diff options
author | Matthew Harmsen <mharmsen@redhat.com> | 2013-10-15 17:55:05 -0700 |
---|---|---|
committer | Matthew Harmsen <mharmsen@redhat.com> | 2013-10-15 17:59:23 -0700 |
commit | 47c77a67d67cb443070137fd9b8d64955d499089 (patch) | |
tree | 12b7588f34a80a74c000e77b19017ec941ad5231 /base/server/etc/default.cfg | |
parent | 618be8bd7e9488a325789232c94aad109f9b6803 (diff) | |
download | pki-47c77a67d67cb443070137fd9b8d64955d499089.tar.gz pki-47c77a67d67cb443070137fd9b8d64955d499089.tar.xz pki-47c77a67d67cb443070137fd9b8d64955d499089.zip |
Stand-alone DRM
* TRAC Ticket #667 - provide option for ca-less drm install
Diffstat (limited to 'base/server/etc/default.cfg')
-rw-r--r-- | base/server/etc/default.cfg | 56 |
1 files changed, 50 insertions, 6 deletions
diff --git a/base/server/etc/default.cfg b/base/server/etc/default.cfg index 88f9f780c..46585ec0a 100644 --- a/base/server/etc/default.cfg +++ b/base/server/etc/default.cfg @@ -367,10 +367,10 @@ pki_ca_signing_signing_algorithm=SHA256withRSA pki_ca_signing_subject_dn=cn=CA Signing Certificate,o=%(pki_security_domain_name)s pki_ca_signing_token=Internal Key Storage Token pki_external=False -pki_external_ca_cert_chain_path= -pki_external_ca_cert_path= -pki_external_csr_path= +pki_external_csr_path=%(pki_instance_configuration_path)s/ca_signing.csr pki_external_step_two=False +pki_external_ca_cert_chain_path=%(pki_instance_configuration_path)s/external_ca_chain.cert +pki_external_ca_cert_path=%(pki_instance_configuration_path)s/external_ca.cert pki_import_admin_cert=False pki_ocsp_signing_key_algorithm=SHA256withRSA pki_ocsp_signing_key_size=2048 @@ -420,11 +420,33 @@ pki_subsystem_profiles_path=%(pki_subsystem_path)s/profiles ## KRA Configuration: ## ## ## ## Values in this section are common to KRA subsystems ## -## including 'PKI KRAs' and 'Cloned KRAs', and contain ## +## including 'PKI KRAs', 'Cloned KRAs', and 'Stand-alone KRAs' and contain ## ## required information which MAY be overridden by users as necessary. ## +## ## +## STAND-ALONE KRAs: To specify a 'Stand-alone KRA', change the value ## +## of 'pki_standalone' from 'False' to 'True', and ## +## specify the various 'pki_external' parameters ## +## as appropriate. ## +## ## ############################################################################### [KRA] pki_import_admin_cert=True +pki_standalone=False +pki_external_admin_csr_path=%(pki_instance_configuration_path)s/%(pki_subsystem_type)s_admin.csr +pki_external_audit_signing_csr_path=%(pki_instance_configuration_path)s/%(pki_subsystem_type)s_audit_signing.csr +pki_external_sslserver_csr_path=%(pki_instance_configuration_path)s/%(pki_subsystem_type)s_sslserver.csr +pki_external_storage_csr_path=%(pki_instance_configuration_path)s/%(pki_subsystem_type)s_storage.csr +pki_external_subsystem_csr_path=%(pki_instance_configuration_path)s/%(pki_subsystem_type)s_subsystem.csr +pki_external_transport_csr_path=%(pki_instance_configuration_path)s/%(pki_subsystem_type)s_transport.csr +pki_external_step_two=False +pki_external_ca_cert_chain_path=%(pki_instance_configuration_path)s/external_ca_chain.cert +pki_external_ca_cert_path=%(pki_instance_configuration_path)s/external_ca.cert +pki_external_admin_cert_path=%(pki_instance_configuration_path)s/%(pki_subsystem_type)s_admin.cert +pki_external_audit_signing_cert_path=%(pki_instance_configuration_path)s/%(pki_subsystem_type)s_audit_signing.cert +pki_external_sslserver_cert_path=%(pki_instance_configuration_path)s/%(pki_subsystem_type)s_sslserver.cert +pki_external_storage_cert_path=%(pki_instance_configuration_path)s/%(pki_subsystem_type)s_storage.cert +pki_external_subsystem_cert_path=%(pki_instance_configuration_path)s/%(pki_subsystem_type)s_subsystem.cert +pki_external_transport_cert_path=%(pki_instance_configuration_path)s/%(pki_subsystem_type)s_transport.cert pki_storage_key_algorithm=SHA256withRSA pki_storage_key_size=2048 pki_storage_key_type=rsa @@ -466,11 +488,33 @@ pki_source_transportcert_profile=%(pki_source_conf_path)s/transportCert.profile ## OCSP Configuration: ## ## ## ## Values in this section are common to OCSP subsystems ## -## including 'PKI OCSPs' and 'Cloned OCSPs', and contain ## -## required information which MAY be overridden by users as necessary. ## +## including 'PKI OCSPs', 'Cloned OCSPs', and 'Stand-alone OCSPs' and ## +## contain required information which MAY be overridden by users as ## +## necessary. ## +## ## +## STAND-ALONE OCSPs: To specify a 'Stand-alone OCSP', change the ## +## value of 'pki_standalone' from 'False' to ## +## 'True', and specify the various 'pki_external' ## +## parameters as appropriate. ## +## (NOTE: Stand-alone OCSP is not yet supported!) ## +## ## ############################################################################### [OCSP] pki_import_admin_cert=True +pki_standalone=False +pki_external_admin_csr_path=%(pki_instance_configuration_path)s/%(pki_subsystem_type)s_admin.csr +pki_external_audit_signing_csr_path=%(pki_instance_configuration_path)s/%(pki_subsystem_type)s_audit_signing.csr +pki_external_signing_csr_path=%(pki_instance_configuration_path)s/%(pki_subsystem_type)s_signing.csr +pki_external_sslserver_csr_path=%(pki_instance_configuration_path)s/%(pki_subsystem_type)s_sslserver.csr +pki_external_subsystem_csr_path=%(pki_instance_configuration_path)s/%(pki_subsystem_type)s_subsystem.csr +pki_external_step_two=False +pki_external_ca_cert_chain_path=%(pki_instance_configuration_path)s/external_ca_chain.cert +pki_external_ca_cert_path=%(pki_instance_configuration_path)s/external_ca.cert +pki_external_admin_cert_path=%(pki_instance_configuration_path)s/%(pki_subsystem_type)s_admin.cert +pki_external_audit_signing_cert_path=%(pki_instance_configuration_path)s/%(pki_subsystem_type)s_audit_signing.cert +pki_external_signing_cert_path=%(pki_instance_configuration_path)s/%(pki_subsystem_type)s_signing.cert +pki_external_sslserver_cert_path=%(pki_instance_configuration_path)s/%(pki_subsystem_type)s_sslserver.cert +pki_external_subsystem_cert_path=%(pki_instance_configuration_path)s/%(pki_subsystem_type)s_subsystem.cert pki_ocsp_signing_key_algorithm=SHA256withRSA pki_ocsp_signing_key_size=2048 pki_ocsp_signing_key_type=rsa |