iptables Port Forwarding of TPS is Not Working in Red Hat Certificate System 8.1

Solution Unverified - Updated -

Issue

  • Custom middleware client requires that the URLs in the index.cgi of the phone home URL be running https and port 443.
  • Currently, the URLs are http and on the unsecure TPS port.
  • For example, here is an index.cgi file:
print "Content-type: text/xml\n\n";
print "<\?xml version=\"1.0\" encoding=\"UTF-8\"\?>";
print "<ServiceInfo>";
print "<IssuerName>";
print "Fedora Project";   # Vendor
print "</IssuerName>\n";
print "<Services>";
print "<Operation>";
print "http://sherman.mrb137.net:15080/nk_service";
print "</Operation>";
print "<UI>";
print "http://sherman.mrb137.net:15080/cgi-bin/home/enroll.cgi";
print "</UI>";
print "<EnrolledTokenBrowserURL>";
print "http://www.fedora.redhat.com";   # Company URL
print "</EnrolledTokenBrowserURL>";
print "<EnrolledTokenURL>";
print "</EnrolledTokenURL>";
print "<TokenType>";
print "userKey";
print "</TokenType>";
#print "<CAChainUI>";
#print "http://sherman.mrb137.net:15080/cgi-bin/home/cachain.cgi";
#print "</CAChainUI>";
print "</Services>";
print "</ServiceInfo>";

  • The URLs in question are in the and blocks.

  • The Port Forwarding described in the Red Hat Certificate System Admin Guide applies to the Admin, EE, and Agent pages.

  • Have tried also applying the same rules for the unsecure interface, but the same rules do not get us to https and 443.

  • The URLs in the index.cgi need to be https and 443. Looking for recommendations for the best way to accomplish this reconfiguration in TPS.

Environment

  • Red Hat Certificate System 8.1

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content