Adjust current files so patches merge, will adjust after merge complete

pkicreate: index.jsp -> index.html
server.xml: remove ocsp
base/tps/doc/CS.cfg: CIMC_CERT_VERIFICATION


git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@1531 c9f7a03b-bd48-0410-a16d-cbbf54688b0b

6 files changed, 16 insertions, 140 deletions

diff --git a/pki/base/ca/shared/conf/server.xml b/pki/base/ca/shared/conf/server.xml
index f1157f136..0c0ea96af 100644
--- a/pki/base/ca/shared/conf/server.xml
+++ b/pki/base/ca/shared/conf/server.xml
@@ -94,31 +94,7 @@ Tomcat Port         = [TOMCAT_SERVER_PORT] (for shutdown)
 
 <!-- Define a SSL HTTP/1.1 Connector on port 8443 -->
 [PKI_SECURE_PORT_SERVER_COMMENT]
-<!-- DO NOT REMOVE - Begin define PKI secure port 
-    NOTE: The OCSP settings take effect globally, so it should only be set once.
-
-      In setup where SSL clientAuth="true", OCSP can be turned on by
-      setting enableOCSP to true like the following:
-        enableOCSP="true"
-      along with changes to related settings, especially:
-        ocspResponderURL=<see example in connector definition below>
-        ocspResponderCertNickname=<see example in connector definition below>
-      Here are the definition to all the OCSP-related settings:
-        enableOCSP - turns on/off the ocsp check
-        ocspResponderURL - sets the url where the ocsp requests are sent
-        ocspResponderCertNickname - sets the nickname of the cert that is
-            either CA's signing certificate or the OCSP server's signing
-            certificate.
-            The CA's signing certificate should already be in the db, in
-            case of the same security domain.
-            In case of an ocsp signing certificate, one must import the cert
-            into the subsystem's nss db and set trust. e.g.:
-              certutil -d . -A -n "ocspSigningCert cert-pki-ca" -t "C,," -a -i ocspCert.b64
-        ocspCacheSize - sets max cache entries
-        ocspMinCacheEntryDuration - sets minimum seconds to next fetch attempt
-        ocspMaxCacheEntryDuration - sets maximum seconds to next fetch attempt
-        ocspTimeout -sets OCSP timeout in seconds
--->
+<!-- DO NOT REMOVE - Begin define PKI secure port -->
 <Connector name="[PKI_SECURE_PORT_CONNECTOR_NAME]" port="[PKI_SECURE_PORT]" maxHttpHeaderSize="8192"
         maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
         enableLookups="false" disableUploadTimeout="true"
@@ -129,13 +105,6 @@ Tomcat Port         = [TOMCAT_SERVER_PORT] (for shutdown)
         ssl3Ciphers="-SSL3_FORTEZZA_DMS_WITH_NULL_SHA,-SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA,+SSL3_RSA_WITH_RC4_128_SHA,-SSL3_RSA_EXPORT_WITH_RC4_40_MD5,+SSL3_RSA_WITH_3DES_EDE_CBC_SHA,+SSL3_RSA_WITH_DES_CBC_SHA,-SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5,-SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA,-SSL_RSA_FIPS_WITH_DES_CBC_SHA,+SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,-SSL3_RSA_WITH_NULL_MD5,-TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,+TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA"
         tls3Ciphers="-SSL3_FORTEZZA_DMS_WITH_NULL_SHA,-SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA,+SSL3_RSA_WITH_RC4_128_SHA,-SSL3_RSA_EXPORT_WITH_RC4_40_MD5,+SSL3_RSA_WITH_3DES_EDE_CBC_SHA,+SSL3_RSA_WITH_DES_CBC_SHA,-SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5,-SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA,-SSL_RSA_FIPS_WITH_DES_CBC_SHA,+SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,-SSL3_RSA_WITH_NULL_MD5,-TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,+TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA"
         SSLImplementation="org.apache.tomcat.util.net.jss.JSSImplementation"
-        enableOCSP="false"
-        ocspResponderURL="http://[PKI_MACHINE_NAME]:9080/ca/ocsp"
-        ocspResponderCertNickname="ocspSigningCert cert-pki-ca"
-        ocspCacheSize="1000"
-        ocspMinCacheEntryDuration="60"
-        ocspMaxCacheEntryDuration="120"
-        ocspTimeout="10"
         serverCertNickFile="[PKI_INSTANCE_PATH]/conf/serverCertNick.conf"
         passwordFile="[PKI_INSTANCE_PATH]/conf/password.conf"
         passwordClass="org.apache.tomcat.util.net.jss.PlainPasswordFile"
diff --git a/pki/base/kra/shared/conf/server.xml b/pki/base/kra/shared/conf/server.xml
index 7218c4d0c..71b433bef 100644
--- a/pki/base/kra/shared/conf/server.xml
+++ b/pki/base/kra/shared/conf/server.xml
@@ -93,31 +93,7 @@ Tomcat Port       = [TOMCAT_SERVER_PORT] (for shutdown)
 
 <!-- Define a SSL HTTP/1.1 Connector on port 8443 -->
 [PKI_SECURE_PORT_SERVER_COMMENT]
-<!-- DO NOT REMOVE - Begin define PKI secure port
-    NOTE: The OCSP settings take effect globally, so it should only be set once.
-
-      In setup where SSL clientAuth="true", OCSP can be turned on by
-      setting enableOCSP to true like the following:
-        enableOCSP="true"
-      along with changes to related settings, especially:
-        ocspResponderURL=<see example in connector definition below>
-        ocspResponderCertNickname=<see example in connector definition below>
-      Here are the definition to all the OCSP-related settings:
-        enableOCSP - turns on/off the ocsp check
-        ocspResponderURL - sets the url where the ocsp requests are sent
-        ocspResponderCertNickname - sets the nickname of the cert that is
-            either CA's signing certificate or the OCSP server's signing
-            certificate.
-            The CA's signing certificate should already be in the db, in
-            case of the same security domain.
-            In case of an ocsp signing certificate, one must import the cert
-            into the subsystem's nss db and set trust. e.g.:
-              certutil -d . -A -n "ocspSigningCert cert-pki-ca" -t "C,," -a -i ocspCert.b64
-        ocspCacheSize - sets max cache entries
-        ocspMinCacheEntryDuration - sets minimum seconds to next fetch attempt
-        ocspMaxCacheEntryDuration - sets maximum seconds to next fetch attempt
-        ocspTimeout -sets OCSP timeout in seconds
--->
+<!-- DO NOT REMOVE - Begin define PKI secure port -->
 <Connector name="[PKI_SECURE_PORT_CONNECTOR_NAME]" port="[PKI_SECURE_PORT]" maxHttpHeaderSize="8192"
         maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
         enableLookups="false" disableUploadTimeout="true"
@@ -128,13 +104,6 @@ Tomcat Port       = [TOMCAT_SERVER_PORT] (for shutdown)
         ssl3Ciphers="-SSL3_FORTEZZA_DMS_WITH_NULL_SHA,-SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA,+SSL3_RSA_WITH_RC4_128_SHA,-SSL3_RSA_EXPORT_WITH_RC4_40_MD5,+SSL3_RSA_WITH_3DES_EDE_CBC_SHA,+SSL3_RSA_WITH_DES_CBC_SHA,-SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5,-SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA,-SSL_RSA_FIPS_WITH_DES_CBC_SHA,+SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,-SSL3_RSA_WITH_NULL_MD5,-TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,+TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA"
         tls3Ciphers="-SSL3_FORTEZZA_DMS_WITH_NULL_SHA,-SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA,+SSL3_RSA_WITH_RC4_128_SHA,-SSL3_RSA_EXPORT_WITH_RC4_40_MD5,+SSL3_RSA_WITH_3DES_EDE_CBC_SHA,+SSL3_RSA_WITH_DES_CBC_SHA,-SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5,-SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA,-SSL_RSA_FIPS_WITH_DES_CBC_SHA,+SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,-SSL3_RSA_WITH_NULL_MD5,-TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,+TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA"
         SSLImplementation="org.apache.tomcat.util.net.jss.JSSImplementation"
-        enableOCSP="false"
-        ocspResponderURL="http://[PKI_MACHINE_NAME]:9080/ca/ocsp"
-        ocspResponderCertNickname="ocspSigningCert cert-pki-ca"
-        ocspCacheSize="1000"
-        ocspMinCacheEntryDuration="60"
-        ocspMaxCacheEntryDuration="120"
-        ocspTimeout="10"
         serverCertNickFile="[PKI_INSTANCE_PATH]/conf/serverCertNick.conf"
         passwordFile="[PKI_INSTANCE_PATH]/conf/password.conf"
         passwordClass="org.apache.tomcat.util.net.jss.PlainPasswordFile"
diff --git a/pki/base/ocsp/shared/conf/server.xml b/pki/base/ocsp/shared/conf/server.xml
index 7218c4d0c..71b433bef 100644
--- a/pki/base/ocsp/shared/conf/server.xml
+++ b/pki/base/ocsp/shared/conf/server.xml
@@ -93,31 +93,7 @@ Tomcat Port       = [TOMCAT_SERVER_PORT] (for shutdown)
 
 <!-- Define a SSL HTTP/1.1 Connector on port 8443 -->
 [PKI_SECURE_PORT_SERVER_COMMENT]
-<!-- DO NOT REMOVE - Begin define PKI secure port
-    NOTE: The OCSP settings take effect globally, so it should only be set once.
-
-      In setup where SSL clientAuth="true", OCSP can be turned on by
-      setting enableOCSP to true like the following:
-        enableOCSP="true"
-      along with changes to related settings, especially:
-        ocspResponderURL=<see example in connector definition below>
-        ocspResponderCertNickname=<see example in connector definition below>
-      Here are the definition to all the OCSP-related settings:
-        enableOCSP - turns on/off the ocsp check
-        ocspResponderURL - sets the url where the ocsp requests are sent
-        ocspResponderCertNickname - sets the nickname of the cert that is
-            either CA's signing certificate or the OCSP server's signing
-            certificate.
-            The CA's signing certificate should already be in the db, in
-            case of the same security domain.
-            In case of an ocsp signing certificate, one must import the cert
-            into the subsystem's nss db and set trust. e.g.:
-              certutil -d . -A -n "ocspSigningCert cert-pki-ca" -t "C,," -a -i ocspCert.b64
-        ocspCacheSize - sets max cache entries
-        ocspMinCacheEntryDuration - sets minimum seconds to next fetch attempt
-        ocspMaxCacheEntryDuration - sets maximum seconds to next fetch attempt
-        ocspTimeout -sets OCSP timeout in seconds
--->
+<!-- DO NOT REMOVE - Begin define PKI secure port -->
 <Connector name="[PKI_SECURE_PORT_CONNECTOR_NAME]" port="[PKI_SECURE_PORT]" maxHttpHeaderSize="8192"
         maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
         enableLookups="false" disableUploadTimeout="true"
@@ -128,13 +104,6 @@ Tomcat Port       = [TOMCAT_SERVER_PORT] (for shutdown)
         ssl3Ciphers="-SSL3_FORTEZZA_DMS_WITH_NULL_SHA,-SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA,+SSL3_RSA_WITH_RC4_128_SHA,-SSL3_RSA_EXPORT_WITH_RC4_40_MD5,+SSL3_RSA_WITH_3DES_EDE_CBC_SHA,+SSL3_RSA_WITH_DES_CBC_SHA,-SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5,-SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA,-SSL_RSA_FIPS_WITH_DES_CBC_SHA,+SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,-SSL3_RSA_WITH_NULL_MD5,-TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,+TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA"
         tls3Ciphers="-SSL3_FORTEZZA_DMS_WITH_NULL_SHA,-SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA,+SSL3_RSA_WITH_RC4_128_SHA,-SSL3_RSA_EXPORT_WITH_RC4_40_MD5,+SSL3_RSA_WITH_3DES_EDE_CBC_SHA,+SSL3_RSA_WITH_DES_CBC_SHA,-SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5,-SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA,-SSL_RSA_FIPS_WITH_DES_CBC_SHA,+SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,-SSL3_RSA_WITH_NULL_MD5,-TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,+TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA"
         SSLImplementation="org.apache.tomcat.util.net.jss.JSSImplementation"
-        enableOCSP="false"
-        ocspResponderURL="http://[PKI_MACHINE_NAME]:9080/ca/ocsp"
-        ocspResponderCertNickname="ocspSigningCert cert-pki-ca"
-        ocspCacheSize="1000"
-        ocspMinCacheEntryDuration="60"
-        ocspMaxCacheEntryDuration="120"
-        ocspTimeout="10"
         serverCertNickFile="[PKI_INSTANCE_PATH]/conf/serverCertNick.conf"
         passwordFile="[PKI_INSTANCE_PATH]/conf/password.conf"
         passwordClass="org.apache.tomcat.util.net.jss.PlainPasswordFile"
diff --git a/pki/base/setup/pkicreate b/pki/base/setup/pkicreate
index 5dc0a087e..1a2b37b21 100755
--- a/pki/base/setup/pkicreate
+++ b/pki/base/setup/pkicreate
@@ -246,7 +246,7 @@ my $cmscore_jar_base_name        = "cmscore.jar";          # CA, KRA, OCSP, TKS
 my $conf_base_name               = "conf";                 # CA, KRA, OCSP, TKS,
                                                            # RA, TPS
 my $httpd_conf_base_name         = "httpd.conf";           # RA, TPS
-my $index_jsp_base_name          = "index.jsp";            # CA, KRA, OCSP, TKS
+my $index_html_base_name         = "index.html";           # CA, KRA, OCSP, TKS
 my $logs_base_name               = "logs";                 # CA, KRA, OCSP, TKS,
                                                            # RA, TPS
 my $magic_base_name              = "magic";                # RA, TPS
@@ -516,8 +516,8 @@ my $cmscore_jar_file_path                     = "";  # CA, KRA, OCSP, TKS
 my $cmscore_jar_symlink_path                  = "";  # CA, KRA, OCSP, TKS
 my $httpd_conf_instance_file_path             = "";  # RA, TPS
 my $httpd_conf_subsystem_file_path            = "";  # RA, TPS
-my $index_jsp_instance_file_path              = "";  # CA, KRA, OCSP, TKS
-my $index_jsp_subsystem_file_path             = "";  # CA, KRA, OCSP, TKS
+my $index_html_instance_file_path             = "";  # CA, KRA, OCSP, TKS
+my $index_html_subsystem_file_path            = "";  # CA, KRA, OCSP, TKS
 my $java_pki_flavor_jar_path                  = "";  # CA, KRA, OCSP, TKS
 my $magic_instance_file_path                  = "";  # RA, TPS
 my $magic_subsystem_file_path                 = "";  # RA, TPS
@@ -1849,10 +1849,10 @@ sub initialize_subdirectory_paths()
                                            . "/" . $cmscore_jar_base_name;
         $cmscore_jar_symlink_path          = $webinf_lib_instance_path
                                            . "/" . $cmscore_jar_base_name;
-        $index_jsp_instance_file_path      = $webapps_root_instance_path
-                                           . "/" . $index_jsp_base_name;
-        $index_jsp_subsystem_file_path     = $webapps_root_subsystem_path
-                                           . "/" . $index_jsp_base_name;
+        $index_html_instance_file_path     = $webapps_root_instance_path
+                                           . "/" . $index_html_base_name;
+        $index_html_subsystem_file_path    = $webapps_root_subsystem_path
+                                           . "/" . $index_html_base_name;
         $osutil_jar_file_path              = $default_system_jni_java_path
                                            . "/" . $osutil_jar_base_name;
         $osutil_jar_symlink_path           = $webinf_lib_instance_path
@@ -2859,9 +2859,9 @@ LoadModule nss_module  /opt/fortitude/modules.local/libmodnss.so
               $catalina_sh_instance_file_path );
 
 
-        # process "index.jsp" template
-        $result = process_file_template( $index_jsp_subsystem_file_path,
-                                         $index_jsp_instance_file_path,
+        # process "index.html" template
+        $result = process_file_template( $index_html_subsystem_file_path,
+                                         $index_html_instance_file_path,
                                          \%slot_hash );
         if( !$result ) {
             return 0;
diff --git a/pki/base/tks/shared/conf/server.xml b/pki/base/tks/shared/conf/server.xml
index 7218c4d0c..71b433bef 100644
--- a/pki/base/tks/shared/conf/server.xml
+++ b/pki/base/tks/shared/conf/server.xml
@@ -93,31 +93,7 @@ Tomcat Port       = [TOMCAT_SERVER_PORT] (for shutdown)
 
 <!-- Define a SSL HTTP/1.1 Connector on port 8443 -->
 [PKI_SECURE_PORT_SERVER_COMMENT]
-<!-- DO NOT REMOVE - Begin define PKI secure port
-    NOTE: The OCSP settings take effect globally, so it should only be set once.
-
-      In setup where SSL clientAuth="true", OCSP can be turned on by
-      setting enableOCSP to true like the following:
-        enableOCSP="true"
-      along with changes to related settings, especially:
-        ocspResponderURL=<see example in connector definition below>
-        ocspResponderCertNickname=<see example in connector definition below>
-      Here are the definition to all the OCSP-related settings:
-        enableOCSP - turns on/off the ocsp check
-        ocspResponderURL - sets the url where the ocsp requests are sent
-        ocspResponderCertNickname - sets the nickname of the cert that is
-            either CA's signing certificate or the OCSP server's signing
-            certificate.
-            The CA's signing certificate should already be in the db, in
-            case of the same security domain.
-            In case of an ocsp signing certificate, one must import the cert
-            into the subsystem's nss db and set trust. e.g.:
-              certutil -d . -A -n "ocspSigningCert cert-pki-ca" -t "C,," -a -i ocspCert.b64
-        ocspCacheSize - sets max cache entries
-        ocspMinCacheEntryDuration - sets minimum seconds to next fetch attempt
-        ocspMaxCacheEntryDuration - sets maximum seconds to next fetch attempt
-        ocspTimeout -sets OCSP timeout in seconds
--->
+<!-- DO NOT REMOVE - Begin define PKI secure port -->
 <Connector name="[PKI_SECURE_PORT_CONNECTOR_NAME]" port="[PKI_SECURE_PORT]" maxHttpHeaderSize="8192"
         maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
         enableLookups="false" disableUploadTimeout="true"
@@ -128,13 +104,6 @@ Tomcat Port       = [TOMCAT_SERVER_PORT] (for shutdown)
         ssl3Ciphers="-SSL3_FORTEZZA_DMS_WITH_NULL_SHA,-SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA,+SSL3_RSA_WITH_RC4_128_SHA,-SSL3_RSA_EXPORT_WITH_RC4_40_MD5,+SSL3_RSA_WITH_3DES_EDE_CBC_SHA,+SSL3_RSA_WITH_DES_CBC_SHA,-SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5,-SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA,-SSL_RSA_FIPS_WITH_DES_CBC_SHA,+SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,-SSL3_RSA_WITH_NULL_MD5,-TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,+TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA"
         tls3Ciphers="-SSL3_FORTEZZA_DMS_WITH_NULL_SHA,-SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA,+SSL3_RSA_WITH_RC4_128_SHA,-SSL3_RSA_EXPORT_WITH_RC4_40_MD5,+SSL3_RSA_WITH_3DES_EDE_CBC_SHA,+SSL3_RSA_WITH_DES_CBC_SHA,-SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5,-SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA,-SSL_RSA_FIPS_WITH_DES_CBC_SHA,+SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,-SSL3_RSA_WITH_NULL_MD5,-TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,+TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA"
         SSLImplementation="org.apache.tomcat.util.net.jss.JSSImplementation"
-        enableOCSP="false"
-        ocspResponderURL="http://[PKI_MACHINE_NAME]:9080/ca/ocsp"
-        ocspResponderCertNickname="ocspSigningCert cert-pki-ca"
-        ocspCacheSize="1000"
-        ocspMinCacheEntryDuration="60"
-        ocspMaxCacheEntryDuration="120"
-        ocspTimeout="10"
         serverCertNickFile="[PKI_INSTANCE_PATH]/conf/serverCertNick.conf"
         passwordFile="[PKI_INSTANCE_PATH]/conf/password.conf"
         passwordClass="org.apache.tomcat.util.net.jss.PlainPasswordFile"
diff --git a/pki/base/tps/doc/CS.cfg b/pki/base/tps/doc/CS.cfg
index 819849ccc..5e5c7e30c 100644
--- a/pki/base/tps/doc/CS.cfg
+++ b/pki/base/tps/doc/CS.cfg
@@ -112,8 +112,8 @@ logging.audit.signedAuditFilename=[SERVER_ROOT]/logs/signedAudit/tps_audit
 logging.audit.level=10
 logging.audit.logSigning=false
 logging.audit.signedAuditCertNickname=auditSigningCert cert-[INSTANCE_ID]
-logging.audit.selected.events=AUTHZ_SUCCESS,AUTHZ_FAIL,AUTH_FAIL,AUTH_SUCCESS,ROLE_ASSUME,ENROLLMENT,PIN_RESET,FORMAT,CONFIG,CONFIG_ROLE,CONFIG_TOKEN,CONFIG_PROFILE,CONFIG_AUDIT,APPLET_UPGRADE,KEY_CHANGEOVER,RENEWAL,CIMC_CERT_VERIFICATION
-logging.audit.selectable.events=AUTHZ_SUCCESS,AUTHZ_FAIL,AUTH_FAIL,AUTH_SUCCESS,ROLE_ASSUME,ENROLLMENT,PIN_RESET,FORMAT,CONFIG,CONFIG_ROLE,CONFIG_TOKEN,CONFIG_PROFILE,CONFIG_AUDIT,APPLET_UPGRADE,KEY_CHANGEOVER,RENEWAL,CIMC_CERT_VERIFICATION
+logging.audit.selected.events=AUTHZ_SUCCESS,AUTHZ_FAIL,AUTH_FAIL,AUTH_SUCCESS,ROLE_ASSUME,ENROLLMENT,PIN_RESET,FORMAT,CONFIG,CONFIG_ROLE,CONFIG_TOKEN,CONFIG_PROFILE,CONFIG_AUDIT,APPLET_UPGRADE,KEY_CHANGEOVER,RENEWAL
+logging.audit.selectable.events=AUTHZ_SUCCESS,AUTHZ_FAIL,AUTH_FAIL,AUTH_SUCCESS,ROLE_ASSUME,ENROLLMENT,PIN_RESET,FORMAT,CONFIG,CONFIG_ROLE,CONFIG_TOKEN,CONFIG_PROFILE,CONFIG_AUDIT,APPLET_UPGRADE,KEY_CHANGEOVER,RENEWAL
 logging.audit.nonselectable.events=AUDIT_LOG_STARTUP,AUDIT_LOG_SHUTDOWN,LOGGING_SIGNED_AUDIT_SIGNING
 logging.audit.buffer.size=512
 logging.audit.flush.interval=5