The non-secure UI port (9180) always redirects to the secure port (9443). If you use a browser to go to the unsecure port you are immediately redirected to the secure on. Trying to retrieve a URI directly results in an error. For example: This works: % wget -O - --no-check-certificate "https://ca.example.com:9444/ca/ee/ca/displayBySerial?serialNumber=0xa&xmlOutput=false" This fails with "Error encountered while loading output template." % wget -O - --no-check-certificate "http://ca.example.com:9180/ca/ee/ca/displayBySerial?serialNumber=0xa&xmlOutput=false" And this is logged in system: 7532.http-9444-Processor24 - [09/Mar/2009:15:30:01 EDT] [3] [3] Servlet caDisplayBySerial: Error encountered in DisplayBySerial. Error LDAP operation failure - cn=11,ou=certificateRepository, ou=ca, dc=ca.example.com-pki-ca nets7532.http-9180-Processor25 - [09/Mar/2009:17:11:32 EDT] [3] [20] CMSgateway:Could not load template /var/lib/pki-ca/webapps/ca/ee/ca/displayBySerial.template error java.io.FileNotFoundException: /var/lib/pki-ca/webapps/ca/ee/ca/displayBySerial.template (No such file or directory). 7532.http-9180-Processor25 - [09/Mar/2009:17:11:32 EDT] [3] [20] CMSgateway:Could not load template /var/lib/pki-ca/webapps/ca/ee/GenUnexpectedError.template error java.io.FileNotFoundException: /var/lib/pki-ca/webapps/ca/ee/GenUnexpectedError.template (No such file or directory).
The redirect was not the problem (as use of this is intended for the GUI); the problem was that the non-secure port was broken - attaching patches with the fixes.
Created attachment 334741 [details] Fix for broken non-secure port
Created attachment 334742 [details] Fix for broken non-secure port (spec files)
attachment (id=334741) attachment (id=334742) +awnuk
cd pki/base % svn status | grep -v ^$ | grep -v ^P | grep -v ^X | grep -v ^? D ca/shared/conf/server.xml.good M ca/shared/conf/server.xml M common/src/com/netscape/cmscore/apps/CMSEngine.java M setup/pkicreate D tks/shared/conf/server.xml.good M tks/shared/conf/server.xml D ocsp/shared/conf/server.xml.good M ocsp/shared/conf/server.xml D kra/shared/conf/server.xml.good M kra/shared/conf/server.xml % svn commit Sending base/ca/shared/conf/server.xml Deleting base/ca/shared/conf/server.xml.good Sending base/common/src/com/netscape/cmscore/apps/CMSEngine.java Sending base/kra/shared/conf/server.xml Deleting base/kra/shared/conf/server.xml.good Sending base/ocsp/shared/conf/server.xml Deleting base/ocsp/shared/conf/server.xml.good Sending base/setup/pkicreate Sending base/tks/shared/conf/server.xml Deleting base/tks/shared/conf/server.xml.good Transmitting file data ...... Committed revision 295. cd pki/dogtag % svn status | grep -v ^$ | grep -v ^P | grep -v ^X | grep -v ^? M ca/pki-ca.spec M common/pki-common.spec M setup/pki-setup.spec M tks/pki-tks.spec M ocsp/pki-ocsp.spec M kra/pki-kra.spec % svn commit Sending dogtag/ca/pki-ca.spec Sending dogtag/common/pki-common.spec Sending dogtag/kra/pki-kra.spec Sending dogtag/ocsp/pki-ocsp.spec Sending dogtag/setup/pki-setup.spec Sending dogtag/tks/pki-tks.spec Transmitting file data ...... Committed revision 296.
Verified - set attached wget output - unsecure port successful.
Created attachment 346533 [details] wget output