summaryrefslogtreecommitdiffstats
path: root/base/ca
diff options
context:
space:
mode:
authorChristina Fu <cfu@redhat.com>2017-06-14 14:57:10 -0700
committerChristina Fu <cfu@redhat.com>2017-06-15 12:03:14 -0700
commit63c9582009b3858a6878863b9658d04c9aad45c1 (patch)
tree82210aa52c0e4ab00b8f9412767afeaf4010b6d8 /base/ca
parent1f9db90b4f490f615a67a0f2d26b378345c6ab6a (diff)
downloadpki-63c9582009b3858a6878863b9658d04c9aad45c1.tar.gz
pki-63c9582009b3858a6878863b9658d04c9aad45c1.tar.xz
pki-63c9582009b3858a6878863b9658d04c9aad45c1.zip
Ticket#2737 CMC: check HTTPS client authentication cert against CMC signer
This patch adds enforcement in CMCUserSignedAuth to make sure SSL client authentication is performed and the authenticated cert matches that of the CMC signing cert. Some auditing adjustments are also done.
Diffstat (limited to 'base/ca')
-rw-r--r--base/ca/shared/conf/CS.cfg3
1 files changed, 1 insertions, 2 deletions
diff --git a/base/ca/shared/conf/CS.cfg b/base/ca/shared/conf/CS.cfg
index d1bf7db0b..4da7429b3 100644
--- a/base/ca/shared/conf/CS.cfg
+++ b/base/ca/shared/conf/CS.cfg
@@ -734,11 +734,10 @@ ca.publish.rule.instance.LdapXCertRule.pluginName=Rule
ca.publish.rule.instance.LdapXCertRule.predicate=
ca.publish.rule.instance.LdapXCertRule.publisher=LdapCrossCertPairPublisher
ca.publish.rule.instance.LdapXCertRule.type=xcert
-cmc.cert.confirmRequired=false
cmc.popLinkWitnessRequired=false
-cmc.revokeCert.verify=true
cmc.revokeCert.sharedSecret.class=com.netscape.cms.authentication.SharedSecret
cmc.sharedSecret.class=com.netscape.cms.authentication.SharedSecret
+cmc.token=internal
cms.passwordlist=internaldb,replicationdb
cms.password.ignore.publishing.failure=true
cms.version=@APPLICATION_VERSION_MAJOR@.@APPLICATION_VERSION_MINOR@
generated by cgit (git 2.34.1) at 2024-05-28 06:37:35 +0000