diff options
Diffstat (limited to 'base/deploy/config')
-rw-r--r-- | base/deploy/config/deployment.cfg | 154 |
1 files changed, 88 insertions, 66 deletions
diff --git a/base/deploy/config/deployment.cfg b/base/deploy/config/deployment.cfg index 6ff7a35bb..9eb930414 100644 --- a/base/deploy/config/deployment.cfg +++ b/base/deploy/config/deployment.cfg @@ -1,8 +1,13 @@ ############################################################################### -## Default Configuration: ## +## Common Configuration: ## +## ## +## Values in this section are common to more than one PKI subsystem, and ## +## contain required information which MAY be overridden by users as ## +## necessary. ## +## ## +## There are also some meta-parameters that determine how the PKI ## +## configuratiion should work. ## ## ## -## This section contains meta-parameters that determine how the PKI ## -## configuration should work. ## ############################################################################### [DEFAULT] @@ -47,35 +52,17 @@ destroy_scriplets= infrastructure_layout finalization -############################################################################### -## Common Configuration: ## -## ## -## Values in this section are common to more than one PKI subsystem, and ## -## contain required information which MAY be overridden by users as ## -## necessary. ## -## ## -## NOTE: Default values will be generated for any and all required ## -## 'common' data values which are left undefined. ## -############################################################################### -[Common] pki_admin_cert_request_type=crmf pki_admin_domain_name= pki_admin_dualkey=False -pki_admin_email= pki_admin_keysize=2048 -pki_admin_name= -pki_admin_nickname= pki_admin_password= -pki_admin_subject_dn= -pki_admin_uid= pki_audit_group=pkiaudit pki_audit_signing_key_algorithm=SHA256withRSA pki_audit_signing_key_size=2048 pki_audit_signing_key_type=rsa -pki_audit_signing_nickname= pki_audit_signing_signing_algorithm=SHA256withRSA -pki_audit_signing_subject_dn= -pki_audit_signing_token= +pki_audit_signing_token=Internal Key Storage Token pki_backup_keys=False pki_backup_password= pki_client_database_dir= @@ -83,21 +70,22 @@ pki_client_database_password= pki_client_database_purge=True pki_client_dir= pki_client_pkcs12_password= -pki_ds_base_dn= pki_ds_bind_dn=cn=Directory Manager -pki_ds_database= -pki_ds_hostname= pki_ds_ldap_port=389 pki_ds_ldaps_port=636 pki_ds_password= pki_ds_remove_data=True pki_ds_secure_connection=False pki_group=pkiuser +pki_http_port=%(default_http_port)s +pki_https_port=%(default_https_port)s +pki_instance_id=%(pki_instance_name)s +pki_instance_name=%(default_instance_name)s pki_issuing_ca= pki_restart_configured_instance=True -pki_security_domain_hostname= +pki_security_domain_hostname=%(hostname)s pki_security_domain_https_port=8443 -pki_security_domain_name= +pki_security_domain_name=%(dns_domainname)s Security Domain pki_security_domain_password= pki_security_domain_user= pki_skip_configuration=False @@ -105,15 +93,14 @@ pki_skip_installation=False pki_ssl_server_key_algorithm=SHA256withRSA pki_ssl_server_key_size=2048 pki_ssl_server_key_type=rsa -pki_ssl_server_nickname= -pki_ssl_server_subject_dn= -pki_ssl_server_token= +pki_ssl_server_nickname=Server-Cert cert-%(pki_instance_id)s +pki_ssl_server_subject_dn=cn=%(hostname)s,o=%(pki_security_domain_name)s +pki_ssl_server_token=Internal Key Storage Token +pki_subsystem=%(subsystem_type)s pki_subsystem_key_algorithm=SHA256withRSA pki_subsystem_key_size=2048 pki_subsystem_key_type=rsa -pki_subsystem_nickname= -pki_subsystem_subject_dn= -pki_subsystem_token= +pki_subsystem_token=Internal Key Storage Token pki_token_name=internal pki_token_password= pki_user=pkiuser @@ -126,9 +113,6 @@ pki_user=pkiuser ## required information which MAY be overridden by users as necessary. ## ############################################################################### [Apache] -pki_instance_name=pki-apache -pki_http_port=80 -pki_https_port=443 ############################################################################### ## Tomcat Configuration: ## @@ -157,9 +141,6 @@ pki_clone_replication_security=None pki_clone_uri= pki_enable_java_debugger=False pki_enable_proxy=False -pki_http_port=8080 -pki_https_port=8443 -pki_instance_name=pki-tomcat pki_proxy_http_port=80 pki_proxy_https_port=443 pki_security_manager=true @@ -185,10 +166,10 @@ pki_tomcat_server_port=8005 pki_ca_signing_key_algorithm=SHA256withRSA pki_ca_signing_key_size=2048 pki_ca_signing_key_type=rsa -pki_ca_signing_nickname= +pki_ca_signing_nickname=caSigningCert cert-%(pki_instance_id)s %(pki_subsystem)s pki_ca_signing_signing_algorithm=SHA256withRSA -pki_ca_signing_subject_dn= -pki_ca_signing_token= +pki_ca_signing_subject_dn=cn=CA Signing Certificate,o=%(pki_security_domain_name)s +pki_ca_signing_token=Internal Key Storage Token pki_external=False pki_external_ca_cert_chain_path= pki_external_ca_cert_path= @@ -198,13 +179,25 @@ pki_import_admin_cert=False pki_ocsp_signing_key_algorithm=SHA256withRSA pki_ocsp_signing_key_size=2048 pki_ocsp_signing_key_type=rsa -pki_ocsp_signing_nickname= +pki_ocsp_signing_nickname=ocspSigningCert cert-%(pki_instance_id)s %(pki_subsystem)s pki_ocsp_signing_signing_algorithm=SHA256withRSA -pki_ocsp_signing_subject_dn= -pki_ocsp_signing_token= +pki_ocsp_signing_subject_dn=cn=CA OCSP Signing Certificate,o=%(pki_security_domain_name)s +pki_ocsp_signing_token=Internal Key Storage Token pki_subordinate=False -pki_subsystem=CA -pki_subsystem_name= +pki_admin_email=%(pki_admin_name)s@%(dns_domainname)s +pki_admin_name=%(pki_admin_uid)s +pki_admin_nickname=PKI Administrator for %(dns_domainname)s +pki_admin_subject_dn=cn=PKI Administrator,e=%(pki_admin_email)s,o=%(pki_security_domain_name)s +pki_admin_uid=caadmin +pki_audit_signing_nickname= auditSigningCert cert-%(pki_instance_id)s CA +pki_audit_signing_subject_dn=cn=CA Audit Signing Certificate,o=%(pki_security_domain_name)s +pki_ds_base_dn=o=%(pki_instance_id)s-CA +pki_ds_database=%(pki_instance_name)s-CA +pki_ds_hostname=%(hostname)s +pki_subsystem_name=CA %(hostname)s %(pki_https_port)s +pki_subsystem_nickname=subsystemCert cert-%(pki_instance_id)s CA +pki_subsystem_subject_dn=cn=CA Subsystem Certificate,o=%(pki_security_domain_name)s + ############################################################################### ## KRA Configuration: ## @@ -218,19 +211,30 @@ pki_import_admin_cert=True pki_storage_key_algorithm=SHA256withRSA pki_storage_key_size=2048 pki_storage_key_type=rsa -pki_storage_nickname= +pki_storage_nickname=storageCert cert-%(pki_instance_id)s KRA pki_storage_signing_algorithm=SHA256withRSA -pki_storage_subject_dn= -pki_storage_token= -pki_subsystem=KRA -pki_subsystem_name= +pki_storage_subject_dn=cn=DRM Storage Certificate,o=%(pki_security_domain_name)s +pki_storage_token=Internal Key Storage Token pki_transport_key_algorithm=SHA256withRSA pki_transport_key_size=2048 pki_transport_key_type=rsa -pki_transport_nickname= +pki_transport_nickname=transportCert cert-%(pki_instance_id)s KRA pki_transport_signing_algorithm=SHA256withRSA -pki_transport_subject_dn= -pki_transport_token= +pki_transport_subject_dn=cn=DRM Transport Certificate,o=%(pki_security_domain_name)s +pki_transport_token=Internal Key Storage Token +pki_admin_email=%(pki_admin_name)s@%(dns_domainname)s +pki_admin_name=%(pki_admin_uid)s +pki_admin_nickname=PKI Administrator for %(dns_domainname)s +pki_admin_subject_dn=cn=PKI Administrator,,e=%(pki_admin_email)s,o=%(pki_security_domain_name)s +pki_admin_uid=kraadmin +pki_audit_signing_nickname= auditSigningCert cert-%(pki_instance_id)s KRA +pki_audit_signing_subject_dn=cn=KRA Audit Signing Certificate,o=%(pki_security_domain_name)s +pki_ds_base_dn=o=%(pki_instance_id)s-KRA +pki_ds_database=%(pki_instance_name)s-KRA +pki_ds_hostname=%(hostname)s +pki_subsystem_name=KRA %(hostname)s %(pki_https_port)s +pki_subsystem_nickname=subsystemCert cert-%(pki_instance_id)s KRA +pki_subsystem_subject_dn=cn=KRA Subsystem Certificate,o=%(pki_security_domain_name)s ############################################################################### ## OCSP Configuration: ## @@ -244,12 +248,23 @@ pki_import_admin_cert=True pki_ocsp_signing_key_algorithm=SHA256withRSA pki_ocsp_signing_key_size=2048 pki_ocsp_signing_key_type=rsa -pki_ocsp_signing_nickname= +pki_ocsp_signing_nickname=ocspSigningCert cert-%(pki_instance_id)s OCSP pki_ocsp_signing_signing_algorithm=SHA256withRSA -pki_ocsp_signing_subject_dn= -pki_ocsp_signing_token= -pki_subsystem=OCSP -pki_subsystem_name= +pki_ocsp_signing_subject_dn=cn=OCSP Signing Certificate,o=%(pki_security_domain_name)s +pki_ocsp_signing_token=Internal Key Storage Token +pki_admin_email=%(pki_admin_name)s@%(dns_domainname)s +pki_admin_name=%(pki_admin_uid)s +pki_admin_nickname=PKI Administrator for %(dns_domainname)s +pki_admin_subject_dn=cn=PKI Administrator,,e=%(pki_admin_email)s,o=%(pki_security_domain_name)s +pki_admin_uid=ocspadmin +pki_audit_signing_nickname= auditSigningCert cert-%(pki_instance_id)s OCSP +pki_audit_signing_subject_dn=cn=OCSP Audit Signing Certificate,o=%(pki_security_domain_name)s +pki_ds_base_dn=o=%(pki_instance_id)s-OCSP +pki_ds_database=%(pki_instance_name)s-OCSP +pki_ds_hostname=%(hostname)s +pki_subsystem_name=OCSP %(hostname)s %(pki_https_port)s +pki_subsystem_nickname=subsystemCert cert-%(pki_instance_id)s OCSP +pki_subsystem_subject_dn=cn=OCSP Subsystem Certificate,o=%(pki_security_domain_name)s ############################################################################### ## RA Configuration: ## @@ -258,8 +273,6 @@ pki_subsystem_name= ## required information which MAY be overridden by users as necessary. ## ############################################################################### [RA] -pki_subsystem=RA -pki_subsystem_name= ############################################################################### ## TKS Configuration: ## @@ -270,8 +283,19 @@ pki_subsystem_name= ############################################################################### [TKS] pki_import_admin_cert=True -pki_subsystem=TKS -pki_subsystem_name= +pki_admin_email=%(pki_admin_name)s@%(dns_domainname)s +pki_admin_name=%(pki_admin_uid)s +pki_admin_nickname=PKI Administrator for %(dns_domainname)s +pki_admin_subject_dn=cn=PKI Administrator,,e=%(pki_admin_email)s,o=%(pki_security_domain_name)s +pki_admin_uid=tksadmin +pki_audit_signing_nickname= auditSigningCert cert-%(pki_instance_id)s TKS +pki_audit_signing_subject_dn=cn=TKS Audit Signing Certificate,o=%(pki_security_domain_name)s +pki_ds_base_dn=o=%(pki_instance_id)s-TKS +pki_ds_database=%(pki_instance_name)s-TKS +pki_ds_hostname=%(hostname)s +pki_subsystem_name=TKS %(hostname)s %(pki_https_port)s +pki_subsystem_nickname=subsystemCert cert-%(pki_instance_id)s TKS +pki_subsystem_subject_dn=cn=TKS Subsystem Certificate,o=%(pki_security_domain_name)s ############################################################################### ## TPS Configuration: ## @@ -280,5 +304,3 @@ pki_subsystem_name= ## required information which MAY be overridden by users as necessary. ## ############################################################################### [TPS] -pki_subsystem=TPS -pki_subsystem_name= |