PKI Server HTTP Connector CLI - dogtagpki/pki GitHub Wiki

Overview

PKI 10.6 provides a CLI to manage the secure and unsecure HTTP connectors.

Listing HTTP Connectors

$ pki-server http-connector-find
-----------------
2 entries matched
-----------------
  Connector ID: Secure
  Scheme: https
  Port: 8443
  Protocol: org.apache.coyote.http11.Http11Protocol
  SSL Implementation: org.apache.tomcat.util.net.jss.JSSImplementation
  SSL Version Range Stream: tls1_0:tls1_2
  SSL Version Range Datagram: tls1_1:tls1_2
  SSL Range Ciphers: -TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,-TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,-TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,-TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,-TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,-TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,-TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,-TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,-TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,-TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,-TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,-TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,-TLS_DHE_DSS_WITH_AES_128_CBC_SHA,-TLS_DHE_DSS_WITH_AES_256_CBC_SHA,-TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,-TLS_DHE_RSA_WITH_AES_128_CBC_SHA,-TLS_DHE_RSA_WITH_AES_256_CBC_SHA,-TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,-TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,-TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,-TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,-TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,-TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,-TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,-TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,-TLS_RSA_WITH_AES_128_CBC_SHA256,-TLS_RSA_WITH_AES_256_CBC_SHA256,-TLS_RSA_WITH_AES_128_GCM_SHA256,-TLS_RSA_WITH_3DES_EDE_CBC_SHA,+TLS_RSA_WITH_AES_128_CBC_SHA,+TLS_RSA_WITH_AES_256_CBC_SHA
  NSS Database Directory: /var/lib/pki/pki-tomcat/alias
  NSS Password Class: org.apache.tomcat.util.net.jss.PlainPasswordFile
  NSS Password File: /var/lib/pki-tomcat/conf/password.conf
  Server Cert Nickname File: /var/lib/pki/pki-tomcat/conf/serverCertNick.conf

  Connector ID: Unsecure
  Port: 8080
  Protocol: HTTP/1.1

Displaying HTTP Connector Details

$ pki-server http-connector-show Unsecure
  Connector ID: Unsecure
  Port: 8080
  Protocol: HTTP/1.1

Adding HTTP Connector

Available since: PKI 10.7

$ pki-server http-connector-add Secure \
    --port 8443 \
    --scheme https \
    --secure true \
    --sslEnabled true

Removing HTTP Connector

Available since: PKI 10.7

$ pki-server http-connector-del Secure

Modiying HTTP Connector

To change connector type or implementation, specify the following parameters:

$ pki-server http-connector-mod <Connector ID> --type <type>

Valid types are JSS and JSSE.

To modify a connector attribute, specify the parameter corresponding to the attribute to change:

$ pki-server http-connector-mod <Connector ID> [<param> <value>...]

If the value is non-empty, the attribute will be overwritten. If the value is an empty string, the attribute will be removed. Other attributes will not be changed.

See Also

⚠️ **GitHub.com Fallback** ⚠️