Moved Tomcat-based TPS to separate folder.

The source files for the new Tomcat-based TPS has been moved from base/tps to base/tps-tomcat. The new TPS will now be build in pki-core and packaged in pki-tps-tomcat RPM. The old TPS and RA have been restored to the previous state before adding the new TPS. Once the new TPS is complete, the old TPS can be removed, the new TPS can be moved back to base/tps and the package can be renamed back to pki-tps. Ticket #702
author: Endi S. Dewata <edewata@redhat.com> 2013-08-13 15:56:50 -0400
committer: Endi S. Dewata <edewata@redhat.com> 2013-08-15 12:26:12 -0400
commit: 17d6be4d85741bffa21d93aceaff00223bc77dec (patch)
tree: 7703eba9059076e47c7262120150292270c54d15 /base/ra/doc/CS.cfg.in
parent: 4ab7fdc3c08a6279d838ae795889924e9fc306cb (diff)
download: pki-17d6be4d85741bffa21d93aceaff00223bc77dec.tar.gz
pki-17d6be4d85741bffa21d93aceaff00223bc77dec.tar.xz
pki-17d6be4d85741bffa21d93aceaff00223bc77dec.zip
1 files changed, 242 insertions, 0 deletions
diff --git a/base/ra/doc/CS.cfg.in b/base/ra/doc/CS.cfg.in
new file mode 100644
index 000000000..227b117ce
--- /dev/null
+++ b/base/ra/doc/CS.cfg.in
@@ -0,0 +1,242 @@
+_000=##
+_001=## Registration Authority (RA) Configuration File
+_002=##
+pidDir=[PKI_PIDDIR]
+pkicreate.pki_instance_root=[PKI_INSTANCE_ROOT]
+pkicreate.pki_instance_name=[PKI_INSTANCE_NAME]
+pkicreate.subsystem_type=[PKI_SUBSYSTEM_TYPE]
+pkicreate.secure_port=[PKI_SECURE_PORT]
+pkicreate.non_clientauth_secure_port=[NON_CLIENTAUTH_SECURE_PORT]
+pkicreate.unsecure_port=[PKI_UNSECURE_PORT]
+pkicreate.user=[PKI_USER]
+pkicreate.group=[PKI_GROUP]
+pkiremove.cert.subsystem.nickname=subsystemCert cert-[PKI_INSTANCE_NAME]
+request._000=#########################################
+request._001=# Request Queue Parameters
+request._002=#########################################
+agent.authorized_groups=administrators,agents
+admin.authorized_groups=administrators
+database.dbfile=[PKI_INSTANCE_PATH]/conf/dbfile
+database.lockfile=[PKI_INSTANCE_PATH]/conf/dblock
+request.renewal.approve_request.0.ca=ca1
+request.renewal.approve_request.0.plugin=PKI::Request::Plugin::RequestToCA
+request.renewal.approve_request.0.profileId=caDualRAuserCert
+request.renewal.approve_request.0.reqType=crmf
+request.renewal.approve_request.1.mailTo=$created_by
+request.renewal.approve_request.1.plugin=PKI::Request::Plugin::EmailNotification
+request.renewal.approve_request.1.templateDir=/usr/share/pki/ra/conf
+request.renewal.approve_request.1.templateFile=mail_approve_request.vm
+request.renewal.approve_request.num_plugins=2
+request.renewal.reject_request.num_plugins=0
+request.renewal.create_request.0.assignTo=agents
+request.renewal.create_request.0.plugin=PKI::Request::Plugin::AutoAssign
+request.renewal.create_request.1.mailTo=$created_by
+request.renewal.create_request.1.plugin=PKI::Request::Plugin::EmailNotification
+request.renewal.create_request.1.templateDir=/usr/share/pki/ra/conf
+request.renewal.create_request.1.templateFile=mail_create_request.vm
+request.renewal.create_request.num_plugins=2
+request.scep.profileId=caRARouterCert
+request.scep.reqType=pkcs10
+request.scep.create_request.num_plugins=2
+request.scep.create_request.0.plugin=PKI::Request::Plugin::AutoAssign
+request.scep.create_request.0.assignTo=agents
+request.scep.create_request.1.plugin=PKI::Request::Plugin::EmailNotification
+request.scep.create_request.1.mailTo=
+request.scep.create_request.1.templateDir=/usr/share/pki/ra/conf
+request.scep.create_request.1.templateFile=mail_create_request.vm
+request.scep.approve_request.num_plugins=1
+request.scep.approve_request.0.plugin=PKI::Request::Plugin::CreatePin
+request.scep.approve_request.0.pinFormat=$site_id
+request.scep.reject_request.num_plugins=0
+request.agent.profileId=caRAagentCert
+request.agent.reqType=crmf
+request.agent.create_request.num_plugins=2
+request.agent.create_request.0.plugin=PKI::Request::Plugin::AutoAssign
+request.agent.create_request.0.assignTo=agents
+request.agent.create_request.1.plugin=PKI::Request::Plugin::EmailNotification
+request.agent.create_request.1.mailTo=
+request.agent.create_request.1.templateDir=/usr/share/pki/ra/conf
+request.agent.create_request.1.templateFile=mail_create_request.vm
+request.agent.approve_request.num_plugins=1
+request.agent.approve_request.0.plugin=PKI::Request::Plugin::CreatePin
+request.agent.approve_request.0.pinFormat=$uid
+request.agent.reject_request.num_plugins=0
+request.user.create_request.num_plugins=2
+request.user.create_request.0.plugin=PKI::Request::Plugin::AutoAssign
+request.user.create_request.0.assignTo=agents
+request.user.create_request.1.plugin=PKI::Request::Plugin::EmailNotification
+request.user.create_request.1.templateDir=/usr/share/pki/ra/conf
+request.user.create_request.1.templateFile=mail_create_request.vm
+request.user.create_request.1.mailTo=
+request.user.approve_request.num_plugins=2
+request.user.approve_request.0.plugin=PKI::Request::Plugin::RequestToCA
+request.user.approve_request.0.ca=ca1
+request.user.approve_request.0.profileId=caDualRAuserCert
+request.user.approve_request.0.reqType=crmf
+request.user.approve_request.1.plugin=PKI::Request::Plugin::EmailNotification
+request.user.approve_request.1.mailTo=$created_by
+request.user.approve_request.1.templateDir=/usr/share/pki/ra/conf
+request.user.approve_request.1.templateFile=mail_approve_request.vm
+request.user.reject_request.num_plugins=0
+request.server.create_request.num_plugins=2
+request.server.create_request.0.plugin=PKI::Request::Plugin::AutoAssign
+request.server.create_request.0.assignTo=agents
+request.server.create_request.1.plugin=PKI::Request::Plugin::EmailNotification
+request.server.create_request.1.mailTo=
+request.server.create_request.1.templateDir=/usr/share/pki/ra/conf
+request.server.create_request.1.templateFile=mail_create_request.vm
+request.server.approve_request.num_plugins=2
+request.server.approve_request.0.plugin=PKI::Request::Plugin::RequestToCA
+request.server.approve_request.0.ca=ca1
+request.server.approve_request.0.profileId=caRAserverCert
+request.server.approve_request.0.reqType=pkcs10
+request.server.approve_request.1.plugin=PKI::Request::Plugin::EmailNotification
+request.server.approve_request.1.mailTo=$created_by
+request.server.approve_request.1.templateDir=/usr/share/pki/ra/conf
+request.server.approve_request.1.templateFile=mail_approve_request.vm
+request.server.reject_request.num_plugins=0
+cs.type=RA
+service.machineName=[PKI_HOSTNAME]
+service.instanceDir=[PKI_INSTANCE_PATH]
+service.securePort=[PKI_SECURE_PORT]
+service.non_clientauth_securePort=[NON_CLIENTAUTH_SECURE_PORT]
+service.unsecurePort=[PKI_UNSECURE_PORT]
+service.instanceID=[PKI_INSTANCE_NAME]
+logging._000=#########################################
+logging._001=# RA configuration File
+logging._002=#
+logging._003=# All <...> must be replaced with
+logging._004=# appropriate values.
+logging._005=#########################################
+logging._006=########################################
+logging._007=# logging
+logging._008=#
+logging._009=# logging.debug.enable:
+logging._010=# logging.audit.enable:
+logging._011=# logging.error.enable:
+logging._012=#   - enable or disable the corresponding logging
+logging._013=# logging.debug.filename:
+logging._014=# logging.audit.filename:
+logging._015=# logging.error.filename:
+logging._016=#   - name of the log file
+logging._017=# logging.debug.level:
+logging._018=# logging.audit.level:
+logging._019=# logging.error.level:
+logging._020=#   - level of logging. (0-10)
+logging._021=#      0 - no logging,
+logging._022=#      4 - LL_PER_SERVER       these messages will occur only once
+logging._023=#                              during the entire invocation of the
+logging._024=#                              server, e. g. at startup or shutdown
+logging._025=#                              time., reading the conf parameters.
+logging._026=#                              Perhaps other infrequent events
+logging._027=#                              relating to failing over of CA, TKS,
+logging._028=#                              too
+logging._029=#      6 - LL_PER_CONNECTION   these messages happen once per
+logging._030=#                              connection - most of the log events
+logging._031=#                              will be at this level
+logging._032=#      8 - LL_PER_PDU          these messages relate to PDU
+logging._033=#                              processing. If you have something that
+logging._034=#                              is done for every PDU, such as
+logging._035=#                              applying the MAC, it should be logged
+logging._036=#                              at this level
+logging._037=#      9 - LL_ALL_DATA_IN_PDU  dump all the data in the PDU - a more
+logging._038=#                              chatty version of the above
+logging._039=#     10 - all logging
+logging._040=#########################################
+logging.debug.enable=true
+logging.debug.filename=[PKI_INSTANCE_PATH]/logs/ra-debug.log
+logging.debug.level=7
+logging.audit.enable=true
+logging.audit.filename=[PKI_INSTANCE_PATH]/logs/ra-audit.log
+logging.audit.level=10
+logging.error.enable=true
+logging.error.filename=[PKI_INSTANCE_PATH]/logs/ra-error.log
+logging.error.level=10
+conn.ca1._000=#########################################
+conn.ca1._001=# CA connection
+conn.ca1._002=#
+conn.ca1._003=# conn.ca<n>.hostport:
+conn.ca1._004=#   - host name and port number of your CA, format is host:port
+conn.ca1._005=# conn.ca<n>.clientNickname:
+conn.ca1._006=#   - nickname of the client certificate for
+conn.ca1._007=#     authentication
+conn.ca1._008=# conn.ca<n>.servlet.enrollment:
+conn.ca1._009=#   - servlet to contact in CA
+conn.ca1._010=#   - must be '/ca/ee/ca/profileSubmitSSLClient'
+conn.ca1._008=# conn.ca<n>.servlet.addagent:
+conn.ca1._009=#   - servlet to add ra agent on CA
+conn.ca1._010=#   - must be '/ca/admin/ca/registerRaUser
+conn.ca1._011=# conn.ca<n>.retryConnect:
+conn.ca1._012=#   - number of reconnection attempts on failure
+conn.ca1._013=# conn.ca<n>.timeout:
+conn.ca1._014=#   - connection timeout
+conn.ca1._015=# conn.ca<n>.SSLOn:
+conn.ca1._016=#   - enable SSL or not
+conn.ca1._017=# conn.ca<n>.keepAlive:
+conn.ca1._018=#   - enable keep alive or not
+conn.ca1._019=#
+conn.ca1._020=# where
+conn.ca1._021=#  <n>  - CA connection ID
+conn.ca1._022=#########################################
+failover.pod.enable=false
+conn.ca1.hostport=[PKI_CA_HOSTNAME]:[PKI_CA_PORT]
+conn.ca1.clientNickname=[HSM_LABEL][NICKNAME]
+conn.ca1.servlet.enrollment=/ca/ee/ca/profileSubmitSSLClient
+conn.ca1.servlet.addagent=/ca/admin/ca/registerRaUser
+conn.ca1.servlet.revoke=/ca/subsystem/ca/doRevoke
+conn.ca1.servlet.unrevoke=/ca/subsystem/ca/doUnrevoke
+conn.ca1.retryConnect=3
+conn.ca1.timeout=100
+conn.ca1.SSLOn=true
+conn.ca1.keepAlive=true
+preop.pin=[PKI_RANDOM_NUMBER]
+cms.product.version=@APPLICATION_VERSION@
+preop.cert._000=#########################################
+preop.cert._001=# Installation configuration "preop" certs parameters
+preop.cert._002=#########################################
+preop.cert.list=sslserver,subsystem
+preop.cert.sslserver.enable=true
+preop.cert.subsystem.enable=true
+preop.cert.sslserver.defaultSigningAlgorithm=SHA256withRSA
+preop.cert.sslserver.dn=CN=[PKI_HOSTNAME], OU=[PKI_INSTANCE_NAME]
+preop.cert.sslserver.keysize.customsize=2048
+preop.cert.sslserver.keysize.size=2048
+preop.cert.sslserver.keysize.select=custom
+preop.cert.sslserver.nickname=Server-Cert cert-[PKI_INSTANCE_NAME]
+preop.cert.sslserver.profile=caInternalAuthServerCert
+preop.cert.sslserver.subsystem=ra
+preop.cert._003=#preop.cert.sslserver.type=local
+preop.cert.sslserver.userfriendlyname=SSL Server Certificate
+preop.cert._004=#preop.cert.sslserver.cncomponent.override=false
+preop.cert.subsystem.defaultSigningAlgorithm=SHA256withRSA
+preop.cert.subsystem.dn=CN=RA Subsystem Certificate, OU=[PKI_INSTANCE_NAME]
+preop.cert.subsystem.keysize.customsize=2048
+preop.cert.subsystem.keysize.size=2048
+preop.cert.subsystem.keysize.select=custom
+preop.cert.subsystem.nickname=subsystemCert cert-[PKI_INSTANCE_NAME]
+preop.cert.subsystem.profile=caInternalAuthSubsystemCert
+preop.cert.subsystem.subsystem=ra
+preop.cert._005=#preop.cert.subsystem.type=local
+preop.cert.subsystem.userfriendlyname=Subsystem Certificate
+preop.cert._006=#preop.cert.subsystem.cncomponent.override=true
+preop.configModules._000=#########################################
+preop.configModules._001=# Installation configuration "preop" module parameters
+preop.configModules._002=#########################################
+preop.configModules.count=3
+preop.configModules.module0.commonName=NSS Internal PKCS #11 Module
+preop.configModules.module0.imagePath=/pki/images/clearpixel.gif
+preop.configModules.module0.userFriendlyName=NSS Internal PKCS #11 Module
+preop.configModules.module1.commonName=nfast
+preop.configModules.module1.imagePath=/pki/images/clearpixel.gif
+preop.configModules.module1.userFriendlyName=nCipher's nFast Token Hardware Module
+preop.configModules.module2.commonName=lunasa
+preop.configModules.module2.imagePath=/pki/images/clearpixel.gif
+preop.configModules.module2.userFriendlyName=SafeNet's LunaSA Token Hardware Module
+preop.module.token=NSS Certificate DB
+preop.keysize._000=#########################################
+preop.keysize._001=# Installation configuration "preop" keysize parameters
+preop.keysize._002=#########################################
+preop.keysize.customsize=2048
+preop.keysize.select=default
+preop.keysize.size=2048
+preop.keysize.ecc.size=256
author	Endi S. Dewata <edewata@redhat.com>	2013-08-13 15:56:50 -0400
committer	Endi S. Dewata <edewata@redhat.com>	2013-08-15 12:26:12 -0400
commit	17d6be4d85741bffa21d93aceaff00223bc77dec (patch)
tree	7703eba9059076e47c7262120150292270c54d15 /base/ra/doc/CS.cfg.in
parent	4ab7fdc3c08a6279d838ae795889924e9fc306cb (diff)
download	pki-17d6be4d85741bffa21d93aceaff00223bc77dec.tar.gz pki-17d6be4d85741bffa21d93aceaff00223bc77dec.tar.xz pki-17d6be4d85741bffa21d93aceaff00223bc77dec.zip