summaryrefslogtreecommitdiffstats
path: root/base/deploy/config/deployment.cfg
diff options
context:
space:
mode:
Diffstat (limited to 'base/deploy/config/deployment.cfg')
-rw-r--r--base/deploy/config/deployment.cfg154
1 files changed, 88 insertions, 66 deletions
diff --git a/base/deploy/config/deployment.cfg b/base/deploy/config/deployment.cfg
index 6ff7a35bb..9eb930414 100644
--- a/base/deploy/config/deployment.cfg
+++ b/base/deploy/config/deployment.cfg
@@ -1,8 +1,13 @@
###############################################################################
-## Default Configuration: ##
+## Common Configuration: ##
+## ##
+## Values in this section are common to more than one PKI subsystem, and ##
+## contain required information which MAY be overridden by users as ##
+## necessary. ##
+## ##
+## There are also some meta-parameters that determine how the PKI ##
+## configuratiion should work. ##
## ##
-## This section contains meta-parameters that determine how the PKI ##
-## configuration should work. ##
###############################################################################
[DEFAULT]
@@ -47,35 +52,17 @@ destroy_scriplets=
infrastructure_layout
finalization
-###############################################################################
-## Common Configuration: ##
-## ##
-## Values in this section are common to more than one PKI subsystem, and ##
-## contain required information which MAY be overridden by users as ##
-## necessary. ##
-## ##
-## NOTE: Default values will be generated for any and all required ##
-## 'common' data values which are left undefined. ##
-###############################################################################
-[Common]
pki_admin_cert_request_type=crmf
pki_admin_domain_name=
pki_admin_dualkey=False
-pki_admin_email=
pki_admin_keysize=2048
-pki_admin_name=
-pki_admin_nickname=
pki_admin_password=
-pki_admin_subject_dn=
-pki_admin_uid=
pki_audit_group=pkiaudit
pki_audit_signing_key_algorithm=SHA256withRSA
pki_audit_signing_key_size=2048
pki_audit_signing_key_type=rsa
-pki_audit_signing_nickname=
pki_audit_signing_signing_algorithm=SHA256withRSA
-pki_audit_signing_subject_dn=
-pki_audit_signing_token=
+pki_audit_signing_token=Internal Key Storage Token
pki_backup_keys=False
pki_backup_password=
pki_client_database_dir=
@@ -83,21 +70,22 @@ pki_client_database_password=
pki_client_database_purge=True
pki_client_dir=
pki_client_pkcs12_password=
-pki_ds_base_dn=
pki_ds_bind_dn=cn=Directory Manager
-pki_ds_database=
-pki_ds_hostname=
pki_ds_ldap_port=389
pki_ds_ldaps_port=636
pki_ds_password=
pki_ds_remove_data=True
pki_ds_secure_connection=False
pki_group=pkiuser
+pki_http_port=%(default_http_port)s
+pki_https_port=%(default_https_port)s
+pki_instance_id=%(pki_instance_name)s
+pki_instance_name=%(default_instance_name)s
pki_issuing_ca=
pki_restart_configured_instance=True
-pki_security_domain_hostname=
+pki_security_domain_hostname=%(hostname)s
pki_security_domain_https_port=8443
-pki_security_domain_name=
+pki_security_domain_name=%(dns_domainname)s Security Domain
pki_security_domain_password=
pki_security_domain_user=
pki_skip_configuration=False
@@ -105,15 +93,14 @@ pki_skip_installation=False
pki_ssl_server_key_algorithm=SHA256withRSA
pki_ssl_server_key_size=2048
pki_ssl_server_key_type=rsa
-pki_ssl_server_nickname=
-pki_ssl_server_subject_dn=
-pki_ssl_server_token=
+pki_ssl_server_nickname=Server-Cert cert-%(pki_instance_id)s
+pki_ssl_server_subject_dn=cn=%(hostname)s,o=%(pki_security_domain_name)s
+pki_ssl_server_token=Internal Key Storage Token
+pki_subsystem=%(subsystem_type)s
pki_subsystem_key_algorithm=SHA256withRSA
pki_subsystem_key_size=2048
pki_subsystem_key_type=rsa
-pki_subsystem_nickname=
-pki_subsystem_subject_dn=
-pki_subsystem_token=
+pki_subsystem_token=Internal Key Storage Token
pki_token_name=internal
pki_token_password=
pki_user=pkiuser
@@ -126,9 +113,6 @@ pki_user=pkiuser
## required information which MAY be overridden by users as necessary. ##
###############################################################################
[Apache]
-pki_instance_name=pki-apache
-pki_http_port=80
-pki_https_port=443
###############################################################################
## Tomcat Configuration: ##
@@ -157,9 +141,6 @@ pki_clone_replication_security=None
pki_clone_uri=
pki_enable_java_debugger=False
pki_enable_proxy=False
-pki_http_port=8080
-pki_https_port=8443
-pki_instance_name=pki-tomcat
pki_proxy_http_port=80
pki_proxy_https_port=443
pki_security_manager=true
@@ -185,10 +166,10 @@ pki_tomcat_server_port=8005
pki_ca_signing_key_algorithm=SHA256withRSA
pki_ca_signing_key_size=2048
pki_ca_signing_key_type=rsa
-pki_ca_signing_nickname=
+pki_ca_signing_nickname=caSigningCert cert-%(pki_instance_id)s %(pki_subsystem)s
pki_ca_signing_signing_algorithm=SHA256withRSA
-pki_ca_signing_subject_dn=
-pki_ca_signing_token=
+pki_ca_signing_subject_dn=cn=CA Signing Certificate,o=%(pki_security_domain_name)s
+pki_ca_signing_token=Internal Key Storage Token
pki_external=False
pki_external_ca_cert_chain_path=
pki_external_ca_cert_path=
@@ -198,13 +179,25 @@ pki_import_admin_cert=False
pki_ocsp_signing_key_algorithm=SHA256withRSA
pki_ocsp_signing_key_size=2048
pki_ocsp_signing_key_type=rsa
-pki_ocsp_signing_nickname=
+pki_ocsp_signing_nickname=ocspSigningCert cert-%(pki_instance_id)s %(pki_subsystem)s
pki_ocsp_signing_signing_algorithm=SHA256withRSA
-pki_ocsp_signing_subject_dn=
-pki_ocsp_signing_token=
+pki_ocsp_signing_subject_dn=cn=CA OCSP Signing Certificate,o=%(pki_security_domain_name)s
+pki_ocsp_signing_token=Internal Key Storage Token
pki_subordinate=False
-pki_subsystem=CA
-pki_subsystem_name=
+pki_admin_email=%(pki_admin_name)s@%(dns_domainname)s
+pki_admin_name=%(pki_admin_uid)s
+pki_admin_nickname=PKI Administrator for %(dns_domainname)s
+pki_admin_subject_dn=cn=PKI Administrator,e=%(pki_admin_email)s,o=%(pki_security_domain_name)s
+pki_admin_uid=caadmin
+pki_audit_signing_nickname= auditSigningCert cert-%(pki_instance_id)s CA
+pki_audit_signing_subject_dn=cn=CA Audit Signing Certificate,o=%(pki_security_domain_name)s
+pki_ds_base_dn=o=%(pki_instance_id)s-CA
+pki_ds_database=%(pki_instance_name)s-CA
+pki_ds_hostname=%(hostname)s
+pki_subsystem_name=CA %(hostname)s %(pki_https_port)s
+pki_subsystem_nickname=subsystemCert cert-%(pki_instance_id)s CA
+pki_subsystem_subject_dn=cn=CA Subsystem Certificate,o=%(pki_security_domain_name)s
+
###############################################################################
## KRA Configuration: ##
@@ -218,19 +211,30 @@ pki_import_admin_cert=True
pki_storage_key_algorithm=SHA256withRSA
pki_storage_key_size=2048
pki_storage_key_type=rsa
-pki_storage_nickname=
+pki_storage_nickname=storageCert cert-%(pki_instance_id)s KRA
pki_storage_signing_algorithm=SHA256withRSA
-pki_storage_subject_dn=
-pki_storage_token=
-pki_subsystem=KRA
-pki_subsystem_name=
+pki_storage_subject_dn=cn=DRM Storage Certificate,o=%(pki_security_domain_name)s
+pki_storage_token=Internal Key Storage Token
pki_transport_key_algorithm=SHA256withRSA
pki_transport_key_size=2048
pki_transport_key_type=rsa
-pki_transport_nickname=
+pki_transport_nickname=transportCert cert-%(pki_instance_id)s KRA
pki_transport_signing_algorithm=SHA256withRSA
-pki_transport_subject_dn=
-pki_transport_token=
+pki_transport_subject_dn=cn=DRM Transport Certificate,o=%(pki_security_domain_name)s
+pki_transport_token=Internal Key Storage Token
+pki_admin_email=%(pki_admin_name)s@%(dns_domainname)s
+pki_admin_name=%(pki_admin_uid)s
+pki_admin_nickname=PKI Administrator for %(dns_domainname)s
+pki_admin_subject_dn=cn=PKI Administrator,,e=%(pki_admin_email)s,o=%(pki_security_domain_name)s
+pki_admin_uid=kraadmin
+pki_audit_signing_nickname= auditSigningCert cert-%(pki_instance_id)s KRA
+pki_audit_signing_subject_dn=cn=KRA Audit Signing Certificate,o=%(pki_security_domain_name)s
+pki_ds_base_dn=o=%(pki_instance_id)s-KRA
+pki_ds_database=%(pki_instance_name)s-KRA
+pki_ds_hostname=%(hostname)s
+pki_subsystem_name=KRA %(hostname)s %(pki_https_port)s
+pki_subsystem_nickname=subsystemCert cert-%(pki_instance_id)s KRA
+pki_subsystem_subject_dn=cn=KRA Subsystem Certificate,o=%(pki_security_domain_name)s
###############################################################################
## OCSP Configuration: ##
@@ -244,12 +248,23 @@ pki_import_admin_cert=True
pki_ocsp_signing_key_algorithm=SHA256withRSA
pki_ocsp_signing_key_size=2048
pki_ocsp_signing_key_type=rsa
-pki_ocsp_signing_nickname=
+pki_ocsp_signing_nickname=ocspSigningCert cert-%(pki_instance_id)s OCSP
pki_ocsp_signing_signing_algorithm=SHA256withRSA
-pki_ocsp_signing_subject_dn=
-pki_ocsp_signing_token=
-pki_subsystem=OCSP
-pki_subsystem_name=
+pki_ocsp_signing_subject_dn=cn=OCSP Signing Certificate,o=%(pki_security_domain_name)s
+pki_ocsp_signing_token=Internal Key Storage Token
+pki_admin_email=%(pki_admin_name)s@%(dns_domainname)s
+pki_admin_name=%(pki_admin_uid)s
+pki_admin_nickname=PKI Administrator for %(dns_domainname)s
+pki_admin_subject_dn=cn=PKI Administrator,,e=%(pki_admin_email)s,o=%(pki_security_domain_name)s
+pki_admin_uid=ocspadmin
+pki_audit_signing_nickname= auditSigningCert cert-%(pki_instance_id)s OCSP
+pki_audit_signing_subject_dn=cn=OCSP Audit Signing Certificate,o=%(pki_security_domain_name)s
+pki_ds_base_dn=o=%(pki_instance_id)s-OCSP
+pki_ds_database=%(pki_instance_name)s-OCSP
+pki_ds_hostname=%(hostname)s
+pki_subsystem_name=OCSP %(hostname)s %(pki_https_port)s
+pki_subsystem_nickname=subsystemCert cert-%(pki_instance_id)s OCSP
+pki_subsystem_subject_dn=cn=OCSP Subsystem Certificate,o=%(pki_security_domain_name)s
###############################################################################
## RA Configuration: ##
@@ -258,8 +273,6 @@ pki_subsystem_name=
## required information which MAY be overridden by users as necessary. ##
###############################################################################
[RA]
-pki_subsystem=RA
-pki_subsystem_name=
###############################################################################
## TKS Configuration: ##
@@ -270,8 +283,19 @@ pki_subsystem_name=
###############################################################################
[TKS]
pki_import_admin_cert=True
-pki_subsystem=TKS
-pki_subsystem_name=
+pki_admin_email=%(pki_admin_name)s@%(dns_domainname)s
+pki_admin_name=%(pki_admin_uid)s
+pki_admin_nickname=PKI Administrator for %(dns_domainname)s
+pki_admin_subject_dn=cn=PKI Administrator,,e=%(pki_admin_email)s,o=%(pki_security_domain_name)s
+pki_admin_uid=tksadmin
+pki_audit_signing_nickname= auditSigningCert cert-%(pki_instance_id)s TKS
+pki_audit_signing_subject_dn=cn=TKS Audit Signing Certificate,o=%(pki_security_domain_name)s
+pki_ds_base_dn=o=%(pki_instance_id)s-TKS
+pki_ds_database=%(pki_instance_name)s-TKS
+pki_ds_hostname=%(hostname)s
+pki_subsystem_name=TKS %(hostname)s %(pki_https_port)s
+pki_subsystem_nickname=subsystemCert cert-%(pki_instance_id)s TKS
+pki_subsystem_subject_dn=cn=TKS Subsystem Certificate,o=%(pki_security_domain_name)s
###############################################################################
## TPS Configuration: ##
@@ -280,5 +304,3 @@ pki_subsystem_name=
## required information which MAY be overridden by users as necessary. ##
###############################################################################
[TPS]
-pki_subsystem=TPS
-pki_subsystem_name=
generated by cgit (git 2.34.1) at 2024-04-19 19:48:03 +0000