diff options
author | Endi Sukma Dewata <edewata@redhat.com> | 2013-05-21 14:23:20 -0400 |
---|---|---|
committer | Endi Sukma Dewata <edewata@redhat.com> | 2013-05-30 12:00:44 -0400 |
commit | 90d3f20d2066ac471d5368d7a8394b16548f72de (patch) | |
tree | 9787a1435effa56b47c57de93410f543ee0223de /base | |
parent | d78d7442be02b6b83d9dad3fc089fa9f9d8ceb48 (diff) | |
download | pki-90d3f20d2066ac471d5368d7a8394b16548f72de.tar.gz pki-90d3f20d2066ac471d5368d7a8394b16548f72de.tar.xz pki-90d3f20d2066ac471d5368d7a8394b16548f72de.zip |
Renamed PKI_INSTANCE_ID into PKI_INSTANCE_NAME.
The PKI_INSTANCE_ID variable has been renamed into PKI_INSTANCE_NAME
for consistency.
Diffstat (limited to 'base')
30 files changed, 192 insertions, 192 deletions
diff --git a/base/ca/setup/registry_instance b/base/ca/setup/registry_instance index c97b0c736..6365ecb9e 100644 --- a/base/ca/setup/registry_instance +++ b/base/ca/setup/registry_instance @@ -9,8 +9,8 @@ export PKI_USER PKI_GROUP=[PKI_GROUP] export PKI_GROUP -PKI_INSTANCE_ID=[PKI_INSTANCE_ID] -export PKI_INSTANCE_ID +PKI_INSTANCE_NAME=[PKI_INSTANCE_NAME] +export PKI_INSTANCE_NAME PKI_INSTANCE_PATH=[PKI_INSTANCE_PATH] export PKI_INSTANCE_PATH @@ -26,7 +26,7 @@ export PKI_SERVER_XML_CONF CATALINA_BASE=$PKI_INSTANCE_PATH export CATALINA_BASE -TOMCAT_PROG=$PKI_INSTANCE_ID +TOMCAT_PROG=$PKI_INSTANCE_NAME export TOMCAT_PROG TOMCAT_USER=$PKI_USER @@ -38,16 +38,16 @@ export TOMCAT_GROUP PKI_LOCKDIR="/var/lock/pki/${PKI_SUBSYSTEM_TYPE}" export PKI_LOCKDIR -PKI_LOCKFILE="${PKI_LOCKDIR}/${PKI_INSTANCE_ID}" +PKI_LOCKFILE="${PKI_LOCKDIR}/${PKI_INSTANCE_NAME}" export PKI_LOCKFILE PKI_PIDDIR="/var/run/pki/${PKI_SUBSYSTEM_TYPE}" export PKI_PIDDIR -PKI_PIDFILE="${PKI_PIDDIR}/${PKI_INSTANCE_ID}.pid" +PKI_PIDFILE="${PKI_PIDDIR}/${PKI_INSTANCE_NAME}.pid" export PKI_PIDFILE -TOMCAT_LOCKFILE=/var/lock/subsys/${PKI_INSTANCE_ID} +TOMCAT_LOCKFILE=/var/lock/subsys/${PKI_INSTANCE_NAME} export TOMCAT_LOCKFILE TOMCAT_PIDFILE=[TOMCAT_PIDFILE] diff --git a/base/ca/shared/conf/CS.cfg.in b/base/ca/shared/conf/CS.cfg.in index 61e1ac4ff..d182ffab1 100644 --- a/base/ca/shared/conf/CS.cfg.in +++ b/base/ca/shared/conf/CS.cfg.in @@ -2,7 +2,7 @@ _000=## _001=## Certificate Authority (CA) Configuration File _002=## pkicreate.pki_instance_root=[PKI_INSTANCE_ROOT] -pkicreate.pki_instance_name=[PKI_INSTANCE_ID] +pkicreate.pki_instance_name=[PKI_INSTANCE_NAME] pkicreate.subsystem_type=[PKI_SUBSYSTEM_TYPE] pkicreate.agent_secure_port=[PKI_AGENT_SECURE_PORT] pkicreate.ee_secure_port=[PKI_EE_SECURE_PORT] @@ -14,7 +14,7 @@ pkicreate.tomcat_server_port=[TOMCAT_SERVER_PORT] pkicreate.user=[PKI_USER] pkicreate.arg11.group=[PKI_GROUP] pkicreate.systemd.servicename=[PKI_SYSTEMD_SERVICENAME] -pkiremove.cert.subsystem.nickname=subsystemCert cert-[PKI_INSTANCE_ID] +pkiremove.cert.subsystem.nickname=subsystemCert cert-[PKI_INSTANCE_NAME] installDate=[INSTALL_TIME] preop.wizard.name=CA Setup Wizard preop.product.name=CS @@ -41,7 +41,7 @@ securitydomain.checkinterval=300000 instanceRoot=[PKI_INSTANCE_PATH] configurationRoot=/[PKI_SUBSYSTEM_DIR]conf/ machineName=[PKI_HOSTNAME] -instanceId=[PKI_INSTANCE_ID] +instanceId=[PKI_INSTANCE_NAME] pidDir=[PKI_PIDDIR] service.machineName=[PKI_HOSTNAME] service.instanceDir=[PKI_INSTANCE_ROOT] @@ -49,7 +49,7 @@ service.securePort=[PKI_AGENT_SECURE_PORT] service.non_clientauth_securePort=[PKI_EE_SECURE_PORT] service.clientauth_securePort=[PKI_EE_SECURE_CLIENT_AUTH_PORT] service.unsecurePort=[PKI_UNSECURE_PORT] -service.instanceID=[PKI_INSTANCE_ID] +service.instanceID=[PKI_INSTANCE_NAME] preop.admin.name=Certificate System Administrator preop.admin.group=Certificate Manager Agents preop.admincert.profile=caAdminCert @@ -72,7 +72,7 @@ preop.cert.signing.dn=CN=Certificate Authority preop.cert.signing.cncomponent.override=true preop.cert.signing.keysize.size=2048 preop.cert.signing.keysize.custom_size=2048 -preop.cert.signing.nickname=caSigningCert cert-[PKI_INSTANCE_ID] +preop.cert.signing.nickname=caSigningCert cert-[PKI_INSTANCE_NAME] preop.cert.signing.profile=caCert.profile preop.cert.signing.signing.required=true preop.cert.signing.subsystem=ca @@ -82,7 +82,7 @@ preop.cert.audit_signing.defaultSigningAlgorithm=SHA256withRSA preop.cert.audit_signing.dn=CN=CA Audit Signing Certificate preop.cert.audit_signing.keysize.custom_size=2048 preop.cert.audit_signing.keysize.size=2048 -preop.cert.audit_signing.nickname=auditSigningCert cert-[PKI_INSTANCE_ID] +preop.cert.audit_signing.nickname=auditSigningCert cert-[PKI_INSTANCE_NAME] preop.cert.audit_signing.profile=caAuditSigningCert.profile preop.cert.audit_signing.signing.required=false preop.cert.audit_signing.subsystem=ca @@ -93,7 +93,7 @@ preop.cert.ocsp_signing.defaultSigningAlgorithm=SHA256withRSA preop.cert.ocsp_signing.dn=CN=OCSP Signing Certificate preop.cert.ocsp_signing.keysize.custom_size=2048 preop.cert.ocsp_signing.keysize.size=2048 -preop.cert.ocsp_signing.nickname=ocspSigningCert cert-[PKI_INSTANCE_ID] +preop.cert.ocsp_signing.nickname=ocspSigningCert cert-[PKI_INSTANCE_NAME] preop.cert.ocsp_signing.profile=caOCSPCert.profile preop.cert.ocsp_signing.signing.required=true preop.cert.ocsp_signing.subsystem=ca @@ -104,7 +104,7 @@ preop.cert.sslserver.defaultSigningAlgorithm=SHA256withRSA preop.cert.sslserver.dn=CN=[PKI_HOSTNAME] preop.cert.sslserver.keysize.custom_size=2048 preop.cert.sslserver.keysize.size=2048 -preop.cert.sslserver.nickname=Server-Cert cert-[PKI_INSTANCE_ID] +preop.cert.sslserver.nickname=Server-Cert cert-[PKI_INSTANCE_NAME] preop.cert.sslserver.profile=serverCert.profile preop.cert.sslserver.signing.required=false preop.cert.sslserver.subsystem=ca @@ -115,7 +115,7 @@ preop.cert.subsystem.defaultSigningAlgorithm=SHA256withRSA preop.cert.subsystem.dn=CN=CA Subsystem Certificate preop.cert.subsystem.keysize.custom_size=2048 preop.cert.subsystem.keysize.size=2048 -preop.cert.subsystem.nickname=subsystemCert cert-[PKI_INSTANCE_ID] +preop.cert.subsystem.nickname=subsystemCert cert-[PKI_INSTANCE_NAME] preop.cert.subsystem.profile=subsystemCert.profile preop.cert.subsystem.signing.required=false preop.cert.subsystem.subsystem=ca @@ -143,10 +143,10 @@ preop.name.caDN=CN=Certificate Authority preop.name.sslDN=CN=[PKI_HOSTNAME] preop.name.ocspDN=CN=OCSP Signing Certificate preop.name.subsystemDN=CN=CA Subsystem Certificate -preop.name.canickname=caSigningCert cert-[PKI_INSTANCE_ID] -preop.name.ocspnickname=ocspSigningCert cert-[PKI_INSTANCE_ID] -preop.name.subsystemnickname=subsystemCert cert-[PKI_INSTANCE_ID] -preop.name.sslnickname=Server-Cert cert-[PKI_INSTANCE_ID] +preop.name.canickname=caSigningCert cert-[PKI_INSTANCE_NAME] +preop.name.ocspnickname=ocspSigningCert cert-[PKI_INSTANCE_NAME] +preop.name.subsystemnickname=subsystemCert cert-[PKI_INSTANCE_NAME] +preop.name.sslnickname=Server-Cert cert-[PKI_INSTANCE_NAME] preop.subsystem.count=0 subsystem.count=0 passwordFile=[PKI_INSTANCE_PATH]/conf/password.conf @@ -657,7 +657,7 @@ ca.notification.requestInQ.emailTemplate=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_DIR] ca.notification.requestInQ.enabled=false ca.notification.requestInQ.recipientEmail= ca.notification.requestInQ.senderEmail= -ca.ocsp_signing.cacertnickname=ocspSigningCert cert-[PKI_INSTANCE_ID] +ca.ocsp_signing.cacertnickname=ocspSigningCert cert-[PKI_INSTANCE_NAME] ca.ocsp_signing.defaultSigningAlgorithm=SHA256withRSA ca.ocsp_signing.tokenname=internal ca.publish.createOwnDNEntry=false @@ -742,14 +742,14 @@ cmsgateway._002=## for a given instance, perform the following steps to cmsgateway._003=## re-enroll for a new Admin Certificate: cmsgateway._004=## cmsgateway._005=## (1) Become 'root' -cmsgateway._006=## (2) Type: 'service [PKI_INSTANCE_ID] stop' +cmsgateway._006=## (2) Type: 'service [PKI_INSTANCE_NAME] stop' cmsgateway._007=## (3) Edit '[PKI_CFG_PATH_NAME]' cmsgateway._008=## and set the following name-value pairs (if necessary): cmsgateway._009=## cmsgateway._010=## ca.Policy.enable=true cmsgateway._011=## cmsgateway.enableAdminEnroll=true cmsgateway._012=## -cmsgateway._013=## (4) Type: 'service [PKI_INSTANCE_ID] start' +cmsgateway._013=## (4) Type: 'service [PKI_INSTANCE_NAME] start' cmsgateway._014=## (5) Launch a browser and re-enroll for cmsgateway._015=## a new Admin Certificate by typing: cmsgateway._016=## @@ -909,7 +909,7 @@ log.instance.SignedAudit.maxFileSize=2000 log.instance.SignedAudit.pluginName=file log.instance.SignedAudit.rolloverInterval=2592000 log.instance.SignedAudit.signedAudit=_002=## -log.instance.SignedAudit.signedAuditCertNickname=auditSigningCert cert-[PKI_INSTANCE_ID] +log.instance.SignedAudit.signedAuditCertNickname=auditSigningCert cert-[PKI_INSTANCE_NAME] log.instance.SignedAudit.type=signedAudit log.instance.System._000=## log.instance.System._001=## System Logging diff --git a/base/ca/shared/conf/serverCertNick.conf b/base/ca/shared/conf/serverCertNick.conf index 1b1f4fcad..a359645f8 100644 --- a/base/ca/shared/conf/serverCertNick.conf +++ b/base/ca/shared/conf/serverCertNick.conf @@ -1 +1 @@ -Server-Cert cert-[PKI_INSTANCE_ID] +Server-Cert cert-[PKI_INSTANCE_NAME] diff --git a/base/common/setup/pkidaemon_registry b/base/common/setup/pkidaemon_registry index 5cd1ca9c8..572f4b23c 100644 --- a/base/common/setup/pkidaemon_registry +++ b/base/common/setup/pkidaemon_registry @@ -9,8 +9,8 @@ export PKI_USER PKI_GROUP=[PKI_GROUP] export PKI_GROUP -PKI_INSTANCE_ID=[PKI_INSTANCE_ID] -export PKI_INSTANCE_ID +PKI_INSTANCE_NAME=[PKI_INSTANCE_NAME] +export PKI_INSTANCE_NAME PKI_INSTANCE_PATH=[PKI_INSTANCE_PATH] export PKI_INSTANCE_PATH @@ -32,10 +32,10 @@ export TOMCAT_PIDFILE # Use PKI Variable "Slot" Substitutions -PKI_LOCKFILE="${PKI_LOCKDIR}/${PKI_INSTANCE_ID}" +PKI_LOCKFILE="${PKI_LOCKDIR}/${PKI_INSTANCE_NAME}" export PKI_LOCKFILE -PKI_PIDFILE="${PKI_PIDDIR}/${PKI_INSTANCE_ID}.pid" +PKI_PIDFILE="${PKI_PIDDIR}/${PKI_INSTANCE_NAME}.pid" export PKI_PIDFILE RESTART_SERVER=${PKI_INSTANCE_PATH}/conf/restart_server_after_configuration @@ -46,7 +46,7 @@ export RESTART_SERVER CATALINA_BASE=$PKI_INSTANCE_PATH export CATALINA_BASE -TOMCAT_PROG=$PKI_INSTANCE_ID +TOMCAT_PROG=$PKI_INSTANCE_NAME export TOMCAT_PROG TOMCAT_USER=$PKI_USER @@ -55,5 +55,5 @@ export TOMCAT_USER TOMCAT_GROUP=$PKI_GROUP export TOMCAT_GROUP -TOMCAT_LOCKFILE=/var/lock/subsys/${PKI_INSTANCE_ID} +TOMCAT_LOCKFILE=/var/lock/subsys/${PKI_INSTANCE_NAME} export TOMCAT_LOCKFILE diff --git a/base/common/shared/conf/serverCertNick.conf b/base/common/shared/conf/serverCertNick.conf index 25bafd622..4f35a6349 100644 --- a/base/common/shared/conf/serverCertNick.conf +++ b/base/common/shared/conf/serverCertNick.conf @@ -3,4 +3,4 @@ # All rights reserved. # --- END COPYRIGHT BLOCK --- # -Server-Cert cert-[PKI_INSTANCE_ID] +Server-Cert cert-[PKI_INSTANCE_NAME] diff --git a/base/kra/setup/registry_instance b/base/kra/setup/registry_instance index c97b0c736..6365ecb9e 100644 --- a/base/kra/setup/registry_instance +++ b/base/kra/setup/registry_instance @@ -9,8 +9,8 @@ export PKI_USER PKI_GROUP=[PKI_GROUP] export PKI_GROUP -PKI_INSTANCE_ID=[PKI_INSTANCE_ID] -export PKI_INSTANCE_ID +PKI_INSTANCE_NAME=[PKI_INSTANCE_NAME] +export PKI_INSTANCE_NAME PKI_INSTANCE_PATH=[PKI_INSTANCE_PATH] export PKI_INSTANCE_PATH @@ -26,7 +26,7 @@ export PKI_SERVER_XML_CONF CATALINA_BASE=$PKI_INSTANCE_PATH export CATALINA_BASE -TOMCAT_PROG=$PKI_INSTANCE_ID +TOMCAT_PROG=$PKI_INSTANCE_NAME export TOMCAT_PROG TOMCAT_USER=$PKI_USER @@ -38,16 +38,16 @@ export TOMCAT_GROUP PKI_LOCKDIR="/var/lock/pki/${PKI_SUBSYSTEM_TYPE}" export PKI_LOCKDIR -PKI_LOCKFILE="${PKI_LOCKDIR}/${PKI_INSTANCE_ID}" +PKI_LOCKFILE="${PKI_LOCKDIR}/${PKI_INSTANCE_NAME}" export PKI_LOCKFILE PKI_PIDDIR="/var/run/pki/${PKI_SUBSYSTEM_TYPE}" export PKI_PIDDIR -PKI_PIDFILE="${PKI_PIDDIR}/${PKI_INSTANCE_ID}.pid" +PKI_PIDFILE="${PKI_PIDDIR}/${PKI_INSTANCE_NAME}.pid" export PKI_PIDFILE -TOMCAT_LOCKFILE=/var/lock/subsys/${PKI_INSTANCE_ID} +TOMCAT_LOCKFILE=/var/lock/subsys/${PKI_INSTANCE_NAME} export TOMCAT_LOCKFILE TOMCAT_PIDFILE=[TOMCAT_PIDFILE] diff --git a/base/kra/shared/conf/CS.cfg.in b/base/kra/shared/conf/CS.cfg.in index 7e7006a97..7df3c64dc 100644 --- a/base/kra/shared/conf/CS.cfg.in +++ b/base/kra/shared/conf/CS.cfg.in @@ -2,7 +2,7 @@ _000=## _001=## Data Recovery Manager (DRM) Configuration File _002=## pkicreate.pki_instance_root=[PKI_INSTANCE_ROOT] -pkicreate.pki_instance_name=[PKI_INSTANCE_ID] +pkicreate.pki_instance_name=[PKI_INSTANCE_NAME] pkicreate.subsystem_type=[PKI_SUBSYSTEM_TYPE] pkicreate.agent_secure_port=[PKI_AGENT_SECURE_PORT] pkicreate.ee_secure_port=[PKI_EE_SECURE_PORT] @@ -13,7 +13,7 @@ pkicreate.tomcat_server_port=[TOMCAT_SERVER_PORT] pkicreate.user=[PKI_USER] pkicreate.group=[PKI_GROUP] pkicreate.systemd.servicename=[PKI_SYSTEMD_SERVICENAME] -pkiremove.cert.subsystem.nickname=subsystemCert cert-[PKI_INSTANCE_ID] +pkiremove.cert.subsystem.nickname=subsystemCert cert-[PKI_INSTANCE_NAME] installDate=[INSTALL_TIME] preop.wizard.name=DRM Setup Wizard preop.product.name=CS @@ -31,14 +31,14 @@ preop.securitydomain.admin_url=https://[PKI_HOSTNAME]:9445 instanceRoot=[PKI_INSTANCE_PATH] configurationRoot=/[PKI_SUBSYSTEM_DIR]conf/ machineName=[PKI_HOSTNAME] -instanceId=[PKI_INSTANCE_ID] +instanceId=[PKI_INSTANCE_NAME] pidDir=[PKI_PIDDIR] service.machineName=[PKI_HOSTNAME] service.instanceDir=[PKI_INSTANCE_ROOT] service.securePort=[PKI_AGENT_SECURE_PORT] service.non_clientauth_securePort=[PKI_EE_SECURE_PORT] service.unsecurePort=[PKI_UNSECURE_PORT] -service.instanceID=[PKI_INSTANCE_ID] +service.instanceID=[PKI_INSTANCE_NAME] preop.admin.name=Data Recovery Manager Administrator preop.admin.group=Data Recovery Manager Agents preop.admincert.profile=caAdminCert @@ -60,7 +60,7 @@ preop.cert.audit_signing.defaultSigningAlgorithm=SHA256withRSA preop.cert.audit_signing.dn=CN=DRM Audit Signing Certificate preop.cert.audit_signing.keysize.custom_size=2048 preop.cert.audit_signing.keysize.size=2048 -preop.cert.audit_signing.nickname=auditSigningCert cert-[PKI_INSTANCE_ID] +preop.cert.audit_signing.nickname=auditSigningCert cert-[PKI_INSTANCE_NAME] preop.cert.audit_signing.profile=caInternalAuthAuditSigningCert preop.cert.audit_signing.signing.required=false preop.cert.audit_signing.subsystem=kra @@ -71,7 +71,7 @@ preop.cert.storage.defaultSigningAlgorithm=SHA256withRSA preop.cert.storage.dn=CN=DRM Storage Certificate preop.cert.storage.keysize.custom_size=2048 preop.cert.storage.keysize.size=2048 -preop.cert.storage.nickname=storageCert cert-[PKI_INSTANCE_ID] +preop.cert.storage.nickname=storageCert cert-[PKI_INSTANCE_NAME] preop.cert.storage.profile=caInternalAuthDRMstorageCert preop.cert.storage.signing.required=false preop.cert.storage.subsystem=kra @@ -82,7 +82,7 @@ preop.cert.transport.defaultSigningAlgorithm=SHA256withRSA preop.cert.transport.dn=CN=DRM Transport Certificate preop.cert.transport.keysize.custom_size=2048 preop.cert.transport.keysize.size=2048 -preop.cert.transport.nickname=transportCert cert-[PKI_INSTANCE_ID] +preop.cert.transport.nickname=transportCert cert-[PKI_INSTANCE_NAME] preop.cert.transport.profile=caInternalAuthTransportCert preop.cert.transport.signing.required=false preop.cert.transport.subsystem=kra @@ -93,7 +93,7 @@ preop.cert.sslserver.defaultSigningAlgorithm=SHA256withRSA preop.cert.sslserver.dn=CN=[PKI_HOSTNAME] preop.cert.sslserver.keysize.custom_size=2048 preop.cert.sslserver.keysize.size=2048 -preop.cert.sslserver.nickname=Server-Cert cert-[PKI_INSTANCE_ID] +preop.cert.sslserver.nickname=Server-Cert cert-[PKI_INSTANCE_NAME] preop.cert.sslserver.profile=caInternalAuthServerCert preop.cert.sslserver.signing.required=false preop.cert.sslserver.subsystem=kra @@ -104,7 +104,7 @@ preop.cert.subsystem.defaultSigningAlgorithm=SHA256withRSA preop.cert.subsystem.dn=CN=DRM Subsystem Certificate preop.cert.subsystem.keysize.custom_size=2048 preop.cert.subsystem.keysize.size=2048 -preop.cert.subsystem.nickname=subsystemCert cert-[PKI_INSTANCE_ID] +preop.cert.subsystem.nickname=subsystemCert cert-[PKI_INSTANCE_NAME] preop.cert.subsystem.profile=caInternalAuthSubsystemCert preop.cert.subsystem.signing.required=false preop.cert.subsystem.subsystem=kra @@ -261,8 +261,8 @@ kra.recoveryAgentGroup=Data Recovery Manager Agents kra.reqdbInc=20 kra.entropy.bitsperkeypair=0 kra.entropy.blockwarnms=0 -kra.storageUnit.nickName=storageCert cert-[PKI_INSTANCE_ID] -kra.transportUnit.nickName=transportCert cert-[PKI_INSTANCE_ID] +kra.storageUnit.nickName=storageCert cert-[PKI_INSTANCE_NAME] +kra.transportUnit.nickName=transportCert cert-[PKI_INSTANCE_NAME] log._000=## log._001=## Logging log._002=## @@ -288,7 +288,7 @@ log.instance.SignedAudit.rolloverInterval=2592000 log.instance.SignedAudit.signedAudit:_000=## log.instance.SignedAudit.signedAudit:_001=## Fill in the nickname of a trusted signing certificate to allow KRA audit logs to be signed log.instance.SignedAudit.signedAudit:_002=## -log.instance.SignedAudit.signedAuditCertNickname=auditSigningCert cert-[PKI_INSTANCE_ID] +log.instance.SignedAudit.signedAuditCertNickname=auditSigningCert cert-[PKI_INSTANCE_NAME] log.instance.SignedAudit.type=signedAudit log.instance.System._000=## log.instance.System._001=## System Logging @@ -336,7 +336,7 @@ oidmap.pse.class=netscape.security.extensions.PresenceServerExtension oidmap.pse.oid=2.16.840.1.113730.1.18 oidmap.subject_info_access.class=netscape.security.extensions.SubjectInfoAccessExtension oidmap.subject_info_access.oid=1.3.6.1.5.5.7.1.11 -os.serverName=cert-[PKI_INSTANCE_ID] +os.serverName=cert-[PKI_INSTANCE_NAME] os.userid=nobody registry.file=[PKI_INSTANCE_PATH]/conf/registry.cfg selftests._000=## diff --git a/base/kra/shared/conf/serverCertNick.conf b/base/kra/shared/conf/serverCertNick.conf index 1b1f4fcad..a359645f8 100644 --- a/base/kra/shared/conf/serverCertNick.conf +++ b/base/kra/shared/conf/serverCertNick.conf @@ -1 +1 @@ -Server-Cert cert-[PKI_INSTANCE_ID] +Server-Cert cert-[PKI_INSTANCE_NAME] diff --git a/base/ocsp/setup/registry_instance b/base/ocsp/setup/registry_instance index c97b0c736..6365ecb9e 100644 --- a/base/ocsp/setup/registry_instance +++ b/base/ocsp/setup/registry_instance @@ -9,8 +9,8 @@ export PKI_USER PKI_GROUP=[PKI_GROUP] export PKI_GROUP -PKI_INSTANCE_ID=[PKI_INSTANCE_ID] -export PKI_INSTANCE_ID +PKI_INSTANCE_NAME=[PKI_INSTANCE_NAME] +export PKI_INSTANCE_NAME PKI_INSTANCE_PATH=[PKI_INSTANCE_PATH] export PKI_INSTANCE_PATH @@ -26,7 +26,7 @@ export PKI_SERVER_XML_CONF CATALINA_BASE=$PKI_INSTANCE_PATH export CATALINA_BASE -TOMCAT_PROG=$PKI_INSTANCE_ID +TOMCAT_PROG=$PKI_INSTANCE_NAME export TOMCAT_PROG TOMCAT_USER=$PKI_USER @@ -38,16 +38,16 @@ export TOMCAT_GROUP PKI_LOCKDIR="/var/lock/pki/${PKI_SUBSYSTEM_TYPE}" export PKI_LOCKDIR -PKI_LOCKFILE="${PKI_LOCKDIR}/${PKI_INSTANCE_ID}" +PKI_LOCKFILE="${PKI_LOCKDIR}/${PKI_INSTANCE_NAME}" export PKI_LOCKFILE PKI_PIDDIR="/var/run/pki/${PKI_SUBSYSTEM_TYPE}" export PKI_PIDDIR -PKI_PIDFILE="${PKI_PIDDIR}/${PKI_INSTANCE_ID}.pid" +PKI_PIDFILE="${PKI_PIDDIR}/${PKI_INSTANCE_NAME}.pid" export PKI_PIDFILE -TOMCAT_LOCKFILE=/var/lock/subsys/${PKI_INSTANCE_ID} +TOMCAT_LOCKFILE=/var/lock/subsys/${PKI_INSTANCE_NAME} export TOMCAT_LOCKFILE TOMCAT_PIDFILE=[TOMCAT_PIDFILE] diff --git a/base/ocsp/shared/conf/CS.cfg.in b/base/ocsp/shared/conf/CS.cfg.in index 29fb8e7e6..06aead349 100644 --- a/base/ocsp/shared/conf/CS.cfg.in +++ b/base/ocsp/shared/conf/CS.cfg.in @@ -3,7 +3,7 @@ _001=## Online Certificate Status Protocol (OCSP) Responder Configuration File _002=## pidDir=[PKI_PIDDIR] pkicreate.pki_instance_root=[PKI_INSTANCE_ROOT] -pkicreate.pki_instance_name=[PKI_INSTANCE_ID] +pkicreate.pki_instance_name=[PKI_INSTANCE_NAME] pkicreate.subsystem_type=[PKI_SUBSYSTEM_TYPE] pkicreate.agent_secure_port=[PKI_AGENT_SECURE_PORT] pkicreate.ee_secure_port=[PKI_EE_SECURE_PORT] @@ -14,7 +14,7 @@ pkicreate.tomcat_server_port=[TOMCAT_SERVER_PORT] pkicreate.user=[PKI_USER] pkicreate.group=[PKI_GROUP] pkicreate.systemd.servicename=[PKI_SYSTEMD_SERVICENAME] -pkiremove.cert.subsystem.nickname=subsystemCert cert-[PKI_INSTANCE_ID] +pkiremove.cert.subsystem.nickname=subsystemCert cert-[PKI_INSTANCE_NAME] installDate=[INSTALL_TIME] cs.type=OCSP admin.interface.uri=ocsp/admin/console/config/wizard @@ -56,7 +56,7 @@ preop.cert.audit_signing.defaultSigningAlgorithm=SHA256withRSA preop.cert.audit_signing.dn=CN=OCSP Audit Signing Certificate preop.cert.audit_signing.keysize.custom_size=2048 preop.cert.audit_signing.keysize.size=2048 -preop.cert.audit_signing.nickname=auditSigningCert cert-[PKI_INSTANCE_ID] +preop.cert.audit_signing.nickname=auditSigningCert cert-[PKI_INSTANCE_NAME] preop.cert.audit_signing.profile=caInternalAuthAuditSigningCert preop.cert.audit_signing.signing.required=false preop.cert.audit_signing.subsystem=ocsp @@ -67,7 +67,7 @@ preop.cert.signing.defaultSigningAlgorithm=SHA256withRSA preop.cert.signing.dn=CN=OCSP Signing Certificate preop.cert.signing.keysize.custom_size=2048 preop.cert.signing.keysize.size=2048 -preop.cert.signing.nickname=ocspSigningCert cert-[PKI_INSTANCE_ID] +preop.cert.signing.nickname=ocspSigningCert cert-[PKI_INSTANCE_NAME] preop.cert.signing.profile=caInternalAuthOCSPCert preop.cert.signing.signing.required=true preop.cert.signing.subsystem=ocsp @@ -78,7 +78,7 @@ preop.cert.sslserver.defaultSigningAlgorithm=SHA256withRSA preop.cert.sslserver.dn=CN=[PKI_HOSTNAME] preop.cert.sslserver.keysize.custom_size=2048 preop.cert.sslserver.keysize.size=2048 -preop.cert.sslserver.nickname=Server-Cert cert-[PKI_INSTANCE_ID] +preop.cert.sslserver.nickname=Server-Cert cert-[PKI_INSTANCE_NAME] preop.cert.sslserver.profile=caInternalAuthServerCert preop.cert.sslserver.signing.required=false preop.cert.sslserver.subsystem=ocsp @@ -89,7 +89,7 @@ preop.cert.subsystem.defaultSigningAlgorithm=SHA256withRSA preop.cert.subsystem.dn=CN=OCSP Subsystem Certificate preop.cert.subsystem.keysize.custom_size=2048 preop.cert.subsystem.keysize.size=2048 -preop.cert.subsystem.nickname=subsystemCert cert-[PKI_INSTANCE_ID] +preop.cert.subsystem.nickname=subsystemCert cert-[PKI_INSTANCE_NAME] preop.cert.subsystem.profile=caInternalAuthSubsystemCert preop.cert.subsystem.signing.required=false preop.cert.subsystem.subsystem=ocsp @@ -101,13 +101,13 @@ authType=pwd instanceRoot=[PKI_INSTANCE_PATH] configurationRoot=/[PKI_SUBSYSTEM_DIR]conf/ machineName=[PKI_HOSTNAME] -instanceId=[PKI_INSTANCE_ID] +instanceId=[PKI_INSTANCE_NAME] service.machineName=[PKI_HOSTNAME] service.instanceDir=[PKI_INSTANCE_ROOT] service.securePort=[PKI_AGENT_SECURE_PORT] service.non_clientauth_securePort=[PKI_EE_SECURE_PORT] service.unsecurePort=[PKI_UNSECURE_PORT] -service.instanceID=[PKI_INSTANCE_ID] +service.instanceID=[PKI_INSTANCE_NAME] preop.pin=[PKI_RANDOM_NUMBER] passwordFile=[PKI_INSTANCE_PATH]/conf/password.conf passwordClass=com.netscape.cmsutil.password.PlainPasswordFile @@ -227,7 +227,7 @@ log.instance.SignedAudit.rolloverInterval=2592000 log.instance.SignedAudit.signedAudit:_000=## log.instance.SignedAudit.signedAudit:_001=## Fill in the nickname of a trusted signing certificate to allow OCSP audit logs to be signed log.instance.SignedAudit.signedAudit:_002=## -log.instance.SignedAudit.signedAuditCertNickname=auditSigningCert cert-[PKI_INSTANCE_ID] +log.instance.SignedAudit.signedAuditCertNickname=auditSigningCert cert-[PKI_INSTANCE_NAME] log.instance.SignedAudit.type=signedAudit log.instance.System._000=## log.instance.System._001=## System Logging @@ -284,7 +284,7 @@ oidmap.pse.class=netscape.security.extensions.PresenceServerExtension oidmap.pse.oid=2.16.840.1.113730.1.18 oidmap.subject_info_access.class=netscape.security.extensions.SubjectInfoAccessExtension oidmap.subject_info_access.oid=1.3.6.1.5.5.7.1.11 -os.serverName=cert-[PKI_INSTANCE_ID] +os.serverName=cert-[PKI_INSTANCE_NAME] os.userid=nobody registry.file=[PKI_INSTANCE_PATH]/conf/registry.cfg selftests._000=## diff --git a/base/ocsp/shared/conf/serverCertNick.conf b/base/ocsp/shared/conf/serverCertNick.conf index 2233ada52..a7a0d2899 100644 --- a/base/ocsp/shared/conf/serverCertNick.conf +++ b/base/ocsp/shared/conf/serverCertNick.conf @@ -3,4 +3,4 @@ # All rights reserved. # --- END COPYRIGHT BLOCK --- # -Server-Cert cert-[PKI_INSTANCE_ID] +Server-Cert cert-[PKI_INSTANCE_NAME] diff --git a/base/ra/apache/conf/httpd.conf b/base/ra/apache/conf/httpd.conf index 297a3be2b..c4a38620a 100644 --- a/base/ra/apache/conf/httpd.conf +++ b/base/ra/apache/conf/httpd.conf @@ -78,7 +78,7 @@ ServerRoot "[PKI_INSTANCE_PATH]" # identification number when it starts. # <IfModule !mpm_netware.c> -PidFile run/[PKI_INSTANCE_ID].pid +PidFile run/[PKI_INSTANCE_NAME].pid </IfModule> # @@ -298,10 +298,10 @@ Include [PKI_INSTANCE_PATH]/conf/perl.conf <IfModule !mpm_winnt.c> <IfModule !mpm_netware.c> # -# If you wish [PKI_INSTANCE_ID] to run as a different user or group, you must run -# [PKI_INSTANCE_ID] as root initially and it will switch. +# If you wish [PKI_INSTANCE_NAME] to run as a different user or group, you must run +# [PKI_INSTANCE_NAME] as root initially and it will switch. # -# User/Group: The name (or #number) of the user/group to run [PKI_INSTANCE_ID] as. +# User/Group: The name (or #number) of the user/group to run [PKI_INSTANCE_NAME] as. # . On SCO (ODT 3) use "User nouser" and "Group nogroup". # . On HPUX you may not be able to use shared memory as nobody, and the # suggested workaround is to create a user www and use that user. diff --git a/base/ra/apache/conf/nss.conf b/base/ra/apache/conf/nss.conf index 38081b867..014a06c97 100644 --- a/base/ra/apache/conf/nss.conf +++ b/base/ra/apache/conf/nss.conf @@ -100,7 +100,7 @@ NSSProtocol SSLv3,TLSv1 # SSL Certificate Nickname: # The nickname of the server certificate you are going to use. -NSSNickname "Server-Cert cert-[PKI_INSTANCE_ID]" +NSSNickname "Server-Cert cert-[PKI_INSTANCE_NAME]" # Server Certificate Database: # The NSS security database directory that holds the certificates and @@ -195,7 +195,7 @@ NSSProtocol SSLv3,TLSv1 # SSL Certificate Nickname: # The nickname of the server certificate you are going to use. -NSSNickname "Server-Cert cert-[PKI_INSTANCE_ID]" +NSSNickname "Server-Cert cert-[PKI_INSTANCE_NAME]" # Server Certificate Database: # The NSS security database directory that holds the certificates and diff --git a/base/ra/setup/pkidaemon_registry b/base/ra/setup/pkidaemon_registry index c7a416ab7..d0377ebbf 100644 --- a/base/ra/setup/pkidaemon_registry +++ b/base/ra/setup/pkidaemon_registry @@ -12,8 +12,8 @@ export PKI_USER PKI_GROUP=[PKI_GROUP] export PKI_GROUP -PKI_INSTANCE_ID=[PKI_INSTANCE_ID] -export PKI_INSTANCE_ID +PKI_INSTANCE_NAME=[PKI_INSTANCE_NAME] +export PKI_INSTANCE_NAME PKI_INSTANCE_PATH=[PKI_INSTANCE_PATH] export PKI_INSTANCE_PATH @@ -39,10 +39,10 @@ export PKI_NSS_CONF PKI_HOSTNAME=[PKI_HOSTNAME] export PKI_HOSTNAME -PKI_LOCK_FILE="[PKI_LOCKDIR]/${PKI_INSTANCE_ID}.pid" +PKI_LOCK_FILE="[PKI_LOCKDIR]/${PKI_INSTANCE_NAME}.pid" export PKI_LOCK_FILE -PKI_PID_FILE="[PKI_PIDDIR]/${PKI_INSTANCE_ID}.pid" +PKI_PID_FILE="[PKI_PIDDIR]/${PKI_INSTANCE_NAME}.pid" export PKI_PID_FILE PKI_SELINUX_TYPE="pki_ra_t" @@ -57,7 +57,7 @@ export RESTART_SERVER ######################################################################## # This section contains modified content of "/etc/sysconfig/httpd" # ######################################################################## -# Configuration file for the ${PKI_INSTANCE_ID} service. +# Configuration file for the ${PKI_INSTANCE_NAME} service. # # The default processing model (MPM) is the process-based diff --git a/base/ra/setup/registry_instance b/base/ra/setup/registry_instance index 927d400cb..b84fea379 100644 --- a/base/ra/setup/registry_instance +++ b/base/ra/setup/registry_instance @@ -9,8 +9,8 @@ export PKI_USER PKI_GROUP=[PKI_GROUP] export PKI_GROUP -PKI_INSTANCE_ID=[PKI_INSTANCE_ID] -export PKI_INSTANCE_ID +PKI_INSTANCE_NAME=[PKI_INSTANCE_NAME] +export PKI_INSTANCE_NAME PKI_INSTANCE_PATH=[PKI_INSTANCE_PATH] export PKI_INSTANCE_PATH @@ -36,10 +36,10 @@ export PKI_NSS_CONF PKI_HOSTNAME=[PKI_HOSTNAME] export PKI_HOSTNAME -PKI_LOCK_FILE="[PKI_LOCKDIR]/${PKI_INSTANCE_ID}.pid" +PKI_LOCK_FILE="[PKI_LOCKDIR]/${PKI_INSTANCE_NAME}.pid" export PKI_LOCK_FILE -PKI_PID_FILE="[PKI_PIDDIR]/${PKI_INSTANCE_ID}.pid" +PKI_PID_FILE="[PKI_PIDDIR]/${PKI_INSTANCE_NAME}.pid" export PKI_PID_FILE PKI_SELINUX_TYPE="pki_ra_t" @@ -54,7 +54,7 @@ export RESTART_SERVER ######################################################################## # This section contains modified content of "/etc/sysconfig/httpd" # ######################################################################## -# Configuration file for the ${PKI_INSTANCE_ID} service. +# Configuration file for the ${PKI_INSTANCE_NAME} service. # # The default processing model (MPM) is the process-based diff --git a/base/ra/shared/conf/CS.cfg.in b/base/ra/shared/conf/CS.cfg.in index 682af9dc5..8290eea0f 100644 --- a/base/ra/shared/conf/CS.cfg.in +++ b/base/ra/shared/conf/CS.cfg.in @@ -3,14 +3,14 @@ _001=## Registration Authority (RA) Configuration File _002=## pidDir=[PKI_PIDDIR] pkicreate.pki_instance_root=[PKI_INSTANCE_ROOT] -pkicreate.pki_instance_name=[PKI_INSTANCE_ID] +pkicreate.pki_instance_name=[PKI_INSTANCE_NAME] pkicreate.subsystem_type=[PKI_SUBSYSTEM_TYPE] pkicreate.secure_port=[PKI_SECURE_PORT] pkicreate.non_clientauth_secure_port=[NON_CLIENTAUTH_SECURE_PORT] pkicreate.unsecure_port=[PKI_UNSECURE_PORT] pkicreate.user=[PKI_USER] pkicreate.group=[PKI_GROUP] -pkiremove.cert.subsystem.nickname=subsystemCert cert-[PKI_INSTANCE_ID] +pkiremove.cert.subsystem.nickname=subsystemCert cert-[PKI_INSTANCE_NAME] request._000=######################################### request._001=# Request Queue Parameters request._002=######################################### @@ -101,7 +101,7 @@ service.instanceDir=[PKI_INSTANCE_PATH] service.securePort=[PKI_SECURE_PORT] service.non_clientauth_securePort=[NON_CLIENTAUTH_SECURE_PORT] service.unsecurePort=[PKI_UNSECURE_PORT] -service.instanceID=[PKI_INSTANCE_ID] +service.instanceID=[PKI_INSTANCE_NAME] logging._000=######################################### logging._001=# RA configuration File logging._002=# @@ -198,22 +198,22 @@ preop.cert.list=sslserver,subsystem preop.cert.sslserver.enable=true preop.cert.subsystem.enable=true preop.cert.sslserver.defaultSigningAlgorithm=SHA256withRSA -preop.cert.sslserver.dn=CN=[PKI_HOSTNAME], OU=[PKI_INSTANCE_ID] +preop.cert.sslserver.dn=CN=[PKI_HOSTNAME], OU=[PKI_INSTANCE_NAME] preop.cert.sslserver.keysize.customsize=2048 preop.cert.sslserver.keysize.size=2048 preop.cert.sslserver.keysize.select=custom -preop.cert.sslserver.nickname=Server-Cert cert-[PKI_INSTANCE_ID] +preop.cert.sslserver.nickname=Server-Cert cert-[PKI_INSTANCE_NAME] preop.cert.sslserver.profile=caInternalAuthServerCert preop.cert.sslserver.subsystem=ra preop.cert._003=#preop.cert.sslserver.type=local preop.cert.sslserver.userfriendlyname=SSL Server Certificate preop.cert._004=#preop.cert.sslserver.cncomponent.override=false preop.cert.subsystem.defaultSigningAlgorithm=SHA256withRSA -preop.cert.subsystem.dn=CN=RA Subsystem Certificate, OU=[PKI_INSTANCE_ID] +preop.cert.subsystem.dn=CN=RA Subsystem Certificate, OU=[PKI_INSTANCE_NAME] preop.cert.subsystem.keysize.customsize=2048 preop.cert.subsystem.keysize.size=2048 preop.cert.subsystem.keysize.select=custom -preop.cert.subsystem.nickname=subsystemCert cert-[PKI_INSTANCE_ID] +preop.cert.subsystem.nickname=subsystemCert cert-[PKI_INSTANCE_NAME] preop.cert.subsystem.profile=caInternalAuthSubsystemCert preop.cert.subsystem.subsystem=ra preop.cert._005=#preop.cert.subsystem.type=local diff --git a/base/server/config/pkislots.cfg b/base/server/config/pkislots.cfg index d12a9e52e..239ba970f 100644 --- a/base/server/config/pkislots.cfg +++ b/base/server/config/pkislots.cfg @@ -10,7 +10,7 @@ LIB_PREFIX_SLOT=[LIB_PREFIX] NON_CLIENTAUTH_SECURE_PORT_SLOT=[NON_CLIENTAUTH_SECURE_PORT] NSS_CONF_SLOT=[NSS_CONF] OBJ_EXT_SLOT=[OBJ_EXT] -PKI_INSTANCE_ID_SLOT=[PKI_INSTANCE_ID] +PKI_INSTANCE_NAME_SLOT=[PKI_INSTANCE_NAME] PKI_INSTANCE_INITSCRIPT_SLOT=[PKI_INSTANCE_INITSCRIPT] PKI_LOCKDIR_SLOT=[PKI_LOCKDIR] PKI_PIDDIR_SLOT=[PKI_PIDDIR] @@ -52,7 +52,7 @@ PKI_EE_SECURE_PORT_CONNECTOR_NAME_SLOT=[PKI_EE_SECURE_PORT_CONNECTOR_NAME] PKI_EE_SECURE_PORT_SERVER_COMMENT_SLOT=[PKI_EE_SECURE_PORT_SERVER_COMMENT] PKI_ENABLE_RANDOM_SERIAL_NUMBERS=[PKI_ENABLE_RANDOM_SERIAL_NUMBERS] PKI_GROUP_SLOT=[PKI_GROUP] -PKI_INSTANCE_ID_SLOT=[PKI_INSTANCE_ID] +PKI_INSTANCE_NAME_SLOT=[PKI_INSTANCE_NAME] PKI_INSTANCE_INITSCRIPT_SLOT=[PKI_INSTANCE_INITSCRIPT] PKI_INSTANCE_PATH_SLOT=[PKI_INSTANCE_PATH] PKI_INSTANCE_ROOT_SLOT=[PKI_INSTANCE_ROOT] diff --git a/base/server/scripts/operations b/base/server/scripts/operations index ad69c2dc8..2a07802f8 100644 --- a/base/server/scripts/operations +++ b/base/server/scripts/operations @@ -379,8 +379,8 @@ check_pki_configuration_status() esac if [ $rv -ne 0 ] ; then - echo " '${PKI_INSTANCE_ID}' must still be CONFIGURED!" - echo " (see /var/log/${PKI_INSTANCE_ID}-install.log)" + echo " '${PKI_INSTANCE_NAME}' must still be CONFIGURED!" + echo " (see /var/log/${PKI_INSTANCE_NAME}-install.log)" if [ "${command}" != "status" ]; then # 6 program is not configured rv=6 @@ -390,7 +390,7 @@ check_pki_configuration_status() fi TOTAL_UNCONFIGURED_PKI_ENTRIES=`expr ${TOTAL_UNCONFIGURED_PKI_ENTRIES} + 1` elif [ -f ${RESTART_SERVER} ] ; then - echo -n " Although '${PKI_INSTANCE_ID}' has been CONFIGURED, " + echo -n " Although '${PKI_INSTANCE_NAME}' has been CONFIGURED, " echo -n "it must still be RESTARTED!" echo if [ "${command}" != "status" ]; then @@ -773,7 +773,7 @@ get_pki_configuration_definitions() fi # Compose the "PKI Instance Name" Status Line - pki_instance_name="PKI Instance Name: ${PKI_INSTANCE_ID}" + pki_instance_name="PKI Instance Name: ${PKI_INSTANCE_NAME}" # Compose the "PKI Subsystem Type" Status Line header="PKI Subsystem Type: " @@ -868,7 +868,7 @@ display_configuration_information() if [ $rv -ne 0 ] ; then result=$rv echo - echo "${PKI_INSTANCE_ID} Status Definitions not found" + echo "${PKI_INSTANCE_NAME} Status Definitions not found" else get_subsystems for SUBSYSTEM in ${PKI_SUBSYSTEMS}; do @@ -878,7 +878,7 @@ display_configuration_information() if [ $rv -ne 0 ] ; then result=$rv echo - echo "${PKI_INSTANCE_ID} Configuration Definitions not found for ${SUBSYSTEM}" + echo "${PKI_INSTANCE_NAME} Configuration Definitions not found for ${SUBSYSTEM}" fi done fi @@ -888,15 +888,15 @@ display_configuration_information() display_instance_status_systemd() { - echo -n "Status for ${PKI_INSTANCE_ID}: " - systemctl status "$PKI_SYSTEMD_TARGET@$PKI_INSTANCE_ID.service" > /dev/null 2>&1 + echo -n "Status for ${PKI_INSTANCE_NAME}: " + systemctl status "$PKI_SYSTEMD_TARGET@$PKI_INSTANCE_NAME.service" > /dev/null 2>&1 rv=$? if [ $rv -eq 0 ] ; then - echo "$PKI_INSTANCE_ID is running .." + echo "$PKI_INSTANCE_NAME is running .." display_configuration_information else - echo "$PKI_INSTANCE_ID is stopped" + echo "$PKI_INSTANCE_NAME is stopped" fi return $rv @@ -1097,9 +1097,9 @@ verify_symlinks() # Dogtag 10 Symbolic Link Variables pki_common_jar_dir="${PKI_INSTANCE_PATH}/common/lib" - pki_registry_dir="/etc/sysconfig/pki/${PKI_WEB_SERVER_TYPE}/${PKI_INSTANCE_ID}" + pki_registry_dir="/etc/sysconfig/pki/${PKI_WEB_SERVER_TYPE}/${PKI_INSTANCE_NAME}" pki_systemd_dir="/etc/systemd/system/pki-tomcatd.target.wants" - pki_systemd_link="pki-${PKI_WEB_SERVER_TYPE}d@${PKI_INSTANCE_ID}.service" + pki_systemd_link="pki-${PKI_WEB_SERVER_TYPE}d@${PKI_INSTANCE_NAME}.service" pki_ca_jar_dir="${PKI_INSTANCE_PATH}/webapps/ca/WEB-INF/lib" pki_kra_jar_dir="${PKI_INSTANCE_PATH}/webapps/kra/WEB-INF/lib" pki_ocsp_jar_dir="${PKI_INSTANCE_PATH}/webapps/ocsp/WEB-INF/lib" @@ -1107,19 +1107,19 @@ verify_symlinks() # '${PKI_INSTANCE_PATH}' symlinks base_symlinks=( - [alias]=/etc/pki/${PKI_INSTANCE_ID}/alias + [alias]=/etc/pki/${PKI_INSTANCE_NAME}/alias [bin]=/usr/share/tomcat/bin - [conf]=/etc/pki/${PKI_INSTANCE_ID} - [logs]=/var/log/pki/${PKI_INSTANCE_ID}) + [conf]=/etc/pki/${PKI_INSTANCE_NAME} + [logs]=/var/log/pki/${PKI_INSTANCE_NAME}) # '${PKI_INSTANCE_PATH}' symlinks (root:root ownership) - root_symlinks[${PKI_INSTANCE_ID}]=/usr/sbin/tomcat-sysd + root_symlinks[${PKI_INSTANCE_NAME}]=/usr/sbin/tomcat-sysd # '${PKI_INSTANCE_PATH}/ca' symlinks ca_symlinks=( [alias]=${PKI_INSTANCE_PATH}/alias - [conf]=/etc/pki/${PKI_INSTANCE_ID}/ca - [logs]=/var/log/pki/${PKI_INSTANCE_ID}/ca + [conf]=/etc/pki/${PKI_INSTANCE_NAME}/ca + [logs]=/var/log/pki/${PKI_INSTANCE_NAME}/ca [registry]=${pki_registry_dir} [webapps]=${PKI_INSTANCE_PATH}/webapps) @@ -1136,8 +1136,8 @@ verify_symlinks() # '${PKI_INSTANCE_PATH}/kra' symlinks kra_symlinks=( [alias]=${PKI_INSTANCE_PATH}/alias - [conf]=/etc/pki/${PKI_INSTANCE_ID}/kra - [logs]=/var/log/pki/${PKI_INSTANCE_ID}/kra + [conf]=/etc/pki/${PKI_INSTANCE_NAME}/kra + [logs]=/var/log/pki/${PKI_INSTANCE_NAME}/kra [registry]=${pki_registry_dir} [webapps]=${PKI_INSTANCE_PATH}/webapps) @@ -1154,8 +1154,8 @@ verify_symlinks() # '${PKI_INSTANCE_PATH}/ocsp' symlinks ocsp_symlinks=( [alias]=${PKI_INSTANCE_PATH}/alias - [conf]=/etc/pki/${PKI_INSTANCE_ID}/ocsp - [logs]=/var/log/pki/${PKI_INSTANCE_ID}/ocsp + [conf]=/etc/pki/${PKI_INSTANCE_NAME}/ocsp + [logs]=/var/log/pki/${PKI_INSTANCE_NAME}/ocsp [registry]=${pki_registry_dir} [webapps]=${PKI_INSTANCE_PATH}/webapps) @@ -1172,8 +1172,8 @@ verify_symlinks() # '${PKI_INSTANCE_PATH}/tks' symlinks tks_symlinks=( [alias]=${PKI_INSTANCE_PATH}/alias - [conf]=/etc/pki/${PKI_INSTANCE_ID}/tks - [logs]=/var/log/pki/${PKI_INSTANCE_ID}/tks + [conf]=/etc/pki/${PKI_INSTANCE_NAME}/tks + [logs]=/var/log/pki/${PKI_INSTANCE_NAME}/tks [registry]=${pki_registry_dir} [webapps]=${PKI_INSTANCE_PATH}/webapps) @@ -1369,13 +1369,13 @@ start_instance() cat /usr/share/pki/server/conf/catalina.policy \ /usr/share/tomcat/conf/catalina.policy \ /usr/share/pki/server/conf/pki.policy \ - /var/lib/pki/$PKI_INSTANCE_ID/conf/custom.policy > \ - /var/lib/pki/$PKI_INSTANCE_ID/conf/catalina.policy + /var/lib/pki/$PKI_INSTANCE_NAME/conf/custom.policy > \ + /var/lib/pki/$PKI_INSTANCE_NAME/conf/catalina.policy # We must export the service name so that the systemd version # of the tomcat init script knows which instance specific # configuration file to source. - export SERVICE_NAME=$PKI_INSTANCE_ID + export SERVICE_NAME=$PKI_INSTANCE_NAME $PKI_INSTANCE_INITSCRIPT start rv=$? ;; @@ -1437,7 +1437,7 @@ stop_instance() { rv=0 - export SERVICE_NAME=$PKI_INSTANCE_ID + export SERVICE_NAME=$PKI_INSTANCE_NAME # Invoke the initscript for this instance $PKI_INSTANCE_INITSCRIPT stop rv=$? diff --git a/base/server/src/engine/pkiparser.py b/base/server/src/engine/pkiparser.py index f82ef4084..b4647e936 100644 --- a/base/server/src/engine/pkiparser.py +++ b/base/server/src/engine/pkiparser.py @@ -595,7 +595,7 @@ class PKIConfigParser: "transportCert.profile") # Slot assignment name/value pairs # NOTE: Master key == Slots key; Master value ==> Slots value - config.pki_master_dict['PKI_INSTANCE_ID_SLOT'] =\ + config.pki_master_dict['PKI_INSTANCE_NAME_SLOT'] =\ config.pki_master_dict['pki_instance_name'] config.pki_master_dict['PKI_INSTANCE_INITSCRIPT_SLOT'] =\ os.path.join(config.pki_master_dict['pki_instance_path'], diff --git a/base/setup/pkicreate b/base/setup/pkicreate index 76a7d5afa..0605c5e0c 100755 --- a/base/setup/pkicreate +++ b/base/setup/pkicreate @@ -283,7 +283,7 @@ my $PKI_PIDDIR = "PKI_PIDDIR"; my $PKI_LOCKDIR = "PKI_LOCKDIR"; # Template slot constants (CA, KRA, OCSP, TKS, RA, TPS) -my $PKI_INSTANCE_ID_SLOT = "PKI_INSTANCE_ID"; +my $PKI_INSTANCE_NAME_SLOT = "PKI_INSTANCE_NAME"; my $PKI_REGISTRY_FILE_SLOT = "PKI_REGISTRY_FILE"; my $PKI_SECURE_PORT_SLOT = "PKI_SECURE_PORT"; my $PKI_UNSECURE_PORT_SLOT = "PKI_UNSECURE_PORT"; @@ -2249,7 +2249,7 @@ sub process_pki_templates $slot_hash{$PKI_SUBSYSTEM_DIR_SLOT} = ""; $slot_hash{$PKI_SUBSYSTEM_TYPE_SLOT} = $subsystem_type; - $slot_hash{$PKI_INSTANCE_ID_SLOT} = $pki_instance_name; + $slot_hash{$PKI_INSTANCE_NAME_SLOT} = $pki_instance_name; $slot_hash{$PKI_INSTANCE_PATH_SLOT} = $pki_instance_path; $slot_hash{$PKI_INSTANCE_ROOT_SLOT} = $pki_instance_root; $slot_hash{$PKI_INSTANCE_INITSCRIPT} = $pki_instance_initscript_path; diff --git a/base/setup/scripts/functions b/base/setup/scripts/functions index ff9594621..45e6dee12 100644 --- a/base/setup/scripts/functions +++ b/base/setup/scripts/functions @@ -277,8 +277,8 @@ check_pki_configuration_status() rv=`expr ${rv} + 0` if [ $rv -ne 0 ] ; then - echo " '${PKI_INSTANCE_ID}' must still be CONFIGURED!" - echo " (see /var/log/${PKI_INSTANCE_ID}-install.log)" + echo " '${PKI_INSTANCE_NAME}' must still be CONFIGURED!" + echo " (see /var/log/${PKI_INSTANCE_NAME}-install.log)" if [ "${command}" != "status" ]; then # 6 program is not configured rv=6 @@ -288,7 +288,7 @@ check_pki_configuration_status() fi TOTAL_UNCONFIGURED_PKI_ENTRIES=`expr ${TOTAL_UNCONFIGURED_PKI_ENTRIES} + 1` elif [ -f ${RESTART_SERVER} ] ; then - echo -n " Although '${PKI_INSTANCE_ID}' has been CONFIGURED, " + echo -n " Although '${PKI_INSTANCE_NAME}' has been CONFIGURED, " echo -n "it must still be RESTARTED!" echo if [ "${command}" != "status" ]; then @@ -599,7 +599,7 @@ get_pki_configuration_definitions() fi # Compose the "PKI Instance Name" Status Line - pki_instance_name="PKI Instance Name: ${PKI_INSTANCE_ID}" + pki_instance_name="PKI Instance Name: ${PKI_INSTANCE_NAME}" # Compose the "PKI Subsystem Type" Status Line header="PKI Subsystem Type: " @@ -693,14 +693,14 @@ display_configuration_information() if [ $rv -ne 0 ] ; then result=$rv echo - echo "${PKI_INSTANCE_ID} Status Definitions not found" + echo "${PKI_INSTANCE_NAME} Status Definitions not found" else get_pki_configuration_definitions rv=$? if [ $rv -ne 0 ] ; then result=$rv echo - echo "${PKI_INSTANCE_ID} Configuration Definitions not found" + echo "${PKI_INSTANCE_NAME} Configuration Definitions not found" fi fi fi @@ -709,15 +709,15 @@ display_configuration_information() display_instance_status_systemd() { - echo -n "Status for ${PKI_INSTANCE_ID}: " - systemctl status "$PKI_SYSTEMD_TARGET@$PKI_INSTANCE_ID.service" > /dev/null 2>&1 + echo -n "Status for ${PKI_INSTANCE_NAME}: " + systemctl status "$PKI_SYSTEMD_TARGET@$PKI_INSTANCE_NAME.service" > /dev/null 2>&1 rv=$? if [ $rv -eq 0 ] ; then - echo "$PKI_INSTANCE_ID is running .." + echo "$PKI_INSTANCE_NAME is running .." display_configuration_information else - echo "$PKI_INSTANCE_ID is stopped" + echo "$PKI_INSTANCE_NAME is stopped" fi return $rv @@ -910,22 +910,22 @@ verify_symlinks() jni_dir="/usr/lib/java" fi if [ ${PKI_SUBSYSTEM_TYPE} == "ca" ]; then - pki_systemd_link="pki-cad@${PKI_INSTANCE_ID}.service" + pki_systemd_link="pki-cad@${PKI_INSTANCE_NAME}.service" pki_systemd_service="pki-cad@.service" elif [ ${PKI_SUBSYSTEM_TYPE} == "kra" ]; then - pki_systemd_link="pki-krad@${PKI_INSTANCE_ID}.service" + pki_systemd_link="pki-krad@${PKI_INSTANCE_NAME}.service" pki_systemd_service="pki-krad@.service" elif [ ${PKI_SUBSYSTEM_TYPE} == "ocsp" ]; then - pki_systemd_link="pki-ocspd@${PKI_INSTANCE_ID}.service" + pki_systemd_link="pki-ocspd@${PKI_INSTANCE_NAME}.service" pki_systemd_service="pki-ocspd@.service" elif [ ${PKI_SUBSYSTEM_TYPE} == "ra" ]; then - pki_systemd_link="pki-rad@${PKI_INSTANCE_ID}.service" + pki_systemd_link="pki-rad@${PKI_INSTANCE_NAME}.service" pki_systemd_service="pki-rad@.service" elif [ ${PKI_SUBSYSTEM_TYPE} == "tks" ]; then - pki_systemd_link="pki-tksd@${PKI_INSTANCE_ID}.service" + pki_systemd_link="pki-tksd@${PKI_INSTANCE_NAME}.service" pki_systemd_service="pki-tksd@.service" elif [ ${PKI_SUBSYSTEM_TYPE} == "tps" ]; then - pki_systemd_link="pki-tpsd@${PKI_INSTANCE_ID}.service" + pki_systemd_link="pki-tpsd@${PKI_INSTANCE_NAME}.service" pki_systemd_service="pki-tpsd@.service" fi @@ -934,22 +934,22 @@ verify_symlinks() # Dogtag 9 Symbolic Link Variables pki_common_jar_dir="${PKI_INSTANCE_PATH}/common/lib" - # pki_registry_dir="/etc/sysconfig/pki/${PKI_SUBSYSTEM_TYPE}/${PKI_INSTANCE_ID}" + # pki_registry_dir="/etc/sysconfig/pki/${PKI_SUBSYSTEM_TYPE}/${PKI_INSTANCE_NAME}" pki_systemd_dir="/etc/systemd/system/pki-cad.target.wants" pki_webapps_jar_dir="${PKI_INSTANCE_PATH}/webapps/${PKI_SUBSYSTEM_TYPE}/WEB-INF/lib" # '${PKI_INSTANCE_PATH}' symlinks apache_symlinks=( - [conf]=/etc/${PKI_INSTANCE_ID} - [logs]=/var/log/${PKI_INSTANCE_ID} + [conf]=/etc/${PKI_INSTANCE_NAME} + [logs]=/var/log/${PKI_INSTANCE_NAME} [run]=/var/run/pki/${PKI_SUBSYSTEM_TYPE}) base_symlinks=( - [conf]=/etc/${PKI_INSTANCE_ID} - [logs]=/var/log/${PKI_INSTANCE_ID}) + [conf]=/etc/${PKI_INSTANCE_NAME} + [logs]=/var/log/${PKI_INSTANCE_NAME}) # '${PKI_INSTANCE_PATH}' symlinks (root:root ownership) - root_symlinks[${PKI_INSTANCE_ID}]=/usr/sbin/tomcat6-sysd + root_symlinks[${PKI_INSTANCE_NAME}]=/usr/sbin/tomcat6-sysd # '${PKI_INSTANCE_PATH}/lib' symlinks perl_symlinks[perl]=/usr/share/pki/${PKI_SUBSYSTEM_TYPE}/lib/perl @@ -1169,7 +1169,7 @@ start_instance() # We must export the service name so that the systemd version # of the tomcat6 init script knows which instance specific # configuration file to source. - export SERVICE_NAME=$PKI_INSTANCE_ID + export SERVICE_NAME=$PKI_INSTANCE_NAME if [ -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled; then /usr/bin/runcon -t pki_tomcat_script_t \ @@ -1268,7 +1268,7 @@ stop_instance() { rv=0 - export SERVICE_NAME=$PKI_INSTANCE_ID + export SERVICE_NAME=$PKI_INSTANCE_NAME # Invoke the initscript for this instance $PKI_INSTANCE_INITSCRIPT stop rv=$? diff --git a/base/setup/scripts/pki_apache_initscript b/base/setup/scripts/pki_apache_initscript index 1e411207f..247acad06 100755 --- a/base/setup/scripts/pki_apache_initscript +++ b/base/setup/scripts/pki_apache_initscript @@ -29,7 +29,7 @@ else esac fi -prog=$PKI_INSTANCE_ID +prog=$PKI_INSTANCE_NAME lockfile=$PKI_LOCK_FILE pidfile=$PKI_PID_FILE @@ -48,7 +48,7 @@ start() read kpid < ${pidfile} if checkpid $kpid 2>&1; then echo - echo "${PKI_INSTANCE_ID} (pid ${kpid}) is already running ..." + echo "${PKI_INSTANCE_NAME} (pid ${kpid}) is already running ..." echo return 0 else diff --git a/base/tks/setup/registry_instance b/base/tks/setup/registry_instance index c97b0c736..6365ecb9e 100644 --- a/base/tks/setup/registry_instance +++ b/base/tks/setup/registry_instance @@ -9,8 +9,8 @@ export PKI_USER PKI_GROUP=[PKI_GROUP] export PKI_GROUP -PKI_INSTANCE_ID=[PKI_INSTANCE_ID] -export PKI_INSTANCE_ID +PKI_INSTANCE_NAME=[PKI_INSTANCE_NAME] +export PKI_INSTANCE_NAME PKI_INSTANCE_PATH=[PKI_INSTANCE_PATH] export PKI_INSTANCE_PATH @@ -26,7 +26,7 @@ export PKI_SERVER_XML_CONF CATALINA_BASE=$PKI_INSTANCE_PATH export CATALINA_BASE -TOMCAT_PROG=$PKI_INSTANCE_ID +TOMCAT_PROG=$PKI_INSTANCE_NAME export TOMCAT_PROG TOMCAT_USER=$PKI_USER @@ -38,16 +38,16 @@ export TOMCAT_GROUP PKI_LOCKDIR="/var/lock/pki/${PKI_SUBSYSTEM_TYPE}" export PKI_LOCKDIR -PKI_LOCKFILE="${PKI_LOCKDIR}/${PKI_INSTANCE_ID}" +PKI_LOCKFILE="${PKI_LOCKDIR}/${PKI_INSTANCE_NAME}" export PKI_LOCKFILE PKI_PIDDIR="/var/run/pki/${PKI_SUBSYSTEM_TYPE}" export PKI_PIDDIR -PKI_PIDFILE="${PKI_PIDDIR}/${PKI_INSTANCE_ID}.pid" +PKI_PIDFILE="${PKI_PIDDIR}/${PKI_INSTANCE_NAME}.pid" export PKI_PIDFILE -TOMCAT_LOCKFILE=/var/lock/subsys/${PKI_INSTANCE_ID} +TOMCAT_LOCKFILE=/var/lock/subsys/${PKI_INSTANCE_NAME} export TOMCAT_LOCKFILE TOMCAT_PIDFILE=[TOMCAT_PIDFILE] diff --git a/base/tks/shared/conf/CS.cfg.in b/base/tks/shared/conf/CS.cfg.in index dc3eb3751..be9b42692 100644 --- a/base/tks/shared/conf/CS.cfg.in +++ b/base/tks/shared/conf/CS.cfg.in @@ -3,7 +3,7 @@ _001=## Token Key Service (TKS) Configuration File _002=## pidDir=[PKI_PIDDIR] pkicreate.pki_instance_root=[PKI_INSTANCE_ROOT] -pkicreate.pki_instance_name=[PKI_INSTANCE_ID] +pkicreate.pki_instance_name=[PKI_INSTANCE_NAME] pkicreate.subsystem_type=[PKI_SUBSYSTEM_TYPE] pkicreate.agent_secure_port=[PKI_AGENT_SECURE_PORT] pkicreate.ee_secure_port=[PKI_EE_SECURE_PORT] @@ -14,7 +14,7 @@ pkicreate.tomcat_server_port=[TOMCAT_SERVER_PORT] pkicreate.user=[PKI_USER] pkicreate.group=[PKI_GROUP] pkicreate.systemd.servicename=[PKI_SYSTEMD_SERVICENAME] -pkiremove.cert.subsystem.nickname=subsystemCert cert-[PKI_INSTANCE_ID] +pkiremove.cert.subsystem.nickname=subsystemCert cert-[PKI_INSTANCE_NAME] installDate=[INSTALL_TIME] cs.type=TKS admin.interface.uri=tks/admin/console/config/wizard @@ -42,7 +42,7 @@ preop.cert.audit_signing.defaultSigningAlgorithm=SHA256withRSA preop.cert.audit_signing.dn=CN=TKS Audit Signing Certificate preop.cert.audit_signing.keysize.custom_size=2048 preop.cert.audit_signing.keysize.size=2048 -preop.cert.audit_signing.nickname=auditSigningCert cert-[PKI_INSTANCE_ID] +preop.cert.audit_signing.nickname=auditSigningCert cert-[PKI_INSTANCE_NAME] preop.cert.audit_signing.profile=caInternalAuthAuditSigningCert preop.cert.audit_signing.signing.required=false preop.cert.audit_signing.subsystem=tks @@ -53,7 +53,7 @@ preop.cert.sslserver.defaultSigningAlgorithm=SHA256withRSA preop.cert.sslserver.dn=CN=[PKI_HOSTNAME] preop.cert.sslserver.keysize.custom_size=2048 preop.cert.sslserver.keysize.size=2048 -preop.cert.sslserver.nickname=Server-Cert cert-[PKI_INSTANCE_ID] +preop.cert.sslserver.nickname=Server-Cert cert-[PKI_INSTANCE_NAME] preop.cert.sslserver.profile=caInternalAuthServerCert preop.cert.sslserver.signing.required=false preop.cert.sslserver.subsystem=tks @@ -64,7 +64,7 @@ preop.cert.subsystem.defaultSigningAlgorithm=SHA256withRSA preop.cert.subsystem.dn=CN=TKS Subsystem Certificate preop.cert.subsystem.keysize.custom_size=2048 preop.cert.subsystem.keysize.size=2048 -preop.cert.subsystem.nickname=subsystemCert cert-[PKI_INSTANCE_ID] +preop.cert.subsystem.nickname=subsystemCert cert-[PKI_INSTANCE_NAME] preop.cert.subsystem.profile=caInternalAuthSubsystemCert preop.cert.subsystem.signing.required=false preop.cert.subsystem.subsystem=tks @@ -93,14 +93,14 @@ authType=pwd instanceRoot=[PKI_INSTANCE_PATH] configurationRoot=/[PKI_SUBSYSTEM_DIR]conf/ machineName=[PKI_HOSTNAME] -instanceId=[PKI_INSTANCE_ID] +instanceId=[PKI_INSTANCE_NAME] preop.pin=[PKI_RANDOM_NUMBER] service.machineName=[PKI_HOSTNAME] service.instanceDir=[PKI_INSTANCE_ROOT] service.securePort=[PKI_AGENT_SECURE_PORT] service.non_clientauth_securePort=[PKI_EE_SECURE_PORT] service.unsecurePort=[PKI_UNSECURE_PORT] -service.instanceID=[PKI_INSTANCE_ID] +service.instanceID=[PKI_INSTANCE_NAME] passwordFile=[PKI_INSTANCE_PATH]/conf/password.conf passwordClass=com.netscape.cmsutil.password.PlainPasswordFile multiroles=true @@ -220,7 +220,7 @@ log.instance.SignedAudit.rolloverInterval=2592000 log.instance.SignedAudit.signedAudit:_000=## log.instance.SignedAudit.signedAudit:_001=## Fill in the nickname of a trusted signing certificate to allow TKS audit logs to be signed log.instance.SignedAudit.signedAudit:_002=## -log.instance.SignedAudit.signedAuditCertNickname=auditSigningCert cert-[PKI_INSTANCE_ID] +log.instance.SignedAudit.signedAuditCertNickname=auditSigningCert cert-[PKI_INSTANCE_NAME] log.instance.SignedAudit.type=signedAudit log.instance.System._000=## log.instance.System._001=## System Logging @@ -268,7 +268,7 @@ oidmap.pse.class=netscape.security.extensions.PresenceServerExtension oidmap.pse.oid=2.16.840.1.113730.1.18 oidmap.subject_info_access.class=netscape.security.extensions.SubjectInfoAccessExtension oidmap.subject_info_access.oid=1.3.6.1.5.5.7.1.11 -os.serverName=cert-[PKI_INSTANCE_ID] +os.serverName=cert-[PKI_INSTANCE_NAME] os.userid=nobody registry.file=[PKI_INSTANCE_PATH]/conf/registry.cfg selftests._000=## diff --git a/base/tks/shared/conf/serverCertNick.conf b/base/tks/shared/conf/serverCertNick.conf index 2233ada52..a7a0d2899 100644 --- a/base/tks/shared/conf/serverCertNick.conf +++ b/base/tks/shared/conf/serverCertNick.conf @@ -3,4 +3,4 @@ # All rights reserved. # --- END COPYRIGHT BLOCK --- # -Server-Cert cert-[PKI_INSTANCE_ID] +Server-Cert cert-[PKI_INSTANCE_NAME] diff --git a/base/tps/apache/conf/httpd.conf b/base/tps/apache/conf/httpd.conf index 0874a6422..754f53a34 100644 --- a/base/tps/apache/conf/httpd.conf +++ b/base/tps/apache/conf/httpd.conf @@ -78,7 +78,7 @@ ServerRoot "[PKI_INSTANCE_PATH]" # identification number when it starts. # <IfModule !mpm_netware.c> -PidFile /var/run/pki/tps/[PKI_INSTANCE_ID].pid +PidFile /var/run/pki/tps/[PKI_INSTANCE_NAME].pid </IfModule> # @@ -302,10 +302,10 @@ Include [PKI_INSTANCE_PATH]/conf/perl.conf <IfModule !mpm_winnt.c> <IfModule !mpm_netware.c> # -# If you wish [PKI_INSTANCE_ID] to run as a different user or group, you must run -# [PKI_INSTANCE_ID] as root initially and it will switch. +# If you wish [PKI_INSTANCE_NAME] to run as a different user or group, you must run +# [PKI_INSTANCE_NAME] as root initially and it will switch. # -# User/Group: The name (or #number) of the user/group to run [PKI_INSTANCE_ID] as. +# User/Group: The name (or #number) of the user/group to run [PKI_INSTANCE_NAME] as. # . On SCO (ODT 3) use "User nouser" and "Group nogroup". # . On HPUX you may not be able to use shared memory as nobody, and the # suggested workaround is to create a user www and use that user. diff --git a/base/tps/apache/conf/nss.conf b/base/tps/apache/conf/nss.conf index 80a407b80..2f7c4d91a 100644 --- a/base/tps/apache/conf/nss.conf +++ b/base/tps/apache/conf/nss.conf @@ -107,7 +107,7 @@ NSSProtocol SSLv3,TLSv1 # SSL Certificate Nickname: # The nickname of the server certificate you are going to use. -NSSNickname "Server-Cert cert-[PKI_INSTANCE_ID]" +NSSNickname "Server-Cert cert-[PKI_INSTANCE_NAME]" # Server Certificate Database: # The NSS security database directory that holds the certificates and @@ -208,7 +208,7 @@ NSSProtocol SSLv3,TLSv1 # SSL Certificate Nickname: # The nickname of the server certificate you are going to use. -NSSNickname "Server-Cert cert-[PKI_INSTANCE_ID]" +NSSNickname "Server-Cert cert-[PKI_INSTANCE_NAME]" # Server Certificate Database: # The NSS security database directory that holds the certificates and diff --git a/base/tps/setup/pkidaemon_registry b/base/tps/setup/pkidaemon_registry index 8b872f8f6..dccffdfaf 100644 --- a/base/tps/setup/pkidaemon_registry +++ b/base/tps/setup/pkidaemon_registry @@ -12,8 +12,8 @@ export PKI_USER PKI_GROUP=[PKI_GROUP] export PKI_GROUP -PKI_INSTANCE_ID=[PKI_INSTANCE_ID] -export PKI_INSTANCE_ID +PKI_INSTANCE_NAME=[PKI_INSTANCE_NAME] +export PKI_INSTANCE_NAME PKI_INSTANCE_PATH=[PKI_INSTANCE_PATH] export PKI_INSTANCE_PATH @@ -39,10 +39,10 @@ export PKI_NSS_CONF PKI_HOSTNAME=[PKI_HOSTNAME] export PKI_HOSTNAME -PKI_LOCK_FILE="[PKI_LOCKDIR]/${PKI_INSTANCE_ID}.pid" +PKI_LOCK_FILE="[PKI_LOCKDIR]/${PKI_INSTANCE_NAME}.pid" export PKI_LOCK_FILE -PKI_PID_FILE="[PKI_PIDDIR]/${PKI_INSTANCE_ID}.pid" +PKI_PID_FILE="[PKI_PIDDIR]/${PKI_INSTANCE_NAME}.pid" export PKI_PID_FILE PKI_SELINUX_TYPE="pki_tps_t" @@ -57,7 +57,7 @@ export RESTART_SERVER ######################################################################## # This section contains modified content of "/etc/sysconfig/httpd" # ######################################################################## -# Configuration file for the ${PKI_INSTANCE_ID} service. +# Configuration file for the ${PKI_INSTANCE_NAME} service. # # The default processing model (MPM) is the process-based diff --git a/base/tps/setup/registry_instance b/base/tps/setup/registry_instance index c07668faa..01ddad1d2 100644 --- a/base/tps/setup/registry_instance +++ b/base/tps/setup/registry_instance @@ -9,8 +9,8 @@ export PKI_USER PKI_GROUP=[PKI_GROUP] export PKI_GROUP -PKI_INSTANCE_ID=[PKI_INSTANCE_ID] -export PKI_INSTANCE_ID +PKI_INSTANCE_NAME=[PKI_INSTANCE_NAME] +export PKI_INSTANCE_NAME PKI_INSTANCE_PATH=[PKI_INSTANCE_PATH] export PKI_INSTANCE_PATH @@ -36,10 +36,10 @@ export PKI_NSS_CONF PKI_HOSTNAME=[PKI_HOSTNAME] export PKI_HOSTNAME -PKI_LOCK_FILE="[PKI_LOCKDIR]/${PKI_INSTANCE_ID}.pid" +PKI_LOCK_FILE="[PKI_LOCKDIR]/${PKI_INSTANCE_NAME}.pid" export PKI_LOCK_FILE -PKI_PID_FILE="[PKI_PIDDIR]/${PKI_INSTANCE_ID}.pid" +PKI_PID_FILE="[PKI_PIDDIR]/${PKI_INSTANCE_NAME}.pid" export PKI_PID_FILE PKI_SELINUX_TYPE="pki_tps_t" @@ -54,7 +54,7 @@ export RESTART_SERVER ######################################################################## # This section contains modified content of "/etc/sysconfig/httpd" # ######################################################################## -# Configuration file for the ${PKI_INSTANCE_ID} service. +# Configuration file for the ${PKI_INSTANCE_NAME} service. # # The default processing model (MPM) is the process-based diff --git a/base/tps/shared/conf/CS.cfg.in b/base/tps/shared/conf/CS.cfg.in index 1424fffc6..b5421b162 100644 --- a/base/tps/shared/conf/CS.cfg.in +++ b/base/tps/shared/conf/CS.cfg.in @@ -3,14 +3,14 @@ _001=## Token Processing System (TPS) Configuration File _002=## pidDir=[PKI_PIDDIR] pkicreate.pki_instance_root=[PKI_INSTANCE_ROOT] -pkicreate.pki_instance_name=[PKI_INSTANCE_ID] +pkicreate.pki_instance_name=[PKI_INSTANCE_NAME] pkicreate.subsystem_type=[PKI_SUBSYSTEM_TYPE] pkicreate.secure_port=[PKI_SECURE_PORT] pkicreate.non_clientauth_secure_port=[NON_CLIENTAUTH_SECURE_PORT] pkicreate.unsecure_port=[PKI_UNSECURE_PORT] pkicreate.user=[PKI_USER] pkicreate.group=[PKI_GROUP] -pkiremove.cert.subsystem.nickname=subsystemCert cert-[PKI_INSTANCE_ID] +pkiremove.cert.subsystem.nickname=subsystemCert cert-[PKI_INSTANCE_NAME] cs.type=TPS selftests._000=## selftests._001=## Self Tests @@ -37,7 +37,7 @@ service.instanceDir=[PKI_INSTANCE_PATH] service.securePort=[PKI_SECURE_PORT] service.non_clientauth_securePort=[NON_CLIENTAUTH_SECURE_PORT] service.unsecurePort=[PKI_UNSECURE_PORT] -service.instanceID=[PKI_INSTANCE_ID] +service.instanceID=[PKI_INSTANCE_NAME] logging._000=######################################### logging._001=# RA configuration File logging._002=# @@ -101,7 +101,7 @@ logging.audit.filename=[PKI_INSTANCE_PATH]/logs/tps-audit.log logging.audit.signedAuditFilename=[PKI_INSTANCE_PATH]/logs/signedAudit/tps_audit logging.audit.level=10 logging.audit.logSigning=false -logging.audit.signedAuditCertNickname=auditSigningCert cert-[PKI_INSTANCE_ID] +logging.audit.signedAuditCertNickname=auditSigningCert cert-[PKI_INSTANCE_NAME] logging.audit.selected.events=AUTHZ_SUCCESS,AUTHZ_FAIL,AUTH_FAIL,AUTH_SUCCESS,ROLE_ASSUME,ENROLLMENT,PIN_RESET,FORMAT,CONFIG,CONFIG_ROLE,CONFIG_TOKEN,CONFIG_PROFILE,CONFIG_AUDIT,APPLET_UPGRADE,KEY_CHANGEOVER,RENEWAL,CIMC_CERT_VERIFICATION logging.audit.selectable.events=AUTHZ_SUCCESS,AUTHZ_FAIL,AUTH_FAIL,AUTH_SUCCESS,ROLE_ASSUME,ENROLLMENT,PIN_RESET,FORMAT,CONFIG,CONFIG_ROLE,CONFIG_TOKEN,CONFIG_PROFILE,CONFIG_AUDIT,APPLET_UPGRADE,KEY_CHANGEOVER,RENEWAL,CIMC_CERT_VERIFICATION logging.audit.nonselectable.events=AUDIT_LOG_STARTUP,AUDIT_LOG_SHUTDOWN,LOGGING_SIGNED_AUDIT_SIGNING @@ -382,33 +382,33 @@ preop.cert.sslserver.enable=true preop.cert.subsystem.enable=true preop.cert.audit_signing.enable=false preop.cert.sslserver.defaultSigningAlgorithm=SHA256withRSA -preop.cert.sslserver.dn=CN=[PKI_HOSTNAME], OU=[PKI_INSTANCE_ID] +preop.cert.sslserver.dn=CN=[PKI_HOSTNAME], OU=[PKI_INSTANCE_NAME] preop.cert.sslserver.keysize.customsize=2048 preop.cert.sslserver.keysize.size=2048 preop.cert.sslserver.keysize.select=default -preop.cert.sslserver.nickname=Server-Cert cert-[PKI_INSTANCE_ID] +preop.cert.sslserver.nickname=Server-Cert cert-[PKI_INSTANCE_NAME] preop.cert.sslserver.profile=caInternalAuthServerCert preop.cert.sslserver.subsystem=tps preop.cert._003=#preop.cert.sslserver.type=local preop.cert.sslserver.userfriendlyname=SSL Server Certificate preop.cert._004=#preop.cert.sslserver.cncomponent.override=false preop.cert.subsystem.defaultSigningAlgorithm=SHA256withRSA -preop.cert.subsystem.dn=CN=TPS Subsystem Certificate, OU=[PKI_INSTANCE_ID] +preop.cert.subsystem.dn=CN=TPS Subsystem Certificate, OU=[PKI_INSTANCE_NAME] preop.cert.subsystem.keysize.customsize=2048 preop.cert.subsystem.keysize.size=2048 preop.cert.subsystem.keysize.select=default -preop.cert.subsystem.nickname=subsystemCert cert-[PKI_INSTANCE_ID] +preop.cert.subsystem.nickname=subsystemCert cert-[PKI_INSTANCE_NAME] preop.cert.subsystem.profile=caInternalAuthSubsystemCert preop.cert.subsystem.subsystem=tps preop.cert._005=#preop.cert.subsystem.type=local preop.cert.subsystem.userfriendlyname=Subsystem Certificate preop.cert._006=#preop.cert.subsystem.cncomponent.override=true preop.cert.audit_signing.defaultSigningAlgorithm=SHA256withRSA -preop.cert.audit_signing.dn=CN=TPS Audit Signing Certificate, OU=[PKI_INSTANCE_ID] +preop.cert.audit_signing.dn=CN=TPS Audit Signing Certificate, OU=[PKI_INSTANCE_NAME] preop.cert.audit_signing.keysize.customsize=2048 preop.cert.audit_signing.keysize.size=2048 preop.cert.audit_signing.keysize.select=default -preop.cert.audit_signing.nickname=auditSigningCert cert-[PKI_INSTANCE_ID] +preop.cert.audit_signing.nickname=auditSigningCert cert-[PKI_INSTANCE_NAME] preop.cert.audit_signing.profile=caInternalAuthAuditSigningCert preop.cert.audit_signing.subsystem=tps preop.cert._005=#preop.cert.audit_signing.type=local |