Stand-alone DRM

* TRAC Ticket #667 - provide option for ca-less drm install
author: Matthew Harmsen <mharmsen@redhat.com> 2013-10-15 17:55:05 -0700
committer: Matthew Harmsen <mharmsen@redhat.com> 2013-10-15 17:59:23 -0700
commit: 47c77a67d67cb443070137fd9b8d64955d499089 (patch)
tree: 12b7588f34a80a74c000e77b19017ec941ad5231 /base/server/etc/default.cfg
parent: 618be8bd7e9488a325789232c94aad109f9b6803 (diff)
download: pki-47c77a67d67cb443070137fd9b8d64955d499089.tar.gz
pki-47c77a67d67cb443070137fd9b8d64955d499089.tar.xz
pki-47c77a67d67cb443070137fd9b8d64955d499089.zip
1 files changed, 50 insertions, 6 deletions
diff --git a/base/server/etc/default.cfg b/base/server/etc/default.cfg
index 88f9f780c..46585ec0a 100644
--- a/base/server/etc/default.cfg
+++ b/base/server/etc/default.cfg
@@ -367,10 +367,10 @@ pki_ca_signing_signing_algorithm=SHA256withRSA
 pki_ca_signing_subject_dn=cn=CA Signing Certificate,o=%(pki_security_domain_name)s
 pki_ca_signing_token=Internal Key Storage Token
 pki_external=False
-pki_external_ca_cert_chain_path=
-pki_external_ca_cert_path=
-pki_external_csr_path=
+pki_external_csr_path=%(pki_instance_configuration_path)s/ca_signing.csr
 pki_external_step_two=False
+pki_external_ca_cert_chain_path=%(pki_instance_configuration_path)s/external_ca_chain.cert
+pki_external_ca_cert_path=%(pki_instance_configuration_path)s/external_ca.cert
 pki_import_admin_cert=False
 pki_ocsp_signing_key_algorithm=SHA256withRSA
 pki_ocsp_signing_key_size=2048
@@ -420,11 +420,33 @@ pki_subsystem_profiles_path=%(pki_subsystem_path)s/profiles
 ##  KRA Configuration:                                                       ##
 ##                                                                           ##
 ##  Values in this section are common to KRA subsystems                      ##
-##  including 'PKI KRAs' and 'Cloned KRAs', and contain                      ##
+##  including 'PKI KRAs', 'Cloned KRAs', and 'Stand-alone KRAs' and contain  ##
 ##  required information which MAY be overridden by users as necessary.      ##
+##                                                                           ##
+##      STAND-ALONE KRAs:  To specify a 'Stand-alone KRA', change the value  ##
+##                         of 'pki_standalone' from 'False' to 'True', and   ##
+##                         specify the various 'pki_external' parameters     ##
+##                         as appropriate.                                   ##
+##                                                                           ##
 ###############################################################################
 [KRA]
 pki_import_admin_cert=True
+pki_standalone=False
+pki_external_admin_csr_path=%(pki_instance_configuration_path)s/%(pki_subsystem_type)s_admin.csr
+pki_external_audit_signing_csr_path=%(pki_instance_configuration_path)s/%(pki_subsystem_type)s_audit_signing.csr
+pki_external_sslserver_csr_path=%(pki_instance_configuration_path)s/%(pki_subsystem_type)s_sslserver.csr
+pki_external_storage_csr_path=%(pki_instance_configuration_path)s/%(pki_subsystem_type)s_storage.csr
+pki_external_subsystem_csr_path=%(pki_instance_configuration_path)s/%(pki_subsystem_type)s_subsystem.csr
+pki_external_transport_csr_path=%(pki_instance_configuration_path)s/%(pki_subsystem_type)s_transport.csr
+pki_external_step_two=False
+pki_external_ca_cert_chain_path=%(pki_instance_configuration_path)s/external_ca_chain.cert
+pki_external_ca_cert_path=%(pki_instance_configuration_path)s/external_ca.cert
+pki_external_admin_cert_path=%(pki_instance_configuration_path)s/%(pki_subsystem_type)s_admin.cert
+pki_external_audit_signing_cert_path=%(pki_instance_configuration_path)s/%(pki_subsystem_type)s_audit_signing.cert
+pki_external_sslserver_cert_path=%(pki_instance_configuration_path)s/%(pki_subsystem_type)s_sslserver.cert
+pki_external_storage_cert_path=%(pki_instance_configuration_path)s/%(pki_subsystem_type)s_storage.cert
+pki_external_subsystem_cert_path=%(pki_instance_configuration_path)s/%(pki_subsystem_type)s_subsystem.cert
+pki_external_transport_cert_path=%(pki_instance_configuration_path)s/%(pki_subsystem_type)s_transport.cert
 pki_storage_key_algorithm=SHA256withRSA
 pki_storage_key_size=2048
 pki_storage_key_type=rsa
@@ -466,11 +488,33 @@ pki_source_transportcert_profile=%(pki_source_conf_path)s/transportCert.profile
 ##  OCSP Configuration:                                                      ##
 ##                                                                           ##
 ##  Values in this section are common to OCSP subsystems                     ##
-##  including 'PKI OCSPs' and 'Cloned OCSPs', and contain                    ##
-##  required information which MAY be overridden by users as necessary.      ##
+##  including 'PKI OCSPs', 'Cloned OCSPs', and 'Stand-alone OCSPs' and       ##
+##  contain required information which MAY be overridden by users as         ##
+##  necessary.                                                               ##
+##                                                                           ##
+##      STAND-ALONE OCSPs:  To specify a 'Stand-alone OCSP', change the      ##
+##                          value of 'pki_standalone' from 'False' to        ##
+##                          'True', and specify the various 'pki_external'   ##
+##                          parameters as appropriate.                       ##
+##                          (NOTE:  Stand-alone OCSP is not yet supported!)  ##
+##                                                                           ##
 ###############################################################################
 [OCSP]
 pki_import_admin_cert=True
+pki_standalone=False
+pki_external_admin_csr_path=%(pki_instance_configuration_path)s/%(pki_subsystem_type)s_admin.csr
+pki_external_audit_signing_csr_path=%(pki_instance_configuration_path)s/%(pki_subsystem_type)s_audit_signing.csr
+pki_external_signing_csr_path=%(pki_instance_configuration_path)s/%(pki_subsystem_type)s_signing.csr
+pki_external_sslserver_csr_path=%(pki_instance_configuration_path)s/%(pki_subsystem_type)s_sslserver.csr
+pki_external_subsystem_csr_path=%(pki_instance_configuration_path)s/%(pki_subsystem_type)s_subsystem.csr
+pki_external_step_two=False
+pki_external_ca_cert_chain_path=%(pki_instance_configuration_path)s/external_ca_chain.cert
+pki_external_ca_cert_path=%(pki_instance_configuration_path)s/external_ca.cert
+pki_external_admin_cert_path=%(pki_instance_configuration_path)s/%(pki_subsystem_type)s_admin.cert
+pki_external_audit_signing_cert_path=%(pki_instance_configuration_path)s/%(pki_subsystem_type)s_audit_signing.cert
+pki_external_signing_cert_path=%(pki_instance_configuration_path)s/%(pki_subsystem_type)s_signing.cert
+pki_external_sslserver_cert_path=%(pki_instance_configuration_path)s/%(pki_subsystem_type)s_sslserver.cert
+pki_external_subsystem_cert_path=%(pki_instance_configuration_path)s/%(pki_subsystem_type)s_subsystem.cert
 pki_ocsp_signing_key_algorithm=SHA256withRSA
 pki_ocsp_signing_key_size=2048
 pki_ocsp_signing_key_type=rsa
author	Matthew Harmsen <mharmsen@redhat.com>	2013-10-15 17:55:05 -0700
committer	Matthew Harmsen <mharmsen@redhat.com>	2013-10-15 17:59:23 -0700
commit	47c77a67d67cb443070137fd9b8d64955d499089 (patch)
tree	12b7588f34a80a74c000e77b19017ec941ad5231 /base/server/etc/default.cfg
parent	618be8bd7e9488a325789232c94aad109f9b6803 (diff)
download	pki-47c77a67d67cb443070137fd9b8d64955d499089.tar.gz pki-47c77a67d67cb443070137fd9b8d64955d499089.tar.xz pki-47c77a67d67cb443070137fd9b8d64955d499089.zip