summaryrefslogtreecommitdiffstats
path: root/scripts
diff options
context:
space:
mode:
authorEndi Sukma Dewata <edewata@redhat.com>2012-11-30 01:45:47 -0500
committerEndi Sukma Dewata <edewata@redhat.com>2012-11-30 15:17:53 -0500
commit1d47c8e59eca3b9dabd4cb87f6cec907a1a3f7eb (patch)
treeef154d91ac0b87e9807e99af0fc64d5a212a0c54 /scripts
parenta5cb77bc80b557ef7fc326ba42e3f53971818054 (diff)
downloadpki-dev-1d47c8e59eca3b9dabd4cb87f6cec907a1a3f7eb.tar.gz
pki-dev-1d47c8e59eca3b9dabd4cb87f6cec907a1a3f7eb.tar.xz
pki-dev-1d47c8e59eca3b9dabd4cb87f6cec907a1a3f7eb.zip
Simplified deployment configs.
Diffstat (limited to 'scripts')
-rw-r--r--scripts/ca.cfg230
-rw-r--r--scripts/kra.cfg234
-rw-r--r--scripts/ocsp.cfg234
-rw-r--r--scripts/tks.cfg236
4 files changed, 47 insertions, 887 deletions
diff --git a/scripts/ca.cfg b/scripts/ca.cfg
index a91ebf4..e6a69b5 100644
--- a/scripts/ca.cfg
+++ b/scripts/ca.cfg
@@ -1,230 +1,20 @@
-###############################################################################
-## 'Sensitive' Data: ##
-## ##
-## Values in this section pertain to various PKI subsystems, and contain ##
-## required 'sensitive' information which MUST ALWAYS be provided by users. ##
-## ##
-## IMPORTANT: Sensitive data values must NEVER be displayed to the ##
-## console NOR stored in log files!!! ##
-###############################################################################
-[Sensitive]
-pki_admin_password=Secret123
-pki_backup_password=Secret123
-pki_client_database_password=Secret123
-pki_client_pkcs12_password=Secret123
-pki_clone_pkcs12_password=Secret123
-pki_ds_password=Secret123
-pki_security_domain_password=Secret123
-pki_token_password=Secret123
-###############################################################################
-## 'Common' Data: ##
-## ##
-## Values in this section are common to more than one PKI subsystem, and ##
-## contain required information which MAY be overridden by users as ##
-## necessary. ##
-## ##
-## NOTE: Default values will be generated for any and all required ##
-## 'common' data values which are left undefined. ##
-###############################################################################
-[Common]
-pki_admin_cert_request_type=crmf
-pki_admin_domain_name=
-pki_admin_dualkey=False
+[CA]
pki_admin_email=caadmin@example.com
-pki_admin_keysize=2048
pki_admin_name=caadmin
pki_admin_nickname=caadmin
-pki_admin_subject_dn=
+pki_admin_password=Secret123
pki_admin_uid=caadmin
-pki_audit_group=pkiaudit
-pki_audit_signing_key_algorithm=SHA256withRSA
-pki_audit_signing_key_size=2048
-pki_audit_signing_key_type=rsa
-pki_audit_signing_nickname=
-pki_audit_signing_signing_algorithm=SHA256withRSA
-pki_audit_signing_subject_dn=
-pki_audit_signing_token=
-pki_backup_keys=False
-pki_client_database_dir=
+pki_backup_password=Secret123
+pki_client_database_password=Secret123
pki_client_database_purge=False
-pki_client_dir=
+pki_client_pkcs12_password=Secret123
+pki_clone_pkcs12_password=Secret123
pki_ds_base_dn=dc=ca,dc=example,dc=com
pki_ds_bind_dn=cn=Directory Manager
pki_ds_database=ca
-pki_ds_hostname=
-pki_ds_ldap_port=389
-pki_ds_ldaps_port=636
-pki_ds_remove_data=True
-pki_ds_secure_connection=False
-pki_group=pkiuser
-pki_issuing_ca=
-pki_restart_configured_instance=True
-pki_security_domain_hostname=
-pki_security_domain_https_port=8443
+pki_ds_password=Secret123
+pki_instance_name=ca-master
pki_security_domain_name=EXAMPLE
pki_security_domain_user=caadmin
-pki_skip_configuration=False
-pki_skip_installation=False
-pki_ssl_server_key_algorithm=SHA256withRSA
-pki_ssl_server_key_size=2048
-pki_ssl_server_key_type=rsa
-pki_ssl_server_nickname=
-pki_ssl_server_subject_dn=
-pki_ssl_server_token=
-pki_subsystem_key_algorithm=SHA256withRSA
-pki_subsystem_key_size=2048
-pki_subsystem_key_type=rsa
-pki_subsystem_nickname=
-pki_subsystem_subject_dn=
-pki_subsystem_token=
-pki_token_name=internal
-pki_user=pkiuser
-###############################################################################
-## 'Apache' Data: ##
-## ##
-## Values in this section are common to PKI subsystems that run ##
-## as an instance of 'Apache' (RA and TPS subsystems), and contain ##
-## required information which MAY be overridden by users as necessary. ##
-###############################################################################
-[Apache]
-pki_instance_name=pki-apache
-pki_http_port=80
-pki_https_port=443
-###############################################################################
-## 'Tomcat' Data: ##
-## ##
-## Values in this section are common to PKI subsystems that run ##
-## as an instance of 'Tomcat' (CA, KRA, OCSP, and TKS subsystems ##
-## including 'Clones', 'Subordinate CAs', and 'External CAs'), and contain ##
-## required information which MAY be overridden by users as necessary. ##
-## ##
-## PKI CLONES: To specify a 'CA Clone', a 'KRA Clone', an 'OCSP Clone', ##
-## or a 'TKS Clone', change the value of 'pki_clone' ##
-## from 'False' to 'True'. ##
-## ##
-## REMINDER: PKI CA Clones, Subordinate CAs, and External CAs ##
-## are MUTUALLY EXCLUSIVE entities!!! ##
-###############################################################################
-[Tomcat]
-pki_ajp_port=8009
-pki_clone=False
-pki_clone_pkcs12_path=
-pki_clone_replication_security=None
-pki_clone_uri=
-pki_enable_java_debugger=False
-pki_enable_proxy=False
-pki_http_port=8080
-pki_https_port=8443
-pki_instance_name=ca-master
-pki_proxy_http_port=80
-pki_proxy_https_port=443
-pki_security_manager=true
-pki_tomcat_server_port=8005
-###############################################################################
-## 'CA' Data: ##
-## ##
-## Values in this section are common to CA subsystems including 'PKI CAs', ##
-## 'Cloned CAs', 'Subordinate CAs', and 'External CAs', and contain ##
-## required information which MAY be overridden by users as necessary. ##
-## ##
-## EXTERNAL CAs: To specify an 'External CA', change the value ##
-## of 'pki_external' from 'False' to 'True'. ##
-## ##
-## SUBORDINATE CAs: To specify a 'Subordinate CA', change the value ##
-## of 'pki_subordinate' from 'False' to 'True'. ##
-## ##
-## REMINDER: PKI CA Clones, Subordinate CAs, and External CAs ##
-## are MUTUALLY EXCLUSIVE entities!!! ##
-###############################################################################
-[CA]
-pki_ca_signing_key_algorithm=SHA256withRSA
-pki_ca_signing_key_size=2048
-pki_ca_signing_key_type=rsa
-pki_ca_signing_nickname=
-pki_ca_signing_signing_algorithm=SHA256withRSA
-pki_ca_signing_subject_dn=
-pki_ca_signing_token=
-pki_external=False
-pki_external_ca_cert_chain_path=
-pki_external_ca_cert_path=
-pki_external_csr_path=
-pki_external_step_two=False
-pki_ocsp_signing_key_algorithm=SHA256withRSA
-pki_ocsp_signing_key_size=2048
-pki_ocsp_signing_key_type=rsa
-pki_ocsp_signing_nickname=
-pki_ocsp_signing_signing_algorithm=SHA256withRSA
-pki_ocsp_signing_subject_dn=
-pki_ocsp_signing_token=
-pki_subordinate=False
-pki_subsystem=CA
-pki_subsystem_name=
-###############################################################################
-## 'KRA' Data: ##
-## ##
-## Values in this section are common to KRA subsystems ##
-## including 'PKI KRAs' and 'Cloned KRAs', and contain ##
-## required information which MAY be overridden by users as necessary. ##
-###############################################################################
-[KRA]
-pki_storage_key_algorithm=SHA256withRSA
-pki_storage_key_size=2048
-pki_storage_key_type=rsa
-pki_storage_nickname=
-pki_storage_signing_algorithm=SHA256withRSA
-pki_storage_subject_dn=
-pki_storage_token=
-pki_subsystem=KRA
-pki_subsystem_name=
-pki_transport_key_algorithm=SHA256withRSA
-pki_transport_key_size=2048
-pki_transport_key_type=rsa
-pki_transport_nickname=
-pki_transport_signing_algorithm=SHA256withRSA
-pki_transport_subject_dn=
-pki_transport_token=
-###############################################################################
-## 'OCSP' Data: ##
-## ##
-## Values in this section are common to OCSP subsystems ##
-## including 'PKI OCSPs' and 'Cloned OCSPs', and contain ##
-## required information which MAY be overridden by users as necessary. ##
-###############################################################################
-[OCSP]
-pki_ocsp_signing_key_algorithm=SHA256withRSA
-pki_ocsp_signing_key_size=2048
-pki_ocsp_signing_key_type=rsa
-pki_ocsp_signing_nickname=
-pki_ocsp_signing_signing_algorithm=SHA256withRSA
-pki_ocsp_signing_subject_dn=
-pki_ocsp_signing_token=
-pki_subsystem=OCSP
-pki_subsystem_name=
-###############################################################################
-## 'RA' Data: ##
-## ##
-## Values in this section are common to PKI RA subsystems, and contain ##
-## required information which MAY be overridden by users as necessary. ##
-###############################################################################
-[RA]
-pki_subsystem=RA
-pki_subsystem_name=
-###############################################################################
-## 'TKS' Data: ##
-## ##
-## Values in this section are common to TKS subsystems ##
-## including 'PKI TKSs' and 'Cloned TKSs', and contain ##
-## required information which MAY be overridden by users as necessary. ##
-###############################################################################
-[TKS]
-pki_subsystem=TKS
-pki_subsystem_name=
-###############################################################################
-## 'TPS' Data: ##
-## ##
-## Values in this section are common to PKI TPS subsystems, and contain ##
-## required information which MAY be overridden by users as necessary. ##
-###############################################################################
-[TPS]
-pki_subsystem=TPS
-pki_subsystem_name=
+pki_security_domain_password=Secret123
+pki_token_password=Secret123
diff --git a/scripts/kra.cfg b/scripts/kra.cfg
index b8e391a..cdce543 100644
--- a/scripts/kra.cfg
+++ b/scripts/kra.cfg
@@ -1,233 +1,23 @@
-###############################################################################
-## 'Sensitive' Data: ##
-## ##
-## Values in this section pertain to various PKI subsystems, and contain ##
-## required 'sensitive' information which MUST ALWAYS be provided by users. ##
-## ##
-## IMPORTANT: Sensitive data values must NEVER be displayed to the ##
-## console NOR stored in log files!!! ##
-###############################################################################
-[Sensitive]
-pki_admin_password=Secret123
-pki_backup_password=Secret123
-pki_client_database_password=Secret123
-pki_client_pkcs12_password=Secret123
-pki_clone_pkcs12_password=Secret123
-pki_ds_password=Secret123
-pki_security_domain_password=Secret123
-pki_token_password=Secret123
-###############################################################################
-## 'Common' Data: ##
-## ##
-## Values in this section are common to more than one PKI subsystem, and ##
-## contain required information which MAY be overridden by users as ##
-## necessary. ##
-## ##
-## NOTE: Default values will be generated for any and all required ##
-## 'common' data values which are left undefined. ##
-###############################################################################
-[Common]
-pki_admin_cert_request_type=crmf
-pki_admin_domain_name=
-pki_admin_dualkey=False
+[KRA]
+pki_ajp_port=12009
pki_admin_email=kraadmin@example.com
-pki_admin_keysize=2048
pki_admin_name=kraadmin
pki_admin_nickname=kraadmin
-pki_admin_subject_dn=
+pki_admin_password=Secret123
pki_admin_uid=kraadmin
-pki_audit_group=pkiaudit
-pki_audit_signing_key_algorithm=SHA256withRSA
-pki_audit_signing_key_size=2048
-pki_audit_signing_key_type=rsa
-pki_audit_signing_nickname=
-pki_audit_signing_signing_algorithm=SHA256withRSA
-pki_audit_signing_subject_dn=
-pki_audit_signing_token=
-pki_backup_keys=False
-pki_client_database_dir=
+pki_backup_password=Secret123
+pki_client_database_password=Secret123
pki_client_database_purge=False
-pki_client_dir=
+pki_client_pkcs12_password=Secret123
+pki_clone_pkcs12_password=Secret123
pki_ds_base_dn=dc=kra,dc=example,dc=com
-pki_ds_bind_dn=cn=Directory Manager
pki_ds_database=kra
-pki_ds_hostname=
-pki_ds_ldap_port=389
-pki_ds_ldaps_port=636
-pki_ds_remove_data=True
-pki_ds_secure_connection=False
-pki_group=pkiuser
-pki_issuing_ca=
-pki_restart_configured_instance=True
-pki_security_domain_hostname=
-pki_security_domain_https_port=8443
-pki_security_domain_name=EXAMPLE
-pki_security_domain_user=caadmin
-pki_skip_configuration=False
-pki_skip_installation=False
-pki_ssl_server_key_algorithm=SHA256withRSA
-pki_ssl_server_key_size=2048
-pki_ssl_server_key_type=rsa
-pki_ssl_server_nickname=
-pki_ssl_server_subject_dn=
-pki_ssl_server_token=
-pki_subsystem_key_algorithm=SHA256withRSA
-pki_subsystem_key_size=2048
-pki_subsystem_key_type=rsa
-pki_subsystem_nickname=
-pki_subsystem_subject_dn=
-pki_subsystem_token=
-pki_token_name=internal
-pki_user=pkiuser
-###############################################################################
-## 'Apache' Data: ##
-## ##
-## Values in this section are common to PKI subsystems that run ##
-## as an instance of 'Apache' (RA and TPS subsystems), and contain ##
-## required information which MAY be overridden by users as necessary. ##
-###############################################################################
-[Apache]
-pki_instance_name=pki-apache
-pki_http_port=80
-pki_https_port=443
-###############################################################################
-## 'Tomcat' Data: ##
-## ##
-## Values in this section are common to PKI subsystems that run ##
-## as an instance of 'Tomcat' (CA, KRA, OCSP, and TKS subsystems ##
-## including 'Clones', 'Subordinate CAs', and 'External CAs'), and contain ##
-## required information which MAY be overridden by users as necessary. ##
-## ##
-## PKI CLONES: To specify a 'CA Clone', a 'KRA Clone', an 'OCSP Clone', ##
-## or a 'TKS Clone', change the value of 'pki_clone' ##
-## from 'False' to 'True'. ##
-## ##
-## REMINDER: PKI CA Clones, Subordinate CAs, and External CAs ##
-## are MUTUALLY EXCLUSIVE entities!!! ##
-###############################################################################
-[Tomcat]
-pki_ajp_port=12009
-pki_clone=False
-pki_clone_pkcs12_path=
-pki_clone_replicate_schema=True
-pki_clone_replication_master_port=
-pki_clone_replication_clone_port=
-pki_clone_replication_security=None
-pki_clone_uri=
-pki_enable_java_debugger=False
-pki_enable_proxy=False
+pki_ds_password=Secret123
pki_http_port=12080
pki_https_port=12443
pki_instance_name=kra-master
-pki_proxy_http_port=80
-pki_proxy_https_port=443
-pki_security_manager=false
+pki_security_domain_name=EXAMPLE
+pki_security_domain_user=caadmin
+pki_security_domain_password=Secret123
+pki_token_password=Secret123
pki_tomcat_server_port=12005
-###############################################################################
-## 'CA' Data: ##
-## ##
-## Values in this section are common to CA subsystems including 'PKI CAs', ##
-## 'Cloned CAs', 'Subordinate CAs', and 'External CAs', and contain ##
-## required information which MAY be overridden by users as necessary. ##
-## ##
-## EXTERNAL CAs: To specify an 'External CA', change the value ##
-## of 'pki_external' from 'False' to 'True'. ##
-## ##
-## SUBORDINATE CAs: To specify a 'Subordinate CA', change the value ##
-## of 'pki_subordinate' from 'False' to 'True'. ##
-## ##
-## REMINDER: PKI CA Clones, Subordinate CAs, and External CAs ##
-## are MUTUALLY EXCLUSIVE entities!!! ##
-###############################################################################
-[CA]
-pki_ca_signing_key_algorithm=SHA256withRSA
-pki_ca_signing_key_size=2048
-pki_ca_signing_key_type=rsa
-pki_ca_signing_nickname=
-pki_ca_signing_signing_algorithm=SHA256withRSA
-pki_ca_signing_subject_dn=
-pki_ca_signing_token=
-pki_external=False
-pki_external_ca_cert_chain_path=
-pki_external_ca_cert_path=
-pki_external_csr_path=
-pki_external_step_two=False
-pki_ocsp_signing_key_algorithm=SHA256withRSA
-pki_ocsp_signing_key_size=2048
-pki_ocsp_signing_key_type=rsa
-pki_ocsp_signing_nickname=
-pki_ocsp_signing_signing_algorithm=SHA256withRSA
-pki_ocsp_signing_subject_dn=
-pki_ocsp_signing_token=
-pki_subordinate=False
-pki_subsystem=CA
-pki_subsystem_name=
-###############################################################################
-## 'KRA' Data: ##
-## ##
-## Values in this section are common to KRA subsystems ##
-## including 'PKI KRAs' and 'Cloned KRAs', and contain ##
-## required information which MAY be overridden by users as necessary. ##
-###############################################################################
-[KRA]
-pki_storage_key_algorithm=SHA256withRSA
-pki_storage_key_size=2048
-pki_storage_key_type=rsa
-pki_storage_nickname=
-pki_storage_signing_algorithm=SHA256withRSA
-pki_storage_subject_dn=
-pki_storage_token=
-pki_subsystem=KRA
-pki_subsystem_name=
-pki_transport_key_algorithm=SHA256withRSA
-pki_transport_key_size=2048
-pki_transport_key_type=rsa
-pki_transport_nickname=
-pki_transport_signing_algorithm=SHA256withRSA
-pki_transport_subject_dn=
-pki_transport_token=
-###############################################################################
-## 'OCSP' Data: ##
-## ##
-## Values in this section are common to OCSP subsystems ##
-## including 'PKI OCSPs' and 'Cloned OCSPs', and contain ##
-## required information which MAY be overridden by users as necessary. ##
-###############################################################################
-[OCSP]
-pki_ocsp_signing_key_algorithm=SHA256withRSA
-pki_ocsp_signing_key_size=2048
-pki_ocsp_signing_key_type=rsa
-pki_ocsp_signing_nickname=
-pki_ocsp_signing_signing_algorithm=SHA256withRSA
-pki_ocsp_signing_subject_dn=
-pki_ocsp_signing_token=
-pki_subsystem=OCSP
-pki_subsystem_name=
-###############################################################################
-## 'RA' Data: ##
-## ##
-## Values in this section are common to PKI RA subsystems, and contain ##
-## required information which MAY be overridden by users as necessary. ##
-###############################################################################
-[RA]
-pki_subsystem=RA
-pki_subsystem_name=
-###############################################################################
-## 'TKS' Data: ##
-## ##
-## Values in this section are common to TKS subsystems ##
-## including 'PKI TKSs' and 'Cloned TKSs', and contain ##
-## required information which MAY be overridden by users as necessary. ##
-###############################################################################
-[TKS]
-pki_subsystem=TKS
-pki_subsystem_name=
-###############################################################################
-## 'TPS' Data: ##
-## ##
-## Values in this section are common to PKI TPS subsystems, and contain ##
-## required information which MAY be overridden by users as necessary. ##
-###############################################################################
-[TPS]
-pki_subsystem=TPS
-pki_subsystem_name=
diff --git a/scripts/ocsp.cfg b/scripts/ocsp.cfg
index 8a5e6ac..c845f99 100644
--- a/scripts/ocsp.cfg
+++ b/scripts/ocsp.cfg
@@ -1,233 +1,23 @@
-###############################################################################
-## 'Sensitive' Data: ##
-## ##
-## Values in this section pertain to various PKI subsystems, and contain ##
-## required 'sensitive' information which MUST ALWAYS be provided by users. ##
-## ##
-## IMPORTANT: Sensitive data values must NEVER be displayed to the ##
-## console NOR stored in log files!!! ##
-###############################################################################
-[Sensitive]
-pki_admin_password=Secret123
-pki_backup_password=Secret123
-pki_client_database_password=Secret123
-pki_client_pkcs12_password=Secret123
-pki_clone_pkcs12_password=Secret123
-pki_ds_password=Secret123
-pki_security_domain_password=Secret123
-pki_token_password=Secret123
-###############################################################################
-## 'Common' Data: ##
-## ##
-## Values in this section are common to more than one PKI subsystem, and ##
-## contain required information which MAY be overridden by users as ##
-## necessary. ##
-## ##
-## NOTE: Default values will be generated for any and all required ##
-## 'common' data values which are left undefined. ##
-###############################################################################
-[Common]
-pki_admin_cert_request_type=crmf
-pki_admin_domain_name=
-pki_admin_dualkey=False
+[OCSP]
+pki_ajp_port=15009
pki_admin_email=ocspadmin@example.com
-pki_admin_keysize=2048
pki_admin_name=ocspadmin
pki_admin_nickname=ocspadmin
-pki_admin_subject_dn=
+pki_admin_password=Secret123
pki_admin_uid=ocspadmin
-pki_audit_group=pkiaudit
-pki_audit_signing_key_algorithm=SHA256withRSA
-pki_audit_signing_key_size=2048
-pki_audit_signing_key_type=rsa
-pki_audit_signing_nickname=
-pki_audit_signing_signing_algorithm=SHA256withRSA
-pki_audit_signing_subject_dn=
-pki_audit_signing_token=
-pki_backup_keys=False
-pki_client_database_dir=
+pki_backup_password=Secret123
+pki_client_database_password=Secret123
pki_client_database_purge=False
-pki_client_dir=
+pki_client_pkcs12_password=Secret123
+pki_clone_pkcs12_password=Secret123
pki_ds_base_dn=dc=ocsp,dc=example,dc=com
-pki_ds_bind_dn=cn=Directory Manager
pki_ds_database=ocsp
-pki_ds_hostname=
-pki_ds_ldap_port=389
-pki_ds_ldaps_port=636
-pki_ds_remove_data=True
-pki_ds_secure_connection=False
-pki_group=pkiuser
-pki_issuing_ca=
-pki_restart_configured_instance=True
-pki_security_domain_hostname=
-pki_security_domain_https_port=8443
-pki_security_domain_name=EXAMPLE
-pki_security_domain_user=caadmin
-pki_skip_configuration=False
-pki_skip_installation=False
-pki_ssl_server_key_algorithm=SHA256withRSA
-pki_ssl_server_key_size=2048
-pki_ssl_server_key_type=rsa
-pki_ssl_server_nickname=
-pki_ssl_server_subject_dn=
-pki_ssl_server_token=
-pki_subsystem_key_algorithm=SHA256withRSA
-pki_subsystem_key_size=2048
-pki_subsystem_key_type=rsa
-pki_subsystem_nickname=
-pki_subsystem_subject_dn=
-pki_subsystem_token=
-pki_token_name=internal
-pki_user=pkiuser
-###############################################################################
-## 'Apache' Data: ##
-## ##
-## Values in this section are common to PKI subsystems that run ##
-## as an instance of 'Apache' (RA and TPS subsystems), and contain ##
-## required information which MAY be overridden by users as necessary. ##
-###############################################################################
-[Apache]
-pki_instance_name=pki-apache
-pki_http_port=80
-pki_https_port=443
-###############################################################################
-## 'Tomcat' Data: ##
-## ##
-## Values in this section are common to PKI subsystems that run ##
-## as an instance of 'Tomcat' (CA, KRA, OCSP, and TKS subsystems ##
-## including 'Clones', 'Subordinate CAs', and 'External CAs'), and contain ##
-## required information which MAY be overridden by users as necessary. ##
-## ##
-## PKI CLONES: To specify a 'CA Clone', a 'KRA Clone', an 'OCSP Clone', ##
-## or a 'TKS Clone', change the value of 'pki_clone' ##
-## from 'False' to 'True'. ##
-## ##
-## REMINDER: PKI CA Clones, Subordinate CAs, and External CAs ##
-## are MUTUALLY EXCLUSIVE entities!!! ##
-###############################################################################
-[Tomcat]
-pki_ajp_port=15009
-pki_clone=False
-pki_clone_pkcs12_path=
-pki_clone_replicate_schema=True
-pki_clone_replication_master_port=
-pki_clone_replication_clone_port=
-pki_clone_replication_security=None
-pki_clone_uri=
-pki_enable_java_debugger=False
-pki_enable_proxy=False
+pki_ds_password=Secret123
pki_http_port=15080
pki_https_port=15443
pki_instance_name=ocsp-master
-pki_proxy_http_port=80
-pki_proxy_https_port=443
-pki_security_manager=true
+pki_security_domain_name=EXAMPLE
+pki_security_domain_user=caadmin
+pki_security_domain_password=Secret123
+pki_token_password=Secret123
pki_tomcat_server_port=15005
-###############################################################################
-## 'CA' Data: ##
-## ##
-## Values in this section are common to CA subsystems including 'PKI CAs', ##
-## 'Cloned CAs', 'Subordinate CAs', and 'External CAs', and contain ##
-## required information which MAY be overridden by users as necessary. ##
-## ##
-## EXTERNAL CAs: To specify an 'External CA', change the value ##
-## of 'pki_external' from 'False' to 'True'. ##
-## ##
-## SUBORDINATE CAs: To specify a 'Subordinate CA', change the value ##
-## of 'pki_subordinate' from 'False' to 'True'. ##
-## ##
-## REMINDER: PKI CA Clones, Subordinate CAs, and External CAs ##
-## are MUTUALLY EXCLUSIVE entities!!! ##
-###############################################################################
-[CA]
-pki_ca_signing_key_algorithm=SHA256withRSA
-pki_ca_signing_key_size=2048
-pki_ca_signing_key_type=rsa
-pki_ca_signing_nickname=
-pki_ca_signing_signing_algorithm=SHA256withRSA
-pki_ca_signing_subject_dn=
-pki_ca_signing_token=
-pki_external=False
-pki_external_ca_cert_chain_path=
-pki_external_ca_cert_path=
-pki_external_csr_path=
-pki_external_step_two=False
-pki_ocsp_signing_key_algorithm=SHA256withRSA
-pki_ocsp_signing_key_size=2048
-pki_ocsp_signing_key_type=rsa
-pki_ocsp_signing_nickname=
-pki_ocsp_signing_signing_algorithm=SHA256withRSA
-pki_ocsp_signing_subject_dn=
-pki_ocsp_signing_token=
-pki_subordinate=False
-pki_subsystem=CA
-pki_subsystem_name=
-###############################################################################
-## 'KRA' Data: ##
-## ##
-## Values in this section are common to KRA subsystems ##
-## including 'PKI KRAs' and 'Cloned KRAs', and contain ##
-## required information which MAY be overridden by users as necessary. ##
-###############################################################################
-[KRA]
-pki_storage_key_algorithm=SHA256withRSA
-pki_storage_key_size=2048
-pki_storage_key_type=rsa
-pki_storage_nickname=
-pki_storage_signing_algorithm=SHA256withRSA
-pki_storage_subject_dn=
-pki_storage_token=
-pki_subsystem=KRA
-pki_subsystem_name=
-pki_transport_key_algorithm=SHA256withRSA
-pki_transport_key_size=2048
-pki_transport_key_type=rsa
-pki_transport_nickname=
-pki_transport_signing_algorithm=SHA256withRSA
-pki_transport_subject_dn=
-pki_transport_token=
-###############################################################################
-## 'OCSP' Data: ##
-## ##
-## Values in this section are common to OCSP subsystems ##
-## including 'PKI OCSPs' and 'Cloned OCSPs', and contain ##
-## required information which MAY be overridden by users as necessary. ##
-###############################################################################
-[OCSP]
-pki_ocsp_signing_key_algorithm=SHA256withRSA
-pki_ocsp_signing_key_size=2048
-pki_ocsp_signing_key_type=rsa
-pki_ocsp_signing_nickname=
-pki_ocsp_signing_signing_algorithm=SHA256withRSA
-pki_ocsp_signing_subject_dn=
-pki_ocsp_signing_token=
-pki_subsystem=OCSP
-pki_subsystem_name=
-###############################################################################
-## 'RA' Data: ##
-## ##
-## Values in this section are common to PKI RA subsystems, and contain ##
-## required information which MAY be overridden by users as necessary. ##
-###############################################################################
-[RA]
-pki_subsystem=RA
-pki_subsystem_name=
-###############################################################################
-## 'TKS' Data: ##
-## ##
-## Values in this section are common to TKS subsystems ##
-## including 'PKI TKSs' and 'Cloned TKSs', and contain ##
-## required information which MAY be overridden by users as necessary. ##
-###############################################################################
-[TKS]
-pki_subsystem=TKS
-pki_subsystem_name=
-###############################################################################
-## 'TPS' Data: ##
-## ##
-## Values in this section are common to PKI TPS subsystems, and contain ##
-## required information which MAY be overridden by users as necessary. ##
-###############################################################################
-[TPS]
-pki_subsystem=TPS
-pki_subsystem_name=
diff --git a/scripts/tks.cfg b/scripts/tks.cfg
index 06dbfe6..325c13f 100644
--- a/scripts/tks.cfg
+++ b/scripts/tks.cfg
@@ -1,233 +1,23 @@
-###############################################################################
-## 'Sensitive' Data: ##
-## ##
-## Values in this section pertain to various PKI subsystems, and contain ##
-## required 'sensitive' information which MUST ALWAYS be provided by users. ##
-## ##
-## IMPORTANT: Sensitive data values must NEVER be displayed to the ##
-## console NOR stored in log files!!! ##
-###############################################################################
-[Sensitive]
-pki_admin_password=Secret123
-pki_backup_password=Secret123
-pki_client_database_password=Secret123
-pki_client_pkcs12_password=Secret123
-pki_clone_pkcs12_password=Secret123
-pki_ds_password=Secret123
-pki_security_domain_password=Secret123
-pki_token_password=Secret123
-###############################################################################
-## 'Common' Data: ##
-## ##
-## Values in this section are common to more than one PKI subsystem, and ##
-## contain required information which MAY be overridden by users as ##
-## necessary. ##
-## ##
-## NOTE: Default values will be generated for any and all required ##
-## 'common' data values which are left undefined. ##
-###############################################################################
-[Common]
-pki_admin_cert_request_type=crmf
-pki_admin_domain_name=
-pki_admin_dualkey=False
+[TKS]
+pki_ajp_port=14009
pki_admin_email=tksadmin@example.com
-pki_admin_keysize=2048
pki_admin_name=tksadmin
pki_admin_nickname=tksadmin
-pki_admin_subject_dn=
+pki_admin_password=Secret123
pki_admin_uid=tksadmin
-pki_audit_group=pkiaudit
-pki_audit_signing_key_algorithm=SHA256withRSA
-pki_audit_signing_key_size=2048
-pki_audit_signing_key_type=rsa
-pki_audit_signing_nickname=
-pki_audit_signing_signing_algorithm=SHA256withRSA
-pki_audit_signing_subject_dn=
-pki_audit_signing_token=
-pki_backup_keys=False
-pki_client_database_dir=
-pki_client_database_purge=False
-pki_client_dir=
+pki_backup_password=Secret123
pki_ds_base_dn=dc=tks,dc=example,dc=com
-pki_ds_bind_dn=cn=Directory Manager
pki_ds_database=tks
-pki_ds_hostname=
-pki_ds_ldap_port=389
-pki_ds_ldaps_port=636
-pki_ds_remove_data=True
-pki_ds_secure_connection=False
-pki_group=pkiuser
-pki_issuing_ca=
-pki_restart_configured_instance=True
-pki_security_domain_hostname=
-pki_security_domain_https_port=8443
-pki_security_domain_name=EXAMPLE
-pki_security_domain_user=caadmin
-pki_skip_configuration=False
-pki_skip_installation=False
-pki_ssl_server_key_algorithm=SHA256withRSA
-pki_ssl_server_key_size=2048
-pki_ssl_server_key_type=rsa
-pki_ssl_server_nickname=
-pki_ssl_server_subject_dn=
-pki_ssl_server_token=
-pki_subsystem_key_algorithm=SHA256withRSA
-pki_subsystem_key_size=2048
-pki_subsystem_key_type=rsa
-pki_subsystem_nickname=
-pki_subsystem_subject_dn=
-pki_subsystem_token=
-pki_token_name=internal
-pki_user=pkiuser
-###############################################################################
-## 'Apache' Data: ##
-## ##
-## Values in this section are common to PKI subsystems that run ##
-## as an instance of 'Apache' (RA and TPS subsystems), and contain ##
-## required information which MAY be overridden by users as necessary. ##
-###############################################################################
-[Apache]
-pki_instance_name=pki-apache
-pki_http_port=80
-pki_https_port=443
-###############################################################################
-## 'Tomcat' Data: ##
-## ##
-## Values in this section are common to PKI subsystems that run ##
-## as an instance of 'Tomcat' (CA, KRA, OCSP, and TKS subsystems ##
-## including 'Clones', 'Subordinate CAs', and 'External CAs'), and contain ##
-## required information which MAY be overridden by users as necessary. ##
-## ##
-## PKI CLONES: To specify a 'CA Clone', a 'KRA Clone', an 'OCSP Clone', ##
-## or a 'TKS Clone', change the value of 'pki_clone' ##
-## from 'False' to 'True'. ##
-## ##
-## REMINDER: PKI CA Clones, Subordinate CAs, and External CAs ##
-## are MUTUALLY EXCLUSIVE entities!!! ##
-###############################################################################
-[Tomcat]
-pki_ajp_port=14009
-pki_clone=False
-pki_clone_pkcs12_path=
-pki_clone_replicate_schema=True
-pki_clone_replication_master_port=
-pki_clone_replication_clone_port=
-pki_clone_replication_security=None
-pki_clone_uri=
-pki_enable_java_debugger=False
-pki_enable_proxy=False
+pki_client_database_password=Secret123
+pki_client_database_purge=False
+pki_client_pkcs12_password=Secret123
+pki_clone_pkcs12_password=Secret123
+pki_ds_password=Secret123
pki_http_port=14080
pki_https_port=14443
pki_instance_name=tks-master
-pki_proxy_http_port=80
-pki_proxy_https_port=443
-pki_security_manager=true
+pki_security_domain_name=EXAMPLE
+pki_security_domain_user=caadmin
+pki_security_domain_password=Secret123
+pki_token_password=Secret123
pki_tomcat_server_port=14005
-###############################################################################
-## 'CA' Data: ##
-## ##
-## Values in this section are common to CA subsystems including 'PKI CAs', ##
-## 'Cloned CAs', 'Subordinate CAs', and 'External CAs', and contain ##
-## required information which MAY be overridden by users as necessary. ##
-## ##
-## EXTERNAL CAs: To specify an 'External CA', change the value ##
-## of 'pki_external' from 'False' to 'True'. ##
-## ##
-## SUBORDINATE CAs: To specify a 'Subordinate CA', change the value ##
-## of 'pki_subordinate' from 'False' to 'True'. ##
-## ##
-## REMINDER: PKI CA Clones, Subordinate CAs, and External CAs ##
-## are MUTUALLY EXCLUSIVE entities!!! ##
-###############################################################################
-[CA]
-pki_ca_signing_key_algorithm=SHA256withRSA
-pki_ca_signing_key_size=2048
-pki_ca_signing_key_type=rsa
-pki_ca_signing_nickname=
-pki_ca_signing_signing_algorithm=SHA256withRSA
-pki_ca_signing_subject_dn=
-pki_ca_signing_token=
-pki_external=False
-pki_external_ca_cert_chain_path=
-pki_external_ca_cert_path=
-pki_external_csr_path=
-pki_external_step_two=False
-pki_ocsp_signing_key_algorithm=SHA256withRSA
-pki_ocsp_signing_key_size=2048
-pki_ocsp_signing_key_type=rsa
-pki_ocsp_signing_nickname=
-pki_ocsp_signing_signing_algorithm=SHA256withRSA
-pki_ocsp_signing_subject_dn=
-pki_ocsp_signing_token=
-pki_subordinate=False
-pki_subsystem=CA
-pki_subsystem_name=
-###############################################################################
-## 'KRA' Data: ##
-## ##
-## Values in this section are common to KRA subsystems ##
-## including 'PKI KRAs' and 'Cloned KRAs', and contain ##
-## required information which MAY be overridden by users as necessary. ##
-###############################################################################
-[KRA]
-pki_storage_key_algorithm=SHA256withRSA
-pki_storage_key_size=2048
-pki_storage_key_type=rsa
-pki_storage_nickname=
-pki_storage_signing_algorithm=SHA256withRSA
-pki_storage_subject_dn=
-pki_storage_token=
-pki_subsystem=KRA
-pki_subsystem_name=
-pki_transport_key_algorithm=SHA256withRSA
-pki_transport_key_size=2048
-pki_transport_key_type=rsa
-pki_transport_nickname=
-pki_transport_signing_algorithm=SHA256withRSA
-pki_transport_subject_dn=
-pki_transport_token=
-###############################################################################
-## 'OCSP' Data: ##
-## ##
-## Values in this section are common to OCSP subsystems ##
-## including 'PKI OCSPs' and 'Cloned OCSPs', and contain ##
-## required information which MAY be overridden by users as necessary. ##
-###############################################################################
-[OCSP]
-pki_ocsp_signing_key_algorithm=SHA256withRSA
-pki_ocsp_signing_key_size=2048
-pki_ocsp_signing_key_type=rsa
-pki_ocsp_signing_nickname=
-pki_ocsp_signing_signing_algorithm=SHA256withRSA
-pki_ocsp_signing_subject_dn=
-pki_ocsp_signing_token=
-pki_subsystem=OCSP
-pki_subsystem_name=
-###############################################################################
-## 'RA' Data: ##
-## ##
-## Values in this section are common to PKI RA subsystems, and contain ##
-## required information which MAY be overridden by users as necessary. ##
-###############################################################################
-[RA]
-pki_subsystem=RA
-pki_subsystem_name=
-###############################################################################
-## 'TKS' Data: ##
-## ##
-## Values in this section are common to TKS subsystems ##
-## including 'PKI TKSs' and 'Cloned TKSs', and contain ##
-## required information which MAY be overridden by users as necessary. ##
-###############################################################################
-[TKS]
-pki_subsystem=TKS
-pki_subsystem_name=
-###############################################################################
-## 'TPS' Data: ##
-## ##
-## Values in this section are common to PKI TPS subsystems, and contain ##
-## required information which MAY be overridden by users as necessary. ##
-###############################################################################
-[TPS]
-pki_subsystem=TPS
-pki_subsystem_name=
generated by cgit (git 2.34.1) at 2024-05-03 14:57:57 +0000