diff options
| author | Endi Sukma Dewata <edewata@redhat.com> | 2012-11-28 13:12:24 -0500 |
|---|---|---|
| committer | Endi Sukma Dewata <edewata@redhat.com> | 2012-11-30 15:12:27 -0500 |
| commit | 9c879d5feea84bb90faf77c0c68fd57325c5b5b5 (patch) | |
| tree | f10e197999be4d9d2c1e85be77d408b028bb2c8e /base/deploy/config/pkideployment.cfg | |
| parent | 719478fd34077fcbf1b6c6ad201c36ff57983490 (diff) | |
| download | pki-ticket-399-6.tar.gz pki-ticket-399-6.tar.xz pki-ticket-399-6.zip | |
Simplified the configuration file using defaults.ticket-399-6
Previously to create a subsystem the admin would have to copy the
entire default deployment configuration, which contains many
parameters, and then customize it. Now the deployment code has been
changed such that the default config file will be used to provide
the default values, so the admin will only need to provide the
non-default parameters, thus reducing the size of the file.
Sample configuration files are provided in /usr/share/pki/
deployment/config.
Ticket #399
Diffstat (limited to 'base/deploy/config/pkideployment.cfg')
| -rw-r--r-- | base/deploy/config/pkideployment.cfg | 255 |
1 files changed, 0 insertions, 255 deletions
diff --git a/base/deploy/config/pkideployment.cfg b/base/deploy/config/pkideployment.cfg deleted file mode 100644 index 133d4e993..000000000 --- a/base/deploy/config/pkideployment.cfg +++ /dev/null @@ -1,255 +0,0 @@ -############################################################################### -## Default Configuration: ## -## ## -## This section contains meta-parameters that determine how the PKI ## -## configuration should work. ## -############################################################################### -[DEFAULT] - -# The sensitive_parameters contains a list of parameters which may contain -# sensitive information which must not be displayed to the console nor stored -# in log files for security reasons. -sensitive_parameters= - pki_admin_password - pki_backup_password - pki_client_database_password - pki_client_pin - pki_client_pkcs12_password - pki_clone_pkcs12_password - pki_ds_password - pki_one_time_pin - pki_pin - pki_security_domain_password - pki_token_password - -############################################################################### -## Common Configuration: ## -## ## -## Values in this section are common to more than one PKI subsystem, and ## -## contain required information which MAY be overridden by users as ## -## necessary. ## -## ## -## NOTE: Default values will be generated for any and all required ## -## 'common' data values which are left undefined. ## -############################################################################### -[Common] -pki_admin_cert_request_type=crmf -pki_admin_domain_name= -pki_admin_dualkey=False -pki_admin_email= -pki_admin_keysize=2048 -pki_admin_name= -pki_admin_nickname= -pki_admin_password= -pki_admin_subject_dn= -pki_admin_uid= -pki_audit_group=pkiaudit -pki_audit_signing_key_algorithm=SHA256withRSA -pki_audit_signing_key_size=2048 -pki_audit_signing_key_type=rsa -pki_audit_signing_nickname= -pki_audit_signing_signing_algorithm=SHA256withRSA -pki_audit_signing_subject_dn= -pki_audit_signing_token= -pki_backup_keys=False -pki_backup_password= -pki_client_database_dir= -pki_client_database_password= -pki_client_database_purge=True -pki_client_dir= -pki_client_pkcs12_password= -pki_ds_base_dn= -pki_ds_bind_dn=cn=Directory Manager -pki_ds_database= -pki_ds_hostname= -pki_ds_ldap_port=389 -pki_ds_ldaps_port=636 -pki_ds_password= -pki_ds_remove_data=True -pki_ds_secure_connection=False -pki_group=pkiuser -pki_issuing_ca= -pki_restart_configured_instance=True -pki_security_domain_hostname= -pki_security_domain_https_port=8443 -pki_security_domain_name= -pki_security_domain_password= -pki_security_domain_user= -pki_skip_configuration=False -pki_skip_installation=False -pki_ssl_server_key_algorithm=SHA256withRSA -pki_ssl_server_key_size=2048 -pki_ssl_server_key_type=rsa -pki_ssl_server_nickname= -pki_ssl_server_subject_dn= -pki_ssl_server_token= -pki_subsystem_key_algorithm=SHA256withRSA -pki_subsystem_key_size=2048 -pki_subsystem_key_type=rsa -pki_subsystem_nickname= -pki_subsystem_subject_dn= -pki_subsystem_token= -pki_token_name=internal -pki_token_password= -pki_user=pkiuser - -############################################################################### -## Apache Configuration: ## -## ## -## Values in this section are common to PKI subsystems that run ## -## as an instance of 'Apache' (RA and TPS subsystems), and contain ## -## required information which MAY be overridden by users as necessary. ## -############################################################################### -[Apache] -pki_instance_name=pki-apache -pki_http_port=80 -pki_https_port=443 - -############################################################################### -## Tomcat Configuration: ## -## ## -## Values in this section are common to PKI subsystems that run ## -## as an instance of 'Tomcat' (CA, KRA, OCSP, and TKS subsystems ## -## including 'Clones', 'Subordinate CAs', and 'External CAs'), and contain ## -## required information which MAY be overridden by users as necessary. ## -## ## -## PKI CLONES: To specify a 'CA Clone', a 'KRA Clone', an 'OCSP Clone', ## -## or a 'TKS Clone', change the value of 'pki_clone' ## -## from 'False' to 'True'. ## -## ## -## REMINDER: PKI CA Clones, Subordinate CAs, and External CAs ## -## are MUTUALLY EXCLUSIVE entities!!! ## -############################################################################### -[Tomcat] -pki_ajp_port=8009 -pki_clone=False -pki_clone_pkcs12_password= -pki_clone_pkcs12_path= -pki_clone_replicate_schema=True -pki_clone_replication_master_port= -pki_clone_replication_clone_port= -pki_clone_replication_security=None -pki_clone_uri= -pki_enable_java_debugger=False -pki_enable_proxy=False -pki_http_port=8080 -pki_https_port=8443 -pki_instance_name=pki-tomcat -pki_proxy_http_port=80 -pki_proxy_https_port=443 -pki_security_manager=true -pki_tomcat_server_port=8005 - -############################################################################### -## CA Configuration: ## -## ## -## Values in this section are common to CA subsystems including 'PKI CAs', ## -## 'Cloned CAs', 'Subordinate CAs', and 'External CAs', and contain ## -## required information which MAY be overridden by users as necessary. ## -## ## -## EXTERNAL CAs: To specify an 'External CA', change the value ## -## of 'pki_external' from 'False' to 'True'. ## -## ## -## SUBORDINATE CAs: To specify a 'Subordinate CA', change the value ## -## of 'pki_subordinate' from 'False' to 'True'. ## -## ## -## REMINDER: PKI CA Clones, Subordinate CAs, and External CAs ## -## are MUTUALLY EXCLUSIVE entities!!! ## -############################################################################### -[CA] -pki_ca_signing_key_algorithm=SHA256withRSA -pki_ca_signing_key_size=2048 -pki_ca_signing_key_type=rsa -pki_ca_signing_nickname= -pki_ca_signing_signing_algorithm=SHA256withRSA -pki_ca_signing_subject_dn= -pki_ca_signing_token= -pki_external=False -pki_external_ca_cert_chain_path= -pki_external_ca_cert_path= -pki_external_csr_path= -pki_external_step_two=False -pki_ocsp_signing_key_algorithm=SHA256withRSA -pki_ocsp_signing_key_size=2048 -pki_ocsp_signing_key_type=rsa -pki_ocsp_signing_nickname= -pki_ocsp_signing_signing_algorithm=SHA256withRSA -pki_ocsp_signing_subject_dn= -pki_ocsp_signing_token= -pki_subordinate=False -pki_subsystem=CA -pki_subsystem_name= - -############################################################################### -## KRA Configuration: ## -## ## -## Values in this section are common to KRA subsystems ## -## including 'PKI KRAs' and 'Cloned KRAs', and contain ## -## required information which MAY be overridden by users as necessary. ## -############################################################################### -[KRA] -pki_storage_key_algorithm=SHA256withRSA -pki_storage_key_size=2048 -pki_storage_key_type=rsa -pki_storage_nickname= -pki_storage_signing_algorithm=SHA256withRSA -pki_storage_subject_dn= -pki_storage_token= -pki_subsystem=KRA -pki_subsystem_name= -pki_transport_key_algorithm=SHA256withRSA -pki_transport_key_size=2048 -pki_transport_key_type=rsa -pki_transport_nickname= -pki_transport_signing_algorithm=SHA256withRSA -pki_transport_subject_dn= -pki_transport_token= - -############################################################################### -## OCSP Configuration: ## -## ## -## Values in this section are common to OCSP subsystems ## -## including 'PKI OCSPs' and 'Cloned OCSPs', and contain ## -## required information which MAY be overridden by users as necessary. ## -############################################################################### -[OCSP] -pki_ocsp_signing_key_algorithm=SHA256withRSA -pki_ocsp_signing_key_size=2048 -pki_ocsp_signing_key_type=rsa -pki_ocsp_signing_nickname= -pki_ocsp_signing_signing_algorithm=SHA256withRSA -pki_ocsp_signing_subject_dn= -pki_ocsp_signing_token= -pki_subsystem=OCSP -pki_subsystem_name= - -############################################################################### -## RA Configuration: ## -## ## -## Values in this section are common to PKI RA subsystems, and contain ## -## required information which MAY be overridden by users as necessary. ## -############################################################################### -[RA] -pki_subsystem=RA -pki_subsystem_name= - -############################################################################### -## TKS Configuration: ## -## ## -## Values in this section are common to TKS subsystems ## -## including 'PKI TKSs' and 'Cloned TKSs', and contain ## -## required information which MAY be overridden by users as necessary. ## -############################################################################### -[TKS] -pki_subsystem=TKS -pki_subsystem_name= - -############################################################################### -## TPS Configuration: ## -## ## -## Values in this section are common to PKI TPS subsystems, and contain ## -## required information which MAY be overridden by users as necessary. ## -############################################################################### -[TPS] -pki_subsystem=TPS -pki_subsystem_name= |