diff options
author | jdennis <jdennis@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2010-11-19 19:56:12 +0000 |
---|---|---|
committer | jdennis <jdennis@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2010-11-19 19:56:12 +0000 |
commit | 033f7839aae5df7073ff5dc34512b18451a33ca3 (patch) | |
tree | 0fa80ce67d7acd23c19daa0f17d082612ac88db1 | |
parent | 0fc8b79ef4c5694c5eb2396bfc750f44ceb0f8ef (diff) | |
download | pki-033f7839aae5df7073ff5dc34512b18451a33ca3.tar.gz pki-033f7839aae5df7073ff5dc34512b18451a33ca3.tar.xz pki-033f7839aae5df7073ff5dc34512b18451a33ca3.zip |
Adjust current files so patches merge, will adjust after merge complete
pkicreate: index.jsp -> index.html
server.xml: remove ocsp
base/tps/doc/CS.cfg: CIMC_CERT_VERIFICATION
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@1531 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
-rw-r--r-- | pki/base/ca/shared/conf/server.xml | 33 | ||||
-rw-r--r-- | pki/base/kra/shared/conf/server.xml | 33 | ||||
-rw-r--r-- | pki/base/ocsp/shared/conf/server.xml | 33 | ||||
-rwxr-xr-x | pki/base/setup/pkicreate | 20 | ||||
-rw-r--r-- | pki/base/tks/shared/conf/server.xml | 33 | ||||
-rw-r--r-- | pki/base/tps/doc/CS.cfg | 4 |
6 files changed, 16 insertions, 140 deletions
diff --git a/pki/base/ca/shared/conf/server.xml b/pki/base/ca/shared/conf/server.xml index f1157f136..0c0ea96af 100644 --- a/pki/base/ca/shared/conf/server.xml +++ b/pki/base/ca/shared/conf/server.xml @@ -94,31 +94,7 @@ Tomcat Port = [TOMCAT_SERVER_PORT] (for shutdown) <!-- Define a SSL HTTP/1.1 Connector on port 8443 --> [PKI_SECURE_PORT_SERVER_COMMENT] -<!-- DO NOT REMOVE - Begin define PKI secure port - NOTE: The OCSP settings take effect globally, so it should only be set once. - - In setup where SSL clientAuth="true", OCSP can be turned on by - setting enableOCSP to true like the following: - enableOCSP="true" - along with changes to related settings, especially: - ocspResponderURL=<see example in connector definition below> - ocspResponderCertNickname=<see example in connector definition below> - Here are the definition to all the OCSP-related settings: - enableOCSP - turns on/off the ocsp check - ocspResponderURL - sets the url where the ocsp requests are sent - ocspResponderCertNickname - sets the nickname of the cert that is - either CA's signing certificate or the OCSP server's signing - certificate. - The CA's signing certificate should already be in the db, in - case of the same security domain. - In case of an ocsp signing certificate, one must import the cert - into the subsystem's nss db and set trust. e.g.: - certutil -d . -A -n "ocspSigningCert cert-pki-ca" -t "C,," -a -i ocspCert.b64 - ocspCacheSize - sets max cache entries - ocspMinCacheEntryDuration - sets minimum seconds to next fetch attempt - ocspMaxCacheEntryDuration - sets maximum seconds to next fetch attempt - ocspTimeout -sets OCSP timeout in seconds ---> +<!-- DO NOT REMOVE - Begin define PKI secure port --> <Connector name="[PKI_SECURE_PORT_CONNECTOR_NAME]" port="[PKI_SECURE_PORT]" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" @@ -129,13 +105,6 @@ Tomcat Port = [TOMCAT_SERVER_PORT] (for shutdown) ssl3Ciphers="-SSL3_FORTEZZA_DMS_WITH_NULL_SHA,-SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA,+SSL3_RSA_WITH_RC4_128_SHA,-SSL3_RSA_EXPORT_WITH_RC4_40_MD5,+SSL3_RSA_WITH_3DES_EDE_CBC_SHA,+SSL3_RSA_WITH_DES_CBC_SHA,-SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5,-SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA,-SSL_RSA_FIPS_WITH_DES_CBC_SHA,+SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,-SSL3_RSA_WITH_NULL_MD5,-TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,+TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA" tls3Ciphers="-SSL3_FORTEZZA_DMS_WITH_NULL_SHA,-SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA,+SSL3_RSA_WITH_RC4_128_SHA,-SSL3_RSA_EXPORT_WITH_RC4_40_MD5,+SSL3_RSA_WITH_3DES_EDE_CBC_SHA,+SSL3_RSA_WITH_DES_CBC_SHA,-SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5,-SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA,-SSL_RSA_FIPS_WITH_DES_CBC_SHA,+SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,-SSL3_RSA_WITH_NULL_MD5,-TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,+TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA" SSLImplementation="org.apache.tomcat.util.net.jss.JSSImplementation" - enableOCSP="false" - ocspResponderURL="http://[PKI_MACHINE_NAME]:9080/ca/ocsp" - ocspResponderCertNickname="ocspSigningCert cert-pki-ca" - ocspCacheSize="1000" - ocspMinCacheEntryDuration="60" - ocspMaxCacheEntryDuration="120" - ocspTimeout="10" serverCertNickFile="[PKI_INSTANCE_PATH]/conf/serverCertNick.conf" passwordFile="[PKI_INSTANCE_PATH]/conf/password.conf" passwordClass="org.apache.tomcat.util.net.jss.PlainPasswordFile" diff --git a/pki/base/kra/shared/conf/server.xml b/pki/base/kra/shared/conf/server.xml index 7218c4d0c..71b433bef 100644 --- a/pki/base/kra/shared/conf/server.xml +++ b/pki/base/kra/shared/conf/server.xml @@ -93,31 +93,7 @@ Tomcat Port = [TOMCAT_SERVER_PORT] (for shutdown) <!-- Define a SSL HTTP/1.1 Connector on port 8443 --> [PKI_SECURE_PORT_SERVER_COMMENT] -<!-- DO NOT REMOVE - Begin define PKI secure port - NOTE: The OCSP settings take effect globally, so it should only be set once. - - In setup where SSL clientAuth="true", OCSP can be turned on by - setting enableOCSP to true like the following: - enableOCSP="true" - along with changes to related settings, especially: - ocspResponderURL=<see example in connector definition below> - ocspResponderCertNickname=<see example in connector definition below> - Here are the definition to all the OCSP-related settings: - enableOCSP - turns on/off the ocsp check - ocspResponderURL - sets the url where the ocsp requests are sent - ocspResponderCertNickname - sets the nickname of the cert that is - either CA's signing certificate or the OCSP server's signing - certificate. - The CA's signing certificate should already be in the db, in - case of the same security domain. - In case of an ocsp signing certificate, one must import the cert - into the subsystem's nss db and set trust. e.g.: - certutil -d . -A -n "ocspSigningCert cert-pki-ca" -t "C,," -a -i ocspCert.b64 - ocspCacheSize - sets max cache entries - ocspMinCacheEntryDuration - sets minimum seconds to next fetch attempt - ocspMaxCacheEntryDuration - sets maximum seconds to next fetch attempt - ocspTimeout -sets OCSP timeout in seconds ---> +<!-- DO NOT REMOVE - Begin define PKI secure port --> <Connector name="[PKI_SECURE_PORT_CONNECTOR_NAME]" port="[PKI_SECURE_PORT]" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" @@ -128,13 +104,6 @@ Tomcat Port = [TOMCAT_SERVER_PORT] (for shutdown) ssl3Ciphers="-SSL3_FORTEZZA_DMS_WITH_NULL_SHA,-SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA,+SSL3_RSA_WITH_RC4_128_SHA,-SSL3_RSA_EXPORT_WITH_RC4_40_MD5,+SSL3_RSA_WITH_3DES_EDE_CBC_SHA,+SSL3_RSA_WITH_DES_CBC_SHA,-SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5,-SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA,-SSL_RSA_FIPS_WITH_DES_CBC_SHA,+SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,-SSL3_RSA_WITH_NULL_MD5,-TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,+TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA" tls3Ciphers="-SSL3_FORTEZZA_DMS_WITH_NULL_SHA,-SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA,+SSL3_RSA_WITH_RC4_128_SHA,-SSL3_RSA_EXPORT_WITH_RC4_40_MD5,+SSL3_RSA_WITH_3DES_EDE_CBC_SHA,+SSL3_RSA_WITH_DES_CBC_SHA,-SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5,-SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA,-SSL_RSA_FIPS_WITH_DES_CBC_SHA,+SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,-SSL3_RSA_WITH_NULL_MD5,-TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,+TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA" SSLImplementation="org.apache.tomcat.util.net.jss.JSSImplementation" - enableOCSP="false" - ocspResponderURL="http://[PKI_MACHINE_NAME]:9080/ca/ocsp" - ocspResponderCertNickname="ocspSigningCert cert-pki-ca" - ocspCacheSize="1000" - ocspMinCacheEntryDuration="60" - ocspMaxCacheEntryDuration="120" - ocspTimeout="10" serverCertNickFile="[PKI_INSTANCE_PATH]/conf/serverCertNick.conf" passwordFile="[PKI_INSTANCE_PATH]/conf/password.conf" passwordClass="org.apache.tomcat.util.net.jss.PlainPasswordFile" diff --git a/pki/base/ocsp/shared/conf/server.xml b/pki/base/ocsp/shared/conf/server.xml index 7218c4d0c..71b433bef 100644 --- a/pki/base/ocsp/shared/conf/server.xml +++ b/pki/base/ocsp/shared/conf/server.xml @@ -93,31 +93,7 @@ Tomcat Port = [TOMCAT_SERVER_PORT] (for shutdown) <!-- Define a SSL HTTP/1.1 Connector on port 8443 --> [PKI_SECURE_PORT_SERVER_COMMENT] -<!-- DO NOT REMOVE - Begin define PKI secure port - NOTE: The OCSP settings take effect globally, so it should only be set once. - - In setup where SSL clientAuth="true", OCSP can be turned on by - setting enableOCSP to true like the following: - enableOCSP="true" - along with changes to related settings, especially: - ocspResponderURL=<see example in connector definition below> - ocspResponderCertNickname=<see example in connector definition below> - Here are the definition to all the OCSP-related settings: - enableOCSP - turns on/off the ocsp check - ocspResponderURL - sets the url where the ocsp requests are sent - ocspResponderCertNickname - sets the nickname of the cert that is - either CA's signing certificate or the OCSP server's signing - certificate. - The CA's signing certificate should already be in the db, in - case of the same security domain. - In case of an ocsp signing certificate, one must import the cert - into the subsystem's nss db and set trust. e.g.: - certutil -d . -A -n "ocspSigningCert cert-pki-ca" -t "C,," -a -i ocspCert.b64 - ocspCacheSize - sets max cache entries - ocspMinCacheEntryDuration - sets minimum seconds to next fetch attempt - ocspMaxCacheEntryDuration - sets maximum seconds to next fetch attempt - ocspTimeout -sets OCSP timeout in seconds ---> +<!-- DO NOT REMOVE - Begin define PKI secure port --> <Connector name="[PKI_SECURE_PORT_CONNECTOR_NAME]" port="[PKI_SECURE_PORT]" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" @@ -128,13 +104,6 @@ Tomcat Port = [TOMCAT_SERVER_PORT] (for shutdown) ssl3Ciphers="-SSL3_FORTEZZA_DMS_WITH_NULL_SHA,-SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA,+SSL3_RSA_WITH_RC4_128_SHA,-SSL3_RSA_EXPORT_WITH_RC4_40_MD5,+SSL3_RSA_WITH_3DES_EDE_CBC_SHA,+SSL3_RSA_WITH_DES_CBC_SHA,-SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5,-SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA,-SSL_RSA_FIPS_WITH_DES_CBC_SHA,+SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,-SSL3_RSA_WITH_NULL_MD5,-TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,+TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA" tls3Ciphers="-SSL3_FORTEZZA_DMS_WITH_NULL_SHA,-SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA,+SSL3_RSA_WITH_RC4_128_SHA,-SSL3_RSA_EXPORT_WITH_RC4_40_MD5,+SSL3_RSA_WITH_3DES_EDE_CBC_SHA,+SSL3_RSA_WITH_DES_CBC_SHA,-SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5,-SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA,-SSL_RSA_FIPS_WITH_DES_CBC_SHA,+SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,-SSL3_RSA_WITH_NULL_MD5,-TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,+TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA" SSLImplementation="org.apache.tomcat.util.net.jss.JSSImplementation" - enableOCSP="false" - ocspResponderURL="http://[PKI_MACHINE_NAME]:9080/ca/ocsp" - ocspResponderCertNickname="ocspSigningCert cert-pki-ca" - ocspCacheSize="1000" - ocspMinCacheEntryDuration="60" - ocspMaxCacheEntryDuration="120" - ocspTimeout="10" serverCertNickFile="[PKI_INSTANCE_PATH]/conf/serverCertNick.conf" passwordFile="[PKI_INSTANCE_PATH]/conf/password.conf" passwordClass="org.apache.tomcat.util.net.jss.PlainPasswordFile" diff --git a/pki/base/setup/pkicreate b/pki/base/setup/pkicreate index 5dc0a087e..1a2b37b21 100755 --- a/pki/base/setup/pkicreate +++ b/pki/base/setup/pkicreate @@ -246,7 +246,7 @@ my $cmscore_jar_base_name = "cmscore.jar"; # CA, KRA, OCSP, TKS my $conf_base_name = "conf"; # CA, KRA, OCSP, TKS, # RA, TPS my $httpd_conf_base_name = "httpd.conf"; # RA, TPS -my $index_jsp_base_name = "index.jsp"; # CA, KRA, OCSP, TKS +my $index_html_base_name = "index.html"; # CA, KRA, OCSP, TKS my $logs_base_name = "logs"; # CA, KRA, OCSP, TKS, # RA, TPS my $magic_base_name = "magic"; # RA, TPS @@ -516,8 +516,8 @@ my $cmscore_jar_file_path = ""; # CA, KRA, OCSP, TKS my $cmscore_jar_symlink_path = ""; # CA, KRA, OCSP, TKS my $httpd_conf_instance_file_path = ""; # RA, TPS my $httpd_conf_subsystem_file_path = ""; # RA, TPS -my $index_jsp_instance_file_path = ""; # CA, KRA, OCSP, TKS -my $index_jsp_subsystem_file_path = ""; # CA, KRA, OCSP, TKS +my $index_html_instance_file_path = ""; # CA, KRA, OCSP, TKS +my $index_html_subsystem_file_path = ""; # CA, KRA, OCSP, TKS my $java_pki_flavor_jar_path = ""; # CA, KRA, OCSP, TKS my $magic_instance_file_path = ""; # RA, TPS my $magic_subsystem_file_path = ""; # RA, TPS @@ -1849,10 +1849,10 @@ sub initialize_subdirectory_paths() . "/" . $cmscore_jar_base_name; $cmscore_jar_symlink_path = $webinf_lib_instance_path . "/" . $cmscore_jar_base_name; - $index_jsp_instance_file_path = $webapps_root_instance_path - . "/" . $index_jsp_base_name; - $index_jsp_subsystem_file_path = $webapps_root_subsystem_path - . "/" . $index_jsp_base_name; + $index_html_instance_file_path = $webapps_root_instance_path + . "/" . $index_html_base_name; + $index_html_subsystem_file_path = $webapps_root_subsystem_path + . "/" . $index_html_base_name; $osutil_jar_file_path = $default_system_jni_java_path . "/" . $osutil_jar_base_name; $osutil_jar_symlink_path = $webinf_lib_instance_path @@ -2859,9 +2859,9 @@ LoadModule nss_module /opt/fortitude/modules.local/libmodnss.so $catalina_sh_instance_file_path ); - # process "index.jsp" template - $result = process_file_template( $index_jsp_subsystem_file_path, - $index_jsp_instance_file_path, + # process "index.html" template + $result = process_file_template( $index_html_subsystem_file_path, + $index_html_instance_file_path, \%slot_hash ); if( !$result ) { return 0; diff --git a/pki/base/tks/shared/conf/server.xml b/pki/base/tks/shared/conf/server.xml index 7218c4d0c..71b433bef 100644 --- a/pki/base/tks/shared/conf/server.xml +++ b/pki/base/tks/shared/conf/server.xml @@ -93,31 +93,7 @@ Tomcat Port = [TOMCAT_SERVER_PORT] (for shutdown) <!-- Define a SSL HTTP/1.1 Connector on port 8443 --> [PKI_SECURE_PORT_SERVER_COMMENT] -<!-- DO NOT REMOVE - Begin define PKI secure port - NOTE: The OCSP settings take effect globally, so it should only be set once. - - In setup where SSL clientAuth="true", OCSP can be turned on by - setting enableOCSP to true like the following: - enableOCSP="true" - along with changes to related settings, especially: - ocspResponderURL=<see example in connector definition below> - ocspResponderCertNickname=<see example in connector definition below> - Here are the definition to all the OCSP-related settings: - enableOCSP - turns on/off the ocsp check - ocspResponderURL - sets the url where the ocsp requests are sent - ocspResponderCertNickname - sets the nickname of the cert that is - either CA's signing certificate or the OCSP server's signing - certificate. - The CA's signing certificate should already be in the db, in - case of the same security domain. - In case of an ocsp signing certificate, one must import the cert - into the subsystem's nss db and set trust. e.g.: - certutil -d . -A -n "ocspSigningCert cert-pki-ca" -t "C,," -a -i ocspCert.b64 - ocspCacheSize - sets max cache entries - ocspMinCacheEntryDuration - sets minimum seconds to next fetch attempt - ocspMaxCacheEntryDuration - sets maximum seconds to next fetch attempt - ocspTimeout -sets OCSP timeout in seconds ---> +<!-- DO NOT REMOVE - Begin define PKI secure port --> <Connector name="[PKI_SECURE_PORT_CONNECTOR_NAME]" port="[PKI_SECURE_PORT]" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" @@ -128,13 +104,6 @@ Tomcat Port = [TOMCAT_SERVER_PORT] (for shutdown) ssl3Ciphers="-SSL3_FORTEZZA_DMS_WITH_NULL_SHA,-SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA,+SSL3_RSA_WITH_RC4_128_SHA,-SSL3_RSA_EXPORT_WITH_RC4_40_MD5,+SSL3_RSA_WITH_3DES_EDE_CBC_SHA,+SSL3_RSA_WITH_DES_CBC_SHA,-SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5,-SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA,-SSL_RSA_FIPS_WITH_DES_CBC_SHA,+SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,-SSL3_RSA_WITH_NULL_MD5,-TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,+TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA" tls3Ciphers="-SSL3_FORTEZZA_DMS_WITH_NULL_SHA,-SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA,+SSL3_RSA_WITH_RC4_128_SHA,-SSL3_RSA_EXPORT_WITH_RC4_40_MD5,+SSL3_RSA_WITH_3DES_EDE_CBC_SHA,+SSL3_RSA_WITH_DES_CBC_SHA,-SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5,-SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA,-SSL_RSA_FIPS_WITH_DES_CBC_SHA,+SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,-SSL3_RSA_WITH_NULL_MD5,-TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,+TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA" SSLImplementation="org.apache.tomcat.util.net.jss.JSSImplementation" - enableOCSP="false" - ocspResponderURL="http://[PKI_MACHINE_NAME]:9080/ca/ocsp" - ocspResponderCertNickname="ocspSigningCert cert-pki-ca" - ocspCacheSize="1000" - ocspMinCacheEntryDuration="60" - ocspMaxCacheEntryDuration="120" - ocspTimeout="10" serverCertNickFile="[PKI_INSTANCE_PATH]/conf/serverCertNick.conf" passwordFile="[PKI_INSTANCE_PATH]/conf/password.conf" passwordClass="org.apache.tomcat.util.net.jss.PlainPasswordFile" diff --git a/pki/base/tps/doc/CS.cfg b/pki/base/tps/doc/CS.cfg index 819849ccc..5e5c7e30c 100644 --- a/pki/base/tps/doc/CS.cfg +++ b/pki/base/tps/doc/CS.cfg @@ -112,8 +112,8 @@ logging.audit.signedAuditFilename=[SERVER_ROOT]/logs/signedAudit/tps_audit logging.audit.level=10 logging.audit.logSigning=false logging.audit.signedAuditCertNickname=auditSigningCert cert-[INSTANCE_ID] -logging.audit.selected.events=AUTHZ_SUCCESS,AUTHZ_FAIL,AUTH_FAIL,AUTH_SUCCESS,ROLE_ASSUME,ENROLLMENT,PIN_RESET,FORMAT,CONFIG,CONFIG_ROLE,CONFIG_TOKEN,CONFIG_PROFILE,CONFIG_AUDIT,APPLET_UPGRADE,KEY_CHANGEOVER,RENEWAL,CIMC_CERT_VERIFICATION -logging.audit.selectable.events=AUTHZ_SUCCESS,AUTHZ_FAIL,AUTH_FAIL,AUTH_SUCCESS,ROLE_ASSUME,ENROLLMENT,PIN_RESET,FORMAT,CONFIG,CONFIG_ROLE,CONFIG_TOKEN,CONFIG_PROFILE,CONFIG_AUDIT,APPLET_UPGRADE,KEY_CHANGEOVER,RENEWAL,CIMC_CERT_VERIFICATION +logging.audit.selected.events=AUTHZ_SUCCESS,AUTHZ_FAIL,AUTH_FAIL,AUTH_SUCCESS,ROLE_ASSUME,ENROLLMENT,PIN_RESET,FORMAT,CONFIG,CONFIG_ROLE,CONFIG_TOKEN,CONFIG_PROFILE,CONFIG_AUDIT,APPLET_UPGRADE,KEY_CHANGEOVER,RENEWAL +logging.audit.selectable.events=AUTHZ_SUCCESS,AUTHZ_FAIL,AUTH_FAIL,AUTH_SUCCESS,ROLE_ASSUME,ENROLLMENT,PIN_RESET,FORMAT,CONFIG,CONFIG_ROLE,CONFIG_TOKEN,CONFIG_PROFILE,CONFIG_AUDIT,APPLET_UPGRADE,KEY_CHANGEOVER,RENEWAL logging.audit.nonselectable.events=AUDIT_LOG_STARTUP,AUDIT_LOG_SHUTDOWN,LOGGING_SIGNED_AUDIT_SIGNING logging.audit.buffer.size=512 logging.audit.flush.interval=5 |