diff options
author | Christina Fu <cfu@redhat.com> | 2017-06-14 14:57:10 -0700 |
---|---|---|
committer | Christina Fu <cfu@redhat.com> | 2017-06-15 12:03:14 -0700 |
commit | 63c9582009b3858a6878863b9658d04c9aad45c1 (patch) | |
tree | 82210aa52c0e4ab00b8f9412767afeaf4010b6d8 /base/ca | |
parent | 1f9db90b4f490f615a67a0f2d26b378345c6ab6a (diff) | |
download | pki-63c9582009b3858a6878863b9658d04c9aad45c1.tar.gz pki-63c9582009b3858a6878863b9658d04c9aad45c1.tar.xz pki-63c9582009b3858a6878863b9658d04c9aad45c1.zip |
Ticket#2737 CMC: check HTTPS client authentication cert against CMC signer
This patch adds enforcement in CMCUserSignedAuth to make sure SSL client authentication is performed and the authenticated cert matches that of the CMC signing cert.
Some auditing adjustments are also done.
Diffstat (limited to 'base/ca')
-rw-r--r-- | base/ca/shared/conf/CS.cfg | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/base/ca/shared/conf/CS.cfg b/base/ca/shared/conf/CS.cfg index d1bf7db0b..4da7429b3 100644 --- a/base/ca/shared/conf/CS.cfg +++ b/base/ca/shared/conf/CS.cfg @@ -734,11 +734,10 @@ ca.publish.rule.instance.LdapXCertRule.pluginName=Rule ca.publish.rule.instance.LdapXCertRule.predicate= ca.publish.rule.instance.LdapXCertRule.publisher=LdapCrossCertPairPublisher ca.publish.rule.instance.LdapXCertRule.type=xcert -cmc.cert.confirmRequired=false cmc.popLinkWitnessRequired=false -cmc.revokeCert.verify=true cmc.revokeCert.sharedSecret.class=com.netscape.cms.authentication.SharedSecret cmc.sharedSecret.class=com.netscape.cms.authentication.SharedSecret +cmc.token=internal cms.passwordlist=internaldb,replicationdb cms.password.ignore.publishing.failure=true cms.version=@APPLICATION_VERSION_MAJOR@.@APPLICATION_VERSION_MINOR@ |