Range Stream: tls1_0:tls1_2 SSL Version Range Datagram: tls1_1:tls1_2 SSL Range Ciphers: -TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,-TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,-TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,-TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,-TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,-TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,-TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,-TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,-TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,-TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,-TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,-TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,-TLS_DHE_DSS_WITH_AES_128_CBC_SHA,-TLS_DHE_DSS_WITH_AES_256_CBC_SHA,-TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,-TLS_DHE_RSA_WITH_AES_128_CBC_SHA,-TLS_DHE_RSA_WITH_AES_256_CBC_SHA,-TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,-TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,-TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,-TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,-TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,-TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,-TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,-TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,-TLS_RSA_WITH_AES_128_CBC_SHA256,-TLS_RSA_WITH_AES_256_CBC_SHA256,-TLS_RSA_WITH_AES_128_GCM_SHA256,-TLS_RSA_WITH_3DES_EDE_CBC_SHA,+TLS_RSA_WITH_AES_128_CBC_SHA,+TLS_RSA_WITH_AES_256_CBC_SHA NSS Database Directory: /var/lib/pki/pki-tomcat/alias NSS Password Class: org.apache.tomcat.util.net.jss.PlainPasswordFile NSS Password File: /var/lib/pki-tomcat/conf/password.conf Server Cert Nickname File: /var/lib/pki/pki-tomcat/conf/serverCertNick.conf Connector ID: Unsecure Port: 8080 Protocol: HTTP/1.1
$ pki-server http-connector-show Unsecure Connector ID: Unsecure Port: 8080 Protocol: HTTP/1.1
Available since: PKI 10.7
$ pki-server http-connector-add Secure \
--port 8443 \
--scheme https \
--secure true \
--sslEnabled true
Available since: PKI 10.7
$ pki-server http-connector-del Secure
To change connector type or implementation, specify the following parameters:
$ pki-server http-connector-mod <Connector ID> --type <type>
Valid types are JSS and JSSE.
To modify a connector attribute, specify the parameter corresponding to the attribute to change:
$ pki-server http-connector-mod <Connector ID> [<param> <value>...]
If the value is non-empty, the attribute will be overwritten. If the value is an empty string, the attribute will be removed. Other attributes will not be changed.