diff options
Diffstat (limited to 'base/ca/shared/conf/CS.cfg.in')
-rw-r--r-- | base/ca/shared/conf/CS.cfg.in | 1108 |
1 files changed, 1108 insertions, 0 deletions
diff --git a/base/ca/shared/conf/CS.cfg.in b/base/ca/shared/conf/CS.cfg.in new file mode 100644 index 000000000..980ed5854 --- /dev/null +++ b/base/ca/shared/conf/CS.cfg.in @@ -0,0 +1,1108 @@ +_000=## +_001=## Certificate Authority (CA) Configuration File +_002=## +pkicreate.pki_instance_root=[PKI_INSTANCE_ROOT] +pkicreate.pki_instance_name=[PKI_INSTANCE_ID] +pkicreate.subsystem_type=[PKI_SUBSYSTEM_TYPE] +pkicreate.agent_secure_port=[PKI_AGENT_SECURE_PORT] +pkicreate.ee_secure_port=[PKI_EE_SECURE_PORT] +pkicreate.ee_secure_client_auth_port=[PKI_EE_SECURE_CLIENT_AUTH_PORT] +pkicreate.admin_secure_port=[PKI_ADMIN_SECURE_PORT] +pkicreate.secure_port=[PKI_SECURE_PORT] +pkicreate.unsecure_port=[PKI_UNSECURE_PORT] +pkicreate.tomcat_server_port=[TOMCAT_SERVER_PORT] +pkicreate.user=[PKI_USER] +pkicreate.arg11.group=[PKI_GROUP] +pkicreate.systemd.servicename=[PKI_SYSTEMD_SERVICENAME] +pkiremove.cert.subsystem.nickname=subsystemCert cert-[PKI_INSTANCE_ID] +installDate=[INSTALL_TIME] +preop.wizard.name=CA Setup Wizard +preop.product.name=CS +preop.product.version=@VERSION@ +preop.system.name=CA +preop.system.fullname=Certificate Authority +proxy.securePort=[PKI_PROXY_SECURE_PORT] +proxy.unsecurePort=[PKI_PROXY_UNSECURE_PORT] +cs.state._000=## +cs.state._001=## cs.state=0 (pre-operational) +cs.state._002=## cs.state=1 (running) +cs.state._003=## +cs.state=0 +cs.type=CA +authType=pwd +admin.interface.uri=ca/admin/console/config/wizard +ee.interface.uri=ca/ee/ca +agent.interface.uri=ca/agent/ca +preop.securitydomain.admin_url=https://[PKI_MACHINE_NAME]:9445 +securitydomain.flushinterval=86400000 +securitydomain.source=ldap +securitydomain.checkinterval=300000 +instanceRoot=[PKI_INSTANCE_PATH] +machineName=[PKI_MACHINE_NAME] +instanceId=[PKI_INSTANCE_ID] +pidDir=[PKI_PIDDIR] +service.machineName=[PKI_MACHINE_NAME] +service.instanceDir=[PKI_INSTANCE_ROOT] +service.securePort=[PKI_AGENT_SECURE_PORT] +service.non_clientauth_securePort=[PKI_EE_SECURE_PORT] +service.clientauth_securePort=[PKI_EE_SECURE_CLIENT_AUTH_PORT] +service.unsecurePort=[PKI_UNSECURE_PORT] +service.instanceID=[PKI_INSTANCE_ID] +preop.admin.name=Certificate System Administrator +preop.admin.group=Certificate Manager Agents +preop.admincert.profile=caAdminCert +preop.pin=[PKI_RANDOM_NUMBER] +ca.cert.list=signing,ocsp_signing,sslserver,subsystem,audit_signing +ca.cert.signing.certusage=SSLCA +ca.cert.ocsp_signing.certusage=StatusResponder +ca.cert.sslserver.certusage=SSLServer +ca.cert.subsystem.certusage=SSLClient +ca.cert.audit_signing.certusage=ObjectSigner +preop.cert.list=signing,ocsp_signing,sslserver,subsystem,audit_signing +preop.cert.rsalist=audit_signing +preop.cert.signing.enable=true +preop.cert.ocsp_signing.enable=true +preop.cert.sslserver.enable=true +preop.cert.subsystem.enable=true +preop.cert.audit_signing.enable=true +preop.cert.signing.defaultSigningAlgorithm=SHA256withRSA +preop.cert.signing.dn=CN=Certificate Authority +preop.cert.signing.cncomponent.override=true +preop.cert.signing.keysize.size=2048 +preop.cert.signing.keysize.custom_size=2048 +preop.cert.signing.nickname=caSigningCert cert-[PKI_INSTANCE_ID] +preop.cert.signing.profile=caCert.profile +preop.cert.signing.signing.required=true +preop.cert.signing.subsystem=ca +preop.cert.signing.type=selfsign +preop.cert.signing.userfriendlyname=CA Signing Certificate +preop.cert.audit_signing.defaultSigningAlgorithm=SHA256withRSA +preop.cert.audit_signing.dn=CN=CA Audit Signing Certificate +preop.cert.audit_signing.keysize.custom_size=2048 +preop.cert.audit_signing.keysize.size=2048 +preop.cert.audit_signing.nickname=auditSigningCert cert-[PKI_INSTANCE_ID] +preop.cert.audit_signing.profile=caAuditSigningCert.profile +preop.cert.audit_signing.signing.required=false +preop.cert.audit_signing.subsystem=ca +preop.cert.audit_signing.type=local +preop.cert.audit_signing.userfriendlyname=CA Audit Signing Certificate +preop.cert.audit_signing.cncomponent.override=true +preop.cert.ocsp_signing.defaultSigningAlgorithm=SHA256withRSA +preop.cert.ocsp_signing.dn=CN=OCSP Signing Certificate +preop.cert.ocsp_signing.keysize.custom_size=2048 +preop.cert.ocsp_signing.keysize.size=2048 +preop.cert.ocsp_signing.nickname=ocspSigningCert cert-[PKI_INSTANCE_ID] +preop.cert.ocsp_signing.profile=caOCSPCert.profile +preop.cert.ocsp_signing.signing.required=true +preop.cert.ocsp_signing.subsystem=ca +preop.cert.ocsp_signing.type=local +preop.cert.ocsp_signing.userfriendlyname=OCSP Signing Certificate +preop.cert.ocsp_signing.cncomponent.override=true +preop.cert.sslserver.defaultSigningAlgorithm=SHA256withRSA +preop.cert.sslserver.dn=CN=[PKI_MACHINE_NAME] +preop.cert.sslserver.keysize.custom_size=2048 +preop.cert.sslserver.keysize.size=2048 +preop.cert.sslserver.nickname=Server-Cert cert-[PKI_INSTANCE_ID] +preop.cert.sslserver.profile=serverCert.profile +preop.cert.sslserver.signing.required=false +preop.cert.sslserver.subsystem=ca +preop.cert.sslserver.type=local +preop.cert.sslserver.userfriendlyname=SSL Server Certificate +preop.cert.sslserver.cncomponent.override=false +preop.cert.subsystem.defaultSigningAlgorithm=SHA256withRSA +preop.cert.subsystem.dn=CN=CA Subsystem Certificate +preop.cert.subsystem.keysize.custom_size=2048 +preop.cert.subsystem.keysize.size=2048 +preop.cert.subsystem.nickname=subsystemCert cert-[PKI_INSTANCE_ID] +preop.cert.subsystem.profile=subsystemCert.profile +preop.cert.subsystem.signing.required=false +preop.cert.subsystem.subsystem=ca +preop.cert.subsystem.type=local +preop.cert.subsystem.userfriendlyname=Subsystem Certificate +preop.cert.subsystem.cncomponent.override=true +preop.cert.admin.defaultSigningAlgorithm=SHA256withRSA +preop.cert.admin.dn=uid=admin,cn=admin +preop.cert.admin.keysize.custom_size=2048 +preop.cert.admin.keysize.size=2048 +preop.cert.admin.profile=adminCert.profile +preop.hierarchy.profile=caCert.profile +preop.configModules.module0.userFriendlyName=NSS Internal PKCS #11 Module +preop.configModules.module0.commonName=NSS Internal PKCS #11 Module +preop.configModules.module0.imagePath=../img/clearpixel.gif +preop.configModules.module1.userFriendlyName=nCipher's nFast Token Hardware Module +preop.configModules.module1.commonName=nfast +preop.configModules.module1.imagePath=../img/clearpixel.gif +preop.configModules.module2.userFriendlyName=SafeNet's LunaSA Token Hardware Module +preop.configModules.module2.commonName=lunasa +preop.configModules.module2.imagePath=../img/clearpixel.gif +preop.configModules.count=3 +preop.module.token=Internal Key Storage Token +preop.name.caDN=CN=Certificate Authority +preop.name.sslDN=CN=[PKI_MACHINE_NAME] +preop.name.ocspDN=CN=OCSP Signing Certificate +preop.name.subsystemDN=CN=CA Subsystem Certificate +preop.name.canickname=caSigningCert cert-[PKI_INSTANCE_ID] +preop.name.ocspnickname=ocspSigningCert cert-[PKI_INSTANCE_ID] +preop.name.subsystemnickname=subsystemCert cert-[PKI_INSTANCE_ID] +preop.name.sslnickname=Server-Cert cert-[PKI_INSTANCE_ID] +preop.subsystem.count=0 +subsystem.count=0 +passwordFile=[PKI_INSTANCE_PATH]/conf/password.conf +passwordClass=com.netscape.cmsutil.password.PlainPasswordFile +CrossCertPair._000=## +CrossCertPair._001=## CrossCertPair Import +CrossCertPair._002=## +CrossCertPair.ldap=internaldb +accessEvaluator.impl.group.class=com.netscape.cms.evaluators.GroupAccessEvaluator +accessEvaluator.impl.ipaddress.class=com.netscape.cms.evaluators.IPAddressAccessEvaluator +accessEvaluator.impl.user.class=com.netscape.cms.evaluators.UserAccessEvaluator +accessEvaluator.impl.user_origreq.class=com.netscape.cms.evaluators.UserOrigReqAccessEvaluator +auths._000=## +auths._001=## new authentication +auths._002=## +auths.impl._000=## +auths.impl._001=## authentication manager implementations +auths.impl._002=## +auths.impl.AgentCertAuth.class=com.netscape.cms.authentication.AgentCertAuthentication +auths.impl.CMCAuth.class=com.netscape.cms.authentication.CMCAuth +auths.impl.NISAuth.class=com.netscape.cms.authentication.NISAuth +auths.impl.PortalEnroll.class=com.netscape.cms.authentication.PortalEnroll +auths.impl.SSLclientCertAuth.class=com.netscape.cms.authentication.SSLclientCertAuthentication +auths.impl.UdnPwdDirAuth.class=com.netscape.cms.authentication.UdnPwdDirAuthentication +auths.impl.UidPwdDirAuth.class=com.netscape.cms.authentication.UidPwdDirAuthentication +auths.impl.UidPwdPinDirAuth.class=com.netscape.cms.authentication.UidPwdPinDirAuthentication +auths.impl.UidPwdGroupDirAuth.class=com.netscape.cms.authentication.UidPwdGroupDirAuthentication +auths.impl.TokenAuth.class=com.netscape.cms.authentication.TokenAuthentication +auths.impl.FlatFileAuth.class=com.netscape.cms.authentication.FlatFileAuth +auths.instance.TokenAuth.pluginName=TokenAuth +auths.instance.AgentCertAuth.agentGroup=Certificate Manager Agents +auths.instance.AgentCertAuth.pluginName=AgentCertAuth +auths.instance.raCertAuth.agentGroup=Registration Manager Agents +auths.instance.raCertAuth.pluginName=AgentCertAuth +auths.instance.flatFileAuth.pluginName=FlatFileAuth +auths.instance.flatFileAuth.fileName=[PKI_INSTANCE_PATH]/conf/flatfile.txt +auths.instance.SSLclientCertAuth.pluginName=SSLclientCertAuth +auths.revocationChecking.bufferSize=50 +auths.revocationChecking.ca=ca +auths.revocationChecking.enabled=true +auths.revocationChecking.unknownStateInterval=0 +auths.revocationChecking.validityInterval=120 +authz._000=## +authz._001=## new authorizatioin +authz._002=## +authz.evaluateOrder=deny,allow +authz.sourceType=ldap +authz.impl._000=## +authz.impl._001=## authorization manager implementations +authz.impl._002=## +authz.impl.BasicAclAuthz.class=com.netscape.cms.authorization.BasicAclAuthz +authz.impl.DirAclAuthz.class=com.netscape.cms.authorization.DirAclAuthz +authz.instance.BasicAclAuthz.pluginName=BasicAclAuthz +authz.instance.DirAclAuthz.ldap=internaldb +authz.instance.DirAclAuthz.pluginName=DirAclAuthz +authz.instance.DirAclAuthz.ldap._000=## +authz.instance.DirAclAuthz.ldap._001=## Internal Database +authz.instance.DirAclAuthz.ldap._002=## +ca.ocsp=true +ca.certdbInc=20 +ca.crldbInc=20 +ca.id=ca +ca.local=true +ca.ocspUseCache=false +ca.enableNonces=true +ca.maxNumberOfNonces=100 +ca.reqdbInc=20 +ca.transitMaxRecords=1000000 +ca.transitRecordPageSize=200 +ca.maxSearchReturns._000=## +ca.maxSearchReturns._001=## limits number of search results +ca.maxSearchReturns._002=## returned by SearchReqs and SrchCerts +ca.maxSearchReturns._003=## +ca.maxSearchReturns=1000 +ca.scep._000=## +ca.scep._001=## Enable the following parameters to enable SCEP requests +ca.scep._002=## to be signed by a separate key pair: +ca.scep._003=## +ca.scep._004=## ca.scep.nickname= +ca.scep._005=## ca.scep.tokenname= +ca.scep._006=## +ca.scep.enable=false +ca.scep.hashAlgorithm=SHA1 +ca.scep.allowedHashAlgorithms=SHA1,SHA256,SHA512 +ca.scep.encryptionAlgorithm=DES3 +ca.scep.allowedEncryptionAlgorithms=DES3 +ca.scep.nonceSizeLimit=16 +ca.Policy._000=## +ca.Policy._001=## Certificate Policy Framework (deprecated) +ca.Policy._002=## +ca.Policy._003=## Set 'ca.Policy.enable=true' to allow the following: +ca.Policy._004=## +ca.Policy._005=## SERVLET-NAME URL-PATTERN +ca.Policy._006=## ==================================================== +ca.Policy._007=## caadminEnroll ca/admin/ca/adminEnroll.html +ca.Policy._008=## cabulkissuance ca/agent/ca/bulkissuance.html +ca.Policy._009=## cacertbasedenrollment ca/certbasedenrollment.html +ca.Policy._010=## caenrollment ca/enrollment.html +ca.Policy._011=## capolicy ca/capolicy +ca.Policy._012=## +ca.Policy.enable=false +ca.Policy.order=KeyAlgRule, RSAKeyRule, DefaultValidityRule, RenewalConstraintsRule, DefaultRenewalValidityRule, RevocationConstraintsRule, NSCertTypeExt, CMCertKeyUsageExt, RMCertKeyUsageExt, ClientCertKeyUsageExt, ServerCertKeyUsageExt, ObjSignCertKeyUsageExt, CRLSignCertKeyUsageExt, SubjectKeyIdentifierExt, CertificatePoliciesExt, NSCCommentExt, OCSPNoCheckExt, OCSPSigningExt, CODESigningExt, GenericASN1Ext, CRLDistributionPointsExt, SubjectAltNameExt, SigningAlgRule, AuthorityKeyIdentifierExt, AuthInfoAccessExt, BasicConstraintsExt, UniqueSubjectNameConstraints, NameConstraintsExt, PolicyConstraintsExt, SubCANameConstraints, PolicyMappingsExt, IssuerRule +ca.Policy.processor=classic +ca.Policy.impl._000=## +ca.Policy.impl._001=## Policy Implementations +ca.Policy.impl._002=## +ca.Policy.impl.AttributePresentConstraints.class=com.netscape.cms.policy.constraints.AttributePresentConstraints +ca.Policy.impl.AuthInfoAccessExt.class=com.netscape.cms.policy.extensions.AuthInfoAccessExt +ca.Policy.impl.AuthorityKeyIdentifierExt.class=com.netscape.cms.policy.extensions.AuthorityKeyIdentifierExt +ca.Policy.impl.BasicConstraintsExt.class=com.netscape.cms.policy.extensions.BasicConstraintsExt +ca.Policy.impl.CRLDistributionPointsExt.class=com.netscape.cms.policy.extensions.CRLDistributionPointsExt +ca.Policy.impl.CertificatePoliciesExt.class=com.netscape.cms.policy.extensions.CertificatePoliciesExt +ca.Policy.impl.CertificateRenewalWindowExt.class=com.netscape.cms.policy.extensions.CertificateRenewalWindowExt +ca.Policy.impl.CertificateScopeOfUseExt.class=com.netscape.cms.policy.extensions.CertificateScopeOfUseExt +ca.Policy.impl.DSAKeyConstraints.class=com.netscape.cms.policy.constraints.DSAKeyConstraints +ca.Policy.impl.ExtendedKeyUsageExt.class=com.netscape.cms.policy.extensions.ExtendedKeyUsageExt +ca.Policy.impl.GenericASN1Ext.class=com.netscape.cms.policy.extensions.GenericASN1Ext +ca.Policy.impl.IssuerAltNameExt.class=com.netscape.cms.policy.extensions.IssuerAltNameExt +ca.Policy.impl.IssuerConstraints.class=com.netscape.cms.policy.constraints.IssuerConstraints +ca.Policy.impl.KeyAlgorithmConstraints.class=com.netscape.cms.policy.constraints.KeyAlgorithmConstraints +ca.Policy.impl.KeyUsageExt.class=com.netscape.cms.policy.extensions.KeyUsageExt +ca.Policy.impl.NSCCommentExt.class=com.netscape.cms.policy.extensions.NSCCommentExt +ca.Policy.impl.NSCertTypeExt.class=com.netscape.cms.policy.extensions.NSCertTypeExt +ca.Policy.impl.NameConstraintsExt.class=com.netscape.cms.policy.extensions.NameConstraintsExt +ca.Policy.impl.OCSPNoCheckExt.class=com.netscape.cms.policy.extensions.OCSPNoCheckExt +ca.Policy.impl.PolicyConstraintsExt.class=com.netscape.cms.policy.extensions.PolicyConstraintsExt +ca.Policy.impl.PolicyMappingsExt.class=com.netscape.cms.policy.extensions.PolicyMappingsExt +ca.Policy.impl.PrivateKeyUsagePeriodExt.class=com.netscape.cms.policy.extensions.PrivateKeyUsagePeriodExt +ca.Policy.impl.RSAKeyConstraints.class=com.netscape.cms.policy.constraints.RSAKeyConstraints +ca.Policy.impl.RemoveBasicConstraintsExt.class=com.netscape.cms.policy.extensions.RemoveBasicConstraintsExt +ca.Policy.impl.RenewalConstraints.class=com.netscape.cms.policy.constraints.RenewalConstraints +ca.Policy.impl.RenewalValidityConstraints.class=com.netscape.cms.policy.constraints.RenewalValidityConstraints +ca.Policy.impl.RevocationConstraints.class=com.netscape.cms.policy.constraints.RevocationConstraints +ca.Policy.impl.SigningAlgorithmConstraints.class=com.netscape.cms.policy.constraints.SigningAlgorithmConstraints +ca.Policy.impl.SubCANameConstraints.class=com.netscape.cms.policy.constraints.SubCANameConstraints +ca.Policy.impl.SubjectAltNameExt.class=com.netscape.cms.policy.extensions.SubjectAltNameExt +ca.Policy.impl.SubjectDirectoryAttributesExt.class=com.netscape.cms.policy.extensions.SubjectDirectoryAttributesExt +ca.Policy.impl.SubjectKeyIdentifierExt.class=com.netscape.cms.policy.extensions.SubjectKeyIdentifierExt +ca.Policy.impl.UniqueSubjectNameConstraints.class=com.netscape.cms.policy.constraints.UniqueSubjectNameConstraints +ca.Policy.impl.ValidityConstraints.class=com.netscape.cms.policy.constraints.ValidityConstraints +ca.Policy.rule.AuthInfoAccessExt.ad0_location=http://[PKI_MACHINE_NAME]:8080/ocsp +ca.Policy.rule.AuthInfoAccessExt.ad0_location_type=URL +ca.Policy.rule.AuthInfoAccessExt.ad0_method=ocsp +ca.Policy.rule.AuthInfoAccessExt.enable=false +ca.Policy.rule.AuthInfoAccessExt.implName=AuthInfoAccessExt +ca.Policy.rule.AuthInfoAccessExt.numADs=1 +ca.Policy.rule.AuthInfoAccessExt.predicate=HTTP_PARAMS.certType==client +ca.Policy.rule.AuthorityKeyIdentifierExt.enable=true +ca.Policy.rule.AuthorityKeyIdentifierExt.implName=AuthorityKeyIdentifierExt +ca.Policy.rule.AuthorityKeyIdentifierExt.predicate= +ca.Policy.rule.BasicConstraintsExt.critical=true +ca.Policy.rule.BasicConstraintsExt.enable=true +ca.Policy.rule.BasicConstraintsExt.implName=BasicConstraintsExt +ca.Policy.rule.BasicConstraintsExt.maxPathLen= +ca.Policy.rule.BasicConstraintsExt.predicate=HTTP_PARAMS.certType == ca +ca.Policy.rule.BasicConstraintsExt.removeBasicExt=true +ca.Policy.rule.CMCertKeyUsageExt.crlSign=true +ca.Policy.rule.CMCertKeyUsageExt.dataEncipherment=false +ca.Policy.rule.CMCertKeyUsageExt.decipherOnly=false +ca.Policy.rule.CMCertKeyUsageExt.digitalSignature=true +ca.Policy.rule.CMCertKeyUsageExt.enable=true +ca.Policy.rule.CMCertKeyUsageExt.encipherOnly=false +ca.Policy.rule.CMCertKeyUsageExt.implName=KeyUsageExt +ca.Policy.rule.CMCertKeyUsageExt.keyAgreement=false +ca.Policy.rule.CMCertKeyUsageExt.keyCertsign=true +ca.Policy.rule.CMCertKeyUsageExt.keyEncipherment=false +ca.Policy.rule.CMCertKeyUsageExt.nonRepudiation=true +ca.Policy.rule.CMCertKeyUsageExt.predicate=HTTP_PARAMS.certType==ca +ca.Policy.rule.CODESigningExt.critical=false +ca.Policy.rule.CODESigningExt.enable=true +ca.Policy.rule.CODESigningExt.id0=1.3.6.1.5.5.7.3.3 +ca.Policy.rule.CODESigningExt.implName=ExtendedKeyUsageExt +ca.Policy.rule.CODESigningExt.predicate=HTTP_PARAMS.certType==codeSignClient +ca.Policy.rule.CRLDistributionPointsExt.enable=false +ca.Policy.rule.CRLDistributionPointsExt.implName=CRLDistributionPointsExt +ca.Policy.rule.CRLDistributionPointsExt.issuerName0= +ca.Policy.rule.CRLDistributionPointsExt.issuerName1= +ca.Policy.rule.CRLDistributionPointsExt.issuerName2= +ca.Policy.rule.CRLDistributionPointsExt.issuerType0= +ca.Policy.rule.CRLDistributionPointsExt.issuerType1= +ca.Policy.rule.CRLDistributionPointsExt.issuerType2= +ca.Policy.rule.CRLDistributionPointsExt.numPoints=0 +ca.Policy.rule.CRLDistributionPointsExt.pointName0= +ca.Policy.rule.CRLDistributionPointsExt.pointName1= +ca.Policy.rule.CRLDistributionPointsExt.pointName2= +ca.Policy.rule.CRLDistributionPointsExt.pointType0= +ca.Policy.rule.CRLDistributionPointsExt.pointType1= +ca.Policy.rule.CRLDistributionPointsExt.pointType2= +ca.Policy.rule.CRLDistributionPointsExt.predicate= +ca.Policy.rule.CRLDistributionPointsExt.reasons0= +ca.Policy.rule.CRLDistributionPointsExt.reasons1= +ca.Policy.rule.CRLDistributionPointsExt.reasons2= +ca.Policy.rule.CRLSignCertKeyUsageExt.crlSign=true +ca.Policy.rule.CRLSignCertKeyUsageExt.dataEncipherment=false +ca.Policy.rule.CRLSignCertKeyUsageExt.decipherOnly=false +ca.Policy.rule.CRLSignCertKeyUsageExt.digitalSignature=false +ca.Policy.rule.CRLSignCertKeyUsageExt.enable=true +ca.Policy.rule.CRLSignCertKeyUsageExt.encipherOnly=false +ca.Policy.rule.CRLSignCertKeyUsageExt.implName=KeyUsageExt +ca.Policy.rule.CRLSignCertKeyUsageExt.keyAgreement=false +ca.Policy.rule.CRLSignCertKeyUsageExt.keyCertsign=false +ca.Policy.rule.CRLSignCertKeyUsageExt.keyEncipherment=false +ca.Policy.rule.CRLSignCertKeyUsageExt.nonRepudiation=false +ca.Policy.rule.CRLSignCertKeyUsageExt.predicate=HTTP_PARAMS.certType==caCrlSigning +ca.Policy.rule.CertificatePoliciesExt.critical=false +ca.Policy.rule.CertificatePoliciesExt.enable=false +ca.Policy.rule.CertificatePoliciesExt.implName=CertificatePoliciesExt +ca.Policy.rule.CertificatePoliciesExt.numCertPolicies=1 +ca.Policy.rule.CertificatePoliciesExt.predicate= +ca.Policy.rule.CertificatePoliciesExt.certPolicy0.cpsURI= +ca.Policy.rule.CertificatePoliciesExt.certPolicy0.noticeRefNumbers= +ca.Policy.rule.CertificatePoliciesExt.certPolicy0.noticeRefOrganization= +ca.Policy.rule.CertificatePoliciesExt.certPolicy0.policyId= +ca.Policy.rule.CertificatePoliciesExt.certPolicy0.userNoticeExplicitText= +ca.Policy.rule.ClientCertKeyUsageExt.crlSign=false +ca.Policy.rule.ClientCertKeyUsageExt.dataEncipherment=false +ca.Policy.rule.ClientCertKeyUsageExt.decipherOnly=false +ca.Policy.rule.ClientCertKeyUsageExt.digitalSignature=true +ca.Policy.rule.ClientCertKeyUsageExt.enable=true +ca.Policy.rule.ClientCertKeyUsageExt.encipherOnly=false +ca.Policy.rule.ClientCertKeyUsageExt.implName=KeyUsageExt +ca.Policy.rule.ClientCertKeyUsageExt.keyAgreement=false +ca.Policy.rule.ClientCertKeyUsageExt.keyCertsign=false +ca.Policy.rule.ClientCertKeyUsageExt.keyEncipherment=true +ca.Policy.rule.ClientCertKeyUsageExt.nonRepudiation=true +ca.Policy.rule.ClientCertKeyUsageExt.predicate=HTTP_PARAMS.certType==client +ca.Policy.rule.DSAKeyRule.enable=true +ca.Policy.rule.DSAKeyRule.implName=DSAKeyConstraints +ca.Policy.rule.DSAKeyRule.maxSize=1024 +ca.Policy.rule.DSAKeyRule.minSize=512 +ca.Policy.rule.DSAKeyRule.predicate= +ca.Policy.rule.DefaultRenewalValidityRule.enable=true +ca.Policy.rule.DefaultRenewalValidityRule.implName=RenewalValidityConstraints +ca.Policy.rule.DefaultRenewalValidityRule.maxValidity=365 +ca.Policy.rule.DefaultRenewalValidityRule.minValidity=30 +ca.Policy.rule.DefaultRenewalValidityRule.predicate= +ca.Policy.rule.DefaultRenewalValidityRule.renewalInterval=15 +ca.Policy.rule.DefaultValidityRule.enable=true +ca.Policy.rule.DefaultValidityRule.implName=ValidityConstraints +ca.Policy.rule.DefaultValidityRule.maxValidity=365 +ca.Policy.rule.DefaultValidityRule.minValidity=1 +ca.Policy.rule.DefaultValidityRule.predicate= +ca.Policy.rule.GenericASN1Ext.critical=false +ca.Policy.rule.GenericASN1Ext.enable=false +ca.Policy.rule.GenericASN1Ext.implName=GenericASN1Ext +ca.Policy.rule.GenericASN1Ext.name= +ca.Policy.rule.GenericASN1Ext.oid= +ca.Policy.rule.GenericASN1Ext.pattern= +ca.Policy.rule.GenericASN1Ext.predicate= +ca.Policy.rule.GenericASN1Ext.attribute.0.source= +ca.Policy.rule.GenericASN1Ext.attribute.0.type= +ca.Policy.rule.GenericASN1Ext.attribute.0.value= +ca.Policy.rule.GenericASN1Ext.attribute.1.source= +ca.Policy.rule.GenericASN1Ext.attribute.1.type= +ca.Policy.rule.GenericASN1Ext.attribute.1.value= +ca.Policy.rule.GenericASN1Ext.attribute.2.source= +ca.Policy.rule.GenericASN1Ext.attribute.2.type= +ca.Policy.rule.GenericASN1Ext.attribute.2.value= +ca.Policy.rule.GenericASN1Ext.attribute.3.source= +ca.Policy.rule.GenericASN1Ext.attribute.3.type= +ca.Policy.rule.GenericASN1Ext.attribute.3.value= +ca.Policy.rule.GenericASN1Ext.attribute.4.source= +ca.Policy.rule.GenericASN1Ext.attribute.4.type= +ca.Policy.rule.GenericASN1Ext.attribute.4.value= +ca.Policy.rule.GenericASN1Ext.attribute.5.source= +ca.Policy.rule.GenericASN1Ext.attribute.5.type= +ca.Policy.rule.GenericASN1Ext.attribute.5.value= +ca.Policy.rule.GenericASN1Ext.attribute.6.source= +ca.Policy.rule.GenericASN1Ext.attribute.6.type= +ca.Policy.rule.GenericASN1Ext.attribute.6.value= +ca.Policy.rule.GenericASN1Ext.attribute.7.source= +ca.Policy.rule.GenericASN1Ext.attribute.7.type= +ca.Policy.rule.GenericASN1Ext.attribute.7.value= +ca.Policy.rule.GenericASN1Ext.attribute.8.source= +ca.Policy.rule.GenericASN1Ext.attribute.8.type= +ca.Policy.rule.GenericASN1Ext.attribute.8.value= +ca.Policy.rule.GenericASN1Ext.attribute.9.source= +ca.Policy.rule.GenericASN1Ext.attribute.9.type= +ca.Policy.rule.GenericASN1Ext.attribute.9.value= +ca.Policy.rule.IssuerRule.enable=false +ca.Policy.rule.IssuerRule.implName=IssuerConstraints +ca.Policy.rule.IssuerRule.issuerDN= +ca.Policy.rule.IssuerRule.predicate=HTTP_PARAMS.certType==client AND certauthEnroll==on +ca.Policy.rule.KeyAlgRule.algorithms=RSA,DSA +ca.Policy.rule.KeyAlgRule.enable=true +ca.Policy.rule.KeyAlgRule.implName=KeyAlgorithmConstraints +ca.Policy.rule.KeyAlgRule.predicate= +ca.Policy.rule.NSCCommentExt.commentFile= +ca.Policy.rule.NSCCommentExt.enable=false +ca.Policy.rule.NSCCommentExt.implName=NSCCommentExt +ca.Policy.rule.NSCCommentExt.inputType=Text +ca.Policy.rule.NSCCommentExt.predicate= +ca.Policy.rule.NSCertTypeExt.enable=true +ca.Policy.rule.NSCertTypeExt.implName=NSCertTypeExt +ca.Policy.rule.NSCertTypeExt.predicate=HTTP_PARAMS.certType!=CEP-Request +ca.Policy.rule.NameConstraintsExt.critical=true +ca.Policy.rule.NameConstraintsExt.enable=false +ca.Policy.rule.NameConstraintsExt.implName=NameConstraintsExt +ca.Policy.rule.NameConstraintsExt.numExcludedSubtrees=3 +ca.Policy.rule.NameConstraintsExt.numPermittedSubtrees=3 +ca.Policy.rule.NameConstraintsExt.predicate=HTTP_PARAMS.certType == ca +ca.Policy.rule.NameConstraintsExt.excludedSubtrees0.max=-1 +ca.Policy.rule.NameConstraintsExt.excludedSubtrees0.min=0 +ca.Policy.rule.NameConstraintsExt.excludedSubtrees0.base.generalNameChoice= +ca.Policy.rule.NameConstraintsExt.excludedSubtrees0.base.generalNameValue= +ca.Policy.rule.NameConstraintsExt.excludedSubtrees1.max=-1 +ca.Policy.rule.NameConstraintsExt.excludedSubtrees1.min=0 +ca.Policy.rule.NameConstraintsExt.excludedSubtrees1.base.generalNameChoice= +ca.Policy.rule.NameConstraintsExt.excludedSubtrees1.base.generalNameValue= +ca.Policy.rule.NameConstraintsExt.excludedSubtrees2.max=-1 +ca.Policy.rule.NameConstraintsExt.excludedSubtrees2.min=0 +ca.Policy.rule.NameConstraintsExt.excludedSubtrees2.base.generalNameChoice= +ca.Policy.rule.NameConstraintsExt.excludedSubtrees2.base.generalNameValue= +ca.Policy.rule.NameConstraintsExt.permittedSubtrees0.max=-1 +ca.Policy.rule.NameConstraintsExt.permittedSubtrees0.min=0 +ca.Policy.rule.NameConstraintsExt.permittedSubtrees0.base.generalNameChoice= +ca.Policy.rule.NameConstraintsExt.permittedSubtrees0.base.generalNameValue= +ca.Policy.rule.NameConstraintsExt.permittedSubtrees1.max=-1 +ca.Policy.rule.NameConstraintsExt.permittedSubtrees1.min=0 +ca.Policy.rule.NameConstraintsExt.permittedSubtrees1.base.generalNameChoice= +ca.Policy.rule.NameConstraintsExt.permittedSubtrees1.base.generalNameValue= +ca.Policy.rule.NameConstraintsExt.permittedSubtrees2.max=-1 +ca.Policy.rule.NameConstraintsExt.permittedSubtrees2.min=0 +ca.Policy.rule.NameConstraintsExt.permittedSubtrees2.base.generalNameChoice= +ca.Policy.rule.NameConstraintsExt.permittedSubtrees2.base.generalNameValue= +ca.Policy.rule.OCSPNoCheckExt.critical=false +ca.Policy.rule.OCSPNoCheckExt.enable=true +ca.Policy.rule.OCSPNoCheckExt.implName=OCSPNoCheckExt +ca.Policy.rule.OCSPNoCheckExt.predicate=HTTP_PARAMS.certType==ocspResponder +ca.Policy.rule.OCSPSigningExt.critical=false +ca.Policy.rule.OCSPSigningExt.enable=true +ca.Policy.rule.OCSPSigningExt.id0=1.3.6.1.5.5.7.3.9 +ca.Policy.rule.OCSPSigningExt.implName=ExtendedKeyUsageExt +ca.Policy.rule.OCSPSigningExt.predicate=HTTP_PARAMS.certType==ocspResponder +ca.Policy.rule.ObjSignCertKeyUsageExt.crlSign=false +ca.Policy.rule.ObjSignCertKeyUsageExt.dataEncipherment=false +ca.Policy.rule.ObjSignCertKeyUsageExt.decipherOnly=false +ca.Policy.rule.ObjSignCertKeyUsageExt.digitalSignature=true +ca.Policy.rule.ObjSignCertKeyUsageExt.enable=true +ca.Policy.rule.ObjSignCertKeyUsageExt.encipherOnly=false +ca.Policy.rule.ObjSignCertKeyUsageExt.implName=KeyUsageExt +ca.Policy.rule.ObjSignCertKeyUsageExt.keyAgreement=false +ca.Policy.rule.ObjSignCertKeyUsageExt.keyCertsign=true +ca.Policy.rule.ObjSignCertKeyUsageExt.keyEncipherment=false +ca.Policy.rule.ObjSignCertKeyUsageExt.nonRepudiation=false +ca.Policy.rule.ObjSignCertKeyUsageExt.predicate=HTTP_PARAMS.certType==objSignClient +ca.Policy.rule.PolicyConstraintsExt.critical=false +ca.Policy.rule.PolicyConstraintsExt.enable=false +ca.Policy.rule.PolicyConstraintsExt.implName=PolicyConstraintsExt +ca.Policy.rule.PolicyConstraintsExt.inhibitPolicyMapping=0 +ca.Policy.rule.PolicyConstraintsExt.predicate=HTTP_PARAMS.certType==ca +ca.Policy.rule.PolicyConstraintsExt.reqExplicitPolicy=0 +ca.Policy.rule.PolicyMappingsExt.critical=false +ca.Policy.rule.PolicyMappingsExt.enable=false +ca.Policy.rule.PolicyMappingsExt.implName=PolicyMappingsExt +ca.Policy.rule.PolicyMappingsExt.numPolicyMappings=1 +ca.Policy.rule.PolicyMappingsExt.predicate=HTTP_PARAMS.certType==ca +ca.Policy.rule.PolicyMappingsExt.policyMap0.issuerDomainPolicy= +ca.Policy.rule.PolicyMappingsExt.policyMap0.subjectDomainPolicy= +ca.Policy.rule.RMCertKeyUsageExt.crlSign=false +ca.Policy.rule.RMCertKeyUsageExt.dataEncipherment=false +ca.Policy.rule.RMCertKeyUsageExt.decipherOnly=false +ca.Policy.rule.RMCertKeyUsageExt.digitalSignature=true +ca.Policy.rule.RMCertKeyUsageExt.enable=true +ca.Policy.rule.RMCertKeyUsageExt.encipherOnly=false +ca.Policy.rule.RMCertKeyUsageExt.implName=KeyUsageExt +ca.Policy.rule.RMCertKeyUsageExt.keyAgreement=false +ca.Policy.rule.RMCertKeyUsageExt.keyCertsign=false +ca.Policy.rule.RMCertKeyUsageExt.keyEncipherment=false +ca.Policy.rule.RMCertKeyUsageExt.nonRepudiation=true +ca.Policy.rule.RMCertKeyUsageExt.predicate=HTTP_PARAMS.certType==ra +ca.Policy.rule.RSAKeyRule.enable=false +ca.Policy.rule.RSAKeyRule.exponents=3,7,17,65537 +ca.Policy.rule.RSAKeyRule.implName=RSAKeyConstraints +ca.Policy.rule.RSAKeyRule.maxSize=2048 +ca.Policy.rule.RSAKeyRule.minSize=512 +ca.Policy.rule.RSAKeyRule.predicate= +ca.Policy.rule.RenewalConstraintsRule.enable=true +ca.Policy.rule.RenewalConstraintsRule.implName=RenewalConstraints +ca.Policy.rule.RenewalConstraintsRule.predicate= +ca.Policy.rule.RevocationConstraintsRule.enable=true +ca.Policy.rule.RevocationConstraintsRule.implName=RevocationConstraints +ca.Policy.rule.RevocationConstraintsRule.predicate= +ca.Policy.rule.ServerCertKeyUsageExt.crlSign=false +ca.Policy.rule.ServerCertKeyUsageExt.dataEncipherment=true +ca.Policy.rule.ServerCertKeyUsageExt.decipherOnly=false +ca.Policy.rule.ServerCertKeyUsageExt.digitalSignature=true +ca.Policy.rule.ServerCertKeyUsageExt.enable=true +ca.Policy.rule.ServerCertKeyUsageExt.encipherOnly=false +ca.Policy.rule.ServerCertKeyUsageExt.implName=KeyUsageExt +ca.Policy.rule.ServerCertKeyUsageExt.keyAgreement=false +ca.Policy.rule.ServerCertKeyUsageExt.keyCertsign=false +ca.Policy.rule.ServerCertKeyUsageExt.keyEncipherment=true +ca.Policy.rule.ServerCertKeyUsageExt.nonRepudiation=true +ca.Policy.rule.ServerCertKeyUsageExt.predicate=HTTP_PARAMS.certType==server +ca.Policy.rule.SigningAlgRule.algorithms=MD5withRSA,MD2withRSA,SHA1withRSA,SHA256withRSA,SHA512withRSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC +ca.Policy.rule.SigningAlgRule.enable=true +ca.Policy.rule.SigningAlgRule.implName=SigningAlgorithmConstraints +ca.Policy.rule.SigningAlgRule.predicate= +ca.Policy.rule.SubCANameConstraints.enable=true +ca.Policy.rule.SubCANameConstraints.implName=SubCANameConstraints +ca.Policy.rule.SubCANameConstraints.predicate=HTTP_PARAMS.certType == ca +ca.Policy.rule.SubjectAltNameExt.enable=true +ca.Policy.rule.SubjectAltNameExt.implName=SubjectAltNameExt +ca.Policy.rule.SubjectAltNameExt.numGeneralNames=3 +ca.Policy.rule.SubjectAltNameExt.predicate=HTTP_PARAMS.certType!=CEP-Request +ca.Policy.rule.SubjectAltNameExt.generalName0.generalNameChoice=rfc822Name +ca.Policy.rule.SubjectAltNameExt.generalName0.requestAttr=AUTH_TOKEN.mail +ca.Policy.rule.SubjectAltNameExt.generalName1.generalNameChoice=rfc822Name +ca.Policy.rule.SubjectAltNameExt.generalName1.requestAttr=AUTH_TOKEN.mailalternateaddress +ca.Policy.rule.SubjectAltNameExt.generalName2.generalNameChoice=rfc822Name +ca.Policy.rule.SubjectAltNameExt.generalName2.requestAttr=HTTP_PARAMS.csrRequestorEmail +ca.Policy.rule.SubjectKeyIdentifierExt.enable=true +ca.Policy.rule.SubjectKeyIdentifierExt.implName=SubjectKeyIdentifierExt +ca.Policy.rule.SubjectKeyIdentifierExt.predicate=HTTP_PARAMS.certType==ca +ca.Policy.rule.UniqueSubjectNameConstraints.enable=false +ca.Policy.rule.UniqueSubjectNameConstraints.implName=UniqueSubjectNameConstraints +ca.Policy.rule.UniqueSubjectNameConstraints.predicate= +ca.crl._000=## +ca.crl._001=## CA CRL +ca.crl._002=## +ca.crl.pageSize=100 +ca.crl.MasterCRL.allowExtensions=true +ca.crl.MasterCRL.alwaysUpdate=false +ca.crl.MasterCRL.autoUpdateInterval=240 +ca.crl.MasterCRL.caCertsOnly=false +ca.crl.MasterCRL.cacheUpdateInterval=15 +ca.crl.MasterCRL.class=com.netscape.ca.CRLIssuingPoint +ca.crl.MasterCRL.dailyUpdates=1:00 +ca.crl.MasterCRL.description=CA's complete Certificate Revocation List +ca.crl.MasterCRL.enable=true +ca.crl.MasterCRL.enableCRLCache=true +ca.crl.MasterCRL.enableCRLUpdates=true +ca.crl.MasterCRL.enableCacheTesting=false +ca.crl.MasterCRL.enableCacheRecovery=true +ca.crl.MasterCRL.enableDailyUpdates=true +ca.crl.MasterCRL.enableUpdateInterval=true +ca.crl.MasterCRL.extendedNextUpdate=true +ca.crl.MasterCRL.includeExpiredCerts=false +ca.crl.MasterCRL.minUpdateInterval=0 +ca.crl.MasterCRL.nextUpdateGracePeriod=0 +ca.crl.MasterCRL.publishOnStart=false +ca.crl.MasterCRL.saveMemory=false +ca.crl.MasterCRL.signingAlgorithm=SHA256withRSA +ca.crl.MasterCRL.updateSchema=1 +ca.crl.MasterCRL.extension.AuthorityInformationAccess.accessLocation0= +ca.crl.MasterCRL.extension.AuthorityInformationAccess.accessLocationType0=URI +ca.crl.MasterCRL.extension.AuthorityInformationAccess.accessMethod0=caIssuers +ca.crl.MasterCRL.extension.AuthorityInformationAccess.class=com.netscape.cms.crl.CMSAuthInfoAccessExtension +ca.crl.MasterCRL.extension.AuthorityInformationAccess.critical=false +ca.crl.MasterCRL.extension.AuthorityInformationAccess.enable=false +ca.crl.MasterCRL.extension.AuthorityInformationAccess.numberOfAccessDescriptions=1 +ca.crl.MasterCRL.extension.AuthorityInformationAccess.type=CRLExtension +ca.crl.MasterCRL.extension.AuthorityKeyIdentifier.class=com.netscape.cms.crl.CMSAuthorityKeyIdentifierExtension +ca.crl.MasterCRL.extension.AuthorityKeyIdentifier.critical=false +ca.crl.MasterCRL.extension.AuthorityKeyIdentifier.enable=false +ca.crl.MasterCRL.extension.AuthorityKeyIdentifier.type=CRLExtension +ca.crl.MasterCRL.extension.CRLNumber.class=com.netscape.cms.crl.CMSCRLNumberExtension +ca.crl.MasterCRL.extension.CRLNumber.critical=false +ca.crl.MasterCRL.extension.CRLNumber.enable=true +ca.crl.MasterCRL.extension.CRLNumber.type=CRLExtension +ca.crl.MasterCRL.extension.CRLReason.class=com.netscape.cms.crl.CMSCRLReasonExtension +ca.crl.MasterCRL.extension.CRLReason.critical=false +ca.crl.MasterCRL.extension.CRLReason.enable=true +ca.crl.MasterCRL.extension.CRLReason.type=CRLEntryExtension +ca.crl.MasterCRL.extension.DeltaCRLIndicator.class=com.netscape.cms.crl.CMSDeltaCRLIndicatorExtension +ca.crl.MasterCRL.extension.DeltaCRLIndicator.critical=true +ca.crl.MasterCRL.extension.DeltaCRLIndicator.enable=false +ca.crl.MasterCRL.extension.DeltaCRLIndicator.type=CRLExtension +ca.crl.MasterCRL.extension.FreshestCRL.class=com.netscape.cms.crl.CMSFreshestCRLExtension +ca.crl.MasterCRL.extension.FreshestCRL.critical=false +ca.crl.MasterCRL.extension.FreshestCRL.enable=false +ca.crl.MasterCRL.extension.FreshestCRL.numPoints=0 +ca.crl.MasterCRL.extension.FreshestCRL.pointName0= +ca.crl.MasterCRL.extension.FreshestCRL.pointType0= +ca.crl.MasterCRL.extension.FreshestCRL.type=CRLExtension +ca.crl.MasterCRL.extension.InvalidityDate.class=com.netscape.cms.crl.CMSInvalidityDateExtension +ca.crl.MasterCRL.extension.InvalidityDate.critical=false +ca.crl.MasterCRL.extension.InvalidityDate.enable=true +ca.crl.MasterCRL.extension.InvalidityDate.type=CRLEntryExtension +ca.crl.MasterCRL.extension.IssuerAlternativeName.class=com.netscape.cms.crl.CMSIssuerAlternativeNameExtension +ca.crl.MasterCRL.extension.IssuerAlternativeName.critical=false +ca.crl.MasterCRL.extension.IssuerAlternativeName.enable=false +ca.crl.MasterCRL.extension.IssuerAlternativeName.name0= +ca.crl.MasterCRL.extension.IssuerAlternativeName.nameType0= +ca.crl.MasterCRL.extension.IssuerAlternativeName.numNames=0 +ca.crl.MasterCRL.extension.IssuerAlternativeName.type=CRLExtension +ca.crl.MasterCRL.extension.IssuingDistributionPoint.class=com.netscape.cms.crl.CMSIssuingDistributionPointExtension +ca.crl.MasterCRL.extension.IssuingDistributionPoint.critical=true +ca.crl.MasterCRL.extension.IssuingDistributionPoint.enable=false +ca.crl.MasterCRL.extension.IssuingDistributionPoint.indirectCRL=false +ca.crl.MasterCRL.extension.IssuingDistributionPoint.onlyContainsCACerts=false +ca.crl.MasterCRL.extension.IssuingDistributionPoint.onlyContainsUserCerts=false +ca.crl.MasterCRL.extension.IssuingDistributionPoint.onlySomeReasons= +ca.crl.MasterCRL.extension.IssuingDistributionPoint.pointName= +ca.crl.MasterCRL.extension.IssuingDistributionPoint.pointType= +ca.crl.MasterCRL.extension.IssuingDistributionPoint.type=CRLExtension +ca.notification.certIssued.emailSubject=Your Certificate Request +ca.notification.certIssued.emailTemplate=[PKI_INSTANCE_PATH]/emails/certIssued_CA.html +ca.notification.certIssued.enabled=false +ca.notification.certIssued.senderEmail= +ca.notification.certRevoked.emailSubject=Your Certificate Revoked +ca.notification.certRevoked.emailTemplate=[PKI_INSTANCE_PATH]/emails/certRevoked_CA.html +ca.notification.certRevoked.enabled=false +ca.notification.certRevoked.senderEmail= +ca.notification.requestInQ.emailSubject=Certificate Request in Queue +ca.notification.requestInQ.emailTemplate=[PKI_INSTANCE_PATH]/emails/reqInQueue_CA.html +ca.notification.requestInQ.enabled=false +ca.notification.requestInQ.recipientEmail= +ca.notification.requestInQ.senderEmail= +ca.ocsp_signing.cacertnickname=ocspSigningCert cert-[PKI_INSTANCE_ID] +ca.ocsp_signing.defaultSigningAlgorithm=SHA256withRSA +ca.ocsp_signing.tokenname=internal +ca.publish.createOwnDNEntry=false +ca.publish.queue.enable=true +ca.publish.queue.maxNumberOfThreads=3 +ca.publish.queue.pageSize=40 +ca.publish.queue.priorityLevel=0 +ca.publish.queue.saveStatus=200 +ca.publish.mapper.impl.LdapCaSimpleMap.class=com.netscape.cms.publish.mappers.LdapCaSimpleMap +ca.publish.mapper.impl.LdapDNCompsMap.class=com.netscape.cms.publish.mappers.LdapCertCompsMap +ca.publish.mapper.impl.LdapDNExactMap.class=com.netscape.cms.publish.mappers.LdapCertExactMap +ca.publish.mapper.impl.LdapEnhancedMap.class=com.netscape.cms.publish.mappers.LdapEnhancedMap +ca.publish.mapper.impl.LdapSimpleMap.class=com.netscape.cms.publish.mappers.LdapSimpleMap +ca.publish.mapper.impl.LdapSubjAttrMap.class=com.netscape.cms.publish.mappers.LdapCertSubjMap +ca.publish.mapper.impl.NoMap.class=com.netscape.cms.publish.mappers.NoMap +ca.publish.mapper.instance.LdapCaCertMap.createCAEntry=true +ca.publish.mapper.instance.LdapCaCertMap.dnPattern=UID=$subj.cn,OU=people,O=$subj.o +ca.publish.mapper.instance.LdapCaCertMap.pluginName=LdapCaSimpleMap +ca.publish.mapper.instance.LdapCrlMap.createCAEntry=true +ca.publish.mapper.instance.LdapCrlMap.dnPattern=UID=$subj.cn,OU=people,O=$subj.o +ca.publish.mapper.instance.LdapCrlMap.pluginName=LdapCaSimpleMap +ca.publish.mapper.instance.LdapUserCertMap.dnPattern=UID=$subj.UID,OU=people,O=$subj.o +ca.publish.mapper.instance.LdapUserCertMap.pluginName=LdapSimpleMap +ca.publish.mapper.instance.NoMap.pluginName=NoMap +ca.publish.publisher.impl.FileBasedPublisher.class=com.netscape.cms.publish.publishers.FileBasedPublisher +ca.publish.publisher.impl.LdapCaCertPublisher.class=com.netscape.cms.publish.publishers.LdapCaCertPublisher +ca.publish.publisher.impl.LdapCertificatePairPublisher.class=com.netscape.cms.publish.publishers.LdapCertificatePairPublisher +ca.publish.publisher.impl.LdapCrlPublisher.class=com.netscape.cms.publish.publishers.LdapCrlPublisher +ca.publish.publisher.impl.LdapDeltaCrlPublisher.class=com.netscape.cms.publish.publishers.LdapCrlPublisher +ca.publish.publisher.impl.LdapUserCertPublisher.class=com.netscape.cms.publish.publishers.LdapUserCertPublisher +ca.publish.publisher.impl.OCSPPublisher.class=com.netscape.cms.publish.publishers.OCSPPublisher +ca.publish.publisher.instance.LdapCaCertPublisher.caCertAttr=caCertificate;binary +ca.publish.publisher.instance.LdapCaCertPublisher.caObjectClass=pkiCA +ca.publish.publisher.instance.LdapCaCertPublisher.pluginName=LdapCaCertPublisher +ca.publish.publisher.instance.LdapCrlPublisher.crlAttr=certificateRevocationList;binary +ca.publish.publisher.instance.LdapCrlPublisher.pluginName=LdapCrlPublisher +ca.publish.publisher.instance.LdapCrlPublisher.crlObjectClass=pkiCA +ca.publish.publisher.instance.LdapCrossCertPairPublisher.caObjectClass=pkiCA +ca.publish.publisher.instance.LdapCrossCertPairPublisher.crossCertPairAttr=crossCertificatePair;binary +ca.publish.publisher.instance.LdapCrossCertPairPublisher.pluginName=LdapCertificatePairPublisher +ca.publish.publisher.instance.LdapDeltaCrlPublisher.crlAttr=deltaRevocationList;binary +ca.publish.publisher.instance.LdapDeltaCrlPublisher.crlObjectClass=pkiCA,deltaCRL +ca.publish.publisher.instance.LdapDeltaCrlPublisher.pluginName=LdapDeltaCrlPublisher +ca.publish.publisher.instance.LdapUserCertPublisher.certAttr=userCertificate;binary +ca.publish.publisher.instance.LdapUserCertPublisher.pluginName=LdapUserCertPublisher +ca.publish.rule.impl.Rule.class=com.netscape.cmscore.ldap.LdapRule +ca.publish.rule.instance.LdapCaCertRule.enable=false +ca.publish.rule.instance.LdapCaCertRule.mapper=LdapCaCertMap +ca.publish.rule.instance.LdapCaCertRule.pluginName=Rule +ca.publish.rule.instance.LdapCaCertRule.predicate= +ca.publish.rule.instance.LdapCaCertRule.publisher=LdapCaCertPublisher +ca.publish.rule.instance.LdapCaCertRule.type=cacert +ca.publish.rule.instance.LdapCrlRule.enable=false +ca.publish.rule.instance.LdapCrlRule.mapper=LdapCrlMap +ca.publish.rule.instance.LdapCrlRule.pluginName=Rule +ca.publish.rule.instance.LdapCrlRule.predicate= +ca.publish.rule.instance.LdapCrlRule.publisher=LdapCrlPublisher +ca.publish.rule.instance.LdapCrlRule.type=crl +ca.publish.rule.instance.LdapUserCertRule.enable=false +ca.publish.rule.instance.LdapUserCertRule.mapper=LdapUserCertMap +ca.publish.rule.instance.LdapUserCertRule.pluginName=Rule +ca.publish.rule.instance.LdapUserCertRule.predicate= +ca.publish.rule.instance.LdapUserCertRule.publisher=LdapUserCertPublisher +ca.publish.rule.instance.LdapUserCertRule.type=certs +ca.publish.rule.instance.LdapXCertRule.enable=false +ca.publish.rule.instance.LdapXCertRule.mapper=LdapCaCertMap +ca.publish.rule.instance.LdapXCertRule.pluginName=Rule +ca.publish.rule.instance.LdapXCertRule.predicate= +ca.publish.rule.instance.LdapXCertRule.publisher=LdapCrossCertPairPublisher +ca.publish.rule.instance.LdapXCertRule.type=xcert +cmc.cert.confirmRequired=false +cmc.lraPopWitness.verify.allow=true +cmc.revokeCert.verify=true +cmc.revokeCert.sharedSecret.class=com.netscape.cms.authentication.SharedSecret +cmc.sharedSecret.class=com.netscape.cms.authentication.SharedSecret +cms.passwordlist=internaldb,replicationdb +cms.password.ignore.publishing.failure=true +cms.version=@MAJOR_VERSION@.@MINOR_VERSION@ +cmsgateway._000=## +cmsgateway._001=## In the event that all Admin Certificates have been lost +cmsgateway._002=## for a given instance, perform the following steps to +cmsgateway._003=## re-enroll for a new Admin Certificate: +cmsgateway._004=## +cmsgateway._005=## (1) Become 'root' +cmsgateway._006=## (2) Type: 'service [PKI_INSTANCE_ID] stop' +cmsgateway._007=## (3) Edit '[PKI_INSTANCE_ROOT]/[PKI_INSTANCE_ID]/conf/CS.cfg' +cmsgateway._008=## and set the following name-value pairs (if necessary): +cmsgateway._009=## +cmsgateway._010=## ca.Policy.enable=true +cmsgateway._011=## cmsgateway.enableAdminEnroll=true +cmsgateway._012=## +cmsgateway._013=## (4) Type: 'service [PKI_INSTANCE_ID] start' +cmsgateway._014=## (5) Launch a browser and re-enroll for +cmsgateway._015=## a new Admin Certificate by typing: +cmsgateway._016=## +cmsgateway._017=## https://[PKI_MACHINE_NAME]:[PKI_ADMIN_SECURE_PORT]/ca/admin/ca/adminEnroll.html +cmsgateway._018=## +cmsgateway._019=## (6) Verify that the browser contains the new +cmsgateway._020=## Admin Certificate by successfully navigating to: +cmsgateway._021=## +cmsgateway._022=## https://[PKI_MACHINE_NAME]:[PKI_AGENT_SECURE_PORT]/ca/agent/ca/ +cmsgateway._023=## +cmsgateway._024=## (7) Optionally, disable the Certificate Policies Framework +cmsgateway._025=## by following steps (1) - (4), but ONLY resetting +cmsgateway._026=## 'ca.Policy.enable=false', as +cmsgateway._027=## 'cmsgateway.enableAdminEnroll=false' should have +cmsgateway._028=## already been reset. +cmsgateway._029=## +cmsgateway.enableAdminEnroll=false +https.port=8443 +http.port=8080 +dbs.enableSerialManagement=false +dbs.beginRequestNumber=1 +dbs.endRequestNumber=10000000 +dbs.requestIncrement=10000000 +dbs.requestLowWaterMark=2000000 +dbs.requestCloneTransferNumber=10000 +dbs.requestDN=ou=ca, ou=requests +dbs.requestRangeDN=ou=requests, ou=ranges +dbs.beginSerialNumber=1 +dbs.endSerialNumber=10000000 +dbs.serialIncrement=10000000 +dbs.serialLowWaterMark=2000000 +dbs.serialCloneTransferNumber=10000 +dbs.serialDN=ou=certificateRepository, ou=ca +dbs.serialRangeDN=ou=certificateRepository, ou=ranges +dbs.beginReplicaNumber=1 +dbs.endReplicaNumber=100 +dbs.replicaIncrement=100 +dbs.replicaLowWaterMark=20 +dbs.replicaCloneTransferNumber=5 +dbs.replicaDN=ou=replica +dbs.replicaRangeDN=ou=replica, ou=ranges +dbs.ldap=internaldb +dbs.newSchemaEntryAdded=true +debug.append=true +debug.enabled=true +debug.filename=[PKI_INSTANCE_PATH]/logs/debug +debug.hashkeytypes= +debug.level=0 +debug.showcaller=false +keys.ecc.curve.list=nistp256,nistp384,nistp521,sect163k1,nistk163,sect163r1,sect163r2,nistb163,sect193r1,sect193r2,sect233k1,nistk233,sect233r1,nistb233,sect239k1,sect283k1,nistk283,sect283r1,nistb283,sect409k1,nistk409,sect409r1,nistb409,sect571k1,nistk571,sect571r1,nistb571,secp160k1,secp160r1,secp160r2,secp192k1,secp192r1,nistp192,secp224k1,secp224r1,nistp224,secp256k1,secp256r1,secp384r1,secp521r1,prime192v1,prime192v2,prime192v3,prime239v1,prime239v2,prime239v3,c2pnb163v1,c2pnb163v2,c2pnb163v3,c2pnb176v1,c2tnb191v1,c2tnb191v2,c2tnb191v3,c2pnb208w1,c2tnb239v1,c2tnb239v2,c2tnb239v3,c2pnb272w1,c2pnb304w1,c2tnb359w1,c2pnb368w1,c2tnb431r1,secp112r1,secp112r2,secp128r1,secp128r2,sect113r1,sect113r2,sect131r1,sect131r2 +keys.ecc.curve.display.list=nistp256 (secp256r1),nistp384 (secp384r1),nistp521 (secp521r1),nistk163 (sect163k1),sect163r1,nistb163 (sect163r2),sect193r1,sect193r2,nistk233 (sect233k1),nistb233 (sect233r1),sect239k1,nistk283 (sect283k1),nistb283 (sect283r1),nistk409 (sect409k1),nistb409 (sect409r1),nistk571 (sect571k1),nistb571 (sect571r1),secp160k1,secp160r1,secp160r2,secp192k1,nistp192 (secp192r1, prime192v1),secp224k1,nistp224 (secp224r1),secp256k1,prime192v2,prime192v3,prime239v1,prime239v2,prime239v3,c2pnb163v1,c2pnb163v2,c2pnb163v3,c2pnb176v1,c2tnb191v1,c2tnb191v2,c2tnb191v3,c2pnb208w1,c2tnb239v1,c2tnb239v2,c2tnb239v3,c2pnb272w1,c2pnb304w1,c2tnb359w1,c2pnb368w1,c2tnb431r1,secp112r1,secp112r2,secp128r1,secp128r2,sect113r1,sect113r2,sect131r1,sect131r2 +keys.ecc.curve.default=nistp256 +keys.rsa.keysize.default=2048 +internaldb._000=## +internaldb._001=## Internal Database +internaldb._002=## +internaldb.basedn= +internaldb.maxConns=15 +internaldb.minConns=3 +internaldb.ldapauth.authtype=BasicAuth +internaldb.ldapauth.bindDN=cn=Directory Manager +internaldb.ldapauth.bindPWPrompt=Internal LDAP Database +internaldb.ldapauth.clientCertNickname= +internaldb.ldapconn.host= +internaldb.ldapconn.port= +internaldb.ldapconn.secureConn=false +preop.internaldb.schema.ldif=/usr/share/[PKI_FLAVOR]/ca/conf/schema.ldif +preop.internaldb.ldif=/usr/share/[PKI_FLAVOR]/ca/conf/database.ldif +preop.internaldb.data_ldif=/usr/share/[PKI_FLAVOR]/ca/conf/db.ldif,/usr/share/[PKI_FLAVOR]/ca/conf/acl.ldif +preop.internaldb.index_ldif= +preop.internaldb.manager_ldif=/usr/share/[PKI_FLAVOR]/ca/conf/manager.ldif +preop.internaldb.post_ldif=/usr/share/[PKI_FLAVOR]/ca/conf/index.ldif,/usr/share/[PKI_FLAVOR]/ca/conf/vlv.ldif,/usr/share/[PKI_FLAVOR]/ca/conf/vlvtasks.ldif +preop.internaldb.wait_dn=cn=index1160589769, cn=index, cn=tasks, cn=config +internaldb.multipleSuffix.enable=false +jobsScheduler._000=## +jobsScheduler._001=## jobScheduler +jobsScheduler._002=## +jobsScheduler.enabled=false +jobsScheduler.interval=1 +jobsScheduler.impl.PublishCertsJob.class=com.netscape.cms.jobs.PublishCertsJob +jobsScheduler.impl.RenewalNotificationJob.class=com.netscape.cms.jobs.RenewalNotificationJob +jobsScheduler.impl.RequestInQueueJob.class=com.netscape.cms.jobs.RequestInQueueJob +jobsScheduler.impl.UnpublishExpiredJob.class=com.netscape.cms.jobs.UnpublishExpiredJob +jobsScheduler.job.certRenewalNotifier.cron=0 3 * * 1-5 +jobsScheduler.job.certRenewalNotifier.emailSubject=Certificate Renewal Notification +jobsScheduler.job.certRenewalNotifier.emailTemplate=[PKI_INSTANCE_PATH]/emails/rnJob1.txt +jobsScheduler.job.certRenewalNotifier.enabled=false +jobsScheduler.job.certRenewalNotifier.notifyEndOffset=30 +jobsScheduler.job.certRenewalNotifier.notifyTriggerOffset=30 +jobsScheduler.job.certRenewalNotifier.pluginName=RenewalNotificationJob +jobsScheduler.job.certRenewalNotifier.senderEmail= +jobsScheduler.job.certRenewalNotifier.summary.emailSubject=Certificate Renewal Notification Summary +jobsScheduler.job.certRenewalNotifier.summary.emailTemplate=[PKI_INSTANCE_PATH]/emails/rnJob1Summary.txt +jobsScheduler.job.certRenewalNotifier.summary.enabled=true +jobsScheduler.job.certRenewalNotifier.summary.itemTemplate=[PKI_INSTANCE_PATH]/emails/rnJob1Item.txt +jobsScheduler.job.certRenewalNotifier.summary.recipientEmail= +jobsScheduler.job.certRenewalNotifier.summary.senderEmail= +jobsScheduler.job.publishCerts.cron=0 0 * * 2 +jobsScheduler.job.publishCerts.enabled=false +jobsScheduler.job.publishCerts.pluginName=PublishCertsJob +jobsScheduler.job.publishCerts.summary.emailSubject=Certs Publishing Summary +jobsScheduler.job.publishCerts.summary.emailTemplate=[PKI_INSTANCE_PATH]/emails/publishCerts.html +jobsScheduler.job.publishCerts.summary.enabled=true +jobsScheduler.job.publishCerts.summary.itemTemplate=[PKI_INSTANCE_PATH]/emails/publishCertsItem.html +jobsScheduler.job.publishCerts.summary.recipientEmail= +jobsScheduler.job.publishCerts.summary.senderEmail= +jobsScheduler.job.requestInQueueNotifier.cron=0 0 * * 0 +jobsScheduler.job.requestInQueueNotifier.enabled=false +jobsScheduler.job.requestInQueueNotifier.pluginName=RequestInQueueJob +jobsScheduler.job.requestInQueueNotifier.subsystemId=ca +jobsScheduler.job.requestInQueueNotifier.summary.emailSubject=Requests in Queue Summary Report +jobsScheduler.job.requestInQueueNotifier.summary.emailTemplate=[PKI_INSTANCE_PATH]/emails/riq1Summary.html +jobsScheduler.job.requestInQueueNotifier.summary.enabled=true +jobsScheduler.job.requestInQueueNotifier.summary.recipientEmail= +jobsScheduler.job.requestInQueueNotifier.summary.senderEmail= +jobsScheduler.job.unpublishExpiredCerts.cron=0 0 * * 6 +jobsScheduler.job.unpublishExpiredCerts.enabled=false +jobsScheduler.job.unpublishExpiredCerts.pluginName=UnpublishExpiredJob +jobsScheduler.job.unpublishExpiredCerts.summary.emailSubject=Expired Certs Unpublished Summary +jobsScheduler.job.unpublishExpiredCerts.summary.emailTemplate=[PKI_INSTANCE_PATH]/emails/euJob1.html +jobsScheduler.job.unpublishExpiredCerts.summary.enabled=true +jobsScheduler.job.unpublishExpiredCerts.summary.itemTemplate=[PKI_INSTANCE_PATH]/emails/euJob1Item.html +jobsScheduler.job.unpublishExpiredCerts.summary.recipientEmail= +jobsScheduler.job.unpublishExpiredCerts.summary.senderEmail= +jss._000=## +jss._001=## JSS +jss._002=## +jss.configDir=[PKI_INSTANCE_PATH]/alias/ +jss.enable=true +jss.secmodName=secmod.db +jss.ocspcheck.enable=false +jss.ssl.cipherfortezza=true +jss.ssl.cipherpref= +jss.ssl.cipherversion=cipherdomestic +log._000=## +log._001=## Logging +log._002=## +log.impl.file.class=com.netscape.cms.logging.RollingLogFile +log.instance.SignedAudit._000=## +log.instance.SignedAudit._001=## Signed Audit Logging +log.instance.SignedAudit._002=## +log.instance.SignedAudit._003=## +log.instance.SignedAudit._004=## Available Audit events: +log.instance.SignedAudit._005=## AUDIT_LOG_STARTUP,AUDIT_LOG_SHUTDOWN,ROLE_ASSUME,CONFIG_CERT_POLICY,CONFIG_CERT_PROFILE,CONFIG_CRL_PROFILE,CONFIG_OCSP_PROFILE,CONFIG_AUTH,CONFIG_ROLE,CONFIG_ACL,CONFIG_SIGNED_AUDIT,CONFIG_ENCRYPTION,CONFIG_TRUSTED_PUBLIC_KEY,CONFIG_DRM,SELFTESTS_EXECUTION,AUDIT_LOG_DELETE,LOG_PATH_CHANGE,LOG_EXPIRATION_CHANGE,PRIVATE_KEY_ARCHIVE_REQUEST,PRIVATE_KEY_ARCHIVE_REQUEST_PROCESSED,PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS,PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE,KEY_RECOVERY_REQUEST,KEY_RECOVERY_REQUEST_ASYNC,KEY_RECOVERY_AGENT_LOGIN,KEY_RECOVERY_REQUEST_PROCESSED,KEY_RECOVERY_REQUEST_PROCESSED_ASYNC,KEY_GEN_ASYMMETRIC,NON_PROFILE_CERT_REQUEST,PROFILE_CERT_REQUEST,CERT_REQUEST_PROCESSED,CERT_STATUS_CHANGE_REQUEST,CERT_STATUS_CHANGE_REQUEST_PROCESSED,AUTHZ_SUCCESS,AUTHZ_FAIL,INTER_BOUNDARY,AUTH_FAIL,AUTH_SUCCESS,CERT_PROFILE_APPROVAL,PROOF_OF_POSSESSION,CRL_RETRIEVAL,CRL_VALIDATION,CMC_SIGNED_REQUEST_SIG_VERIFY,SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_FAILURE,SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_SUCCESS,SERVER_SIDE_KEYGEN_REQUEST,COMPUTE_SESSION_KEY_REQUEST,COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS, COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE,DIVERSIFY_KEY_REQUEST,DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS, DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE,ENCRYPT_DATA_REQUEST,ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS,ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE,OCSP_ADD_CA_REQUEST,OCSP_ADD_CA_REQUEST_PROCESSED,OCSP_REMOVE_CA_REQUEST,OCSP_REMOVE_CA_REQUEST_PROCESSED_SUCCESS,OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE,COMPUTE_RANDOM_DATA_REQUEST,COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_SUCCESS,COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_FAILURE,CIMC_CERT_VERIFICATION,SECURITY_DOMAIN_UPDATE,CONFIG_SERIAL_NUMBER +log.instance.SignedAudit._006=## +log.instance.SignedAudit.bufferSize=512 +log.instance.SignedAudit.enable=true +log.instance.SignedAudit.events=AUDIT_LOG_STARTUP,AUDIT_LOG_SHUTDOWN,ROLE_ASSUME,CONFIG_CERT_POLICY,CONFIG_CERT_PROFILE,CONFIG_CRL_PROFILE,CONFIG_OCSP_PROFILE,CONFIG_AUTH,CONFIG_ROLE,CONFIG_ACL,CONFIG_SIGNED_AUDIT,CONFIG_ENCRYPTION,CONFIG_TRUSTED_PUBLIC_KEY,CONFIG_DRM,SELFTESTS_EXECUTION,AUDIT_LOG_DELETE,LOG_PATH_CHANGE,PRIVATE_KEY_ARCHIVE_REQUEST,PRIVATE_KEY_ARCHIVE_REQUEST_PROCESSED,PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS,PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE,KEY_RECOVERY_REQUEST,KEY_RECOVERY_REQUEST_ASYNC,KEY_RECOVERY_AGENT_LOGIN,KEY_RECOVERY_REQUEST_PROCESSED,KEY_RECOVERY_REQUEST_PROCESSED_ASYNC,KEY_GEN_ASYMMETRIC,NON_PROFILE_CERT_REQUEST,PROFILE_CERT_REQUEST,CERT_REQUEST_PROCESSED,CERT_STATUS_CHANGE_REQUEST,CERT_STATUS_CHANGE_REQUEST_PROCESSED,AUTHZ_SUCCESS,AUTHZ_FAIL,INTER_BOUNDARY,AUTH_FAIL,AUTH_SUCCESS,CERT_PROFILE_APPROVAL,PROOF_OF_POSSESSION,CRL_RETRIEVAL,CRL_VALIDATION,CMC_SIGNED_REQUEST_SIG_VERIFY,SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_FAILURE,SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_SUCCESS,SERVER_SIDE_KEYGEN_REQUEST,COMPUTE_SESSION_KEY_REQUEST,COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS, COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE,DIVERSIFY_KEY_REQUEST,DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS, DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE,ENCRYPT_DATA_REQUEST,ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS,ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE,OCSP_ADD_CA_REQUEST,OCSP_ADD_CA_REQUEST_PROCESSED,OCSP_REMOVE_CA_REQUEST,OCSP_REMOVE_CA_REQUEST_PROCESSED_SUCCESS,OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE,COMPUTE_RANDOM_DATA_REQUEST,COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_SUCCESS,COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_FAILURE,CIMC_CERT_VERIFICATION,SECURITY_DOMAIN_UPDATE,CONFIG_SERIAL_NUMBER +log.instance.SignedAudit.expirationTime=0 +log.instance.SignedAudit.fileName=[PKI_INSTANCE_PATH]/logs/signedAudit/ca_audit +log.instance.SignedAudit.flushInterval=5 +log.instance.SignedAudit.level=1 +log.instance.SignedAudit.logSigning=false +log.instance.SignedAudit.maxFileSize=2000 +log.instance.SignedAudit.pluginName=file +log.instance.SignedAudit.rolloverInterval=2592000 +log.instance.SignedAudit.signedAudit=_002=## +log.instance.SignedAudit.signedAuditCertNickname=auditSigningCert cert-[PKI_INSTANCE_ID] +log.instance.SignedAudit.type=signedAudit +log.instance.System._000=## +log.instance.System._001=## System Logging +log.instance.System._002=## +log.instance.System.bufferSize=512 +log.instance.System.enable=true +log.instance.System.expirationTime=0 +log.instance.System.fileName=[PKI_INSTANCE_PATH]/logs/system +log.instance.System.flushInterval=5 +log.instance.System.level=3 +log.instance.System.maxFileSize=2000 +log.instance.System.pluginName=file +log.instance.System.rolloverInterval=2592000 +log.instance.System.type=system +log.instance.Transactions._000=## +log.instance.Transactions._001=## Transaction Logging +log.instance.Transactions._002=## +log.instance.Transactions.bufferSize=512 +log.instance.Transactions.enable=true +log.instance.Transactions.expirationTime=0 +log.instance.Transactions.fileName=[PKI_INSTANCE_PATH]/logs/transactions +log.instance.Transactions.flushInterval=5 +log.instance.Transactions.level=1 +log.instance.Transactions.maxFileSize=2000 +log.instance.Transactions.pluginName=file +log.instance.Transactions.rolloverInterval=2592000 +log.instance.Transactions.type=transaction +logAudit.fileName=[PKI_INSTANCE_PATH]/logs/access +logError.fileName=[PKI_INSTANCE_PATH]/logs/error +oidmap.auth_info_access.class=netscape.security.extensions.AuthInfoAccessExtension +oidmap.auth_info_access.oid=1.3.6.1.5.5.7.1.1 +oidmap.challenge_password.class=com.netscape.cms.servlet.cert.scep.ChallengePassword +oidmap.challenge_password.oid=1.2.840.113549.1.9.7 +oidmap.extended_key_usage.class=netscape.security.extensions.ExtendedKeyUsageExtension +oidmap.extended_key_usage.oid=2.5.29.37 +oidmap.extensions_requested_pkcs9.class=com.netscape.cms.servlet.cert.scep.ExtensionsRequested +oidmap.extensions_requested_pkcs9.oid=1.2.840.113549.1.9.14 +oidmap.extensions_requested_vsgn.class=com.netscape.cms.servlet.cert.scep.ExtensionsRequested +oidmap.extensions_requested_vsgn.oid=2.16.840.1.113733.1.9.8 +oidmap.netscape_comment.class=netscape.security.x509.NSCCommentExtension +oidmap.netscape_comment.oid=2.16.840.1.113730.1.13 +oidmap.ocsp_no_check.class=netscape.security.extensions.OCSPNoCheckExtension +oidmap.ocsp_no_check.oid=1.3.6.1.5.5.7.48.1.5 +oidmap.pse.class=netscape.security.extensions.PresenceServerExtension +oidmap.pse.oid=2.16.840.1.113730.1.18 +oidmap.subject_info_access.class=netscape.security.extensions.SubjectInfoAccessExtension +oidmap.subject_info_access.oid=1.3.6.1.5.5.7.1.11 +os.userid=nobody +profile.list=caUserCert,caECUserCert,caUserSMIMEcapCert,caDualCert,caECDualCert,caSignedLogCert,caTPSCert,caRARouterCert,caRouterCert,caServerCert,caOtherCert,caCACert,caInstallCACert,caRACert,caOCSPCert,caTransportCert,caDirUserCert,caAgentServerCert,caAgentFileSigning,caCMCUserCert,caFullCMCUserCert,caSimpleCMCUserCert,caTokenDeviceKeyEnrollment,caTokenUserEncryptionKeyEnrollment,caTokenUserSigningKeyEnrollment,caTempTokenDeviceKeyEnrollment,caTempTokenUserEncryptionKeyEnrollment,caTempTokenUserSigningKeyEnrollment,caAdminCert,caInternalAuthServerCert,caInternalAuthTransportCert,caInternalAuthDRMstorageCert,caInternalAuthSubsystemCert,caInternalAuthOCSPCert,caInternalAuthAuditSigningCert,DomainController,caDualRAuserCert,caRAagentCert,caRAserverCert,caUUIDdeviceCert,caSSLClientSelfRenewal,caDirUserRenewal,caManualRenewal,caTokenMSLoginEnrollment,caTokenUserSigningKeyRenewal,caTokenUserEncryptionKeyRenewal,caJarSigningCert,caIPAserviceCert,caEncUserCert,caEncECUserCert +profile.caUUIDdeviceCert.class_id=caEnrollImpl +profile.caUUIDdeviceCert.config=[PKI_INSTANCE_PATH]/profiles/ca/caUUIDdeviceCert.cfg +profile.caManualRenewal.class_id=caEnrollImpl +profile.caManualRenewal.config=[PKI_INSTANCE_PATH]/profiles/ca/caManualRenewal.cfg +profile.caDirUserRenewal.class_id=caEnrollImpl +profile.caDirUserRenewal.config=[PKI_INSTANCE_PATH]/profiles/ca/caDirUserRenewal.cfg +profile.caSSLClientSelfRenewal.class_id=caEnrollImpl +profile.caSSLClientSelfRenewal.config=[PKI_INSTANCE_PATH]/profiles/ca/caSSLClientSelfRenewal.cfg +profile.DomainController.class_id=caEnrollImpl +profile.DomainController.config=[PKI_INSTANCE_PATH]/profiles/ca/DomainController.cfg +profile.caAgentFileSigning.class_id=caEnrollImpl +profile.caAgentFileSigning.config=[PKI_INSTANCE_PATH]/profiles/ca/caAgentFileSigning.cfg +profile.caAgentServerCert.class_id=caEnrollImpl +profile.caAgentServerCert.config=[PKI_INSTANCE_PATH]/profiles/ca/caAgentServerCert.cfg +profile.caRAserverCert.class_id=caEnrollImpl +profile.caRAserverCert.config=[PKI_INSTANCE_PATH]/profiles/ca/caRAserverCert.cfg +profile.caCACert.class_id=caEnrollImpl +profile.caCACert.config=[PKI_INSTANCE_PATH]/profiles/ca/caCACert.cfg +profile.caInstallCACert.class_id=caEnrollImpl +profile.caInstallCACert.config=[PKI_INSTANCE_PATH]/profiles/ca/caInstallCACert.cfg +profile.caCMCUserCert.class_id=caEnrollImpl +profile.caCMCUserCert.config=[PKI_INSTANCE_PATH]/profiles/ca/caCMCUserCert.cfg +profile.caDirUserCert.class_id=caEnrollImpl +profile.caDirUserCert.config=[PKI_INSTANCE_PATH]/profiles/ca/caDirUserCert.cfg +profile.caDualCert.class_id=caEnrollImpl +profile.caDualCert.config=[PKI_INSTANCE_PATH]/profiles/ca/caDualCert.cfg +profile.caECDualCert.class_id=caEnrollImpl +profile.caECDualCert.config=[PKI_INSTANCE_PATH]/profiles/ca/caECDualCert.cfg +profile.caDualRAuserCert.class_id=caEnrollImpl +profile.caDualRAuserCert.config=[PKI_INSTANCE_PATH]/profiles/ca/caDualRAuserCert.cfg +profile.caRAagentCert.class_id=caEnrollImpl +profile.caRAagentCert.config=[PKI_INSTANCE_PATH]/profiles/ca/caRAagentCert.cfg +profile.caFullCMCUserCert.class_id=caEnrollImpl +profile.caFullCMCUserCert.config=[PKI_INSTANCE_PATH]/profiles/ca/caFullCMCUserCert.cfg +profile.caInternalAuthOCSPCert.class_id=caEnrollImpl +profile.caInternalAuthOCSPCert.config=[PKI_INSTANCE_PATH]/profiles/ca/caInternalAuthOCSPCert.cfg +profile.caInternalAuthAuditSigningCert.class_id=caEnrollImpl +profile.caInternalAuthAuditSigningCert.config=[PKI_INSTANCE_PATH]/profiles/ca/caInternalAuthAuditSigningCert.cfg +profile.caInternalAuthServerCert.class_id=caEnrollImpl +profile.caInternalAuthServerCert.config=[PKI_INSTANCE_PATH]/profiles/ca/caInternalAuthServerCert.cfg +profile.caInternalAuthSubsystemCert.class_id=caEnrollImpl +profile.caInternalAuthSubsystemCert.config=[PKI_INSTANCE_PATH]/profiles/ca/caInternalAuthSubsystemCert.cfg +profile.caInternalAuthDRMstorageCert.class_id=caEnrollImpl +profile.caInternalAuthDRMstorageCert.config=[PKI_INSTANCE_PATH]/profiles/ca/caInternalAuthDRMstorageCert.cfg +profile.caInternalAuthTransportCert.class_id=caEnrollImpl +profile.caInternalAuthTransportCert.config=[PKI_INSTANCE_PATH]/profiles/ca/caInternalAuthTransportCert.cfg +profile.caOCSPCert.class_id=caEnrollImpl +profile.caOCSPCert.config=[PKI_INSTANCE_PATH]/profiles/ca/caOCSPCert.cfg +profile.caOtherCert.class_id=caEnrollImpl +profile.caOtherCert.config=[PKI_INSTANCE_PATH]/profiles/ca/caOtherCert.cfg +profile.caRACert.class_id=caEnrollImpl +profile.caRACert.config=[PKI_INSTANCE_PATH]/profiles/ca/caRACert.cfg +profile.caRARouterCert.class_id=caEnrollImpl +profile.caRARouterCert.config=[PKI_INSTANCE_PATH]/profiles/ca/caRARouterCert.cfg +profile.caRouterCert.class_id=caEnrollImpl +profile.caRouterCert.config=[PKI_INSTANCE_PATH]/profiles/ca/caRouterCert.cfg +profile.caServerCert.class_id=caEnrollImpl +profile.caServerCert.config=[PKI_INSTANCE_PATH]/profiles/ca/caServerCert.cfg +profile.caSignedLogCert.class_id=caEnrollImpl +profile.caSignedLogCert.config=[PKI_INSTANCE_PATH]/profiles/ca/caSignedLogCert.cfg +profile.caSimpleCMCUserCert.class_id=caEnrollImpl +profile.caSimpleCMCUserCert.config=[PKI_INSTANCE_PATH]/profiles/ca/caSimpleCMCUserCert.cfg +profile.caTPSCert.class_id=caEnrollImpl +profile.caTPSCert.config=[PKI_INSTANCE_PATH]/profiles/ca/caTPSCert.cfg +profile.caAdminCert.class_id=caEnrollImpl +profile.caAdminCert.config=[PKI_INSTANCE_PATH]/profiles/ca/caAdminCert.cfg +profile.caTempTokenDeviceKeyEnrollment.class_id=caUserCertEnrollImpl +profile.caTempTokenDeviceKeyEnrollment.config=[PKI_INSTANCE_PATH]/profiles/ca/caTempTokenDeviceKeyEnrollment.cfg +profile.caTempTokenUserEncryptionKeyEnrollment.class_id=caUserCertEnrollImpl +profile.caTempTokenUserEncryptionKeyEnrollment.config=[PKI_INSTANCE_PATH]/profiles/ca/caTempTokenUserEncryptionKeyEnrollment.cfg +profile.caTokenUserEncryptionKeyRenewal.class_id=caUserCertEnrollImpl +profile.caTokenUserEncryptionKeyRenewal.config=[PKI_INSTANCE_PATH]/profiles/ca/caTokenUserEncryptionKeyRenewal.cfg +profile.caTempTokenUserSigningKeyEnrollment.class_id=caUserCertEnrollImpl +profile.caTempTokenUserSigningKeyEnrollment.config=[PKI_INSTANCE_PATH]/profiles/ca/caTempTokenUserSigningKeyEnrollment.cfg +profile.caTokenUserSigningKeyRenewal.class_id=caUserCertEnrollImpl +profile.caTokenUserSigningKeyRenewal.config=[PKI_INSTANCE_PATH]/profiles/ca/caTokenUserSigningKeyRenewal.cfg +profile.caTokenDeviceKeyEnrollment.class_id=caUserCertEnrollImpl +profile.caTokenDeviceKeyEnrollment.config=[PKI_INSTANCE_PATH]/profiles/ca/caTokenDeviceKeyEnrollment.cfg +profile.caTokenUserEncryptionKeyEnrollment.class_id=caUserCertEnrollImpl +profile.caTokenUserEncryptionKeyEnrollment.config=[PKI_INSTANCE_PATH]/profiles/ca/caTokenUserEncryptionKeyEnrollment.cfg +profile.caTokenUserSigningKeyEnrollment.class_id=caUserCertEnrollImpl +profile.caTokenUserSigningKeyEnrollment.config=[PKI_INSTANCE_PATH]/profiles/ca/caTokenUserSigningKeyEnrollment.cfg +profile.caTokenMSLoginEnrollment.class_id=caUserCertEnrollImpl +profile.caTokenMSLoginEnrollment.config=[PKI_INSTANCE_PATH]/profiles/ca/caTokenMSLoginEnrollment.cfg +profile.caTransportCert.class_id=caEnrollImpl +profile.caTransportCert.config=[PKI_INSTANCE_PATH]/profiles/ca/caTransportCert.cfg +profile.caUserCert.class_id=caEnrollImpl +profile.caUserCert.config=[PKI_INSTANCE_PATH]/profiles/ca/caUserCert.cfg +profile.caECUserCert.class_id=caEnrollImpl +profile.caECUserCert.config=[PKI_INSTANCE_PATH]/profiles/ca/caECUserCert.cfg +profile.caUserSMIMEcapCert.class_id=caEnrollImpl +profile.caUserSMIMEcapCert.config=[PKI_INSTANCE_PATH]/profiles/ca/caUserSMIMEcapCert.cfg +profile.caJarSigningCert.class_id=caEnrollImpl +profile.caJarSigningCert.config=[PKI_INSTANCE_PATH]/profiles/ca/caJarSigningCert.cfg +profile.caIPAserviceCert.class_id=caEnrollImpl +profile.caIPAserviceCert.config=[PKI_INSTANCE_PATH]/profiles/ca/caIPAserviceCert.cfg +profile.caEncUserCert.class_id=caEnrollImpl +profile.caEncUserCert.config=[PKI_INSTANCE_PATH]/profiles/ca/caEncUserCert.cfg +profile.caEncECUserCert.class_id=caEnrollImpl +profile.caEncECUserCert.config=[PKI_INSTANCE_PATH]/profiles/ca/caEncECUserCert.cfg +registry.file=[PKI_INSTANCE_PATH]/conf/registry.cfg +request.assignee.enable=true +selftests._000=## +selftests._001=## Self Tests +selftests._002=## +selftests._003=## The Self-Test plugin SystemCertsVerification uses the +selftests._004=## following parameters (where certusage is optional): +selftests._005=## ca.cert.list = <list of cert tag names deliminated by ","> +selftests._006=## ca.cert.<cert tag name>.nickname +selftests._007=## ca.cert.<cert tag name>.certusage +selftests._008=## +selftests.container.instance.CAPresence=com.netscape.cms.selftests.ca.CAPresence +selftests.container.instance.CAValidity=com.netscape.cms.selftests.ca.CAValidity +selftests.container.instance.SystemCertsVerification=com.netscape.cms.selftests.common.SystemCertsVerification +selftests.container.logger.bufferSize=512 +selftests.container.logger.class=com.netscape.cms.logging.RollingLogFile +selftests.container.logger.enable=true +selftests.container.logger.expirationTime=0 +selftests.container.logger.fileName=[PKI_INSTANCE_PATH]/logs/selftests.log +selftests.container.logger.flushInterval=5 +selftests.container.logger.level=1 +selftests.container.logger.maxFileSize=2000 +selftests.container.logger.register=false +selftests.container.logger.rolloverInterval=2592000 +selftests.container.logger.type=transaction +selftests.container.order.onDemand=CAPresence:critical, SystemCertsVerification:critical, CAValidity:critical +selftests.container.order.startup=CAPresence:critical, SystemCertsVerification:critical +selftests.plugin.CAPresence.CaSubId=ca +selftests.plugin.CAValidity.CaSubId=ca +selftests.plugin.SystemCertsVerification.SubId=ca +smtp.host=localhost +smtp.port=25 +subsystem.0.class=com.netscape.ca.CertificateAuthority +subsystem.0.id=ca +subsystem.1.class=com.netscape.cmscore.profile.ProfileSubsystem +subsystem.1.id=profile +subsystem.2.class=com.netscape.cmscore.selftests.SelfTestSubsystem +subsystem.2.id=selftests +subsystem.3.class=com.netscape.cmscore.cert.CrossCertPairSubsystem +subsystem.3.id=CrossCertPair +subsystem.4.class=com.netscape.cmscore.util.StatsSubsystem +subsystem.4.id=stats +usrgrp._000=## +usrgrp._001=## User/Group +usrgrp._002=## +usrgrp.ldap=internaldb +multiroles._000=## +multiroles._001=## multiroles +multiroles._002=## +multiroles.enable=true +multiroles.false.groupEnforceList=Administrators,Auditors,Trusted Managers,Certificate Manager Agents,Registration Manager Agents,Data Recovery Manager Agents,Online Certificate Status Manager Agents,Token Key Service Manager Agents,Enterprise CA Administrators,Enterprise KRA Administrators,Enterprise OCSP Administrators,Enterprise RA Administrators,Enterprise TKS Administrators,Enterprise TPS Administrators,Security Domain Administrators,Subsystem Group,ClonedSubsystems |