diff options
-rw-r--r-- | pki/base/ca/shared/conf/CS.cfg.in | 27 | ||||
-rw-r--r-- | pki/base/kra/shared/conf/CS.cfg.in | 3 | ||||
-rw-r--r-- | pki/base/ocsp/shared/conf/CS.cfg.in | 8 | ||||
-rw-r--r-- | pki/base/ra/doc/CS.cfg.in | 21 | ||||
-rw-r--r-- | pki/base/tks/shared/conf/CS.cfg.in | 7 | ||||
-rw-r--r-- | pki/base/tps/doc/CS.cfg.in | 85 |
6 files changed, 74 insertions, 77 deletions
diff --git a/pki/base/ca/shared/conf/CS.cfg.in b/pki/base/ca/shared/conf/CS.cfg.in index df2dfd6f9..90eeb5077 100644 --- a/pki/base/ca/shared/conf/CS.cfg.in +++ b/pki/base/ca/shared/conf/CS.cfg.in @@ -1,7 +1,6 @@ -# -#cs.state=0 (pre-operational) -#cs.state=1 (running) -# +_000=## +_001=## Certificate Authority (CA) Configuration File +_002=## pkicreate.pki_instance_root=[PKI_INSTANCE_ROOT] pkicreate.pki_instance_name=[PKI_INSTANCE_ID] pkicreate.subsystem_type=[PKI_SUBSYSTEM_TYPE] @@ -21,6 +20,10 @@ preop.product.name=CS preop.product.version=@VERSION@ preop.system.name=CA preop.system.fullname=Certificate Authority +cs.state._000=## +cs.state._001=## cs.state=0 (pre-operational) +cs.state._002=## cs.state=1 (running) +cs.state._003=## cs.state=0 cs.type=CA authType=pwd @@ -206,16 +209,24 @@ ca.maxNumberOfNonces=100 ca.reqdbInc=20 ca.transitMaxRecords=1000000 ca.transitRecordPageSize=200 -# maxSearchReturns - limits number of search results returned by SearchReqs and SrchCerts -# ca.maxSearchReturns=1000 +ca.maxSearchReturns._000=## +ca.maxSearchReturns._001=## limits number of search results +ca.maxSearchReturns._002=## returned by SearchReqs and SrchCerts +ca.maxSearchReturns._003=## +ca.maxSearchReturns=1000 +ca.scep._000=## +ca.scep._001=## Enable the following parameters to enable SCEP requests +ca.scep._002=## to be signed by a separate key pair: +ca.scep._003=## +ca.scep._004=## ca.scep.nickname= +ca.scep._005=## ca.scep.tokenname= +ca.scep._006=## ca.scep.enable=false ca.scep.hashAlgorithm=SHA1 ca.scep.allowedHashAlgorithms=SHA1,SHA256,SHA512 ca.scep.encryptionAlgorithm=DES3 ca.scep.allowedEncryptionAlgorithms=DES3 ca.scep.nonceSizeLimit=16 -## ca.scep.nickname= -## ca.scep.tokenname= ca.Policy._000=## ca.Policy._001=## Certificate Policy Framework (deprecated) ca.Policy._002=## diff --git a/pki/base/kra/shared/conf/CS.cfg.in b/pki/base/kra/shared/conf/CS.cfg.in index 66fcf3d33..00635c18d 100644 --- a/pki/base/kra/shared/conf/CS.cfg.in +++ b/pki/base/kra/shared/conf/CS.cfg.in @@ -1,3 +1,6 @@ +_000=## +_001=## Data Recovery Manager (DRM) Configuration File +_002=## pkicreate.pki_instance_root=[PKI_INSTANCE_ROOT] pkicreate.pki_instance_name=[PKI_INSTANCE_ID] pkicreate.subsystem_type=[PKI_SUBSYSTEM_TYPE] diff --git a/pki/base/ocsp/shared/conf/CS.cfg.in b/pki/base/ocsp/shared/conf/CS.cfg.in index d04fde395..59eea87b4 100644 --- a/pki/base/ocsp/shared/conf/CS.cfg.in +++ b/pki/base/ocsp/shared/conf/CS.cfg.in @@ -1,8 +1,6 @@ -# --- BEGIN COPYRIGHT BLOCK --- -# Copyright (C) 2006 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# +_000=## +_001=## Online Certificate Status Protocol (OCSP) Responder Configuration File +_002=## pkicreate.pki_instance_root=[PKI_INSTANCE_ROOT] pkicreate.pki_instance_name=[PKI_INSTANCE_ID] pkicreate.subsystem_type=[PKI_SUBSYSTEM_TYPE] diff --git a/pki/base/ra/doc/CS.cfg.in b/pki/base/ra/doc/CS.cfg.in index 4fea4674f..498db843f 100644 --- a/pki/base/ra/doc/CS.cfg.in +++ b/pki/base/ra/doc/CS.cfg.in @@ -1,21 +1,6 @@ -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# +_000=## +_001=## Registration Authority (RA) Configuration File +_002=## pkicreate.pki_instance_root=[PKI_INSTANCE_ROOT] pkicreate.pki_instance_name=[PKI_INSTANCE_ID] pkicreate.subsystem_type=[PKI_SUBSYSTEM_TYPE] diff --git a/pki/base/tks/shared/conf/CS.cfg.in b/pki/base/tks/shared/conf/CS.cfg.in index 55728356e..2ac14eedc 100644 --- a/pki/base/tks/shared/conf/CS.cfg.in +++ b/pki/base/tks/shared/conf/CS.cfg.in @@ -1,10 +1,5 @@ -# --- BEGIN COPYRIGHT BLOCK --- -# Copyright (C) 2006 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# _000=## -_001=## File Created On : Mon Oct 10 15:57:03 PDT 2005 +_001=## Token Key Service (TKS) Configuration File _002=## pkicreate.pki_instance_root=[PKI_INSTANCE_ROOT] pkicreate.pki_instance_name=[PKI_INSTANCE_ID] diff --git a/pki/base/tps/doc/CS.cfg.in b/pki/base/tps/doc/CS.cfg.in index 2bbf81077..7ec1e2876 100644 --- a/pki/base/tps/doc/CS.cfg.in +++ b/pki/base/tps/doc/CS.cfg.in @@ -1,23 +1,6 @@ -# --- BEGIN COPYRIGHT BLOCK --- -# This library is free software; you can redistribute it and/or -# modify it under the terms of the GNU Lesser General Public -# License as published by the Free Software Foundation; -# version 2.1 of the License. -# -# This library is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -# Lesser General Public License for more details. -# -# You should have received a copy of the GNU Lesser General Public -# License along with this library; if not, write to the Free Software -# Foundation, Inc., 51 Franklin Street, Fifth Floor, -# Boston, MA 02110-1301 USA -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# +_000=## +_001=## Token Processing System (TPS) Configuration File +_002=## pkicreate.pki_instance_root=[PKI_INSTANCE_ROOT] pkicreate.pki_instance_name=[PKI_INSTANCE_ID] pkicreate.subsystem_type=[PKI_SUBSYSTEM_TYPE] @@ -363,11 +346,17 @@ channel.encryption=true channel.blocksize=248 channel.defKeyVersion=0 channel.defKeyIndex=0 -#Config the size of memory managed memory in the applet -#Default is 5000, try not go get close to the instanceSize -#Which defaults to 18000 -#channel.instanceSize=18000 -#channel.appletMemorySize=5000 +# NOTE: Since the following comments will be 'scrubbed' from any TPS +# instance's configuration file, they will ONLY be viewable in +# the '/usr/share/pki/tps/conf/CS.cfg' TPS subsystem template! +# +# Config the size of memory managed memory in the applet +# Default is 5000, try not go get close to the instanceSize +# which defaults to 18000: +# +# * channel.instanceSize=18000 +# * channel.appletMemorySize=5000 +# preop.pin=[PKI_RANDOM_NUMBER] preop.product.version=@VERSION@ preop.cert._000=######################################### @@ -649,12 +638,20 @@ op.enroll.userKey._074=# op.enroll.userKey._075=# There is a special case of tokenType userKeyTemporary. op.enroll.userKey._076=# Make sure the profile specified by the profileId to have op.enroll.userKey._077=# short validity period (eg, 7 days) for the certificate. -op.enroll.userKey._078=######################################### +op.enroll.userKey._078=# +op.enroll.userKey._079=# The three recovery schemes supported are: +op.enroll.userKey._080=# +op.enroll.userKey._081=# * GenerateNewKey - Generate a new +op.enroll.userKey._082=# cert for the +op.enroll.userKey._083=# encryption cert. +op.enroll.userKey._084=# * RecoverLast - Recover the most +op.enroll.userKey._085=# recent cert for the +op.enroll.userKey._086=# encryption cert. +op.enroll.userKey._087=# * GenerateNewKeyandRecoverLast - Generate new cert AND +op.enroll.userKey._088=# recover last for +op.enroll.userKey._089=# encryption cert. +op.enroll.userKey._090=######################################### op.enroll.allowUnknownToken=true -#The three recovery schemes supported are: -# GenerateNewKey - Generate a new cert for the encryption cert. -# RecoverLast - Recover the most recent cert for the encryption cert. -# GenerateNewKeyandRecoverLast - Generate new cert AND recover last for encryption cert. op.enroll.userKey.temporaryToken.tokenType=userKeyTemporary op.enroll.userKey.keyGen.recovery.destroyed.keyType.num=2 op.enroll.userKey.keyGen.recovery.destroyed.keyType.value.0=signing @@ -937,28 +934,36 @@ op.enroll.userKeyTemporary.tks.conn=tks1 op.enroll.userKeyTemporary.cardmgr_instance=A0000000030000 op.enroll.userKeyTemporary.auth.id=ldap1 op.enroll.userKeyTemporary.auth.enable=true -# Token Renewal. -# For each token in TPS UI set the following: -# RENEW=YES -# To trigger renewal operations. +op.enroll.userKey.renewal._000=######################################### +op.enroll.userKey.renewal._001=# Token Renewal. +op.enroll.userKey.renewal._002=# +op.enroll.userKey.renewal._003=# For each token in TPS UI, set the +op.enroll.userKey.renewal._004=# following to trigger renewal +op.enroll.userKey.renewal._005=# operations: +op.enroll.userKey.renewal._006=# +op.enroll.userKey.renewal._007=# RENEW=YES +op.enroll.userKey.renewal._008=# +op.enroll.userKey.renewal._009=# Optional grace period enforcement +op.enroll.userKey.renewal._010=# must coincide exactly with what +op.enroll.userKey.renewal._011=# the CA enforces. +op.enroll.userKey.renewal._012=# +op.enroll.userKey.renewal._013=# In case of renewal, encryption certId +op.enroll.userKey.renewal._014=# values are for completeness only, server +op.enroll.userKey.renewal._015=# code calculates actual values used. +op.enroll.userKey.renewal._016=# +op.enroll.userKey.renewal._017=######################################### op.enroll.userKey.renewal.keyType.num=2 op.enroll.userKey.renewal.keyType.value.0=signing op.enroll.userKey.renewal.keyType.value.1=encryption op.enroll.userKey.renewal.signing.enable=true -#optional grace period enforcement -#must coincide exactly with what the CA enforces op.enroll.userKey.renewal.signing.gracePeriod.enable=false op.enroll.userKey.renewal.signing.gracePeriod.before=30 op.enroll.userKey.renewal.signing.gracePeriod.after=30 op.enroll.userKey.renewal.signing.certId=C1 -#in case of renewal, encryption certId values for completeness only -#server code calculates actual values used. op.enroll.userKey.renewal.encryption.certId=C2 op.enroll.userKey.renewal.signing.certAttrId=c1 op.enroll.userKey.renewal.encryption.certAttrId=c2 op.enroll.userKey.renewal.encryption.enable=true -#optional grace period enforcement -#must coincide exactly with what the CA enforces op.enroll.userKey.renewal.encryption.gracePeriod.enable=false op.enroll.userKey.renewal.encryption.gracePeriod.before=30 op.enroll.userKey.renewal.encryption.gracePeriod.after=30 |