summaryrefslogtreecommitdiffstats
path: root/base/deploy/config/deployment.cfg
diff options
context:
space:
mode:
Diffstat (limited to 'base/deploy/config/deployment.cfg')
-rw-r--r--base/deploy/config/deployment.cfg75
1 files changed, 42 insertions, 33 deletions
diff --git a/base/deploy/config/deployment.cfg b/base/deploy/config/deployment.cfg
index 9eb930414..316d3c8f9 100644
--- a/base/deploy/config/deployment.cfg
+++ b/base/deploy/config/deployment.cfg
@@ -52,8 +52,21 @@ destroy_scriplets=
infrastructure_layout
finalization
+# By default, the following parameters will be set for Tomcat and Apache instances.
+# There is no reason to uncomment these. They are provided for reference in
+# case someone wants to override them in their config file.
+#
+# Tomcat instances:
+# pki_subsystem_name=pki_tomcat
+# pki_https_port=8443
+# pki_http_port=8080
+#
+# Apache instances:
+# pki_subsystem_name=pki_tomcat
+# pki_https_port=443
+# pki_http_port=80
+
pki_admin_cert_request_type=crmf
-pki_admin_domain_name=
pki_admin_dualkey=False
pki_admin_keysize=2048
pki_admin_password=
@@ -77,15 +90,12 @@ pki_ds_password=
pki_ds_remove_data=True
pki_ds_secure_connection=False
pki_group=pkiuser
-pki_http_port=%(default_http_port)s
-pki_https_port=%(default_https_port)s
pki_instance_id=%(pki_instance_name)s
-pki_instance_name=%(default_instance_name)s
pki_issuing_ca=
pki_restart_configured_instance=True
-pki_security_domain_hostname=%(hostname)s
+pki_security_domain_hostname=%(pki_hostname)s
pki_security_domain_https_port=8443
-pki_security_domain_name=%(dns_domainname)s Security Domain
+pki_security_domain_name=%(pki_dns_domainname)s Security Domain
pki_security_domain_password=
pki_security_domain_user=
pki_skip_configuration=False
@@ -94,9 +104,8 @@ pki_ssl_server_key_algorithm=SHA256withRSA
pki_ssl_server_key_size=2048
pki_ssl_server_key_type=rsa
pki_ssl_server_nickname=Server-Cert cert-%(pki_instance_id)s
-pki_ssl_server_subject_dn=cn=%(hostname)s,o=%(pki_security_domain_name)s
+pki_ssl_server_subject_dn=cn=%(pki_hostname)s,o=%(pki_security_domain_name)s
pki_ssl_server_token=Internal Key Storage Token
-pki_subsystem=%(subsystem_type)s
pki_subsystem_key_algorithm=SHA256withRSA
pki_subsystem_key_size=2048
pki_subsystem_key_type=rsa
@@ -166,7 +175,7 @@ pki_tomcat_server_port=8005
pki_ca_signing_key_algorithm=SHA256withRSA
pki_ca_signing_key_size=2048
pki_ca_signing_key_type=rsa
-pki_ca_signing_nickname=caSigningCert cert-%(pki_instance_id)s %(pki_subsystem)s
+pki_ca_signing_nickname=caSigningCert cert-%(pki_instance_id)s CA
pki_ca_signing_signing_algorithm=SHA256withRSA
pki_ca_signing_subject_dn=cn=CA Signing Certificate,o=%(pki_security_domain_name)s
pki_ca_signing_token=Internal Key Storage Token
@@ -179,22 +188,22 @@ pki_import_admin_cert=False
pki_ocsp_signing_key_algorithm=SHA256withRSA
pki_ocsp_signing_key_size=2048
pki_ocsp_signing_key_type=rsa
-pki_ocsp_signing_nickname=ocspSigningCert cert-%(pki_instance_id)s %(pki_subsystem)s
+pki_ocsp_signing_nickname=ocspSigningCert cert-%(pki_instance_id)s CA
pki_ocsp_signing_signing_algorithm=SHA256withRSA
pki_ocsp_signing_subject_dn=cn=CA OCSP Signing Certificate,o=%(pki_security_domain_name)s
pki_ocsp_signing_token=Internal Key Storage Token
pki_subordinate=False
-pki_admin_email=%(pki_admin_name)s@%(dns_domainname)s
+pki_admin_email=%(pki_admin_name)s@%(pki_dns_domainname)s
pki_admin_name=%(pki_admin_uid)s
-pki_admin_nickname=PKI Administrator for %(dns_domainname)s
+pki_admin_nickname=PKI Administrator for %(pki_dns_domainname)s
pki_admin_subject_dn=cn=PKI Administrator,e=%(pki_admin_email)s,o=%(pki_security_domain_name)s
pki_admin_uid=caadmin
-pki_audit_signing_nickname= auditSigningCert cert-%(pki_instance_id)s CA
+pki_audit_signing_nickname=auditSigningCert cert-%(pki_instance_id)s CA
pki_audit_signing_subject_dn=cn=CA Audit Signing Certificate,o=%(pki_security_domain_name)s
pki_ds_base_dn=o=%(pki_instance_id)s-CA
pki_ds_database=%(pki_instance_name)s-CA
-pki_ds_hostname=%(hostname)s
-pki_subsystem_name=CA %(hostname)s %(pki_https_port)s
+pki_ds_hostname=%(pki_hostname)s
+pki_subsystem_name=CA %(pki_hostname)s %(pki_https_port)s
pki_subsystem_nickname=subsystemCert cert-%(pki_instance_id)s CA
pki_subsystem_subject_dn=cn=CA Subsystem Certificate,o=%(pki_security_domain_name)s
@@ -222,17 +231,17 @@ pki_transport_nickname=transportCert cert-%(pki_instance_id)s KRA
pki_transport_signing_algorithm=SHA256withRSA
pki_transport_subject_dn=cn=DRM Transport Certificate,o=%(pki_security_domain_name)s
pki_transport_token=Internal Key Storage Token
-pki_admin_email=%(pki_admin_name)s@%(dns_domainname)s
+pki_admin_email=%(pki_admin_name)s@%(pki_dns_domainname)s
pki_admin_name=%(pki_admin_uid)s
-pki_admin_nickname=PKI Administrator for %(dns_domainname)s
-pki_admin_subject_dn=cn=PKI Administrator,,e=%(pki_admin_email)s,o=%(pki_security_domain_name)s
+pki_admin_nickname=PKI Administrator for %(pki_dns_domainname)s
+pki_admin_subject_dn=cn=PKI Administrator,e=%(pki_admin_email)s,o=%(pki_security_domain_name)s
pki_admin_uid=kraadmin
-pki_audit_signing_nickname= auditSigningCert cert-%(pki_instance_id)s KRA
+pki_audit_signing_nickname=auditSigningCert cert-%(pki_instance_id)s KRA
pki_audit_signing_subject_dn=cn=KRA Audit Signing Certificate,o=%(pki_security_domain_name)s
pki_ds_base_dn=o=%(pki_instance_id)s-KRA
pki_ds_database=%(pki_instance_name)s-KRA
-pki_ds_hostname=%(hostname)s
-pki_subsystem_name=KRA %(hostname)s %(pki_https_port)s
+pki_ds_hostname=%(pki_hostname)s
+pki_subsystem_name=KRA %(pki_hostname)s %(pki_https_port)s
pki_subsystem_nickname=subsystemCert cert-%(pki_instance_id)s KRA
pki_subsystem_subject_dn=cn=KRA Subsystem Certificate,o=%(pki_security_domain_name)s
@@ -252,17 +261,17 @@ pki_ocsp_signing_nickname=ocspSigningCert cert-%(pki_instance_id)s OCSP
pki_ocsp_signing_signing_algorithm=SHA256withRSA
pki_ocsp_signing_subject_dn=cn=OCSP Signing Certificate,o=%(pki_security_domain_name)s
pki_ocsp_signing_token=Internal Key Storage Token
-pki_admin_email=%(pki_admin_name)s@%(dns_domainname)s
+pki_admin_email=%(pki_admin_name)s@%(pki_dns_domainname)s
pki_admin_name=%(pki_admin_uid)s
-pki_admin_nickname=PKI Administrator for %(dns_domainname)s
-pki_admin_subject_dn=cn=PKI Administrator,,e=%(pki_admin_email)s,o=%(pki_security_domain_name)s
+pki_admin_nickname=PKI Administrator for %(pki_dns_domainname)s
+pki_admin_subject_dn=cn=PKI Administrator,e=%(pki_admin_email)s,o=%(pki_security_domain_name)s
pki_admin_uid=ocspadmin
-pki_audit_signing_nickname= auditSigningCert cert-%(pki_instance_id)s OCSP
+pki_audit_signing_nickname=auditSigningCert cert-%(pki_instance_id)s OCSP
pki_audit_signing_subject_dn=cn=OCSP Audit Signing Certificate,o=%(pki_security_domain_name)s
pki_ds_base_dn=o=%(pki_instance_id)s-OCSP
pki_ds_database=%(pki_instance_name)s-OCSP
-pki_ds_hostname=%(hostname)s
-pki_subsystem_name=OCSP %(hostname)s %(pki_https_port)s
+pki_ds_hostname=%(pki_hostname)s
+pki_subsystem_name=OCSP %(pki_hostname)s %(pki_https_port)s
pki_subsystem_nickname=subsystemCert cert-%(pki_instance_id)s OCSP
pki_subsystem_subject_dn=cn=OCSP Subsystem Certificate,o=%(pki_security_domain_name)s
@@ -283,17 +292,17 @@ pki_subsystem_subject_dn=cn=OCSP Subsystem Certificate,o=%(pki_security_domain_n
###############################################################################
[TKS]
pki_import_admin_cert=True
-pki_admin_email=%(pki_admin_name)s@%(dns_domainname)s
+pki_admin_email=%(pki_admin_name)s@%(pki_dns_domainname)s
pki_admin_name=%(pki_admin_uid)s
-pki_admin_nickname=PKI Administrator for %(dns_domainname)s
-pki_admin_subject_dn=cn=PKI Administrator,,e=%(pki_admin_email)s,o=%(pki_security_domain_name)s
+pki_admin_nickname=PKI Administrator for %(pki_dns_domainname)s
+pki_admin_subject_dn=cn=PKI Administrator,e=%(pki_admin_email)s,o=%(pki_security_domain_name)s
pki_admin_uid=tksadmin
-pki_audit_signing_nickname= auditSigningCert cert-%(pki_instance_id)s TKS
+pki_audit_signing_nickname=auditSigningCert cert-%(pki_instance_id)s TKS
pki_audit_signing_subject_dn=cn=TKS Audit Signing Certificate,o=%(pki_security_domain_name)s
pki_ds_base_dn=o=%(pki_instance_id)s-TKS
pki_ds_database=%(pki_instance_name)s-TKS
-pki_ds_hostname=%(hostname)s
-pki_subsystem_name=TKS %(hostname)s %(pki_https_port)s
+pki_ds_hostname=%(pki_hostname)s
+pki_subsystem_name=TKS %(pki_hostname)s %(pki_https_port)s
pki_subsystem_nickname=subsystemCert cert-%(pki_instance_id)s TKS
pki_subsystem_subject_dn=cn=TKS Subsystem Certificate,o=%(pki_security_domain_name)s