summaryrefslogtreecommitdiffstats
path: root/base/deploy/config/pkideployment.cfg
diff options
context:
space:
mode:
Diffstat (limited to 'base/deploy/config/pkideployment.cfg')
-rw-r--r--base/deploy/config/pkideployment.cfg76
1 files changed, 49 insertions, 27 deletions
diff --git a/base/deploy/config/pkideployment.cfg b/base/deploy/config/pkideployment.cfg
index 6630907..133d4e9 100644
--- a/base/deploy/config/pkideployment.cfg
+++ b/base/deploy/config/pkideployment.cfg
@@ -1,23 +1,29 @@
###############################################################################
-## 'Sensitive' Data: ##
-## ##
-## Values in this section pertain to various PKI subsystems, and contain ##
-## required 'sensitive' information which MUST ALWAYS be provided by users. ##
-## ##
-## IMPORTANT: Sensitive data values must NEVER be displayed to the ##
-## console NOR stored in log files!!! ##
-###############################################################################
-[Sensitive]
-pki_admin_password=
-pki_backup_password=
-pki_client_database_password=
-pki_client_pkcs12_password=
-pki_clone_pkcs12_password=
-pki_ds_password=
-pki_security_domain_password=
-pki_token_password=
-###############################################################################
-## 'Common' Data: ##
+## Default Configuration: ##
+## ##
+## This section contains meta-parameters that determine how the PKI ##
+## configuration should work. ##
+###############################################################################
+[DEFAULT]
+
+# The sensitive_parameters contains a list of parameters which may contain
+# sensitive information which must not be displayed to the console nor stored
+# in log files for security reasons.
+sensitive_parameters=
+ pki_admin_password
+ pki_backup_password
+ pki_client_database_password
+ pki_client_pin
+ pki_client_pkcs12_password
+ pki_clone_pkcs12_password
+ pki_ds_password
+ pki_one_time_pin
+ pki_pin
+ pki_security_domain_password
+ pki_token_password
+
+###############################################################################
+## Common Configuration: ##
## ##
## Values in this section are common to more than one PKI subsystem, and ##
## contain required information which MAY be overridden by users as ##
@@ -34,6 +40,7 @@ pki_admin_email=
pki_admin_keysize=2048
pki_admin_name=
pki_admin_nickname=
+pki_admin_password=
pki_admin_subject_dn=
pki_admin_uid=
pki_audit_group=pkiaudit
@@ -45,15 +52,19 @@ pki_audit_signing_signing_algorithm=SHA256withRSA
pki_audit_signing_subject_dn=
pki_audit_signing_token=
pki_backup_keys=False
+pki_backup_password=
pki_client_database_dir=
+pki_client_database_password=
pki_client_database_purge=True
pki_client_dir=
+pki_client_pkcs12_password=
pki_ds_base_dn=
pki_ds_bind_dn=cn=Directory Manager
pki_ds_database=
pki_ds_hostname=
pki_ds_ldap_port=389
pki_ds_ldaps_port=636
+pki_ds_password=
pki_ds_remove_data=True
pki_ds_secure_connection=False
pki_group=pkiuser
@@ -62,6 +73,7 @@ pki_restart_configured_instance=True
pki_security_domain_hostname=
pki_security_domain_https_port=8443
pki_security_domain_name=
+pki_security_domain_password=
pki_security_domain_user=
pki_skip_configuration=False
pki_skip_installation=False
@@ -78,9 +90,11 @@ pki_subsystem_nickname=
pki_subsystem_subject_dn=
pki_subsystem_token=
pki_token_name=internal
+pki_token_password=
pki_user=pkiuser
+
###############################################################################
-## 'Apache' Data: ##
+## Apache Configuration: ##
## ##
## Values in this section are common to PKI subsystems that run ##
## as an instance of 'Apache' (RA and TPS subsystems), and contain ##
@@ -90,8 +104,9 @@ pki_user=pkiuser
pki_instance_name=pki-apache
pki_http_port=80
pki_https_port=443
+
###############################################################################
-## 'Tomcat' Data: ##
+## Tomcat Configuration: ##
## ##
## Values in this section are common to PKI subsystems that run ##
## as an instance of 'Tomcat' (CA, KRA, OCSP, and TKS subsystems ##
@@ -108,6 +123,7 @@ pki_https_port=443
[Tomcat]
pki_ajp_port=8009
pki_clone=False
+pki_clone_pkcs12_password=
pki_clone_pkcs12_path=
pki_clone_replicate_schema=True
pki_clone_replication_master_port=
@@ -123,8 +139,9 @@ pki_proxy_http_port=80
pki_proxy_https_port=443
pki_security_manager=true
pki_tomcat_server_port=8005
+
###############################################################################
-## 'CA' Data: ##
+## CA Configuration: ##
## ##
## Values in this section are common to CA subsystems including 'PKI CAs', ##
## 'Cloned CAs', 'Subordinate CAs', and 'External CAs', and contain ##
@@ -162,8 +179,9 @@ pki_ocsp_signing_token=
pki_subordinate=False
pki_subsystem=CA
pki_subsystem_name=
+
###############################################################################
-## 'KRA' Data: ##
+## KRA Configuration: ##
## ##
## Values in this section are common to KRA subsystems ##
## including 'PKI KRAs' and 'Cloned KRAs', and contain ##
@@ -186,8 +204,9 @@ pki_transport_nickname=
pki_transport_signing_algorithm=SHA256withRSA
pki_transport_subject_dn=
pki_transport_token=
+
###############################################################################
-## 'OCSP' Data: ##
+## OCSP Configuration: ##
## ##
## Values in this section are common to OCSP subsystems ##
## including 'PKI OCSPs' and 'Cloned OCSPs', and contain ##
@@ -203,8 +222,9 @@ pki_ocsp_signing_subject_dn=
pki_ocsp_signing_token=
pki_subsystem=OCSP
pki_subsystem_name=
+
###############################################################################
-## 'RA' Data: ##
+## RA Configuration: ##
## ##
## Values in this section are common to PKI RA subsystems, and contain ##
## required information which MAY be overridden by users as necessary. ##
@@ -212,8 +232,9 @@ pki_subsystem_name=
[RA]
pki_subsystem=RA
pki_subsystem_name=
+
###############################################################################
-## 'TKS' Data: ##
+## TKS Configuration: ##
## ##
## Values in this section are common to TKS subsystems ##
## including 'PKI TKSs' and 'Cloned TKSs', and contain ##
@@ -222,8 +243,9 @@ pki_subsystem_name=
[TKS]
pki_subsystem=TKS
pki_subsystem_name=
+
###############################################################################
-## 'TPS' Data: ##
+## TPS Configuration: ##
## ##
## Values in this section are common to PKI TPS subsystems, and contain ##
## required information which MAY be overridden by users as necessary. ##