############################################################################### ## 'Sensitive' Data: ## ## ## ## Values in this section pertain to various PKI subsystems, and contain ## ## required 'sensitive' information which MUST ALWAYS be provided by users. ## ## ## ## IMPORTANT: Sensitive data values must NEVER be displayed to the ## ## console NOR stored in log files!!! ## ############################################################################### [Sensitive] pki_admin_password=Secret123 pki_backup_password=Secret123 pki_client_database_password=Secret123 pki_client_pkcs12_password=Secret123 pki_clone_pkcs12_password=Secret123 pki_ds_password=Secret123 pki_security_domain_password=Secret123 pki_token_password=Secret123 ############################################################################### ## 'Common' Data: ## ## ## ## Values in this section are common to more than one PKI subsystem, and ## ## contain required information which MAY be overridden by users as ## ## necessary. ## ## ## ## NOTE: Default values will be generated for any and all required ## ## 'common' data values which are left undefined. ## ############################################################################### [Common] pki_admin_cert_request_type=crmf pki_admin_domain_name= pki_admin_dualkey=False pki_admin_email=caadmin@example.com pki_admin_keysize=2048 pki_admin_name=caadmin pki_admin_nickname=caadmin pki_admin_subject_dn= pki_admin_uid=caadmin pki_audit_group=pkiaudit pki_audit_signing_key_algorithm=SHA256withRSA pki_audit_signing_key_size=2048 pki_audit_signing_key_type=rsa pki_audit_signing_nickname= pki_audit_signing_signing_algorithm=SHA256withRSA pki_audit_signing_subject_dn= pki_audit_signing_token= pki_backup_keys=False pki_client_database_dir=/var/lib/pki/ca-master/ca/certs pki_client_database_purge=False pki_client_dir= pki_ds_base_dn=dc=ca,dc=example,dc=com pki_ds_bind_dn=cn=Directory Manager pki_ds_database=ca pki_ds_hostname= pki_ds_ldap_port=389 pki_ds_ldaps_port=636 pki_ds_remove_data=True pki_ds_secure_connection=False pki_group=pkiuser pki_issuing_ca= pki_restart_configured_instance=True pki_security_domain_hostname= pki_security_domain_https_port=8443 pki_security_domain_name=EXAMPLE pki_security_domain_user=caadmin pki_skip_configuration=False pki_skip_installation=False pki_ssl_server_key_algorithm=SHA256withRSA pki_ssl_server_key_size=2048 pki_ssl_server_key_type=rsa pki_ssl_server_nickname= pki_ssl_server_subject_dn= pki_ssl_server_token= pki_subsystem_key_algorithm=SHA256withRSA pki_subsystem_key_size=2048 pki_subsystem_key_type=rsa pki_subsystem_nickname= pki_subsystem_subject_dn= pki_subsystem_token= pki_token_name=internal pki_user=pkiuser ############################################################################### ## 'Apache' Data: ## ## ## ## Values in this section are common to PKI subsystems that run ## ## as an instance of 'Apache' (RA and TPS subsystems), and contain ## ## required information which MAY be overridden by users as necessary. ## ############################################################################### [Apache] pki_instance_name=pki-apache pki_http_port=80 pki_https_port=443 ############################################################################### ## 'Tomcat' Data: ## ## ## ## Values in this section are common to PKI subsystems that run ## ## as an instance of 'Tomcat' (CA, KRA, OCSP, and TKS subsystems ## ## including 'Clones', 'Subordinate CAs', and 'External CAs'), and contain ## ## required information which MAY be overridden by users as necessary. ## ## ## ## PKI CLONES: To specify a 'CA Clone', a 'KRA Clone', an 'OCSP Clone', ## ## or a 'TKS Clone', change the value of 'pki_clone' ## ## from 'False' to 'True'. ## ## ## ## REMINDER: PKI CA Clones, Subordinate CAs, and External CAs ## ## are MUTUALLY EXCLUSIVE entities!!! ## ############################################################################### [Tomcat] pki_ajp_port=8009 pki_clone=False pki_clone_pkcs12_path= pki_clone_replication_security=None pki_clone_uri= pki_enable_java_debugger=False pki_enable_proxy=False pki_http_port=8080 pki_https_port=8443 pki_instance_name=ca-master pki_proxy_http_port=80 pki_proxy_https_port=443 pki_security_manager=true pki_tomcat_server_port=8005 ############################################################################### ## 'CA' Data: ## ## ## ## Values in this section are common to CA subsystems including 'PKI CAs', ## ## 'Cloned CAs', 'Subordinate CAs', and 'External CAs', and contain ## ## required information which MAY be overridden by users as necessary. ## ## ## ## EXTERNAL CAs: To specify an 'External CA', change the value ## ## of 'pki_external' from 'False' to 'True'. ## ## ## ## SUBORDINATE CAs: To specify a 'Subordinate CA', change the value ## ## of 'pki_subordinate' from 'False' to 'True'. ## ## ## ## REMINDER: PKI CA Clones, Subordinate CAs, and External CAs ## ## are MUTUALLY EXCLUSIVE entities!!! ## ############################################################################### [CA] pki_ca_signing_key_algorithm=SHA256withRSA pki_ca_signing_key_size=2048 pki_ca_signing_key_type=rsa pki_ca_signing_nickname= pki_ca_signing_signing_algorithm=SHA256withRSA pki_ca_signing_subject_dn= pki_ca_signing_token= pki_external=False pki_external_ca_cert_chain_path= pki_external_ca_cert_path= pki_external_csr_path= pki_external_step_two=False pki_ocsp_signing_key_algorithm=SHA256withRSA pki_ocsp_signing_key_size=2048 pki_ocsp_signing_key_type=rsa pki_ocsp_signing_nickname= pki_ocsp_signing_signing_algorithm=SHA256withRSA pki_ocsp_signing_subject_dn= pki_ocsp_signing_token= pki_subordinate=False pki_subsystem=CA pki_subsystem_name= ############################################################################### ## 'KRA' Data: ## ## ## ## Values in this section are common to KRA subsystems ## ## including 'PKI KRAs' and 'Cloned KRAs', and contain ## ## required information which MAY be overridden by users as necessary. ## ############################################################################### [KRA] pki_storage_key_algorithm=SHA256withRSA pki_storage_key_size=2048 pki_storage_key_type=rsa pki_storage_nickname= pki_storage_signing_algorithm=SHA256withRSA pki_storage_subject_dn= pki_storage_token= pki_subsystem=KRA pki_subsystem_name= pki_transport_key_algorithm=SHA256withRSA pki_transport_key_size=2048 pki_transport_key_type=rsa pki_transport_nickname= pki_transport_signing_algorithm=SHA256withRSA pki_transport_subject_dn= pki_transport_token= ############################################################################### ## 'OCSP' Data: ## ## ## ## Values in this section are common to OCSP subsystems ## ## including 'PKI OCSPs' and 'Cloned OCSPs', and contain ## ## required information which MAY be overridden by users as necessary. ## ############################################################################### [OCSP] pki_ocsp_signing_key_algorithm=SHA256withRSA pki_ocsp_signing_key_size=2048 pki_ocsp_signing_key_type=rsa pki_ocsp_signing_nickname= pki_ocsp_signing_signing_algorithm=SHA256withRSA pki_ocsp_signing_subject_dn= pki_ocsp_signing_token= pki_subsystem=OCSP pki_subsystem_name= ############################################################################### ## 'RA' Data: ## ## ## ## Values in this section are common to PKI RA subsystems, and contain ## ## required information which MAY be overridden by users as necessary. ## ############################################################################### [RA] pki_subsystem=RA pki_subsystem_name= ############################################################################### ## 'TKS' Data: ## ## ## ## Values in this section are common to TKS subsystems ## ## including 'PKI TKSs' and 'Cloned TKSs', and contain ## ## required information which MAY be overridden by users as necessary. ## ############################################################################### [TKS] pki_subsystem=TKS pki_subsystem_name= ############################################################################### ## 'TPS' Data: ## ## ## ## Values in this section are common to PKI TPS subsystems, and contain ## ## required information which MAY be overridden by users as necessary. ## ############################################################################### [TPS] pki_subsystem=TPS pki_subsystem_name=