Enabled certificate revocation checking by default.

The CS.cfg templates for all subsystems have been modified to enable certificate revocation checking during authentication. This will affect new installations only. Ticket #1117, #1134
author: Endi S. Dewata <edewata@redhat.com> 2014-09-03 16:06:49 -0400
committer: Endi S. Dewata <edewata@redhat.com> 2014-09-03 16:55:51 -0400
commit: 223d15539b7bcc0df025025036af2935726e52e3 (patch)
tree: 879a4b999e7b29aa04a96a18b6e83c5da8874423 /base/ocsp
parent: 5f863998006bc5521b1ad91e106b10cd3e748ad2 (diff)
download: pki-223d15539b7bcc0df025025036af2935726e52e3.tar.gz
pki-223d15539b7bcc0df025025036af2935726e52e3.tar.xz
pki-223d15539b7bcc0df025025036af2935726e52e3.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/base/ocsp/shared/conf/CS.cfg.in b/base/ocsp/shared/conf/CS.cfg.in
index 9f92ebfe2..3603e4d21 100644
--- a/base/ocsp/shared/conf/CS.cfg.in
+++ b/base/ocsp/shared/conf/CS.cfg.in
@@ -141,6 +141,10 @@ auths.instance.AgentCertAuth.agentGroup=Certificate Manager Agents
 auths.instance.AgentCertAuth.pluginName=AgentCertAuth
 auths.instance.TokenAuth.pluginName=TokenAuth
 auths.revocationChecking.bufferSize=50
+auths.revocationChecking.enabled=true
+auths.revocationChecking.ocsp=ocsp
+auths.revocationChecking.unknownStateInterval=0
+auths.revocationChecking.validityInterval=120
 authz._000=##
 authz._001=## new authorizatioin
 authz._002=##
author	Endi S. Dewata <edewata@redhat.com>	2014-09-03 16:06:49 -0400
committer	Endi S. Dewata <edewata@redhat.com>	2014-09-03 16:55:51 -0400
commit	223d15539b7bcc0df025025036af2935726e52e3 (patch)
tree	879a4b999e7b29aa04a96a18b6e83c5da8874423 /base/ocsp
parent	5f863998006bc5521b1ad91e106b10cd3e748ad2 (diff)
download	pki-223d15539b7bcc0df025025036af2935726e52e3.tar.gz pki-223d15539b7bcc0df025025036af2935726e52e3.tar.xz pki-223d15539b7bcc0df025025036af2935726e52e3.zip