diff options
Diffstat (limited to 'base/tps/shared/conf/CS.cfg.in')
| -rw-r--r-- | base/tps/shared/conf/CS.cfg.in | 1603 |
1 files changed, 0 insertions, 1603 deletions
diff --git a/base/tps/shared/conf/CS.cfg.in b/base/tps/shared/conf/CS.cfg.in deleted file mode 100644 index 1a392a119..000000000 --- a/base/tps/shared/conf/CS.cfg.in +++ /dev/null @@ -1,1603 +0,0 @@ -_000=## -_001=## Token Processing System (TPS) Configuration File -_002=## -accessEvaluator.impl.group.class=com.netscape.cms.evaluators.GroupAccessEvaluator -accessEvaluator.impl.ipaddress.class=com.netscape.cms.evaluators.IPAddressAccessEvaluator -accessEvaluator.impl.user.class=com.netscape.cms.evaluators.UserAccessEvaluator -applet._000=######################################### -applet._001=# applet information -applet._002=# SAF Key: -applet._003=# applet.aid.cardmgr_instance=A0000001510000 -applet._004=######################################### -applet.aid.cardmgr_instance=A0000000030000 -applet.aid.netkey_file=627601FF0000 -applet.aid.netkey_instance=627601FF000000 -applet.aid.netkey_old_file=A000000001 -applet.aid.netkey_old_instance=A00000000101 -applet.delete_old=true -applet.so_pin=000000000000 -auths._000=## -auths._001=## new authentication -auths._002=## -auths.impl._000=## -auths.impl._001=## authentication manager implementations -auths.impl._002=## -auths.impl.AgentCertAuth.class=com.netscape.cms.authentication.AgentCertAuthentication -auths.impl.CMCAuth.class=com.netscape.cms.authentication.CMCAuth -auths.impl.NISAuth.class=com.netscape.cms.authentication.NISAuth -auths.impl.PortalEnroll.class=com.netscape.cms.authentication.PortalEnroll -auths.impl.SSLclientCertAuth.class=com.netscape.cms.authentication.SSLclientCertAuthentication -auths.impl.TokenAuth.class=com.netscape.cms.authentication.TokenAuthentication -auths.impl.UdnPwdDirAuth.class=com.netscape.cms.authentication.UdnPwdDirAuthentication -auths.impl.UidPwdDirAuth.class=com.netscape.cms.authentication.UidPwdDirAuthentication -auths.impl.UidPwdPinDirAuth.class=com.netscape.cms.authentication.UidPwdPinDirAuthentication -auths.instance.AgentCertAuth.agentGroup=Certificate Manager Agents -auths.instance.AgentCertAuth.pluginName=AgentCertAuth -auths.instance.TokenAuth.pluginName=TokenAuth -auths.instance.ldap1.dnpattern= -auths.instance.ldap1.ldapByteAttributes= -auths.instance.ldap1.ldapStringAttributes=mail,cn,uid -auths.instance.ldap1.ldap.basedn=[LDAP_ROOT] -auths.instance.ldap1.ldap.maxConns=15 -auths.instance.ldap1.ldap.minConns=3 -auths.instance.ldap1.ldap.ldapauth.authtype=BasicAuth -auths.instance.ldap1.ldap.ldapauth.bindDN= -auths.instance.ldap1.ldap.ldapauth.bindPWPrompt=ldap1 -auths.instance.ldap1.ldap.ldapauth.clientCertNickname= -auths.instance.ldap1.ldap.ldapconn.host=[LDAP_HOST] -auths.instance.ldap1.ldap.ldapconn.port=[LDAP_PORT] -auths.instance.ldap1.ldap.ldapconn.secureConn=false -auths.instance.ldap1.ldap.ldapconn.version=3 -auths.instance.ldap1.pluginName=UidPwdDirAuth -auths.instance.SSLclientCertAuth.pluginName=SSLclientCertAuth -auths.revocationChecking.bufferSize=50 -authType=pwd -authz._000=## -authz._001=## new authorizatioin -authz._002=## -authz.evaluateOrder=deny,allow -authz.impl._000=## -authz.impl._001=## authorization manager implementations -authz.impl._002=## -authz.impl.BasicAclAuthz.class=com.netscape.cms.authorization.BasicAclAuthz -authz.impl.DirAclAuthz.class=com.netscape.cms.authorization.DirAclAuthz -authz.instance.BasicAclAuthz.pluginName=BasicAclAuthz -authz.instance.DirAclAuthz.ldap._000=## -authz.instance.DirAclAuthz.ldap._001=## Internal Database -authz.instance.DirAclAuthz.ldap._002=## -authz.instance.DirAclAuthz.ldap=internaldb -authz.instance.DirAclAuthz.pluginName=DirAclAuthz -authz.sourceType=ldap -channel._000=######################################### -channel._001=# channel.encryption: -channel._002=# -channel._003=# - enable encryption for all operation commands to token -channel._004=# - default is true -channel._005=# channel.blocksize=242 -channel._006=# channel.defKeyVersion=0 -channel._007=# channel.defKeyIndex=0 -channel._008=# -channel._009=# Config the size of memory managed memory in the applet -channel._010=# Default is 5000, try not go get close to the instanceSize -channel._011=# which defaults to 18000: -channel._012=# -channel._013=# * channel.instanceSize=18000 -channel._014=# * channel.appletMemorySize=5000 -channel._015=######################################### -channel.encryption=true -channel.blocksize=248 -channel.defKeyVersion=0 -channel.defKeyIndex=0 -cms.product.version=@APPLICATION_VERSION@ -cms.version=@APPLICATION_VERSION_MAJOR@.@APPLICATION_VERSION_MINOR@ -config.Generals.General.state=Enabled -config.Generals.General.timestamp=1280283607424406 -configurationRoot=/[PKI_SUBSYSTEM_TYPE]/conf/ -conn.ca1._000=######################################### -conn.ca1._001=# CA connection -conn.ca1._002=# -conn.ca1._003=# conn.ca<n>.hostport: -conn.ca1._004=# - host name and port number of your CA, format is host:port -conn.ca1._005=# conn.ca<n>.clientNickname: -conn.ca1._006=# - nickname of the client certificate for -conn.ca1._007=# authentication -conn.ca1._008=# conn.ca<n>.servlet.enrollment: -conn.ca1._009=# - servlet to contact in CA -conn.ca1._010=# - must be '/ca/profileSubmitSSLClient' -conn.ca1._011=# conn.ca<n>.retryConnect: -conn.ca1._012=# - number of reconnection attempts on failure -conn.ca1._013=# conn.ca<n>.timeout: -conn.ca1._014=# - connection timeout -conn.ca1._015=# conn.ca<n>.SSLOn: -conn.ca1._016=# - enable SSL or not -conn.ca1._017=# conn.ca<n>.keepAlive: -conn.ca1._018=# - enable keep alive or not -conn.ca1._019=# conn.ca<n>.caNickname: -conn.ca1._020=# - nickname of the ca certificate -conn.ca1._021=# conn.ca<n>.caSKI: -conn.ca1._022=# - Subject Key Identifier (in Base64) of the ca certificate -conn.ca1._023=# (automatically calculated by the system) -conn.ca1._024=# -conn.ca1._025=# conn.ca.list=ca1,ca2...ca<n> -conn.ca1._026=# - list of ca connection IDs for revocation routing -conn.ca1._027=# -conn.ca1._028=# where -conn.ca1._029=# <n> - CA connection ID -conn.ca1._030=######################################### -conn.ca1.clientNickname=[HSM_LABEL][NICKNAME] -conn.ca1.hostport=[PKI_CA_HOSTNAME]:[PKI_CA_PORT] -conn.ca1.keepAlive=true -conn.ca1.retryConnect=3 -conn.ca1.servlet.enrollment=/ca/ee/ca/profileSubmitSSLClient -conn.ca1.servlet.renewal=/ca/ee/ca/profileSubmitSSLClient -conn.ca1.servlet.revoke=/ca/ee/subsystem/ca/doRevoke -conn.ca1.servlet.unrevoke=/ca/ee/subsystem/ca/doUnrevoke -conn.ca1.SSLOn=true -conn.ca1.timeout=100 -conn.drm1._000=######################################### -conn.drm1._001=# DRM connection -conn.drm1._002=# -conn.drm1._003=#conn.drm.totalConns -conn.drm1._004=# - # of DRM connections -conn.drm1._005=#conn.drm<n>.hostport -conn.drm1._006=# - host name and port number of your DRM, the format is host:port -conn.drm1._007=#conn.drm<n>.clientNickname -conn.drm1._008=# - nickname of the client certificate for -conn.drm1._009=# authentication -conn.drm1._010=#conn.drm<n>.servlet.GenerateKeyPair -conn.drm1._011=# - servlet to generate key pairs and archive keys on DRM -conn.drm1._012=# - must be '/kra/GenerateKeyPair' -conn.drm1._013=#conn.drm<n>.servlet.TokenKeyRecovery=/kra/TokenKeyRecovery -conn.drm1._014=# - servlet to handle key recovery -conn.drm1._015=# - must be '/kra/TokenKeyRecovery' -conn.drm1._016=#conn.drm<n>.retryConnect=3 -conn.drm1._017=# - number of reconnection attempts on failure -conn.drm1._018=#conn.drm<n>.SSLOn=true -conn.drm1._019=# - enable SSL or not -conn.drm1._020=#conn.drm<n>.keepAlive=false -conn.drm1._021=# - enable keep alive or not -conn.drm1._022=# -conn.drm1._023=# where -conn.drm1._024=# <n> - DRM connection ID -conn.drm1._025=######################################### -conn.drm1.clientNickname=[HSM_LABEL][NICKNAME] -conn.drm1.hostport=[DRM_HOST]:[DRM_PORT] -conn.drm1.keepAlive=false -conn.drm1.retryConnect=3 -conn.drm1.servlet.GenerateKeyPair=/kra/agent/kra/GenerateKeyPair -conn.drm1.servlet.TokenKeyRecovery=/kra/agent/kra/TokenKeyRecovery -conn.drm1.SSLOn=true -conn.drm1.timeout=100 -conn.drm.totalConns=1 -conn.tks1._000=######################################### -conn.tks1._001=# TKS connection -conn.tks1._002=# -conn.tks1._003=# conn.tks<n>.hostport: -conn.tks1._004=# - host name and port number of your TKS, the format is host:port -conn.tks1._005=# conn.tks<n>.clientNickname: -conn.tks1._006=# - nickname of the client certificate for -conn.tks1._007=# authentication -conn.tks1._008=# conn.tks<n>.servlet.computeSessionKey: -conn.tks1._009=# - servlet to compute session key -conn.tks1._010=# - must be '/tks/computeSessionKey' -conn.tks1._011=# conn.tks<n>.servlet.encryptData: -conn.tks1._012=# - servlet to encrypt data -conn.tks1._013=# - must be '/tks/encryptData' -conn.tks1._014=# conn.tks<n>.servlet.createKeySetData: -conn.tks1._015=# - servlet to create key set data -conn.tks1._016=# - must be '/tks/createKeySetData' -conn.tks1._017=# conn.tks<n>.retryConnect: -conn.tks1._018=# - number of reconnection attempts on failure -conn.tks1._019=# conn.tks<n>.SSLOn -conn.tks1._020=# - enable SSL or not -conn.tks1._021=# conn.tks<n>.keepAlive: -conn.tks1._022=# - enable keep alive or not -conn.tks1._023=# -conn.tks1._024=# where -conn.tks1._025=# <n> - TKS connection ID -conn.tks1._026=# conn.tks<n>.tksSharedSymKeyName: -conn.tks1._027=# - set shared secret key name -conn.tks1._028=######################################### -conn.tks1.clientNickname=[HSM_LABEL][NICKNAME] -conn.tks1.generateHostChallenge=true -conn.tks1.hostport=[TKS_HOST]:[TKS_PORT] -conn.tks1.keepAlive=false -conn.tks1.keySet=defKeySet -conn.tks1.retryConnect=3 -conn.tks1.serverKeygen=[SERVER_KEYGEN] -conn.tks1.servlet.computeRandomData=/tks/agent/tks/computeRandomData -conn.tks1.servlet.computeSessionKey=/tks/agent/tks/computeSessionKey -conn.tks1.servlet.createKeySetData=/tks/agent/tks/createKeySetData -conn.tks1.servlet.encryptData=/tks/agent/tks/encryptData -conn.tks1.SSLOn=true -conn.tks1.timeout=100 -conn.tks1.tksSharedSymKeyName=sharedSecret -cs.state=0 -cs.type=TPS -dbs.ldap=internaldb -dbs.newSchemaEntryAdded=true -debug.append=true -debug.enabled=true -debug.filename=[PKI_INSTANCE_PATH]/logs/[PKI_SUBSYSTEM_TYPE]/debug -debug.hashkeytypes= -debug.level=0 -debug.showcaller=false -failover.pod.enable=false -general.applet_ext=ijc -general.pwlength.min=16 -general.search.sizelimit.default=100 -general.search.sizelimit.max=2000 -general.search.timelimit.default=10 -general.search.timelimit.max=10 -general.verifyProof=1 -installDate=[INSTALL_TIME] -instanceId=[PKI_INSTANCE_NAME] -instanceRoot=[PKI_INSTANCE_PATH] -internaldb._000=## -internaldb._001=## Internal Database -internaldb._002=## -internaldb.ldapauth.authtype=BasicAuth -internaldb.ldapauth.bindDN=cn=Directory Manager -internaldb.ldapauth.bindPWPrompt=Internal LDAP Database -internaldb.ldapauth.clientCertNickname= -internaldb.ldapconn.host= -internaldb.ldapconn.port= -internaldb.ldapconn.secureConn=false -internaldb.maxConns=15 -internaldb.minConns=3 -internaldb.multipleSuffix.enable=false -jss._000=## -jss._001=## JSS -jss._002=## -jss.configDir=[PKI_INSTANCE_PATH]/alias/ -jss.enable=true -jss.ocspcheck.enable=false -jss.secmodName=secmod.db -jss.ssl.cipherfortezza=true -jss.ssl.cipherpref= -jss.ssl.cipherversion=cipherdomestic -keys.ecc.curve.default=nistp256 -keys.ecc.curve.display.list=nistp256 (secp256r1),nistp384 (secp384r1),nistp521 (secp521r1),nistk163 (sect163k1),sect163r1,nistb163 (sect163r2),sect193r1,sect193r2,nistk233 (sect233k1),nistb233 (sect233r1),sect239k1,nistk283 (sect283k1),nistb283 (sect283r1),nistk409 (sect409k1),nistb409 (sect409r1),nistk571 (sect571k1),nistb571 (sect571r1),secp160k1,secp160r1,secp160r2,secp192k1,nistp192 (secp192r1, prime192v1),secp224k1,nistp224 (secp224r1),secp256k1,prime192v2,prime192v3,prime239v1,prime239v2,prime239v3,c2pnb163v1,c2pnb163v2,c2pnb163v3,c2pnb176v1,c2tnb191v1,c2tnb191v2,c2tnb191v3,c2pnb208w1,c2tnb239v1,c2tnb239v2,c2tnb239v3,c2pnb272w1,c2pnb304w1,c2tnb359w1,c2pnb368w1,c2tnb431r1,secp112r1,secp112r2,secp128r1,secp128r2,sect113r1,sect113r2,sect131r1,sect131r2 -keys.ecc.curve.list=nistp256,nistp384,nistp521,sect163k1,nistk163,sect163r1,sect163r2,nistb163,sect193r1,sect193r2,sect233k1,nistk233,sect233r1,nistb233,sect239k1,sect283k1,nistk283,sect283r1,nistb283,sect409k1,nistk409,sect409r1,nistb409,sect571k1,nistk571,sect571r1,nistb571,secp160k1,secp160r1,secp160r2,secp192k1,secp192r1,nistp192,secp224k1,secp224r1,nistp224,secp256k1,secp256r1,secp384r1,secp521r1,prime192v1,prime192v2,prime192v3,prime239v1,prime239v2,prime239v3,c2pnb163v1,c2pnb163v2,c2pnb163v3,c2pnb176v1,c2tnb191v1,c2tnb191v2,c2tnb191v3,c2pnb208w1,c2tnb239v1,c2tnb239v2,c2tnb239v3,c2pnb272w1,c2pnb304w1,c2tnb359w1,c2pnb368w1,c2tnb431r1,secp112r1,secp112r2,secp128r1,secp128r2,sect113r1,sect113r2,sect131r1,sect131r2 -keys.rsa.keysize.default=2048 -log._000=## -log._001=## Logging -log._002=## -logAudit.fileName=[PKI_INSTANCE_PATH]/logs/[PKI_SUBSYSTEM_TYPE]/access -logError.fileName=[PKI_INSTANCE_PATH]/logs/[PKI_SUBSYSTEM_TYPE]/error -log.impl.file.class=com.netscape.cms.logging.RollingLogFile -log.instance.SignedAudit._000=## -log.instance.SignedAudit._001=## Signed Audit Logging -log.instance.SignedAudit._002=## -log.instance.SignedAudit._003=## -log.instance.SignedAudit._004=## Available Audit events: -log.instance.SignedAudit._005=## AUDIT_LOG_STARTUP,AUDIT_LOG_SHUTDOWN,ROLE_ASSUME,CONFIG_CERT_POLICY,CONFIG_CERT_PROFILE,CONFIG_CRL_PROFILE,CONFIG_OCSP_PROFILE,CONFIG_AUTH,CONFIG_ROLE,CONFIG_ACL,CONFIG_SIGNED_AUDIT,CONFIG_ENCRYPTION,CONFIG_TRUSTED_PUBLIC_KEY,CONFIG_DRM,SELFTESTS_EXECUTION,AUDIT_LOG_DELETE,LOG_PATH_CHANGE,LOG_EXPIRATION_CHANGE,PRIVATE_KEY_ARCHIVE_REQUEST,PRIVATE_KEY_ARCHIVE_REQUEST_PROCESSED,PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS,PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE,KEY_RECOVERY_REQUEST,KEY_RECOVERY_REQUEST_ASYNC,KEY_RECOVERY_AGENT_LOGIN,KEY_RECOVERY_REQUEST_PROCESSED,KEY_RECOVERY_REQUEST_PROCESSED_ASYNC,KEY_GEN_ASYMMETRIC,NON_PROFILE_CERT_REQUEST,PROFILE_CERT_REQUEST,CERT_REQUEST_PROCESSED,CERT_STATUS_CHANGE_REQUEST,CERT_STATUS_CHANGE_REQUEST_PROCESSED,AUTHZ_SUCCESS,AUTHZ_FAIL,INTER_BOUNDARY,AUTH_FAIL,AUTH_SUCCESS,CERT_PROFILE_APPROVAL,PROOF_OF_POSSESSION,CRL_RETRIEVAL,CRL_VALIDATION,CMC_SIGNED_REQUEST_SIG_VERIFY,SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_FAILURE,SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_SUCCESS,SERVER_SIDE_KEYGEN_REQUEST,COMPUTE_SESSION_KEY_REQUEST,COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS, COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE,DIVERSIFY_KEY_REQUEST,DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS, DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE,ENCRYPT_DATA_REQUEST,ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS,ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE,OCSP_ADD_CA_REQUEST,OCSP_ADD_CA_REQUEST_PROCESSED,OCSP_REMOVE_CA_REQUEST,OCSP_REMOVE_CA_REQUEST_PROCESSED_SUCCESS,OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE,COMPUTE_RANDOM_DATA_REQUEST,COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_SUCCESS,COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_FAILURE,CIMC_CERT_VERIFICATION -log.instance.SignedAudit._006=## -log.instance.SignedAudit.bufferSize=512 -log.instance.SignedAudit.enable=true -log.instance.SignedAudit.events=AUDIT_LOG_STARTUP,AUDIT_LOG_SHUTDOWN,ROLE_ASSUME,CONFIG_CERT_POLICY,CONFIG_CERT_PROFILE,CONFIG_CRL_PROFILE,CONFIG_OCSP_PROFILE,CONFIG_AUTH,CONFIG_ROLE,CONFIG_ACL,CONFIG_SIGNED_AUDIT,CONFIG_ENCRYPTION,CONFIG_TRUSTED_PUBLIC_KEY,CONFIG_DRM,SELFTESTS_EXECUTION,AUDIT_LOG_DELETE,LOG_PATH_CHANGE,LOG_EXPIRATION_CHANGE,PRIVATE_KEY_ARCHIVE_REQUEST,PRIVATE_KEY_ARCHIVE_REQUEST_PROCESSED,PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS,PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE,KEY_RECOVERY_REQUEST,KEY_RECOVERY_REQUEST_ASYNC,KEY_RECOVERY_AGENT_LOGIN,KEY_RECOVERY_REQUEST_PROCESSED,KEY_RECOVERY_REQUEST_PROCESSED_ASYNC,KEY_GEN_ASYMMETRIC,NON_PROFILE_CERT_REQUEST,PROFILE_CERT_REQUEST,CERT_REQUEST_PROCESSED,CERT_STATUS_CHANGE_REQUEST,CERT_STATUS_CHANGE_REQUEST_PROCESSED,AUTHZ_SUCCESS,AUTHZ_FAIL,INTER_BOUNDARY,AUTH_FAIL,AUTH_SUCCESS,CERT_PROFILE_APPROVAL,PROOF_OF_POSSESSION,CRL_RETRIEVAL,CRL_VALIDATION,CMC_SIGNED_REQUEST_SIG_VERIFY,SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_FAILURE,SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_SUCCESS,SERVER_SIDE_KEYGEN_REQUEST,COMPUTE_SESSION_KEY_REQUEST,COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS, COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE,DIVERSIFY_KEY_REQUEST,DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS, DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE,ENCRYPT_DATA_REQUEST,ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS,ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE,OCSP_ADD_CA_REQUEST,OCSP_ADD_CA_REQUEST_PROCESSED,OCSP_REMOVE_CA_REQUEST,OCSP_REMOVE_CA_REQUEST_PROCESSED_SUCCESS,OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE,COMPUTE_RANDOM_DATA_REQUEST,COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_SUCCESS,COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_FAILURE,CIMC_CERT_VERIFICATION,LOGGING_SIGNED_AUDIT_SIGNING,ENROLLMENT,PIN_RESET,FORMAT,CONFIG,CONFIG_TOKEN,CONFIG_PROFILE,APPLET_UPGRADE,KEY_CHANGEOVER,RENEWAL,CIMC_CERT_VERIFICATION -log.instance.SignedAudit.expirationTime=0 -log.instance.SignedAudit.fileName=[PKI_INSTANCE_PATH]/logs/[PKI_SUBSYSTEM_TYPE]/signedAudit/tps_cert-tps_audit -log.instance.SignedAudit.flushInterval=5 -log.instance.SignedAudit.level=1 -log.instance.SignedAudit.logSigning=false -log.instance.SignedAudit.maxFileSize=2000 -log.instance.SignedAudit.pluginName=file -log.instance.SignedAudit.rolloverInterval=2592000 -log.instance.SignedAudit.signedAudit:_000=## -log.instance.SignedAudit.signedAudit:_001=## Fill in the nickname of a trusted signing certificate to allow TPS audit logs to be signed -log.instance.SignedAudit.signedAudit:_002=## -log.instance.SignedAudit.signedAuditCertNickname=auditSigningCert cert-[PKI_INSTANCE_NAME] -log.instance.SignedAudit.type=signedAudit -log.instance.System._000=## -log.instance.System._001=## System Logging -log.instance.System._002=## -log.instance.System.bufferSize=512 -log.instance.System.enable=true -log.instance.System.expirationTime=0 -log.instance.System.fileName=[PKI_INSTANCE_PATH]/logs/[PKI_SUBSYSTEM_TYPE]/system -log.instance.System.flushInterval=5 -log.instance.System.level=3 -log.instance.System.maxFileSize=2000 -log.instance.System.pluginName=file -log.instance.System.rolloverInterval=2592000 -log.instance.System.type=system -log.instance.Transactions._000=## -log.instance.Transactions._001=## Transaction Logging -log.instance.Transactions._002=## -log.instance.Transactions.bufferSize=512 -log.instance.Transactions.enable=true -log.instance.Transactions.expirationTime=0 -log.instance.Transactions.fileName=[PKI_INSTANCE_PATH]/logs/[PKI_SUBSYSTEM_TYPE]/transactions -log.instance.Transactions.flushInterval=5 -log.instance.Transactions.level=1 -log.instance.Transactions.maxFileSize=2000 -log.instance.Transactions.pluginName=file -log.instance.Transactions.rolloverInterval=2592000 -log.instance.Transactions.type=transaction -machineName=[PKI_HOSTNAME] -multiroles._000=## -multiroles._001=## multiroles -multiroles._002=## -multiroles.enable=true -multiroles.false.groupEnforceList=Administrators,Auditors,Trusted Managers,Certificate Manager Agents,Registration Manager Agents,Data Recovery Manager Agents,Online Certificate Status Manager Agents,Token Key Service Manager Agents,Enterprise CA Administrators,Enterprise KRA Administrators,Enterprise OCSP Administrators,Enterprise RA Administrators,Enterprise TKS Administrators,Enterprise TPS Administrators,Security Domain Administrators,Subsystem Group,ClonedSubsystems -multiroles.false.groupEnforceList=Administrators,Auditors,Trusted Managers,Certificate Manager Agents,Registration Manager Agents,Data Recovery Manager Agents,Online Certificate Status Manager Agents,Token Key Service Manager Agents,Enterprise CA Administrators,Enterprise KRA Adminstrators,Enterprise OCSP Administrators,Enterprise RA Administrators,Enterprise TKS Administrators,Enterprise TPS Administrators,Security Domain Administrators,Subsystem Group -multiroles=true -op.enroll._000=######################################### -op.enroll._001=# Default Operations -op.enroll._002=# -op.enroll._003=# op.<op>.mapping.order=<n>,<n>,<n> -op.enroll._004=# - contains at least one value or a series -op.enroll._005=# of comma-separated mapping values which -op.enroll._006=# are checked in sequential order -op.enroll._007=# op.<op>.mapping.<n>.filter.tokenType=userKey -op.enroll._008=# - can be either empty or token type -op.enroll._009=# specified by the client -op.enroll._010=# op.<op>.mapping.<n>.filter.tokenATR= -op.enroll._011=# - can be either empty or token ATR -op.enroll._012=# specified by the client -op.enroll._013=# op.<op>.mapping.<n>.filter.appletMajorVersion=1 -op.enroll._014=# - can be either empty or applet major version -op.enroll._015=# specified by the client -op.enroll._016=# op.<op>.mapping.<n>.filter.appletMinorVersion= -op.enroll._017=# - can be either empty or applet minor version -op.enroll._018=# specified by the client -op.enroll._019=# - if major and minor versions are both zero, this -op.enroll._020=# indicate there is no applet on the token. -op.enroll._021=# op.<op>.mapping.<n>.target.tokenType=userKey -op.enroll._022=# - if tokenType, tokenATR, appletMajorVersion, -op.enroll._023=# and appletMinorVersion are matched, value in -op.enroll._024=# targetTokenType will be used to locate -op.enroll._025=# the corresponding token profile to -op.enroll._026=# process the request. -op.enroll._027=# -op.enroll._028=# where -op.enroll._029=# <op> - operation; enroll,pinReset,format -op.enroll._030=# <n> - mapping ID; order is specifiable -op.enroll._031=# -op.enroll._032=# Token ATR: -op.enroll._033=# Web Store - 3B759400006202020201 -op.enroll._034=######################################### -op.enroll.allowUnknownToken=true -op.enroll.mapping.0.filter.appletMajorVersion=1 -op.enroll.mapping.0.filter.appletMinorVersion= -op.enroll.mapping.0.filter.tokenATR= -op.enroll.mapping.0.filter.tokenCUID.end= -op.enroll.mapping.0.filter.tokenCUID.start= -op.enroll.mapping.0.filter.tokenType=userKey -op.enroll.mapping.0.target.tokenType=userKey -op.enroll.mapping.1.filter.appletMajorVersion= -op.enroll.mapping.1.filter.appletMinorVersion= -op.enroll.mapping.1.filter.tokenATR= -op.enroll.mapping.1.filter.tokenCUID.end= -op.enroll.mapping.1.filter.tokenCUID.start= -op.enroll.mapping.1.filter.tokenType=soKey -op.enroll.mapping.1.target.tokenType=soKey -op.enroll.mapping.2.filter.appletMajorVersion= -op.enroll.mapping.2.filter.appletMinorVersion= -op.enroll.mapping.2.filter.tokenATR= -op.enroll.mapping.2.filter.tokenCUID.end= -op.enroll.mapping.2.filter.tokenCUID.start= -op.enroll.mapping.2.filter.tokenType= -op.enroll.mapping.2.target.tokenType=userKey -op.enroll.mapping.order=0,1,2 -op.enroll.soKey._079=#op.enroll.userKey.keyGen.signing.publisherId=fileBasedPublisher -op.enroll.soKey.auth.enable=true -op.enroll.soKey.auth.id=ldap2 -op.enroll.soKey.cardmgr_instance=A0000000030000 -op.enroll.soKey.issuerinfo.enable=true -op.enroll.soKey.issuerinfo.value=http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/cgi-bin/so/index.cgi -op.enroll.soKey.keyGen.encryption.ca.conn=ca1 -op.enroll.soKey.keyGen.encryption.ca.profileId=caTokenUserEncryptionKeyEnrollment -op.enroll.soKey.keyGen.encryption.certAttrId=c2 -op.enroll.soKey.keyGen.encryption.certId=C2 -op.enroll.soKey.keyGen.encryption.cuid_label=$cuid$ -op.enroll.soKey.keyGen.encryption.keySize=1024 -op.enroll.soKey.keyGen.encryption.keyUsage=0 -op.enroll.soKey.keyGen.encryption.keyUser=0 -op.enroll.soKey.keyGen.encryption.label=encryption key for $userid$ -op.enroll.soKey.keyGen.encryption.overwrite=true -op.enroll.soKey.keyGen.encryption.privateKeyAttrId=k4 -op.enroll.soKey.keyGen.encryption.private.keyCapabilities.decrypt=true -op.enroll.soKey.keyGen.encryption.private.keyCapabilities.derive=false -op.enroll.soKey.keyGen.encryption.private.keyCapabilities.encrypt=false -op.enroll.soKey.keyGen.encryption.private.keyCapabilities.private=true -op.enroll.soKey.keyGen.encryption.private.keyCapabilities.sensitive=true -op.enroll.soKey.keyGen.encryption.private.keyCapabilities.sign=false -op.enroll.soKey.keyGen.encryption.private.keyCapabilities.signRecover=false -op.enroll.soKey.keyGen.encryption.private.keyCapabilities.token=true -op.enroll.soKey.keyGen.encryption.private.keyCapabilities.unwrap=true -op.enroll.soKey.keyGen.encryption.private.keyCapabilities.verify=false -op.enroll.soKey.keyGen.encryption.private.keyCapabilities.verifyRecover=false -op.enroll.soKey.keyGen.encryption.private.keyCapabilities.wrap=false -op.enroll.soKey.keyGen.encryption.privateKeyNumber=4 -op.enroll.soKey.keyGen.encryption.publicKeyAttrId=k5 -op.enroll.soKey.keyGen.encryption.public.keyCapabilities.decrypt=false -op.enroll.soKey.keyGen.encryption.public.keyCapabilities.derive=false -op.enroll.soKey.keyGen.encryption.public.keyCapabilities.encrypt=true -op.enroll.soKey.keyGen.encryption.public.keyCapabilities.private=false -op.enroll.soKey.keyGen.encryption.public.keyCapabilities.sensitive=false -op.enroll.soKey.keyGen.encryption.public.keyCapabilities.sign=false -op.enroll.soKey.keyGen.encryption.public.keyCapabilities.signRecover=false -op.enroll.soKey.keyGen.encryption.public.keyCapabilities.token=true -op.enroll.soKey.keyGen.encryption.public.keyCapabilities.unwrap=false -op.enroll.soKey.keyGen.encryption.public.keyCapabilities.verify=false -op.enroll.soKey.keyGen.encryption.public.keyCapabilities.verifyRecover=false -op.enroll.soKey.keyGen.encryption.public.keyCapabilities.wrap=true -op.enroll.soKey.keyGen.encryption.publicKeyNumber=5 -op.enroll.soKey.keyGen.encryption.recovery.destroyed.revokeCert=false -op.enroll.soKey.keyGen.encryption.recovery.destroyed.revokeCert.reason=0 -op.enroll.soKey.keyGen.encryption.recovery.destroyed.scheme=RecoverLast -op.enroll.soKey.keyGen.encryption.recovery.keyCompromise.revokeCert.reason=1 -op.enroll.soKey.keyGen.encryption.recovery.keyCompromise.revokeCert=true -op.enroll.soKey.keyGen.encryption.recovery.keyCompromise.scheme=GenerateNewKey -op.enroll.soKey.keyGen.encryption.recovery.onHold.revokeCert.reason=6 -op.enroll.soKey.keyGen.encryption.recovery.onHold.revokeCert=true -op.enroll.soKey.keyGen.encryption.recovery.onHold.scheme=GenerateNewKey -op.enroll.soKey.keyGen.encryption.serverKeygen.archive=true -op.enroll.soKey.keyGen.encryption.serverKeygen.drm.conn=drm1 -op.enroll.soKey.keyGen.encryption.serverKeygen.enable=[SERVER_KEYGEN] -op.enroll.soKey.keyGen.keyType.num=2 -op.enroll.soKey.keyGen.keyType.value.0=signing -op.enroll.soKey.keyGen.keyType.value.1=encryption -op.enroll.soKey.keyGen.recovery.destroyed.keyType.num=2 -op.enroll.soKey.keyGen.recovery.destroyed.keyType.value.0=signing -op.enroll.soKey.keyGen.recovery.destroyed.keyType.value.1=encryption -op.enroll.soKey.keyGen.recovery.keyCompromise.keyType.num=2 -op.enroll.soKey.keyGen.recovery.keyCompromise.keyType.value.0=signing -op.enroll.soKey.keyGen.recovery.keyCompromise.keyType.value.1=encryption -op.enroll.soKey.keyGen.recovery.onHold.keyType.num=2 -op.enroll.soKey.keyGen.recovery.onHold.keyType.value.0=signing -op.enroll.soKey.keyGen.recovery.onHold.keyType.value.1=encryption -op.enroll.soKey.keyGen.signing.ca.conn=ca1 -op.enroll.soKey.keyGen.signing.ca.profileId=caTokenUserSigningKeyEnrollment -op.enroll.soKey.keyGen.signing.certAttrId=c1 -op.enroll.soKey.keyGen.signing.certId=C1 -op.enroll.soKey.keyGen.signing.cuid_label=$cuid$ -op.enroll.soKey.keyGen.signing.keySize=1024 -op.enroll.soKey.keyGen.signing.keyUsage=0 -op.enroll.soKey.keyGen.signing.keyUser=0 -op.enroll.soKey.keyGen.signing.label=signing key for $userid$ -op.enroll.soKey.keyGen.signing.overwrite=true -op.enroll.soKey.keyGen.signing.privateKeyAttrId=k2 -op.enroll.soKey.keyGen.signing.private.keyCapabilities.decrypt=false -op.enroll.soKey.keyGen.signing.private.keyCapabilities.derive=false -op.enroll.soKey.keyGen.signing.private.keyCapabilities.encrypt=false -op.enroll.soKey.keyGen.signing.private.keyCapabilities.private=true -op.enroll.soKey.keyGen.signing.private.keyCapabilities.sensitive=true -op.enroll.soKey.keyGen.signing.private.keyCapabilities.signRecover=true -op.enroll.soKey.keyGen.signing.private.keyCapabilities.sign=true -op.enroll.soKey.keyGen.signing.private.keyCapabilities.token=true -op.enroll.soKey.keyGen.signing.private.keyCapabilities.unwrap=false -op.enroll.soKey.keyGen.signing.private.keyCapabilities.verify=false -op.enroll.soKey.keyGen.signing.private.keyCapabilities.verifyRecover=false -op.enroll.soKey.keyGen.signing.private.keyCapabilities.wrap=false -op.enroll.soKey.keyGen.signing.privateKeyNumber=2 -op.enroll.soKey.keyGen.signing.publicKeyAttrId=k3 -op.enroll.soKey.keyGen.signing.public.keyCapabilities.decrypt=false -op.enroll.soKey.keyGen.signing.public.keyCapabilities.derive=false -op.enroll.soKey.keyGen.signing.public.keyCapabilities.encrypt=false -op.enroll.soKey.keyGen.signing.public.keyCapabilities.private=false -op.enroll.soKey.keyGen.signing.public.keyCapabilities.sensitive=false -op.enroll.soKey.keyGen.signing.public.keyCapabilities.sign=false -op.enroll.soKey.keyGen.signing.public.keyCapabilities.signRecover=false -op.enroll.soKey.keyGen.signing.public.keyCapabilities.token=true -op.enroll.soKey.keyGen.signing.public.keyCapabilities.unwrap=false -op.enroll.soKey.keyGen.signing.public.keyCapabilities.verifyRecover=true -op.enroll.soKey.keyGen.signing.public.keyCapabilities.verify=true -op.enroll.soKey.keyGen.signing.public.keyCapabilities.wrap=false -op.enroll.soKey.keyGen.signing.publicKeyNumber=3 -op.enroll.soKey.keyGen.signing.recovery.destroyed.revokeCert.reason=0 -op.enroll.soKey.keyGen.signing.recovery.destroyed.revokeCert=true -op.enroll.soKey.keyGen.signing.recovery.destroyed.scheme=GenerateNewKey -op.enroll.soKey.keyGen.signing.recovery.keyCompromise.revokeCert.reason=1 -op.enroll.soKey.keyGen.signing.recovery.keyCompromise.revokeCert=true -op.enroll.soKey.keyGen.signing.recovery.keyCompromise.scheme=GenerateNewKey -op.enroll.soKey.keyGen.signing.recovery.onHold.revokeCert.reason=6 -op.enroll.soKey.keyGen.signing.recovery.onHold.revokeCert=true -op.enroll.soKey.keyGen.signing.recovery.onHold.scheme=GenerateNewKey -op.enroll.soKey.keyGen.tokenName=$auth.cn$ -op.enroll.soKey.loginRequest.enable=true -op.enroll.soKey.pinReset.enable=true -op.enroll.soKey.pinReset.pin.maxLen=10 -op.enroll.soKey.pinReset.pin.maxRetries=127 -op.enroll.soKey.pinReset.pin.minLen=4 -op.enroll.soKey.pkcs11obj.compress.enable=true -op.enroll.soKey.pkcs11obj.enable=true -op.enroll.soKeyTemporary.auth.enable=true -op.enroll.soKeyTemporary.auth.id=ldap2 -op.enroll.soKeyTemporary.cardmgr_instance=A0000000030000 -op.enroll.soKeyTemporary.keyGen.auth.ca.conn=ca1 -op.enroll.soKeyTemporary.keyGen.auth.ca.profileId=caTempTokenDeviceKeyEnrollment -op.enroll.soKeyTemporary.keyGen.auth.certAttrId=c0 -op.enroll.soKeyTemporary.keyGen.auth.certId=C0 -op.enroll.soKeyTemporary.keyGen.auth.cuid_label=$cuid$ -op.enroll.soKeyTemporary.keyGen.auth.keySize=1024 -op.enroll.soKeyTemporary.keyGen.auth.keyUsage=0 -op.enroll.soKeyTemporary.keyGen.auth.keyUser=15 -op.enroll.soKeyTemporary.keyGen.auth.label=Temporary Key for $userid$ -op.enroll.soKeyTemporary.keyGen.auth.overwrite=false -op.enroll.soKeyTemporary.keyGen.auth.privateKeyAttrId=k0 -op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.decrypt=false -op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.derive=false -op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.encrypt=false -op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.private=false -op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.sensitive=true -op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.signRecover=true -op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.sign=true -op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.token=true -op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.unwrap=false -op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.verifyRecover=true -op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.verify=true -op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.wrap=false -op.enroll.soKeyTemporary.keyGen.auth.privateKeyNumber=0 -op.enroll.soKeyTemporary.keyGen.auth.publicKeyAttrId=k1 -op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.decrypt=false -op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.derive=false -op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.encrypt=false -op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.private=false -op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.sensitive=true -op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.signRecover=true -op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.sign=true -op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.token=true -op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.unwrap=false -op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.verifyRecover=true -op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.verify=true -op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.wrap=false -op.enroll.soKeyTemporary.keyGen.auth.publicKeyNumber=1 -op.enroll.soKeyTemporary.keyGen.encryption.ca.conn=ca1 -op.enroll.soKeyTemporary.keyGen.encryption.ca.profileId=caTempTokenUserEncryptionKeyEnrollment -op.enroll.soKeyTemporary.keyGen.encryption.certAttrId=c2 -op.enroll.soKeyTemporary.keyGen.encryption.certId=C2 -op.enroll.soKeyTemporary.keyGen.encryption.cuid_label=$cuid$ -op.enroll.soKeyTemporary.keyGen.encryption.keySize=1024 -op.enroll.soKeyTemporary.keyGen.encryption.keyUsage=0 -op.enroll.soKeyTemporary.keyGen.encryption.keyUser=0 -op.enroll.soKeyTemporary.keyGen.encryption.label=encryption key for $userid$ -op.enroll.soKeyTemporary.keyGen.encryption.overwrite=true -op.enroll.soKeyTemporary.keyGen.encryption.privateKeyAttrId=k4 -op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.decrypt=true -op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.derive=false -op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.encrypt=false -op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.private=true -op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.sensitive=true -op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.sign=false -op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.signRecover=false -op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.token=true -op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.unwrap=true -op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.verify=false -op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.verifyRecover=false -op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.wrap=false -op.enroll.soKeyTemporary.keyGen.encryption.privateKeyNumber=4 -op.enroll.soKeyTemporary.keyGen.encryption.publicKeyAttrId=k5 -op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.decrypt=false -op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.derive=false -op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.encrypt=true -op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.private=false -op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.sensitive=false -op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.sign=false -op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.signRecover=false -op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.token=true -op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.unwrap=false -op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.verify=false -op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.verifyRecover=false -op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.wrap=true -op.enroll.soKeyTemporary.keyGen.encryption.publicKeyNumber=5 -op.enroll.soKeyTemporary.keyGen.encryption.recovery.onHold.revokeCert.reason=0 -op.enroll.soKeyTemporary.keyGen.encryption.recovery.onHold.revokeCert=true -op.enroll.soKeyTemporary.keyGen.encryption.recovery.onHold.scheme=RecoverLast -op.enroll.soKeyTemporary.keyGen.encryption.serverKeygen.archive=true -op.enroll.soKeyTemporary.keyGen.encryption.serverKeygen.drm.conn=drm1 -op.enroll.soKeyTemporary.keyGen.encryption.serverKeygen.enable=true -op.enroll.soKeyTemporary.keyGen.keyType.num=3 -op.enroll.soKeyTemporary.keyGen.keyType.value.0=auth -op.enroll.soKeyTemporary.keyGen.keyType.value.1=signing -op.enroll.soKeyTemporary.keyGen.keyType.value.2=encryption -op.enroll.soKeyTemporary.keyGen.recovery.onHold.keyType.num=2 -op.enroll.soKeyTemporary.keyGen.recovery.onHold.keyType.value.0=signing -op.enroll.soKeyTemporary.keyGen.recovery.onHold.keyType.value.1=encryption -op.enroll.soKeyTemporary.keyGen.signing.ca.conn=ca1 -op.enroll.soKeyTemporary.keyGen.signing.ca.profileId=caTempTokenUserSigningKeyEnrollment -op.enroll.soKeyTemporary.keyGen.signing.certAttrId=c1 -op.enroll.soKeyTemporary.keyGen.signing.certId=C1 -op.enroll.soKeyTemporary.keyGen.signing.cuid_label=$cuid$ -op.enroll.soKeyTemporary.keyGen.signing.keySize=1024 -op.enroll.soKeyTemporary.keyGen.signing.keyUsage=0 -op.enroll.soKeyTemporary.keyGen.signing.keyUser=0 -op.enroll.soKeyTemporary.keyGen.signing.label=signing key for $userid$ -op.enroll.soKeyTemporary.keyGen.signing.overwrite=true -op.enroll.soKeyTemporary.keyGen.signing.privateKeyAttrId=k2 -op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.decrypt=false -op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.derive=false -op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.encrypt=false -op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.private=true -op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.sensitive=true -op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.signRecover=true -op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.sign=true -op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.token=true -op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.unwrap=false -op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.verify=false -op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.verifyRecover=false -op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.wrap=false -op.enroll.soKeyTemporary.keyGen.signing.privateKeyNumber=2 -op.enroll.soKeyTemporary.keyGen.signing.publicKeyAttrId=k3 -op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.decrypt=false -op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.derive=false -op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.encrypt=false -op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.private=false -op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.sensitive=false -op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.sign=false -op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.signRecover=false -op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.token=true -op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.unwrap=false -op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.verifyRecover=true -op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.verify=true -op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.wrap=false -op.enroll.soKeyTemporary.keyGen.signing.publicKeyNumber=3 -op.enroll.soKeyTemporary.keyGen.signing.recovery.onHold.revokeCert.reason=0 -op.enroll.soKeyTemporary.keyGen.signing.recovery.onHold.revokeCert=true -op.enroll.soKeyTemporary.keyGen.signing.recovery.onHold.scheme=GenerateNewKey -op.enroll.soKeyTemporary.keyGen.tokenName=$auth.cn$ (Temporary) -op.enroll.soKeyTemporary.loginRequest.enable=true -op.enroll.soKeyTemporary.pinReset.enable=true -op.enroll.soKeyTemporary.pinReset.pin.maxLen=10 -op.enroll.soKeyTemporary.pinReset.pin.maxRetries=127 -op.enroll.soKeyTemporary.pinReset.pin.minLen=4 -op.enroll.soKeyTemporary.pkcs11obj.compress.enable=true -op.enroll.soKeyTemporary.pkcs11obj.enable=true -op.enroll.soKeyTemporary.tks.conn=tks1 -op.enroll.soKeyTemporary.tks.keySet=defKeyset -op.enroll.soKey.temporaryToken.tokenType=soKeyTemporary -op.enroll.soKeyTemporary.update.applet.directory=[TPS_DIR]/applets -op.enroll.soKeyTemporary.update.applet.emptyToken.enable=true -op.enroll.soKeyTemporary.update.applet.enable=true -op.enroll.soKeyTemporary.update.applet.encryption=true -op.enroll.soKeyTemporary.update.applet.requiredVersion=1.4.4d40a449 -op.enroll.soKeyTemporary.update.symmetricKeys.enable=false -op.enroll.soKeyTemporary.update.symmetricKeys.requiredVersion=1 -op.enroll.soKey.tks.conn=tks1 -op.enroll.soKey.update.applet.directory=[TPS_DIR]/applets -op.enroll.soKey.update.applet.emptyToken.enable=true -op.enroll.soKey.update.applet.enable=true -op.enroll.soKey.update.applet.encryption=true -op.enroll.soKey.update.applet.requiredVersion=1.4.4d40a449 -op.enroll.soKey.update.symmetricKeys.enable=false -op.enroll.soKey.update.symmetricKeys.requiredVersion=1 -op.enroll.userKey._000=######################################### -op.enroll.userKey._001=# Enrollment Operation For CoolKey -op.enroll.userKey._002=# -op.enroll.userKey._003=# op.enroll.<tokenType>.keyGen.<keyType>.keySize=1024 -op.enroll.userKey._004=# - size of the key the token should generate -op.enroll.userKey._005=# - max value: 1024 -op.enroll.userKey._006=# -op.enroll.userKey._007=# op.enroll.<tokenType>.keyGen.<keyType>.keyCapabilities.encrypt=false -op.enroll.userKey._008=# op.enroll.<tokenType>.keyGen.<keyType>.keyCapabilities.sign=true -op.enroll.userKey._009=# op.enroll.<tokenType>.keyGen.<keyType>.keyCapabilities.signRecover=true -op.enroll.userKey._010=# op.enroll.<tokenType>.keyGen.<keyType>.keyCapabilities.decrypt=false -op.enroll.userKey._011=# op.enroll.<tokenType>.keyGen.<keyType>.keyCapabilities.derive=false -op.enroll.userKey._012=# op.enroll.<tokenType>.keyGen.<keyType>.keyCapabilities.unwrap=false -op.enroll.userKey._013=# op.enroll.<tokenType>.keyGen.<keyType>.keyCapabilities.wrap=false -op.enroll.userKey._014=# op.enroll.<tokenType>.keyGen.<keyType>.keyCapabilities.verifyRecover=true -op.enroll.userKey._015=# op.enroll.<tokenType>.keyGen.<keyType>.keyCapabilities.verify=true -op.enroll.userKey._016=# op.enroll.<tokenType>.keyGen.<keyType>.keyCapabilities.sensitive=true -op.enroll.userKey._017=# op.enroll.<tokenType>.keyGen.<keyType>.keyCapabilities.private=true -op.enroll.userKey._018=# op.enroll.<tokenType>.keyGen.<keyType>.keyCapabilities.token=true -op.enroll.userKey._019=# - specify the PKCS11 attributes to set on the token -op.enroll.userKey._020=# -op.enroll.userKey._021=# op.enroll.userKey.keyGen.signing.cuid_label -op.enroll.userKey._022=# - specify the CUID shown in the certificate -op.enroll.userKey._023=# -op.enroll.userKey._024=# op.enroll.userKey.keyGen.signing.label -op.enroll.userKey._025=# - specify the token name. all resulting labels for co-existing keys -op.enroll.userKey._026=# on the same token must be unique -op.enroll.userKey._027=# - $pretty_cuid$ - Pretty Print CUID (i.e. 4090-0062-FF02-0000-0B9C) -op.enroll.userKey._028=# - $cuid$ - CUID (i.e. 40900062FF0200000B9C) -op.enroll.userKey._029=# - $msn$ - MSN -op.enroll.userKey._030=# - $userid$ - User ID -op.enroll.userKey._031=# - $profileId$ - Profile ID -op.enroll.userKey._032=# -op.enroll.userKey._033=# op.enroll.<tokenType>.keyGen.<keyType>.overwrite=true|false -op.enroll.userKey._034=# - if key and certificate exist, should RA overwrite them -op.enroll.userKey._035=# -op.enroll.userKey._036=# op.enroll.<tokenType>.keyGen.<keyType>.certId=C1 -op.enroll.userKey._037=# op.enroll.<tokenType>.keyGen.<keyType>.certAttrId=c1 -op.enroll.userKey._038=# op.enroll.<tokenType>.keyGen.<keyType>.privateKeyAttrId=k2 -op.enroll.userKey._039=# op.enroll.<tokenType>.keyGen.<keyType>.publicKeyAttrId=k3 -op.enroll.userKey._040=# op.enroll.<tokenType>.keyGen.<keyType>.privateKeyNumber=2 -op.enroll.userKey._041=# op.enroll.<tokenType>.keyGen.<keyType>.publicKeyNumber=3 -op.enroll.userKey._042=# - specify name PKCS11 object IDs -op.enroll.userKey._043=# - Lower case letters signify objects containing PKCS11 object attributes, -op.enroll.userKey._044=# in the format described below. -op.enroll.userKey._045=# 'c' An object containing PKCS11 attributes for a certificate. -op.enroll.userKey._046=# 'k' An object containing PKCS11 attributes for a public or private key -op.enroll.userKey._047=# 'r' An object containing PKCS11 attributes for an "reader". -op.enroll.userKey._048=# - Upper case letters signify objects containing raw data corresponding to -op.enroll.userKey._049=# the lower case letters described above. For example, object "C0" -op.enroll.userKey._050=# contains raw data corresponding to object "c0". -op.enroll.userKey._051=# 'C' This object contains an entire DER cert, and nothing else. -op.enroll.userKey._052=# 'K' This object contains a MUSCLE "key blob". TPS does not use this. -op.enroll.userKey._053=# -op.enroll.userKey._054=# op.enroll.<tokenType>.keyGen.<keyType>.keyUsage=0 -op.enroll.userKey._055=# op.enroll.<tokenType>.keyGen.<keyType>.keyUser=0 -op.enroll.userKey._056=# - user specifies which PIN user should be granted -op.enroll.userKey._057=# use privilege of the generated private key, or -op.enroll.userKey._058=# 15 if all users have use privilege for the private key -op.enroll.userKey._059=# - Valid uage: (only specifies the usage for the private key) -op.enroll.userKey._060=# 0 - default usage (Signing only for this APDU) -op.enroll.userKey._061=# 1 - signing only -op.enroll.userKey._062=# 2 - decryption only -op.enroll.userKey._063=# 3 - signing and decryption -op.enroll.userKey._064=# -op.enroll.userKey._065=# op.enroll.<tokenType>.pkcs11obj.enable=true|false -op.enroll.userKey._066=# - enable writing of PKCS11 cache object to the token -op.enroll.userKey._067=# -op.enroll.userKey._068=# op.enroll.<tokenType>.pkcs11obj.compress.enable=true|false -op.enroll.userKey._069=# - enable compression for writing of PKCS11 cache object to the token -op.enroll.userKey._070=# -op.enroll.userKey._071=# op.enroll.<tokenType>.pinReset.pin.maxRetries=127 -op.enroll.userKey._072=# - max number of retries before blocking the token -op.enroll.userKey._073=# - max value: 127 -op.enroll.userKey._074=# -op.enroll.userKey._075=# There is a special case of tokenType userKeyTemporary. -op.enroll.userKey._076=# Make sure the profile specified by the profileId to have -op.enroll.userKey._077=# short validity period (eg, 7 days) for the certificate. -op.enroll.userKey._078=# -op.enroll.userKey._079=#op.enroll.userKey.keyGen.signing.publisherId=fileBasedPublisher -op.enroll.userKey._079=# The three recovery schemes supported are: -op.enroll.userKey._080=# -op.enroll.userKey._080=#op.enroll.userKeyTemporary.keyGen.signing.publisherId=fileBasedPublisher -op.enroll.userKey._081=# * GenerateNewKey - Generate a new -op.enroll.userKey._082=# cert for the -op.enroll.userKey._083=# encryption cert. -op.enroll.userKey._084=# * RecoverLast - Recover the most -op.enroll.userKey._085=# recent cert for the -op.enroll.userKey._086=# encryption cert. -op.enroll.userKey._087=# * GenerateNewKeyandRecoverLast - Generate new cert AND -op.enroll.userKey._088=# recover last for -op.enroll.userKey._089=# encryption cert. -op.enroll.userKey._090=######################################### -op.enroll.userKey.auth.enable=true -op.enroll.userKey.auth.id=ldap1 -op.enroll.userKey.cardmgr_instance=A0000000030000 -op.enroll.userKey.issuerinfo.enable=true -op.enroll.userKey.issuerinfo.value=http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/cgi-bin/home/index.cgi -op.enroll.userKey.keyGen.encryption.ca.conn=ca1 -op.enroll.userKey.keyGen.encryption.ca.profileId=caTokenUserEncryptionKeyEnrollment -op.enroll.userKey.keyGen.encryption.certAttrId=c2 -op.enroll.userKey.keyGen.encryption.certId=C2 -op.enroll.userKey.keyGen.encryption.cuid_label=$cuid$ -op.enroll.userKey.keyGen.encryption.keySize=1024 -op.enroll.userKey.keyGen.encryption.keyUsage=0 -op.enroll.userKey.keyGen.encryption.keyUser=0 -op.enroll.userKey.keyGen.encryption.label=encryption key for $userid$ -op.enroll.userKey.keyGen.encryption.overwrite=true -op.enroll.userKey.keyGen.encryption.privateKeyAttrId=k4 -op.enroll.userKey.keyGen.encryption.private.keyCapabilities.decrypt=true -op.enroll.userKey.keyGen.encryption.private.keyCapabilities.derive=false -op.enroll.userKey.keyGen.encryption.private.keyCapabilities.encrypt=false -op.enroll.userKey.keyGen.encryption.private.keyCapabilities.private=true -op.enroll.userKey.keyGen.encryption.private.keyCapabilities.sensitive=true -op.enroll.userKey.keyGen.encryption.private.keyCapabilities.sign=false -op.enroll.userKey.keyGen.encryption.private.keyCapabilities.signRecover=false -op.enroll.userKey.keyGen.encryption.private.keyCapabilities.token=true -op.enroll.userKey.keyGen.encryption.private.keyCapabilities.unwrap=true -op.enroll.userKey.keyGen.encryption.private.keyCapabilities.verify=false -op.enroll.userKey.keyGen.encryption.private.keyCapabilities.verifyRecover=false -op.enroll.userKey.keyGen.encryption.private.keyCapabilities.wrap=false -op.enroll.userKey.keyGen.encryption.privateKeyNumber=4 -op.enroll.userKey.keyGen.encryption.publicKeyAttrId=k5 -op.enroll.userKey.keyGen.encryption.public.keyCapabilities.decrypt=false -op.enroll.userKey.keyGen.encryption.public.keyCapabilities.derive=false -op.enroll.userKey.keyGen.encryption.public.keyCapabilities.encrypt=true -op.enroll.userKey.keyGen.encryption.public.keyCapabilities.private=false -op.enroll.userKey.keyGen.encryption.public.keyCapabilities.sensitive=false -op.enroll.userKey.keyGen.encryption.public.keyCapabilities.sign=false -op.enroll.userKey.keyGen.encryption.public.keyCapabilities.signRecover=false -op.enroll.userKey.keyGen.encryption.public.keyCapabilities.token=true -op.enroll.userKey.keyGen.encryption.public.keyCapabilities.unwrap=false -op.enroll.userKey.keyGen.encryption.public.keyCapabilities.verify=false -op.enroll.userKey.keyGen.encryption.public.keyCapabilities.verifyRecover=false -op.enroll.userKey.keyGen.encryption.public.keyCapabilities.wrap=true -op.enroll.userKey.keyGen.encryption.publicKeyNumber=5 -op.enroll.userKey.keyGen.encryption.recovery.destroyed.revokeCert=false -op.enroll.userKey.keyGen.encryption.recovery.destroyed.revokeCert.reason=0 -op.enroll.userKey.keyGen.encryption.recovery.destroyed.scheme=RecoverLast -op.enroll.userKey.keyGen.encryption.recovery.keyCompromise.revokeCert.reason=1 -op.enroll.userKey.keyGen.encryption.recovery.keyCompromise.revokeCert=true -op.enroll.userKey.keyGen.encryption.recovery.keyCompromise.scheme=GenerateNewKey -op.enroll.userKey.keyGen.encryption.recovery.onHold.revokeCert.reason=6 -op.enroll.userKey.keyGen.encryption.recovery.onHold.revokeCert=true -op.enroll.userKey.keyGen.encryption.recovery.onHold.scheme=GenerateNewKey -op.enroll.userKey.keyGen.encryption.serverKeygen.archive=true -op.enroll.userKey.keyGen.encryption.serverKeygen.drm.conn=drm1 -op.enroll.userKey.keyGen.encryption.serverKeygen.enable=[SERVER_KEYGEN] -op.enroll.userKey.keyGen.keyType.num=2 -op.enroll.userKey.keyGen.keyType.value.0=signing -op.enroll.userKey.keyGen.keyType.value.1=encryption -op.enroll.userKey.keyGen.recovery.destroyed.keyType.num=2 -op.enroll.userKey.keyGen.recovery.destroyed.keyType.value.0=signing -op.enroll.userKey.keyGen.recovery.destroyed.keyType.value.1=encryption -op.enroll.userKey.keyGen.recovery.keyCompromise.keyType.num=2 -op.enroll.userKey.keyGen.recovery.keyCompromise.keyType.value.0=signing -op.enroll.userKey.keyGen.recovery.keyCompromise.keyType.value.1=encryption -op.enroll.userKey.keyGen.recovery.onHold.keyType.num=2 -op.enroll.userKey.keyGen.recovery.onHold.keyType.value.0=signing -op.enroll.userKey.keyGen.recovery.onHold.keyType.value.1=encryption -op.enroll.userKey.keyGen.signing.ca.conn=ca1 -op.enroll.userKey.keyGen.signing.ca.profileId=caTokenUserSigningKeyEnrollment -op.enroll.userKey.keyGen.signing.certAttrId=c1 -op.enroll.userKey.keyGen.signing.certId=C1 -op.enroll.userKey.keyGen.signing.cuid_label=$cuid$ -op.enroll.userKey.keyGen.signing.keySize=1024 -op.enroll.userKey.keyGen.signing.keyUsage=0 -op.enroll.userKey.keyGen.signing.keyUser=0 -op.enroll.userKey.keyGen.signing.label=signing key for $userid$ -op.enroll.userKey.keyGen.signing.overwrite=true -op.enroll.userKey.keyGen.signing.privateKeyAttrId=k2 -op.enroll.userKey.keyGen.signing.private.keyCapabilities.decrypt=false -op.enroll.userKey.keyGen.signing.private.keyCapabilities.derive=false -op.enroll.userKey.keyGen.signing.private.keyCapabilities.encrypt=false -op.enroll.userKey.keyGen.signing.private.keyCapabilities.private=true -op.enroll.userKey.keyGen.signing.private.keyCapabilities.sensitive=true -op.enroll.userKey.keyGen.signing.private.keyCapabilities.signRecover=true -op.enroll.userKey.keyGen.signing.private.keyCapabilities.sign=true -op.enroll.userKey.keyGen.signing.private.keyCapabilities.token=true -op.enroll.userKey.keyGen.signing.private.keyCapabilities.unwrap=false -op.enroll.userKey.keyGen.signing.private.keyCapabilities.verify=false -op.enroll.userKey.keyGen.signing.private.keyCapabilities.verifyRecover=false -op.enroll.userKey.keyGen.signing.private.keyCapabilities.wrap=false -op.enroll.userKey.keyGen.signing.privateKeyNumber=2 -op.enroll.userKey.keyGen.signing.publicKeyAttrId=k3 -op.enroll.userKey.keyGen.signing.public.keyCapabilities.decrypt=false -op.enroll.userKey.keyGen.signing.public.keyCapabilities.derive=false -op.enroll.userKey.keyGen.signing.public.keyCapabilities.encrypt=false -op.enroll.userKey.keyGen.signing.public.keyCapabilities.private=false -op.enroll.userKey.keyGen.signing.public.keyCapabilities.sensitive=false -op.enroll.userKey.keyGen.signing.public.keyCapabilities.sign=false -op.enroll.userKey.keyGen.signing.public.keyCapabilities.signRecover=false -op.enroll.userKey.keyGen.signing.public.keyCapabilities.token=true -op.enroll.userKey.keyGen.signing.public.keyCapabilities.unwrap=false -op.enroll.userKey.keyGen.signing.public.keyCapabilities.verifyRecover=true -op.enroll.userKey.keyGen.signing.public.keyCapabilities.verify=true -op.enroll.userKey.keyGen.signing.public.keyCapabilities.wrap=false -op.enroll.userKey.keyGen.signing.publicKeyNumber=3 -op.enroll.userKey.keyGen.signing.recovery.destroyed.revokeCert.reason=0 -op.enroll.userKey.keyGen.signing.recovery.destroyed.revokeCert=true -op.enroll.userKey.keyGen.signing.recovery.destroyed.scheme=GenerateNewKey -op.enroll.userKey.keyGen.signing.recovery.keyCompromise.revokeCert.reason=1 -op.enroll.userKey.keyGen.signing.recovery.keyCompromise.revokeCert=true -op.enroll.userKey.keyGen.signing.recovery.keyCompromise.scheme=GenerateNewKey -op.enroll.userKey.keyGen.signing.recovery.onHold.revokeCert.reason=6 -op.enroll.userKey.keyGen.signing.recovery.onHold.revokeCert=true -op.enroll.userKey.keyGen.signing.recovery.onHold.scheme=GenerateNewKey -op.enroll.userKey.keyGen.tokenName=$auth.cn$ -op.enroll.userKey.loginRequest.enable=true -op.enroll.userKey.pinReset.enable=true -op.enroll.userKey.pinReset.pin.maxLen=10 -op.enroll.userKey.pinReset.pin.maxRetries=127 -op.enroll.userKey.pinReset.pin.minLen=4 -op.enroll.userKey.pkcs11obj.compress.enable=true -op.enroll.userKey.pkcs11obj.enable=true -op.enroll.userKey.renewal._000=######################################### -op.enroll.userKey.renewal._001=# Token Renewal. -op.enroll.userKey.renewal._002=# -op.enroll.userKey.renewal._003=# For each token in TPS UI, set the -op.enroll.userKey.renewal._004=# following to trigger renewal -op.enroll.userKey.renewal._005=# operations: -op.enroll.userKey.renewal._006=# -op.enroll.userKey.renewal._007=# RENEW=YES -op.enroll.userKey.renewal._008=# -op.enroll.userKey.renewal._009=# Optional grace period enforcement -op.enroll.userKey.renewal._010=# must coincide exactly with what -op.enroll.userKey.renewal._011=# the CA enforces. -op.enroll.userKey.renewal._012=# -op.enroll.userKey.renewal._013=# In case of renewal, encryption certId -op.enroll.userKey.renewal._014=# values are for completeness only, server -op.enroll.userKey.renewal._015=# code calculates actual values used. -op.enroll.userKey.renewal._016=# -op.enroll.userKey.renewal._017=######################################### -op.enroll.userKey.renewal.encryption.ca.conn=ca1 -op.enroll.userKey.renewal.encryption.ca.profileId=caTokenUserEncryptionKeyRenewal -op.enroll.userKey.renewal.encryption.certAttrId=c2 -op.enroll.userKey.renewal.encryption.certId=C2 -op.enroll.userKey.renewal.encryption.enable=true -op.enroll.userKey.renewal.encryption.gracePeriod.after=30 -op.enroll.userKey.renewal.encryption.gracePeriod.before=30 -op.enroll.userKey.renewal.encryption.gracePeriod.enable=false -op.enroll.userKey.renewal.keyType.num=2 -op.enroll.userKey.renewal.keyType.value.0=signing -op.enroll.userKey.renewal.keyType.value.1=encryption -op.enroll.userKey.renewal.signing.ca.conn=ca1 -op.enroll.userKey.renewal.signing.ca.profileId=caTokenUserSigningKeyRenewal -op.enroll.userKey.renewal.signing.certAttrId=c1 -op.enroll.userKey.renewal.signing.certId=C1 -op.enroll.userKey.renewal.signing.enable=true -op.enroll.userKey.renewal.signing.gracePeriod.after=30 -op.enroll.userKey.renewal.signing.gracePeriod.before=30 -op.enroll.userKey.renewal.signing.gracePeriod.enable=false -op.enroll.userKeyTemporary.auth.enable=true -op.enroll.userKeyTemporary.auth.id=ldap1 -op.enroll.userKeyTemporary.cardmgr_instance=A0000000030000 -op.enroll.userKeyTemporary.keyGen.auth.ca.conn=ca1 -op.enroll.userKeyTemporary.keyGen.auth.ca.profileId=caTempTokenDeviceKeyEnrollment -op.enroll.userKeyTemporary.keyGen.auth.certAttrId=c0 -op.enroll.userKeyTemporary.keyGen.auth.certId=C0 -op.enroll.userKeyTemporary.keyGen.auth.cuid_label=$cuid$ -op.enroll.userKeyTemporary.keyGen.auth.keySize=1024 -op.enroll.userKeyTemporary.keyGen.auth.keyUsage=0 -op.enroll.userKeyTemporary.keyGen.auth.keyUser=15 -op.enroll.userKeyTemporary.keyGen.auth.label=Temporary Key for $userid$ -op.enroll.userKeyTemporary.keyGen.auth.overwrite=false -op.enroll.userKeyTemporary.keyGen.auth.privateKeyAttrId=k0 -op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.decrypt=false -op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.derive=false -op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.encrypt=false -op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.private=false -op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.sensitive=true -op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.signRecover=true -op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.sign=true -op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.token=true -op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.unwrap=false -op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.verifyRecover=true -op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.verify=true -op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.wrap=false -op.enroll.userKeyTemporary.keyGen.auth.privateKeyNumber=0 -op.enroll.userKeyTemporary.keyGen.auth.publicKeyAttrId=k1 -op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.decrypt=false -op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.derive=false -op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.encrypt=false -op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.private=false -op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.sensitive=true -op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.signRecover=true -op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.sign=true -op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.token=true -op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.unwrap=false -op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.verifyRecover=true -op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.verify=true -op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.wrap=false -op.enroll.userKeyTemporary.keyGen.auth.publicKeyNumber=1 -op.enroll.userKeyTemporary.keyGen.encryption.ca.conn=ca1 -op.enroll.userKeyTemporary.keyGen.encryption.ca.profileId=caTempTokenUserEncryptionKeyEnrollment -op.enroll.userKeyTemporary.keyGen.encryption.certAttrId=c2 -op.enroll.userKeyTemporary.keyGen.encryption.certId=C2 -op.enroll.userKeyTemporary.keyGen.encryption.cuid_label=$cuid$ -op.enroll.userKeyTemporary.keyGen.encryption.keySize=1024 -op.enroll.userKeyTemporary.keyGen.encryption.keyUsage=0 -op.enroll.userKeyTemporary.keyGen.encryption.keyUser=0 -op.enroll.userKeyTemporary.keyGen.encryption.label=encryption key for $userid$ -op.enroll.userKeyTemporary.keyGen.encryption.overwrite=true -op.enroll.userKeyTemporary.keyGen.encryption.privateKeyAttrId=k4 -op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.decrypt=true -op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.derive=false -op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.encrypt=false -op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.private=true -op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.sensitive=true -op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.sign=false -op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.signRecover=false -op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.token=true -op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.unwrap=true -op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.verify=false -op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.verifyRecover=false -op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.wrap=false -op.enroll.userKeyTemporary.keyGen.encryption.privateKeyNumber=4 -op.enroll.userKeyTemporary.keyGen.encryption.publicKeyAttrId=k5 -op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.decrypt=false -op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.derive=false -op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.encrypt=true -op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.private=false -op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.sensitive=false -op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.sign=false -op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.signRecover=false -op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.token=true -op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.unwrap=false -op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.verify=false -op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.verifyRecover=false -op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.wrap=true -op.enroll.userKeyTemporary.keyGen.encryption.publicKeyNumber=5 -op.enroll.userKeyTemporary.keyGen.encryption.recovery.onHold.revokeCert.reason=0 -op.enroll.userKeyTemporary.keyGen.encryption.recovery.onHold.revokeCert=true -op.enroll.userKeyTemporary.keyGen.encryption.recovery.onHold.scheme=RecoverLast -op.enroll.userKeyTemporary.keyGen.encryption.serverKeygen.archive=true -op.enroll.userKeyTemporary.keyGen.encryption.serverKeygen.drm.conn=drm1 -op.enroll.userKeyTemporary.keyGen.encryption.serverKeygen.enable=true -op.enroll.userKeyTemporary.keyGen.keyType.num=3 -op.enroll.userKeyTemporary.keyGen.keyType.value.0=auth -op.enroll.userKeyTemporary.keyGen.keyType.value.1=signing -op.enroll.userKeyTemporary.keyGen.keyType.value.2=encryption -op.enroll.userKeyTemporary.keyGen.recovery.onHold.keyType.num=2 -op.enroll.userKeyTemporary.keyGen.recovery.onHold.keyType.value.0=signing -op.enroll.userKeyTemporary.keyGen.recovery.onHold.keyType.value.1=encryption -op.enroll.userKeyTemporary.keyGen.signing.ca.conn=ca1 -op.enroll.userKeyTemporary.keyGen.signing.ca.profileId=caTempTokenUserSigningKeyEnrollment -op.enroll.userKeyTemporary.keyGen.signing.certAttrId=c1 -op.enroll.userKeyTemporary.keyGen.signing.certId=C1 -op.enroll.userKeyTemporary.keyGen.signing.cuid_label=$cuid$ -op.enroll.userKeyTemporary.keyGen.signing.keySize=1024 -op.enroll.userKeyTemporary.keyGen.signing.keyUsage=0 -op.enroll.userKeyTemporary.keyGen.signing.keyUser=0 -op.enroll.userKeyTemporary.keyGen.signing.label=signing key for $userid$ -op.enroll.userKeyTemporary.keyGen.signing.overwrite=true -op.enroll.userKeyTemporary.keyGen.signing.privateKeyAttrId=k2 -op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.decrypt=false -op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.derive=false -op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.encrypt=false -op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.private=true -op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.sensitive=true -op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.signRecover=true -op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.sign=true -op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.token=true -op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.unwrap=false -op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.verify=false -op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.verifyRecover=false -op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.wrap=false -op.enroll.userKeyTemporary.keyGen.signing.privateKeyNumber=2 -op.enroll.userKeyTemporary.keyGen.signing.publicKeyAttrId=k3 -op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.decrypt=false -op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.derive=false -op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.encrypt=false -op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.private=false -op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.sensitive=false -op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.sign=false -op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.signRecover=false -op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.token=true -op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.unwrap=false -op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.verifyRecover=true -op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.verify=true -op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.wrap=false -op.enroll.userKeyTemporary.keyGen.signing.publicKeyNumber=3 -op.enroll.userKeyTemporary.keyGen.signing.recovery.onHold.revokeCert.reason=0 -op.enroll.userKeyTemporary.keyGen.signing.recovery.onHold.revokeCert=true -op.enroll.userKeyTemporary.keyGen.signing.recovery.onHold.scheme=GenerateNewKey -op.enroll.userKeyTemporary.keyGen.tokenName=$auth.cn$ (Temporary) -op.enroll.userKeyTemporary.loginRequest.enable=true -op.enroll.userKeyTemporary.pinReset.enable=true -op.enroll.userKeyTemporary.pinReset.pin.maxLen=10 -op.enroll.userKeyTemporary.pinReset.pin.maxRetries=127 -op.enroll.userKeyTemporary.pinReset.pin.minLen=4 -op.enroll.userKeyTemporary.pkcs11obj.compress.enable=true -op.enroll.userKeyTemporary.pkcs11obj.enable=true -op.enroll.userKeyTemporary.tks.conn=tks1 -op.enroll.userKey.temporaryToken.tokenType=userKeyTemporary -op.enroll.userKeyTemporary.update.applet.directory=[TPS_DIR]/applets -op.enroll.userKeyTemporary.update.applet.emptyToken.enable=true -op.enroll.userKeyTemporary.update.applet.enable=true -op.enroll.userKeyTemporary.update.applet.encryption=true -op.enroll.userKeyTemporary.update.applet.requiredVersion=1.4.4d40a449 -op.enroll.userKeyTemporary.update.symmetricKeys.enable=false -op.enroll.userKeyTemporary.update.symmetricKeys.requiredVersion=1 -op.enroll.userKey.tks.conn=tks1 -op.enroll.userKey.update.applet.directory=[TPS_DIR]/applets -op.enroll.userKey.update.applet.emptyToken.enable=true -op.enroll.userKey.update.applet.enable=true -op.enroll.userKey.update.applet.encryption=true -op.enroll.userKey.update.applet.requiredVersion=1.4.4d40a449 -op.enroll.userKey.update.symmetricKeys.enable=false -op.enroll.userKey.update.symmetricKeys.requiredVersion=1 -op.format._000=######################################### -op.format._001=# Format Operation For tokenKey -op.format._002=# -op.format._003=# op.format.tokenKey.update.applet.emptyToken.enable=false -op.format._004=# - update applet or not if token is empty -op.format._005=# -op.format._006=# - applicable to CoolKey -op.format._007=# - applicable to HouseKey -op.format._008=# - applicable to HouseKey with Legacy Applet -op.format._009=######################################### -op.format.allowUnknownToken=true -op.format.cleanToken.auth.enable=false -op.format.cleanToken.auth.id=ldap1 -op.format.cleanToken.ca.conn=ca1 -op.format.cleanToken.cardmgr_instance=A0000000030000 -op.format.cleanToken.issuerinfo.enable=true -op.format.cleanToken.issuerinfo.value= -op.format.cleanToken.loginRequest.enable=true -op.format.cleanToken.revokeCert=true -op.format.cleanToken.tks.conn=tks1 -op.format.cleanToken.update.applet.directory=[TPS_DIR]/applets -op.format.cleanToken.update.applet.emptyToken.enable=true -op.format.cleanToken.update.applet.encryption=true -op.format.cleanToken.update.applet.requiredVersion=1.4.4d40a449 -op.format.cleanToken.update.symmetricKeys.enable=false -op.format.cleanToken.update.symmetricKeys.requiredVersion=1 -op.format.mapping.0.filter.appletMajorVersion= -op.format.mapping.0.filter.appletMinorVersion= -op.format.mapping.0.filter.tokenATR= -op.format.mapping.0.filter.tokenCUID.end= -op.format.mapping.0.filter.tokenCUID.start= -op.format.mapping.0.filter.tokenType=soCleanUserToken -op.format.mapping.0.target.tokenType=soCleanUserToken -op.format.mapping.1.filter.appletMajorVersion= -op.format.mapping.1.filter.appletMinorVersion= -op.format.mapping.1.filter.tokenATR= -op.format.mapping.1.filter.tokenCUID.end= -op.format.mapping.1.filter.tokenCUID.start= -op.format.mapping.1.filter.tokenType=soUserKey -op.format.mapping.1.target.tokenType=soUserKey -op.format.mapping.2.filter.appletMajorVersion= -op.format.mapping.2.filter.appletMinorVersion= -op.format.mapping.2.filter.tokenATR= -op.format.mapping.2.filter.tokenCUID.end= -op.format.mapping.2.filter.tokenCUID.start= -op.format.mapping.2.filter.tokenType=soKey -op.format.mapping.2.target.tokenType=soKey -op.format.mapping.3.filter.appletMajorVersion= -op.format.mapping.3.filter.appletMinorVersion= -op.format.mapping.3.filter.tokenATR= -op.format.mapping.3.filter.tokenCUID.end= -op.format.mapping.3.filter.tokenCUID.start= -op.format.mapping.3.filter.tokenType=userKey -op.format.mapping.3.target.tokenType=userKey -op.format.mapping.4.filter.appletMajorVersion= -op.format.mapping.4.filter.appletMinorVersion= -op.format.mapping.4.filter.tokenATR= -op.format.mapping.4.filter.tokenCUID.end= -op.format.mapping.4.filter.tokenCUID.start= -op.format.mapping.4.filter.tokenType=soCleanSOToken -op.format.mapping.4.target.tokenType=soCleanSOToken -op.format.mapping.5.filter.appletMajorVersion= -op.format.mapping.5.filter.appletMinorVersion= -op.format.mapping.5.filter.tokenATR= -op.format.mapping.5.filter.tokenCUID.end= -op.format.mapping.5.filter.tokenCUID.start= -op.format.mapping.5.filter.tokenType=cleanToken -op.format.mapping.5.target.tokenType=cleanToken -op.format.mapping.6.filter.appletMajorVersion= -op.format.mapping.6.filter.appletMinorVersion= -op.format.mapping.6.filter.tokenATR= -op.format.mapping.6.filter.tokenCUID.end= -op.format.mapping.6.filter.tokenCUID.start= -op.format.mapping.6.target.tokenType=tokenKey -op.format.mapping.order=0,1,2,3,4,5,6 -op.format.soCleanSOToken.auth.enable=false -op.format.soCleanSOToken.auth.id=ldap1 -op.format.soCleanSOToken.ca.conn=ca1 -op.format.soCleanSOToken.cardmgr_instance=A0000000030000 -op.format.soCleanSOToken.issuerinfo.enable=true -op.format.soCleanSOToken.issuerinfo.value= -op.format.soCleanSOToken.loginRequest.enable=false -op.format.soCleanSOToken.revokeCert=true -op.format.soCleanSOToken.tks.conn=tks1 -op.format.soCleanSOToken.update.applet.directory=[TPS_DIR]/applets -op.format.soCleanSOToken.update.applet.emptyToken.enable=true -op.format.soCleanSOToken.update.applet.encryption=true -op.format.soCleanSOToken.update.applet.requiredVersion=1.4.4d40a449 -op.format.soCleanSOToken.update.symmetricKeys.enable=false -op.format.soCleanSOToken.update.symmetricKeys.requiredVersion=1 -op.format.soCleanUserToken.auth.enable=false -op.format.soCleanUserToken.auth.id=ldap1 -op.format.soCleanUserToken.ca.conn=ca1 -op.format.soCleanUserToken.cardmgr_instance=A0000000030000 -op.format.soCleanUserToken.issuerinfo.enable=true -op.format.soCleanUserToken.issuerinfo.value= -op.format.soCleanUserToken.loginRequest.enable=false -op.format.soCleanUserToken.revokeCert=true -op.format.soCleanUserToken.tks.conn=tks1 -op.format.soCleanUserToken.update.applet.directory=[TPS_DIR]/applets -op.format.soCleanUserToken.update.applet.emptyToken.enable=true -op.format.soCleanUserToken.update.applet.encryption=true -op.format.soCleanUserToken.update.applet.requiredVersion=1.4.4d40a449 -op.format.soCleanUserToken.update.symmetricKeys.enable=false -op.format.soCleanUserToken.update.symmetricKeys.requiredVersion=1 -op.format.soKey.auth.enable=true -op.format.soKey.auth.id=ldap2 -op.format.soKey.ca.conn=ca1 -op.format.soKey.cardmgr_instance=A0000000030000 -op.format.soKey.issuerinfo.enable=true -op.format.soKey.issuerinfo.value=http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/cgi-bin/so/index.cgi -op.format.soKey.loginRequest.enable=true -op.format.soKey.revokeCert=true -op.format.soKey.tks.conn=tks1 -op.format.soKey.update.applet.directory=[TPS_DIR]/applets -op.format.soKey.update.applet.emptyToken.enable=true -op.format.soKey.update.applet.encryption=true -op.format.soKey.update.applet.requiredVersion=1.4.4d40a449 -op.format.soKey.update.symmetricKeys.enable=false -op.format.soKey.update.symmetricKeys.requiredVersion=1 -op.format.soUserKey.auth.enable=false -op.format.soUserKey.auth.id=ldap1 -op.format.soUserKey.ca.conn=ca1 -op.format.soUserKey.cardmgr_instance=A0000000030000 -op.format.soUserKey.issuerinfo.enable=true -op.format.soUserKey.issuerinfo.value=http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/cgi-bin/home/index.cgi -op.format.soUserKey.loginRequest.enable=false -op.format.soUserKey.revokeCert=true -op.format.soUserKey.tks.conn=tks1 -op.format.soUserKey.update.applet.directory=[TPS_DIR]/applets -op.format.soUserKey.update.applet.emptyToken.enable=true -op.format.soUserKey.update.applet.encryption=true -op.format.soUserKey.update.applet.requiredVersion=1.4.4d40a449 -op.format.soUserKey.update.symmetricKeys.enable=false -op.format.soUserKey.update.symmetricKeys.requiredVersion=1 -op.format.tokenKey.auth.enable=true -op.format.tokenKey.auth.id=ldap1 -op.format.tokenKey.ca.conn=ca1 -op.format.tokenKey.cardmgr_instance=A0000000030000 -op.format.tokenKey.issuerinfo.enable=true -op.format.tokenKey.issuerinfo.value=http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/cgi-bin/home/index.cgi -op.format.tokenKey.loginRequest.enable=true -op.format.tokenKey.revokeCert=true -op.format.tokenKey.tks.conn=tks1 -op.format.tokenKey.update.applet.directory=[TPS_DIR]/applets -op.format.tokenKey.update.applet.emptyToken.enable=true -op.format.tokenKey.update.applet.encryption=true -op.format.tokenKey.update.applet.requiredVersion=1.4.4d40a449 -op.format.tokenKey.update.symmetricKeys.enable=false -op.format.tokenKey.update.symmetricKeys.requiredVersion=1 -op.format.userKey.auth.enable=true -op.format.userKey.auth.id=ldap1 -op.format.userKey.ca.conn=ca1 -op.format.userKey.cardmgr_instance=A0000000030000 -op.format.userKey.issuerinfo.enable=true -op.format.userKey.issuerinfo.value=http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/cgi-bin/home/index.cgi -op.format.userKey.loginRequest.enable=true -op.format.userKey.revokeCert=true -op.format.userKey.tks.conn=tks1 -op.format.userKey.update.applet.directory=[TPS_DIR]/applets -op.format.userKey.update.applet.emptyToken.enable=true -op.format.userKey.update.applet.encryption=true -op.format.userKey.update.applet.requiredVersion=1.4.4d40a449 -op.format.userKey.update.symmetricKeys.enable=false -op.format.userKey.update.symmetricKeys.requiredVersion=1 -op.pinReset._000=######################################### -op.pinReset._001=# Certificate Chain Imports -op.pinReset._002=# -op.pinReset._003=# op.enroll.certificates.num=1 -op.pinReset._004=# op.enroll.certificates.value.0=caCert -op.pinReset._005=# op.enroll.certificates.caCert.nickName=caCert0 pki-tps -op.pinReset._006=# op.enroll.certificates.caCert.certId=C5 -op.pinReset._007=# op.enroll.certificates.caCert.certAttrId=c5 -op.pinReset._008=# op.enroll.certificates.caCert.label=caCert Label -op.pinReset._009=######################################### -op.pinReset._010=######################################### -op.pinReset._011=# Pin Reset Operation For CoolKey -op.pinReset._012=# -op.pinReset._013=# op.pinReset.userKey.update.applet.emptyToken.enable=false -op.pinReset._014=# - update applet or not if token is empty -op.pinReset._015=# -op.pinReset._016=# - N/A for HouseKey -op.pinReset._017=# - N/A for HouseKey with Legacy Applet -op.pinReset._018=######################################### -op.pinReset.mapping.0.filter.appletMajorVersion= -op.pinReset.mapping.0.filter.appletMinorVersion= -op.pinReset.mapping.0.filter.tokenATR= -op.pinReset.mapping.0.filter.tokenCUID.end= -op.pinReset.mapping.0.filter.tokenCUID.start= -op.pinReset.mapping.0.filter.tokenType= -op.pinReset.mapping.0.target.tokenType=userKey -op.pinReset.mapping.order=0 -op.pinReset.userKey.auth.enable=true -op.pinReset.userKey.auth.id=ldap1 -op.pinReset.userKey.cardmgr_instance=A0000000030000 -op.pinReset.userKey.loginRequest.enable=true -op.pinReset.userKey.pinReset.pin.maxLen=10 -op.pinReset.userKey.pinReset.pin.minLen=4 -op.pinReset.userKey.tks.conn=tks1 -op.pinReset.userKey.update.applet.directory=[TPS_DIR]/applets -op.pinReset.userKey.update.applet.emptyToken.enable=true -op.pinReset.userKey.update.applet.enable=false -op.pinReset.userKey.update.applet.encryption=true -op.pinReset.userKey.update.applet.requiredVersion=1.4.4d40a449 -op.pinReset.userKey.update.symmetricKeys.enable=false -op.pinReset.userKey.update.symmetricKeys.requiredVersion=1 -os.serverName=cert-[PKI_INSTANCE_NAME] -os.userid=nobody -passwordClass=com.netscape.cmsutil.password.PlainPasswordFile -passwordFile=[PKI_INSTANCE_PATH]/conf/password.conf -pidDir=[PKI_PIDDIR] -pkicreate.admin_secure_port=[PKI_ADMIN_SECURE_PORT] -pkicreate.agent_secure_port=[PKI_AGENT_SECURE_PORT] -pkicreate.ee_secure_port=[PKI_EE_SECURE_PORT] -pkicreate.group=[PKI_GROUP] -pkicreate.pki_instance_name=[PKI_INSTANCE_NAME] -pkicreate.pki_instance_root=[PKI_INSTANCE_ROOT] -pkicreate.secure_port=[PKI_SECURE_PORT] -pkicreate.subsystem_type=[PKI_SUBSYSTEM_TYPE] -pkicreate.systemd.servicename=[PKI_SYSTEMD_SERVICENAME] -pkicreate.tomcat_server_port=[TOMCAT_SERVER_PORT] -pkicreate.unsecure_port=[PKI_UNSECURE_PORT] -pkicreate.user=[PKI_USER] -pkiremove.cert.subsystem.nickname=subsystemCert cert-[PKI_INSTANCE_NAME] -preop.admincert.profile=caAdminCert -preop.admin.group=TUS Agents,TUS Operators,TUS Administrators,TUS Officers -preop.admin.name=Token Processing Service Manager Administrator -preop.cert.admin.defaultSigningAlgorithm=SHA256withRSA -preop.cert.admin.dn=uid=admin,cn=admin -preop.cert.admin.keysize.custom_size=2048 -preop.cert.admin.keysize.size=2048 -preop.cert.admin.profile=adminCert.profile -preop.cert.audit_signing.cncomponent.override=true -preop.cert.audit_signing.defaultSigningAlgorithm=SHA256withRSA -preop.cert.audit_signing.dn=CN=TPS Audit Signing Certificate -preop.cert.audit_signing.enable=true -preop.cert.audit_signing.keysize.custom_size=2048 -preop.cert.audit_signing.keysize.size=2048 -preop.cert.audit_signing.nickname=auditSigningCert cert-[PKI_INSTANCE_NAME] -preop.cert.audit_signing.profile=caInternalAuthAuditSigningCert -preop.cert.audit_signing.signing.required=false -preop.cert.audit_signing.subsystem=tps -preop.cert.audit_signing.type=remote -preop.cert.audit_signing.userfriendlyname=TPS Audit Signing Certificate -preop.cert.list=sslserver,subsystem,audit_signing -preop.cert.rsalist=audit_signing -preop.cert.sslserver.cncomponent.override=false -preop.cert.sslserver.defaultSigningAlgorithm=SHA256withRSA -preop.cert.sslserver.dn=CN=[PKI_HOSTNAME] -preop.cert.sslserver.enable=true -preop.cert.sslserver.keysize.custom_size=2048 -preop.cert.sslserver.keysize.size=2048 -preop.cert.sslserver.nickname=[PKI_SSL_SERVER_NICKNAME] -preop.cert.sslserver.profile=caInternalAuthServerCert -preop.cert.sslserver.signing.required=false -preop.cert.sslserver.subsystem=tps -preop.cert.sslserver.type=remote -preop.cert.sslserver.userfriendlyname=SSL Server Certificate -preop.cert.subsystem.cncomponent.override=true -preop.cert.subsystem.defaultSigningAlgorithm=SHA256withRSA -preop.cert.subsystem.dn=CN=TPS Subsystem Certificate -preop.cert.subsystem.enable=true -preop.cert.subsystem.keysize.custom_size=2048 -preop.cert.subsystem.keysize.size=2048 -preop.cert.subsystem.nickname=subsystemCert cert-[PKI_INSTANCE_NAME] -preop.cert.subsystem.profile=caInternalAuthSubsystemCert -preop.cert.subsystem.signing.required=false -preop.cert.subsystem.subsystem=tps -preop.cert.subsystem.type=remote -preop.cert.subsystem.userfriendlyname=Subsystem Certificate -preop.configModules.count=3 -preop.configModules.module0.commonName=NSS Internal PKCS #11 Module -preop.configModules.module0.imagePath=/pki/images/clearpixel.gif -preop.configModules.module0.userFriendlyName=NSS Internal PKCS #11 Module -preop.configModules.module1.commonName=nfast -preop.configModules.module1.imagePath=/pki/images/clearpixel.gif -preop.configModules.module1.userFriendlyName=nCipher's nFast Token Hardware Module -preop.configModules.module2.commonName=lunasa -preop.configModules.module2.imagePath=/pki/images/clearpixel.gif -preop.configModules.module2.userFriendlyName=SafeNet's LunaSA Token Hardware Module -preop.hierarchy.profile=caCert.profile -preop.internaldb.data_ldif=/usr/share/pki/tps/conf/db.ldif -preop.internaldb.index_ldif=/usr/share/pki/tps/conf/index.ldif -preop.internaldb.ldif=/usr/share/pki/tps/conf/database.ldif -preop.internaldb.manager_ldif=/usr/share/pki/tps/conf/manager.ldif -preop.internaldb.post_ldif=/usr/share/pki/tps/conf/vlv.ldif,/usr/share/pki/tps/conf/vlvtasks.ldif -preop.internaldb.schema.ldif=/usr/share/pki/tps/conf/schema.ldif -preop.internaldb.wait_dn=cn=index1160528734, cn=index, cn=tasks, cn=config -preop.module.token=Internal Key Storage Token -preop.pin=[PKI_RANDOM_NUMBER] -preop.product.name=CS -preop.securitydomain.admin_url=https://[PKI_HOSTNAME]:8443 -preop.system.fullname=Token Key Service -preop.system.name=TPS -preop.wizard.name=TPS Setup Wizard -proxy.securePort=[PKI_PROXY_SECURE_PORT] -proxy.unsecurePort=[PKI_PROXY_UNSECURE_PORT] -registry.file=[PKI_INSTANCE_PATH]/conf/registry.cfg -selftests._000=## -selftests._001=## Self Tests -selftests._002=## -selftests._003=## The Self-Test plugin TPSSystemCertsVerification uses the -selftests._004=## following parameters (where certusage is optional): -selftests._005=## tps.cert.list = <list of cert tag names deliminated by ","> -selftests._006=## tps.cert.<cert tag name>.nickname -selftests._007=## tps.cert.<cert tag name>.certusage -selftests._008=## -selftests.container.instance.SystemCertsVerification=com.netscape.cms.selftests.common.SystemCertsVerification -selftests.container.logger.bufferSize=512 -selftests.container.logger.class=com.netscape.cms.logging.RollingLogFile -selftests.container.logger.enable=true -selftests.container.logger.expirationTime=0 -selftests.container.logger.fileName=[PKI_INSTANCE_PATH]/logs/[PKI_SUBSYSTEM_TYPE]/selftests.log -selftests.container.logger.flushInterval=5 -selftests.container.logger.level=1 -selftests.container.logger.maxFileSize=2000 -selftests.container.logger.register=false -selftests.container.logger.rolloverInterval=2592000 -selftests.container.logger.type=transaction -selftests.container.order.onDemand=SystemCertsVerification:critical -selftests.container.order.startup=SystemCertsVerification:critical -selftests.plugin.SystemCertsVerification.SubId=tps -service.instanceDir=[PKI_INSTANCE_ROOT] -service.instanceID=[PKI_INSTANCE_NAME] -service.machineName=[PKI_HOSTNAME] -service.non_clientauth_securePort=[PKI_EE_SECURE_PORT] -service.securePort=[PKI_AGENT_SECURE_PORT] -service.unsecurePort=[PKI_UNSECURE_PORT] -smtp.host=localhost -smtp.port=25 -subsystem.0.class=org.dogtagpki.tps.server.TPSSubsystem -subsystem.0.id=tps -subsystem.1.class=com.netscape.cmscore.selftests.SelfTestSubsystem -subsystem.1.id=selftests -subsystem.2.class=com.netscape.cmscore.util.StatsSubsystem -subsystem.2.id=stats -target._000=######################################### -target._001=# entries to enable configuration of parameter sets through the TPS UI agent and admin tabs -target._002=# -target._003=# target.configure.list = comma separated lists of all parameter sets that can be configured by the admin. -target._004=# Each entry will show up (with underscore replaced by space) under Advanced Configuration on the admin tab. -target._005=# -target._006=# target.agent_approve.list = comma separated subset of above list. Parameter sets in this list -target._007=# will show up in the agent tab (under advanced configuration) and will require agent involvement -target._008=# (enable/ disable) to be edited. -target._009=# -target._010=# For the wording to display correctly, the values in the above list should be plurals. -target._011=# -target._012=# Each parameter set in the lists above requires three parameters: -target._013=# target.<type name>.list : list of choices of this parameter set type (will display in the drop down box) -target._014=# target.<type name>.pattern : the regular expression to select parameters in CS.cfg for this parameter set. -target._015=# target.<type_name>.displayname: used in the UI display text. This should be the singular form of <type_name>. -target._016=# -target._017=# The exception is the parameter set Generals, which has only a pattern and displayname defined. -target._018=# -target._019=######################################## -target.agent_approve.list=Profiles -target.Authentication_Sources.displayname=Authentication Source -target.Authentication_Sources.list=0,1 -target.Authentication_Sources.pattern=auth\.instance\.$name\..* -target.configure.list=Profiles,Subsystem_Connections,Profile_Mappings,Authentication_Sources -target.Generals.displayname=General -target.Generals.pattern=^applet\..*\|^general\..*\|^failover.pod.enable\|^channel\..* -target.Profile_Mappings.displayname=Profile Mapping -target.Profile_Mappings.list=enroll,format,pinReset -target.Profile_Mappings.pattern=op\.$name\.mapping\..* -target.Profiles.displayname=Profile -target.Profiles.list=userKey,soKey,soCleanUserToken,soUserKey,cleanToken,soCleanSoToken,tokenKey -target.Profiles.pattern=op\..*\.$name\..* -target.Subsystem_Connections.displayname=Subsystem Connection -target.Subsystem_Connections.list=ca1,drm1,tks1 -target.Subsystem_Connections.pattern=conn\.$name\..* -tokendb._000=######################################### -tokendb._001=# tokendb.auditLog: -tokendb._002=# - audit log path -tokendb._003=# tokendb.host: -tokendb._004=# - tokendb host name -tokendb._005=# tokendb.port: -tokendb._006=# - tokendb port number -tokendb._007=# tokendb.bindDN: -tokendb._008=# - tokendb administration DN (i.e. cn=Directory Manager) -tokendb._009=# tokendb.bindPassPath: -tokendb._010=# - tokendb administration password file path -tokendb._011=# tokendb.templateDir -tokendb._012=# - directory where all the tokendb templates are located -tokendb._013=# tokendb.userBaseDN: -tokendb._014=# - directory base DN for users and groups -tokendb._015=# tokendb.baseDN: -tokendb._016=# - directory base DN for tokens -tokendb._017=# tokendb.activityBaseDN: -tokendb._018=# - directory base DN for activities -tokendb._019=# tokendb.indexTemplate=index.template -tokendb._020=# - index template -tokendb._021=# tokendb.newTemplate=new.template -tokendb._022=# - add template -tokendb._023=# tokendb.showTemplate=show.template -tokendb._024=# - show template -tokendb._025=# tokendb.errorTemplate=error.template -tokendb._026=# - error template -tokendb._027=# tokendb.searchTemplate=search.template -tokendb._028=# - search template -tokendb._029=# tokendb.searchResultTemplate=searchResults.template -tokendb._030=# - search result template -tokendb._031=# tokendb.editTemplate=edit.template -tokendb._032=# - edit template -tokendb._033=# tokendb.editResultTemplate=editResults.template -tokendb._034=# - edit result template -tokendb._035=# tokendb.addResultTemplate=addResults.template -tokendb._036=# - add result template -tokendb._037=# tokendb.deleteResultTemplate=deleteResults.template -tokendb._038=# - delete result template -tokendb._039=# tokendb.searchActivityTemplate=searchActivity.template -tokendb._040=# - search activity template -tokendb._041=# tokendb.searchActivityResultTemplate=searchActivityResults.template -tokendb._042=# - search activity result template -tokendb._043=# tokendb.showAdminTemplate=showAdmin.template -tokendb._044=# - show admin template -tokendb._045=# tokendb.editAdminTemplate=editAdmin.template -tokendb._046=# - edit admin template -tokendb._047=# tokendb.editAdminResultTemplate=editAdminResults.template -tokendb._048=# - edit admin result template -tokendb._049=# tokendb.searchAdminTemplate=searchAdmin.template -tokendb._050=# - search admin template -tokendb._051=# tokendb.searchAdminResultTemplate=searchAdminResults.template -tokendb._052=# - search admin result template -tokendb._053=# tokendb.defaultPolicy: -tokendb._054=# Supported Policy (Separated by ; [Semicolon]): -tokendb._055=# For example, PIN_RESET=YES|NO;RE_ENROLL=YES|NO -tokendb._056=# PIN_RESET=YES|NO -tokendb._057=# - If not present, pin reset by user is allowed. -tokendb._058=# - If present and agent change PIN_RESET from NO -tokendb._059=# to YES, user is allowed to do pin reset. This -tokendb._060=# policy will be changed back to NO after pin reset. -tokendb._061=# RE_ENROLL=YES|NO -tokendb._062=# - If not present, re-enrollment is allowed. -tokendb._063=# - If present, re-enrollment is allowed when RE_ENROLL -tokendb._064=# is set to YES. Otherwise, re-enrollment is not -tokendb._065=# allowed. -tokendb._066=# tokendb.allowedTransitions: -tokendb._067=# - has transitions between the following states -tokendb._068=# TOKEN_UNINITIALIZED = 0, -tokendb._069=# TOKEN_DAMAGED =1, -tokendb._070=# TOKEN_PERM_LOST=2, -tokendb._071=# TOKEN_TEMP_LOST=3, -tokendb._072=# TOKEN_FOUND =4, -tokendb._073=# TOKEN_TEMP_LOST_PERM_LOST =5, -tokendb._074=# TOKEN_TERMINATED = 6 -tokendb._075=######################################### -tokendb.activityBaseDN=ou=Activities,[TOKENDB_ROOT] -tokendb.addConfigTemplate=addConfig.template -tokendb.addResultTemplate=addResults.template -tokendb.agentSelectConfigTemplate=agentSelectConfig.template -tokendb.agentViewConfigTemplate=agentViewConfig.template -tokendb.allowedTransitions=0:1,0:2,0:3,0:4,0:5,0:6,3:4,3:5,3:6,4:1,4:2,4:3,4:6 -tokendb.auditAdminTemplate=auditAdmin.template -tokendb.auditLog=[PKI_INSTANCE_PATH]/logs/tokendb-audit.log -tokendb.baseDN=ou=Tokens,[TOKENDB_ROOT] -tokendb.bindDN=cn=Directory Manager -tokendb.bindPassPath=[PKI_INSTANCE_PATH]/conf/password.conf -tokendb.certBaseDN=ou=Certificates,[TOKENDB_ROOT] -tokendb.confirmConfigChangesTemplate=confirmConfigChanges.template -tokendb.confirmDeleteConfigTemplate=confirmDeleteConfig.template -tokendb.defaultPolicy=RE_ENROLL=YES -tokendb.deleteResultTemplate=deleteResults.template -tokendb.deleteTemplate=delete.template -tokendb.doTokenConfirmTemplate=doTokenConfirm.template -tokendb.doTokenTemplate=doToken.template -tokendb.editConfigTemplate=editConfig.template -tokendb.editResultTemplate=editResults.template -tokendb.editTemplate=edit.template -tokendb.editUserTemplate=editUser.template -tokendb.errorTemplate=error.template -tokendb.hostport=[TOKENDB_HOST]:[TOKENDB_PORT] -tokendb.indexAdminTemplate=indexAdmin.template -tokendb.indexOperatorTemplate=indexOperator.template -tokendb.indexTemplate=index.template -tokendb.newTemplate=new.template -tokendb.newUserTemplate=newUser.template -tokendb.revokeTemplate=revoke.template -tokendb.searchActivityAdminResultTemplate=searchActivityAdminResults.template -tokendb.searchActivityAdminTemplate=searchActivityAdmin.template -tokendb.searchActivityResultTemplate=searchActivityResults.template -tokendb.searchActivityTemplate=searchActivity.template -tokendb.searchAdminResultTemplate=searchAdminResults.template -tokendb.searchAdminTemplate=searchAdmin.template -tokendb.searchCertificateResultTemplate=searchCertificateResults.template -tokendb.searchCertificateTemplate=searchCertificate.template -tokendb.searchResultTemplate=searchResults.template -tokendb.searchTemplate=search.template -tokendb.searchUserResultTemplate=searchUserResults.template -tokendb.searchUserTemplate=searchUser.template -tokendb.selectConfigTemplate=selectConfig.template -tokendb.selfTestResultsTemplate=selfTestResults.template -tokendb.selfTestTemplate=selfTest.template -tokendb.showAdminTemplate=showAdmin.template -tokendb.showCertTemplate=showCert.template -tokendb.showTemplate=show.template -tokendb.ssl=false -tokendb.templateDir=[PKI_INSTANCE_PATH]/docroot/tus -tokendb.userBaseDN=[TOKENDB_ROOT] -tokendb.userDeleteTemplate=userDelete.template -tps._000=######################################## -tps._001=# For verifying system certificates -tps._002=# tps.cert.list=sslserver,subsystem,audit_signing -tps._003=# tps.cert.sslserver.nickname=xxx -tps._005=# tps.cert.subsystem.nickname=xxx -tps._007=# tps.cert.audit_signing.nickname=xxx -tps._008=# operations.allowedTransitions: -tps._009=# - token operations, like formatting and enrollment have transitions between the following states -tps._010=# TOKEN_UNINITIALIZED = 0, -tps._011=# TOKEN_DAMAGED =1, -tps._012=# TOKEN_PERM_LOST=2, -tps._013=# TOKEN_TEMP_LOST=3, -tps._014=# TOKEN_FOUND =4, -tps._015=# TOKEN_TEMP_LOST_PERM_LOST =5, -tps._016=# TOKEN_TERMINATED = 6 -tps._017=# Sample: tps.operations.allowedTransitions=0:0,0:4,4:6,6:0 -tps._018=######################################## -tps.cert.audit_signing.certusage=ObjectSigner -tps.cert.audit_signing.nickname=[HSM_LABEL][NICKNAME] -tps.cert.list=sslserver,subsystem,audit_signing -tps.cert.sslserver.certusage=SSLServer -tps.cert.subsystem.certusage=SSLClient -tps.operations.allowedTransitions=0:0,0:4,4:0 -usrgrp._000=## -usrgrp._001=## User/Group -usrgrp._002=## -usrgrp.ldap=internaldb |