diff options
author | Endi Sukma Dewata <edewata@redhat.com> | 2012-11-30 01:45:47 -0500 |
---|---|---|
committer | Endi Sukma Dewata <edewata@redhat.com> | 2012-11-30 15:17:53 -0500 |
commit | 1d47c8e59eca3b9dabd4cb87f6cec907a1a3f7eb (patch) | |
tree | ef154d91ac0b87e9807e99af0fc64d5a212a0c54 /scripts | |
parent | a5cb77bc80b557ef7fc326ba42e3f53971818054 (diff) | |
download | pki-dev-1d47c8e59eca3b9dabd4cb87f6cec907a1a3f7eb.tar.gz pki-dev-1d47c8e59eca3b9dabd4cb87f6cec907a1a3f7eb.tar.xz pki-dev-1d47c8e59eca3b9dabd4cb87f6cec907a1a3f7eb.zip |
Simplified deployment configs.
Diffstat (limited to 'scripts')
-rw-r--r-- | scripts/ca.cfg | 230 | ||||
-rw-r--r-- | scripts/kra.cfg | 234 | ||||
-rw-r--r-- | scripts/ocsp.cfg | 234 | ||||
-rw-r--r-- | scripts/tks.cfg | 236 |
4 files changed, 47 insertions, 887 deletions
diff --git a/scripts/ca.cfg b/scripts/ca.cfg index a91ebf4..e6a69b5 100644 --- a/scripts/ca.cfg +++ b/scripts/ca.cfg @@ -1,230 +1,20 @@ -############################################################################### -## 'Sensitive' Data: ## -## ## -## Values in this section pertain to various PKI subsystems, and contain ## -## required 'sensitive' information which MUST ALWAYS be provided by users. ## -## ## -## IMPORTANT: Sensitive data values must NEVER be displayed to the ## -## console NOR stored in log files!!! ## -############################################################################### -[Sensitive] -pki_admin_password=Secret123 -pki_backup_password=Secret123 -pki_client_database_password=Secret123 -pki_client_pkcs12_password=Secret123 -pki_clone_pkcs12_password=Secret123 -pki_ds_password=Secret123 -pki_security_domain_password=Secret123 -pki_token_password=Secret123 -############################################################################### -## 'Common' Data: ## -## ## -## Values in this section are common to more than one PKI subsystem, and ## -## contain required information which MAY be overridden by users as ## -## necessary. ## -## ## -## NOTE: Default values will be generated for any and all required ## -## 'common' data values which are left undefined. ## -############################################################################### -[Common] -pki_admin_cert_request_type=crmf -pki_admin_domain_name= -pki_admin_dualkey=False +[CA] pki_admin_email=caadmin@example.com -pki_admin_keysize=2048 pki_admin_name=caadmin pki_admin_nickname=caadmin -pki_admin_subject_dn= +pki_admin_password=Secret123 pki_admin_uid=caadmin -pki_audit_group=pkiaudit -pki_audit_signing_key_algorithm=SHA256withRSA -pki_audit_signing_key_size=2048 -pki_audit_signing_key_type=rsa -pki_audit_signing_nickname= -pki_audit_signing_signing_algorithm=SHA256withRSA -pki_audit_signing_subject_dn= -pki_audit_signing_token= -pki_backup_keys=False -pki_client_database_dir= +pki_backup_password=Secret123 +pki_client_database_password=Secret123 pki_client_database_purge=False -pki_client_dir= +pki_client_pkcs12_password=Secret123 +pki_clone_pkcs12_password=Secret123 pki_ds_base_dn=dc=ca,dc=example,dc=com pki_ds_bind_dn=cn=Directory Manager pki_ds_database=ca -pki_ds_hostname= -pki_ds_ldap_port=389 -pki_ds_ldaps_port=636 -pki_ds_remove_data=True -pki_ds_secure_connection=False -pki_group=pkiuser -pki_issuing_ca= -pki_restart_configured_instance=True -pki_security_domain_hostname= -pki_security_domain_https_port=8443 +pki_ds_password=Secret123 +pki_instance_name=ca-master pki_security_domain_name=EXAMPLE pki_security_domain_user=caadmin -pki_skip_configuration=False -pki_skip_installation=False -pki_ssl_server_key_algorithm=SHA256withRSA -pki_ssl_server_key_size=2048 -pki_ssl_server_key_type=rsa -pki_ssl_server_nickname= -pki_ssl_server_subject_dn= -pki_ssl_server_token= -pki_subsystem_key_algorithm=SHA256withRSA -pki_subsystem_key_size=2048 -pki_subsystem_key_type=rsa -pki_subsystem_nickname= -pki_subsystem_subject_dn= -pki_subsystem_token= -pki_token_name=internal -pki_user=pkiuser -############################################################################### -## 'Apache' Data: ## -## ## -## Values in this section are common to PKI subsystems that run ## -## as an instance of 'Apache' (RA and TPS subsystems), and contain ## -## required information which MAY be overridden by users as necessary. ## -############################################################################### -[Apache] -pki_instance_name=pki-apache -pki_http_port=80 -pki_https_port=443 -############################################################################### -## 'Tomcat' Data: ## -## ## -## Values in this section are common to PKI subsystems that run ## -## as an instance of 'Tomcat' (CA, KRA, OCSP, and TKS subsystems ## -## including 'Clones', 'Subordinate CAs', and 'External CAs'), and contain ## -## required information which MAY be overridden by users as necessary. ## -## ## -## PKI CLONES: To specify a 'CA Clone', a 'KRA Clone', an 'OCSP Clone', ## -## or a 'TKS Clone', change the value of 'pki_clone' ## -## from 'False' to 'True'. ## -## ## -## REMINDER: PKI CA Clones, Subordinate CAs, and External CAs ## -## are MUTUALLY EXCLUSIVE entities!!! ## -############################################################################### -[Tomcat] -pki_ajp_port=8009 -pki_clone=False -pki_clone_pkcs12_path= -pki_clone_replication_security=None -pki_clone_uri= -pki_enable_java_debugger=False -pki_enable_proxy=False -pki_http_port=8080 -pki_https_port=8443 -pki_instance_name=ca-master -pki_proxy_http_port=80 -pki_proxy_https_port=443 -pki_security_manager=true -pki_tomcat_server_port=8005 -############################################################################### -## 'CA' Data: ## -## ## -## Values in this section are common to CA subsystems including 'PKI CAs', ## -## 'Cloned CAs', 'Subordinate CAs', and 'External CAs', and contain ## -## required information which MAY be overridden by users as necessary. ## -## ## -## EXTERNAL CAs: To specify an 'External CA', change the value ## -## of 'pki_external' from 'False' to 'True'. ## -## ## -## SUBORDINATE CAs: To specify a 'Subordinate CA', change the value ## -## of 'pki_subordinate' from 'False' to 'True'. ## -## ## -## REMINDER: PKI CA Clones, Subordinate CAs, and External CAs ## -## are MUTUALLY EXCLUSIVE entities!!! ## -############################################################################### -[CA] -pki_ca_signing_key_algorithm=SHA256withRSA -pki_ca_signing_key_size=2048 -pki_ca_signing_key_type=rsa -pki_ca_signing_nickname= -pki_ca_signing_signing_algorithm=SHA256withRSA -pki_ca_signing_subject_dn= -pki_ca_signing_token= -pki_external=False -pki_external_ca_cert_chain_path= -pki_external_ca_cert_path= -pki_external_csr_path= -pki_external_step_two=False -pki_ocsp_signing_key_algorithm=SHA256withRSA -pki_ocsp_signing_key_size=2048 -pki_ocsp_signing_key_type=rsa -pki_ocsp_signing_nickname= -pki_ocsp_signing_signing_algorithm=SHA256withRSA -pki_ocsp_signing_subject_dn= -pki_ocsp_signing_token= -pki_subordinate=False -pki_subsystem=CA -pki_subsystem_name= -############################################################################### -## 'KRA' Data: ## -## ## -## Values in this section are common to KRA subsystems ## -## including 'PKI KRAs' and 'Cloned KRAs', and contain ## -## required information which MAY be overridden by users as necessary. ## -############################################################################### -[KRA] -pki_storage_key_algorithm=SHA256withRSA -pki_storage_key_size=2048 -pki_storage_key_type=rsa -pki_storage_nickname= -pki_storage_signing_algorithm=SHA256withRSA -pki_storage_subject_dn= -pki_storage_token= -pki_subsystem=KRA -pki_subsystem_name= -pki_transport_key_algorithm=SHA256withRSA -pki_transport_key_size=2048 -pki_transport_key_type=rsa -pki_transport_nickname= -pki_transport_signing_algorithm=SHA256withRSA -pki_transport_subject_dn= -pki_transport_token= -############################################################################### -## 'OCSP' Data: ## -## ## -## Values in this section are common to OCSP subsystems ## -## including 'PKI OCSPs' and 'Cloned OCSPs', and contain ## -## required information which MAY be overridden by users as necessary. ## -############################################################################### -[OCSP] -pki_ocsp_signing_key_algorithm=SHA256withRSA -pki_ocsp_signing_key_size=2048 -pki_ocsp_signing_key_type=rsa -pki_ocsp_signing_nickname= -pki_ocsp_signing_signing_algorithm=SHA256withRSA -pki_ocsp_signing_subject_dn= -pki_ocsp_signing_token= -pki_subsystem=OCSP -pki_subsystem_name= -############################################################################### -## 'RA' Data: ## -## ## -## Values in this section are common to PKI RA subsystems, and contain ## -## required information which MAY be overridden by users as necessary. ## -############################################################################### -[RA] -pki_subsystem=RA -pki_subsystem_name= -############################################################################### -## 'TKS' Data: ## -## ## -## Values in this section are common to TKS subsystems ## -## including 'PKI TKSs' and 'Cloned TKSs', and contain ## -## required information which MAY be overridden by users as necessary. ## -############################################################################### -[TKS] -pki_subsystem=TKS -pki_subsystem_name= -############################################################################### -## 'TPS' Data: ## -## ## -## Values in this section are common to PKI TPS subsystems, and contain ## -## required information which MAY be overridden by users as necessary. ## -############################################################################### -[TPS] -pki_subsystem=TPS -pki_subsystem_name= +pki_security_domain_password=Secret123 +pki_token_password=Secret123 diff --git a/scripts/kra.cfg b/scripts/kra.cfg index b8e391a..cdce543 100644 --- a/scripts/kra.cfg +++ b/scripts/kra.cfg @@ -1,233 +1,23 @@ -############################################################################### -## 'Sensitive' Data: ## -## ## -## Values in this section pertain to various PKI subsystems, and contain ## -## required 'sensitive' information which MUST ALWAYS be provided by users. ## -## ## -## IMPORTANT: Sensitive data values must NEVER be displayed to the ## -## console NOR stored in log files!!! ## -############################################################################### -[Sensitive] -pki_admin_password=Secret123 -pki_backup_password=Secret123 -pki_client_database_password=Secret123 -pki_client_pkcs12_password=Secret123 -pki_clone_pkcs12_password=Secret123 -pki_ds_password=Secret123 -pki_security_domain_password=Secret123 -pki_token_password=Secret123 -############################################################################### -## 'Common' Data: ## -## ## -## Values in this section are common to more than one PKI subsystem, and ## -## contain required information which MAY be overridden by users as ## -## necessary. ## -## ## -## NOTE: Default values will be generated for any and all required ## -## 'common' data values which are left undefined. ## -############################################################################### -[Common] -pki_admin_cert_request_type=crmf -pki_admin_domain_name= -pki_admin_dualkey=False +[KRA] +pki_ajp_port=12009 pki_admin_email=kraadmin@example.com -pki_admin_keysize=2048 pki_admin_name=kraadmin pki_admin_nickname=kraadmin -pki_admin_subject_dn= +pki_admin_password=Secret123 pki_admin_uid=kraadmin -pki_audit_group=pkiaudit -pki_audit_signing_key_algorithm=SHA256withRSA -pki_audit_signing_key_size=2048 -pki_audit_signing_key_type=rsa -pki_audit_signing_nickname= -pki_audit_signing_signing_algorithm=SHA256withRSA -pki_audit_signing_subject_dn= -pki_audit_signing_token= -pki_backup_keys=False -pki_client_database_dir= +pki_backup_password=Secret123 +pki_client_database_password=Secret123 pki_client_database_purge=False -pki_client_dir= +pki_client_pkcs12_password=Secret123 +pki_clone_pkcs12_password=Secret123 pki_ds_base_dn=dc=kra,dc=example,dc=com -pki_ds_bind_dn=cn=Directory Manager pki_ds_database=kra -pki_ds_hostname= -pki_ds_ldap_port=389 -pki_ds_ldaps_port=636 -pki_ds_remove_data=True -pki_ds_secure_connection=False -pki_group=pkiuser -pki_issuing_ca= -pki_restart_configured_instance=True -pki_security_domain_hostname= -pki_security_domain_https_port=8443 -pki_security_domain_name=EXAMPLE -pki_security_domain_user=caadmin -pki_skip_configuration=False -pki_skip_installation=False -pki_ssl_server_key_algorithm=SHA256withRSA -pki_ssl_server_key_size=2048 -pki_ssl_server_key_type=rsa -pki_ssl_server_nickname= -pki_ssl_server_subject_dn= -pki_ssl_server_token= -pki_subsystem_key_algorithm=SHA256withRSA -pki_subsystem_key_size=2048 -pki_subsystem_key_type=rsa -pki_subsystem_nickname= -pki_subsystem_subject_dn= -pki_subsystem_token= -pki_token_name=internal -pki_user=pkiuser -############################################################################### -## 'Apache' Data: ## -## ## -## Values in this section are common to PKI subsystems that run ## -## as an instance of 'Apache' (RA and TPS subsystems), and contain ## -## required information which MAY be overridden by users as necessary. ## -############################################################################### -[Apache] -pki_instance_name=pki-apache -pki_http_port=80 -pki_https_port=443 -############################################################################### -## 'Tomcat' Data: ## -## ## -## Values in this section are common to PKI subsystems that run ## -## as an instance of 'Tomcat' (CA, KRA, OCSP, and TKS subsystems ## -## including 'Clones', 'Subordinate CAs', and 'External CAs'), and contain ## -## required information which MAY be overridden by users as necessary. ## -## ## -## PKI CLONES: To specify a 'CA Clone', a 'KRA Clone', an 'OCSP Clone', ## -## or a 'TKS Clone', change the value of 'pki_clone' ## -## from 'False' to 'True'. ## -## ## -## REMINDER: PKI CA Clones, Subordinate CAs, and External CAs ## -## are MUTUALLY EXCLUSIVE entities!!! ## -############################################################################### -[Tomcat] -pki_ajp_port=12009 -pki_clone=False -pki_clone_pkcs12_path= -pki_clone_replicate_schema=True -pki_clone_replication_master_port= -pki_clone_replication_clone_port= -pki_clone_replication_security=None -pki_clone_uri= -pki_enable_java_debugger=False -pki_enable_proxy=False +pki_ds_password=Secret123 pki_http_port=12080 pki_https_port=12443 pki_instance_name=kra-master -pki_proxy_http_port=80 -pki_proxy_https_port=443 -pki_security_manager=false +pki_security_domain_name=EXAMPLE +pki_security_domain_user=caadmin +pki_security_domain_password=Secret123 +pki_token_password=Secret123 pki_tomcat_server_port=12005 -############################################################################### -## 'CA' Data: ## -## ## -## Values in this section are common to CA subsystems including 'PKI CAs', ## -## 'Cloned CAs', 'Subordinate CAs', and 'External CAs', and contain ## -## required information which MAY be overridden by users as necessary. ## -## ## -## EXTERNAL CAs: To specify an 'External CA', change the value ## -## of 'pki_external' from 'False' to 'True'. ## -## ## -## SUBORDINATE CAs: To specify a 'Subordinate CA', change the value ## -## of 'pki_subordinate' from 'False' to 'True'. ## -## ## -## REMINDER: PKI CA Clones, Subordinate CAs, and External CAs ## -## are MUTUALLY EXCLUSIVE entities!!! ## -############################################################################### -[CA] -pki_ca_signing_key_algorithm=SHA256withRSA -pki_ca_signing_key_size=2048 -pki_ca_signing_key_type=rsa -pki_ca_signing_nickname= -pki_ca_signing_signing_algorithm=SHA256withRSA -pki_ca_signing_subject_dn= -pki_ca_signing_token= -pki_external=False -pki_external_ca_cert_chain_path= -pki_external_ca_cert_path= -pki_external_csr_path= -pki_external_step_two=False -pki_ocsp_signing_key_algorithm=SHA256withRSA -pki_ocsp_signing_key_size=2048 -pki_ocsp_signing_key_type=rsa -pki_ocsp_signing_nickname= -pki_ocsp_signing_signing_algorithm=SHA256withRSA -pki_ocsp_signing_subject_dn= -pki_ocsp_signing_token= -pki_subordinate=False -pki_subsystem=CA -pki_subsystem_name= -############################################################################### -## 'KRA' Data: ## -## ## -## Values in this section are common to KRA subsystems ## -## including 'PKI KRAs' and 'Cloned KRAs', and contain ## -## required information which MAY be overridden by users as necessary. ## -############################################################################### -[KRA] -pki_storage_key_algorithm=SHA256withRSA -pki_storage_key_size=2048 -pki_storage_key_type=rsa -pki_storage_nickname= -pki_storage_signing_algorithm=SHA256withRSA -pki_storage_subject_dn= -pki_storage_token= -pki_subsystem=KRA -pki_subsystem_name= -pki_transport_key_algorithm=SHA256withRSA -pki_transport_key_size=2048 -pki_transport_key_type=rsa -pki_transport_nickname= -pki_transport_signing_algorithm=SHA256withRSA -pki_transport_subject_dn= -pki_transport_token= -############################################################################### -## 'OCSP' Data: ## -## ## -## Values in this section are common to OCSP subsystems ## -## including 'PKI OCSPs' and 'Cloned OCSPs', and contain ## -## required information which MAY be overridden by users as necessary. ## -############################################################################### -[OCSP] -pki_ocsp_signing_key_algorithm=SHA256withRSA -pki_ocsp_signing_key_size=2048 -pki_ocsp_signing_key_type=rsa -pki_ocsp_signing_nickname= -pki_ocsp_signing_signing_algorithm=SHA256withRSA -pki_ocsp_signing_subject_dn= -pki_ocsp_signing_token= -pki_subsystem=OCSP -pki_subsystem_name= -############################################################################### -## 'RA' Data: ## -## ## -## Values in this section are common to PKI RA subsystems, and contain ## -## required information which MAY be overridden by users as necessary. ## -############################################################################### -[RA] -pki_subsystem=RA -pki_subsystem_name= -############################################################################### -## 'TKS' Data: ## -## ## -## Values in this section are common to TKS subsystems ## -## including 'PKI TKSs' and 'Cloned TKSs', and contain ## -## required information which MAY be overridden by users as necessary. ## -############################################################################### -[TKS] -pki_subsystem=TKS -pki_subsystem_name= -############################################################################### -## 'TPS' Data: ## -## ## -## Values in this section are common to PKI TPS subsystems, and contain ## -## required information which MAY be overridden by users as necessary. ## -############################################################################### -[TPS] -pki_subsystem=TPS -pki_subsystem_name= diff --git a/scripts/ocsp.cfg b/scripts/ocsp.cfg index 8a5e6ac..c845f99 100644 --- a/scripts/ocsp.cfg +++ b/scripts/ocsp.cfg @@ -1,233 +1,23 @@ -############################################################################### -## 'Sensitive' Data: ## -## ## -## Values in this section pertain to various PKI subsystems, and contain ## -## required 'sensitive' information which MUST ALWAYS be provided by users. ## -## ## -## IMPORTANT: Sensitive data values must NEVER be displayed to the ## -## console NOR stored in log files!!! ## -############################################################################### -[Sensitive] -pki_admin_password=Secret123 -pki_backup_password=Secret123 -pki_client_database_password=Secret123 -pki_client_pkcs12_password=Secret123 -pki_clone_pkcs12_password=Secret123 -pki_ds_password=Secret123 -pki_security_domain_password=Secret123 -pki_token_password=Secret123 -############################################################################### -## 'Common' Data: ## -## ## -## Values in this section are common to more than one PKI subsystem, and ## -## contain required information which MAY be overridden by users as ## -## necessary. ## -## ## -## NOTE: Default values will be generated for any and all required ## -## 'common' data values which are left undefined. ## -############################################################################### -[Common] -pki_admin_cert_request_type=crmf -pki_admin_domain_name= -pki_admin_dualkey=False +[OCSP] +pki_ajp_port=15009 pki_admin_email=ocspadmin@example.com -pki_admin_keysize=2048 pki_admin_name=ocspadmin pki_admin_nickname=ocspadmin -pki_admin_subject_dn= +pki_admin_password=Secret123 pki_admin_uid=ocspadmin -pki_audit_group=pkiaudit -pki_audit_signing_key_algorithm=SHA256withRSA -pki_audit_signing_key_size=2048 -pki_audit_signing_key_type=rsa -pki_audit_signing_nickname= -pki_audit_signing_signing_algorithm=SHA256withRSA -pki_audit_signing_subject_dn= -pki_audit_signing_token= -pki_backup_keys=False -pki_client_database_dir= +pki_backup_password=Secret123 +pki_client_database_password=Secret123 pki_client_database_purge=False -pki_client_dir= +pki_client_pkcs12_password=Secret123 +pki_clone_pkcs12_password=Secret123 pki_ds_base_dn=dc=ocsp,dc=example,dc=com -pki_ds_bind_dn=cn=Directory Manager pki_ds_database=ocsp -pki_ds_hostname= -pki_ds_ldap_port=389 -pki_ds_ldaps_port=636 -pki_ds_remove_data=True -pki_ds_secure_connection=False -pki_group=pkiuser -pki_issuing_ca= -pki_restart_configured_instance=True -pki_security_domain_hostname= -pki_security_domain_https_port=8443 -pki_security_domain_name=EXAMPLE -pki_security_domain_user=caadmin -pki_skip_configuration=False -pki_skip_installation=False -pki_ssl_server_key_algorithm=SHA256withRSA -pki_ssl_server_key_size=2048 -pki_ssl_server_key_type=rsa -pki_ssl_server_nickname= -pki_ssl_server_subject_dn= -pki_ssl_server_token= -pki_subsystem_key_algorithm=SHA256withRSA -pki_subsystem_key_size=2048 -pki_subsystem_key_type=rsa -pki_subsystem_nickname= -pki_subsystem_subject_dn= -pki_subsystem_token= -pki_token_name=internal -pki_user=pkiuser -############################################################################### -## 'Apache' Data: ## -## ## -## Values in this section are common to PKI subsystems that run ## -## as an instance of 'Apache' (RA and TPS subsystems), and contain ## -## required information which MAY be overridden by users as necessary. ## -############################################################################### -[Apache] -pki_instance_name=pki-apache -pki_http_port=80 -pki_https_port=443 -############################################################################### -## 'Tomcat' Data: ## -## ## -## Values in this section are common to PKI subsystems that run ## -## as an instance of 'Tomcat' (CA, KRA, OCSP, and TKS subsystems ## -## including 'Clones', 'Subordinate CAs', and 'External CAs'), and contain ## -## required information which MAY be overridden by users as necessary. ## -## ## -## PKI CLONES: To specify a 'CA Clone', a 'KRA Clone', an 'OCSP Clone', ## -## or a 'TKS Clone', change the value of 'pki_clone' ## -## from 'False' to 'True'. ## -## ## -## REMINDER: PKI CA Clones, Subordinate CAs, and External CAs ## -## are MUTUALLY EXCLUSIVE entities!!! ## -############################################################################### -[Tomcat] -pki_ajp_port=15009 -pki_clone=False -pki_clone_pkcs12_path= -pki_clone_replicate_schema=True -pki_clone_replication_master_port= -pki_clone_replication_clone_port= -pki_clone_replication_security=None -pki_clone_uri= -pki_enable_java_debugger=False -pki_enable_proxy=False +pki_ds_password=Secret123 pki_http_port=15080 pki_https_port=15443 pki_instance_name=ocsp-master -pki_proxy_http_port=80 -pki_proxy_https_port=443 -pki_security_manager=true +pki_security_domain_name=EXAMPLE +pki_security_domain_user=caadmin +pki_security_domain_password=Secret123 +pki_token_password=Secret123 pki_tomcat_server_port=15005 -############################################################################### -## 'CA' Data: ## -## ## -## Values in this section are common to CA subsystems including 'PKI CAs', ## -## 'Cloned CAs', 'Subordinate CAs', and 'External CAs', and contain ## -## required information which MAY be overridden by users as necessary. ## -## ## -## EXTERNAL CAs: To specify an 'External CA', change the value ## -## of 'pki_external' from 'False' to 'True'. ## -## ## -## SUBORDINATE CAs: To specify a 'Subordinate CA', change the value ## -## of 'pki_subordinate' from 'False' to 'True'. ## -## ## -## REMINDER: PKI CA Clones, Subordinate CAs, and External CAs ## -## are MUTUALLY EXCLUSIVE entities!!! ## -############################################################################### -[CA] -pki_ca_signing_key_algorithm=SHA256withRSA -pki_ca_signing_key_size=2048 -pki_ca_signing_key_type=rsa -pki_ca_signing_nickname= -pki_ca_signing_signing_algorithm=SHA256withRSA -pki_ca_signing_subject_dn= -pki_ca_signing_token= -pki_external=False -pki_external_ca_cert_chain_path= -pki_external_ca_cert_path= -pki_external_csr_path= -pki_external_step_two=False -pki_ocsp_signing_key_algorithm=SHA256withRSA -pki_ocsp_signing_key_size=2048 -pki_ocsp_signing_key_type=rsa -pki_ocsp_signing_nickname= -pki_ocsp_signing_signing_algorithm=SHA256withRSA -pki_ocsp_signing_subject_dn= -pki_ocsp_signing_token= -pki_subordinate=False -pki_subsystem=CA -pki_subsystem_name= -############################################################################### -## 'KRA' Data: ## -## ## -## Values in this section are common to KRA subsystems ## -## including 'PKI KRAs' and 'Cloned KRAs', and contain ## -## required information which MAY be overridden by users as necessary. ## -############################################################################### -[KRA] -pki_storage_key_algorithm=SHA256withRSA -pki_storage_key_size=2048 -pki_storage_key_type=rsa -pki_storage_nickname= -pki_storage_signing_algorithm=SHA256withRSA -pki_storage_subject_dn= -pki_storage_token= -pki_subsystem=KRA -pki_subsystem_name= -pki_transport_key_algorithm=SHA256withRSA -pki_transport_key_size=2048 -pki_transport_key_type=rsa -pki_transport_nickname= -pki_transport_signing_algorithm=SHA256withRSA -pki_transport_subject_dn= -pki_transport_token= -############################################################################### -## 'OCSP' Data: ## -## ## -## Values in this section are common to OCSP subsystems ## -## including 'PKI OCSPs' and 'Cloned OCSPs', and contain ## -## required information which MAY be overridden by users as necessary. ## -############################################################################### -[OCSP] -pki_ocsp_signing_key_algorithm=SHA256withRSA -pki_ocsp_signing_key_size=2048 -pki_ocsp_signing_key_type=rsa -pki_ocsp_signing_nickname= -pki_ocsp_signing_signing_algorithm=SHA256withRSA -pki_ocsp_signing_subject_dn= -pki_ocsp_signing_token= -pki_subsystem=OCSP -pki_subsystem_name= -############################################################################### -## 'RA' Data: ## -## ## -## Values in this section are common to PKI RA subsystems, and contain ## -## required information which MAY be overridden by users as necessary. ## -############################################################################### -[RA] -pki_subsystem=RA -pki_subsystem_name= -############################################################################### -## 'TKS' Data: ## -## ## -## Values in this section are common to TKS subsystems ## -## including 'PKI TKSs' and 'Cloned TKSs', and contain ## -## required information which MAY be overridden by users as necessary. ## -############################################################################### -[TKS] -pki_subsystem=TKS -pki_subsystem_name= -############################################################################### -## 'TPS' Data: ## -## ## -## Values in this section are common to PKI TPS subsystems, and contain ## -## required information which MAY be overridden by users as necessary. ## -############################################################################### -[TPS] -pki_subsystem=TPS -pki_subsystem_name= diff --git a/scripts/tks.cfg b/scripts/tks.cfg index 06dbfe6..325c13f 100644 --- a/scripts/tks.cfg +++ b/scripts/tks.cfg @@ -1,233 +1,23 @@ -############################################################################### -## 'Sensitive' Data: ## -## ## -## Values in this section pertain to various PKI subsystems, and contain ## -## required 'sensitive' information which MUST ALWAYS be provided by users. ## -## ## -## IMPORTANT: Sensitive data values must NEVER be displayed to the ## -## console NOR stored in log files!!! ## -############################################################################### -[Sensitive] -pki_admin_password=Secret123 -pki_backup_password=Secret123 -pki_client_database_password=Secret123 -pki_client_pkcs12_password=Secret123 -pki_clone_pkcs12_password=Secret123 -pki_ds_password=Secret123 -pki_security_domain_password=Secret123 -pki_token_password=Secret123 -############################################################################### -## 'Common' Data: ## -## ## -## Values in this section are common to more than one PKI subsystem, and ## -## contain required information which MAY be overridden by users as ## -## necessary. ## -## ## -## NOTE: Default values will be generated for any and all required ## -## 'common' data values which are left undefined. ## -############################################################################### -[Common] -pki_admin_cert_request_type=crmf -pki_admin_domain_name= -pki_admin_dualkey=False +[TKS] +pki_ajp_port=14009 pki_admin_email=tksadmin@example.com -pki_admin_keysize=2048 pki_admin_name=tksadmin pki_admin_nickname=tksadmin -pki_admin_subject_dn= +pki_admin_password=Secret123 pki_admin_uid=tksadmin -pki_audit_group=pkiaudit -pki_audit_signing_key_algorithm=SHA256withRSA -pki_audit_signing_key_size=2048 -pki_audit_signing_key_type=rsa -pki_audit_signing_nickname= -pki_audit_signing_signing_algorithm=SHA256withRSA -pki_audit_signing_subject_dn= -pki_audit_signing_token= -pki_backup_keys=False -pki_client_database_dir= -pki_client_database_purge=False -pki_client_dir= +pki_backup_password=Secret123 pki_ds_base_dn=dc=tks,dc=example,dc=com -pki_ds_bind_dn=cn=Directory Manager pki_ds_database=tks -pki_ds_hostname= -pki_ds_ldap_port=389 -pki_ds_ldaps_port=636 -pki_ds_remove_data=True -pki_ds_secure_connection=False -pki_group=pkiuser -pki_issuing_ca= -pki_restart_configured_instance=True -pki_security_domain_hostname= -pki_security_domain_https_port=8443 -pki_security_domain_name=EXAMPLE -pki_security_domain_user=caadmin -pki_skip_configuration=False -pki_skip_installation=False -pki_ssl_server_key_algorithm=SHA256withRSA -pki_ssl_server_key_size=2048 -pki_ssl_server_key_type=rsa -pki_ssl_server_nickname= -pki_ssl_server_subject_dn= -pki_ssl_server_token= -pki_subsystem_key_algorithm=SHA256withRSA -pki_subsystem_key_size=2048 -pki_subsystem_key_type=rsa -pki_subsystem_nickname= -pki_subsystem_subject_dn= -pki_subsystem_token= -pki_token_name=internal -pki_user=pkiuser -############################################################################### -## 'Apache' Data: ## -## ## -## Values in this section are common to PKI subsystems that run ## -## as an instance of 'Apache' (RA and TPS subsystems), and contain ## -## required information which MAY be overridden by users as necessary. ## -############################################################################### -[Apache] -pki_instance_name=pki-apache -pki_http_port=80 -pki_https_port=443 -############################################################################### -## 'Tomcat' Data: ## -## ## -## Values in this section are common to PKI subsystems that run ## -## as an instance of 'Tomcat' (CA, KRA, OCSP, and TKS subsystems ## -## including 'Clones', 'Subordinate CAs', and 'External CAs'), and contain ## -## required information which MAY be overridden by users as necessary. ## -## ## -## PKI CLONES: To specify a 'CA Clone', a 'KRA Clone', an 'OCSP Clone', ## -## or a 'TKS Clone', change the value of 'pki_clone' ## -## from 'False' to 'True'. ## -## ## -## REMINDER: PKI CA Clones, Subordinate CAs, and External CAs ## -## are MUTUALLY EXCLUSIVE entities!!! ## -############################################################################### -[Tomcat] -pki_ajp_port=14009 -pki_clone=False -pki_clone_pkcs12_path= -pki_clone_replicate_schema=True -pki_clone_replication_master_port= -pki_clone_replication_clone_port= -pki_clone_replication_security=None -pki_clone_uri= -pki_enable_java_debugger=False -pki_enable_proxy=False +pki_client_database_password=Secret123 +pki_client_database_purge=False +pki_client_pkcs12_password=Secret123 +pki_clone_pkcs12_password=Secret123 +pki_ds_password=Secret123 pki_http_port=14080 pki_https_port=14443 pki_instance_name=tks-master -pki_proxy_http_port=80 -pki_proxy_https_port=443 -pki_security_manager=true +pki_security_domain_name=EXAMPLE +pki_security_domain_user=caadmin +pki_security_domain_password=Secret123 +pki_token_password=Secret123 pki_tomcat_server_port=14005 -############################################################################### -## 'CA' Data: ## -## ## -## Values in this section are common to CA subsystems including 'PKI CAs', ## -## 'Cloned CAs', 'Subordinate CAs', and 'External CAs', and contain ## -## required information which MAY be overridden by users as necessary. ## -## ## -## EXTERNAL CAs: To specify an 'External CA', change the value ## -## of 'pki_external' from 'False' to 'True'. ## -## ## -## SUBORDINATE CAs: To specify a 'Subordinate CA', change the value ## -## of 'pki_subordinate' from 'False' to 'True'. ## -## ## -## REMINDER: PKI CA Clones, Subordinate CAs, and External CAs ## -## are MUTUALLY EXCLUSIVE entities!!! ## -############################################################################### -[CA] -pki_ca_signing_key_algorithm=SHA256withRSA -pki_ca_signing_key_size=2048 -pki_ca_signing_key_type=rsa -pki_ca_signing_nickname= -pki_ca_signing_signing_algorithm=SHA256withRSA -pki_ca_signing_subject_dn= -pki_ca_signing_token= -pki_external=False -pki_external_ca_cert_chain_path= -pki_external_ca_cert_path= -pki_external_csr_path= -pki_external_step_two=False -pki_ocsp_signing_key_algorithm=SHA256withRSA -pki_ocsp_signing_key_size=2048 -pki_ocsp_signing_key_type=rsa -pki_ocsp_signing_nickname= -pki_ocsp_signing_signing_algorithm=SHA256withRSA -pki_ocsp_signing_subject_dn= -pki_ocsp_signing_token= -pki_subordinate=False -pki_subsystem=CA -pki_subsystem_name= -############################################################################### -## 'KRA' Data: ## -## ## -## Values in this section are common to KRA subsystems ## -## including 'PKI KRAs' and 'Cloned KRAs', and contain ## -## required information which MAY be overridden by users as necessary. ## -############################################################################### -[KRA] -pki_storage_key_algorithm=SHA256withRSA -pki_storage_key_size=2048 -pki_storage_key_type=rsa -pki_storage_nickname= -pki_storage_signing_algorithm=SHA256withRSA -pki_storage_subject_dn= -pki_storage_token= -pki_subsystem=KRA -pki_subsystem_name= -pki_transport_key_algorithm=SHA256withRSA -pki_transport_key_size=2048 -pki_transport_key_type=rsa -pki_transport_nickname= -pki_transport_signing_algorithm=SHA256withRSA -pki_transport_subject_dn= -pki_transport_token= -############################################################################### -## 'OCSP' Data: ## -## ## -## Values in this section are common to OCSP subsystems ## -## including 'PKI OCSPs' and 'Cloned OCSPs', and contain ## -## required information which MAY be overridden by users as necessary. ## -############################################################################### -[OCSP] -pki_ocsp_signing_key_algorithm=SHA256withRSA -pki_ocsp_signing_key_size=2048 -pki_ocsp_signing_key_type=rsa -pki_ocsp_signing_nickname= -pki_ocsp_signing_signing_algorithm=SHA256withRSA -pki_ocsp_signing_subject_dn= -pki_ocsp_signing_token= -pki_subsystem=OCSP -pki_subsystem_name= -############################################################################### -## 'RA' Data: ## -## ## -## Values in this section are common to PKI RA subsystems, and contain ## -## required information which MAY be overridden by users as necessary. ## -############################################################################### -[RA] -pki_subsystem=RA -pki_subsystem_name= -############################################################################### -## 'TKS' Data: ## -## ## -## Values in this section are common to TKS subsystems ## -## including 'PKI TKSs' and 'Cloned TKSs', and contain ## -## required information which MAY be overridden by users as necessary. ## -############################################################################### -[TKS] -pki_subsystem=TKS -pki_subsystem_name= -############################################################################### -## 'TPS' Data: ## -## ## -## Values in this section are common to PKI TPS subsystems, and contain ## -## required information which MAY be overridden by users as necessary. ## -############################################################################### -[TPS] -pki_subsystem=TPS -pki_subsystem_name= |