diff options
Diffstat (limited to 'base/tps')
| -rw-r--r-- | base/tps/shared/conf/CS.cfg.in | 2490 | ||||
| -rw-r--r-- | base/tps/shared/conf/db.ldif | 82 | ||||
| -rw-r--r-- | base/tps/shared/conf/index.ldif | 269 | ||||
| -rw-r--r-- | base/tps/shared/conf/schema.ldif | 537 |
4 files changed, 1351 insertions, 2027 deletions
diff --git a/base/tps/shared/conf/CS.cfg.in b/base/tps/shared/conf/CS.cfg.in index e972bcb9d..2ea111de9 100644 --- a/base/tps/shared/conf/CS.cfg.in +++ b/base/tps/shared/conf/CS.cfg.in @@ -1,184 +1,98 @@ _000=## _001=## Token Processing System (TPS) Configuration File _002=## -pidDir=[PKI_PIDDIR] -pkicreate.pki_instance_root=[PKI_INSTANCE_ROOT] -pkicreate.pki_instance_name=[PKI_INSTANCE_NAME] -pkicreate.subsystem_type=[PKI_SUBSYSTEM_TYPE] -pkicreate.secure_port=[PKI_SECURE_PORT] -pkicreate.non_clientauth_secure_port=[NON_CLIENTAUTH_SECURE_PORT] -pkicreate.unsecure_port=[PKI_UNSECURE_PORT] -pkicreate.user=[PKI_USER] -pkicreate.group=[PKI_GROUP] -pkiremove.cert.subsystem.nickname=subsystemCert cert-[PKI_INSTANCE_NAME] -cs.type=TPS -selftests._000=## -selftests._001=## Self Tests -selftests._002=## -selftests._003=## The Self-Test plugin TPSSystemCertsVerification uses the -selftests._004=## following parameters (where certusage is optional): -selftests._005=## tps.cert.list = <list of cert tag names deliminated by ","> -selftests._006=## tps.cert.<cert tag name>.nickname -selftests._007=## tps.cert.<cert tag name>.certusage -selftests._008=## -selftests.container.logger.enable=true -selftests.container.logger.expirationTime=0 -selftests.container.logger.file.type=RollingLogFile -selftests.container.logger.fileName=[PKI_INSTANCE_PATH]/logs/selftests.log -selftests.container.logger.level=10 -selftests.container.logger.maxFileSize=2000 -selftests.container.logger.rolloverInterval=2592000 -selftests.container.order.startup=TPSPresence:critical, TPSSystemCertsVerification:critical -selftests.container.order.onDemand=TPSPresence:critical, TPSValidity:critical, TPSSystemCertsVerification:critical -selftests.plugin.TPSPresence.nickname=[HSM_LABEL][NICKNAME] -selftests.plugin.TPSValidity.nickname=[HSM_LABEL][NICKNAME] -cs.state=0 +accessEvaluator.impl.group.class=com.netscape.cms.evaluators.GroupAccessEvaluator +accessEvaluator.impl.ipaddress.class=com.netscape.cms.evaluators.IPAddressAccessEvaluator +accessEvaluator.impl.user.class=com.netscape.cms.evaluators.UserAccessEvaluator +applet._000=######################################### +applet._001=# applet information +applet._002=# SAF Key: +applet._003=# applet.aid.cardmgr_instance=A0000001510000 +applet._004=######################################### +applet.aid.cardmgr_instance=A0000000030000 +applet.aid.netkey_file=627601FF0000 +applet.aid.netkey_instance=627601FF000000 +applet.aid.netkey_old_file=A000000001 +applet.aid.netkey_old_instance=A00000000101 +applet.delete_old=true +applet.so_pin=000000000000 +auths._000=## +auths._001=## new authentication +auths._002=## +auths.impl._000=## +auths.impl._001=## authentication manager implementations +auths.impl._002=## +auths.impl.AgentCertAuth.class=com.netscape.cms.authentication.AgentCertAuthentication +auths.impl.CMCAuth.class=com.netscape.cms.authentication.CMCAuth +auths.impl.NISAuth.class=com.netscape.cms.authentication.NISAuth +auths.impl.PortalEnroll.class=com.netscape.cms.authentication.PortalEnroll +auths.impl.SSLclientCertAuth.class=com.netscape.cms.authentication.SSLclientCertAuthentication +auths.impl.TokenAuth.class=com.netscape.cms.authentication.TokenAuthentication +auths.impl.UdnPwdDirAuth.class=com.netscape.cms.authentication.UdnPwdDirAuthentication +auths.impl.UidPwdDirAuth.class=com.netscape.cms.authentication.UidPwdDirAuthentication +auths.impl.UidPwdPinDirAuth.class=com.netscape.cms.authentication.UidPwdPinDirAuthentication +auths.instance.AgentCertAuth.agentGroup=Certificate Manager Agents +auths.instance.AgentCertAuth.pluginName=AgentCertAuth +auths.instance.TokenAuth.pluginName=TokenAuth +auths.instance.ldap1.dnpattern= +auths.instance.ldap1.ldapByteAttributes= +auths.instance.ldap1.ldapStringAttributes=mail,cn,uid +auths.instance.ldap1.ldap.basedn=[LDAP_ROOT] +auths.instance.ldap1.ldap.maxConns=15 +auths.instance.ldap1.ldap.minConns=3 +auths.instance.ldap1.ldap.ldapauth.authtype=BasicAuth +auths.instance.ldap1.ldap.ldapauth.bindDN= +auths.instance.ldap1.ldap.ldapauth.bindPWPrompt=ldap1 +auths.instance.ldap1.ldap.ldapauth.clientCertNickname= +auths.instance.ldap1.ldap.ldapconn.host=[LDAP_HOST] +auths.instance.ldap1.ldap.ldapconn.port=[LDAP_PORT] +auths.instance.ldap1.ldap.ldapconn.secureConn=false +auths.instance.ldap1.ldap.ldapconn.version=3 +auths.instance.ldap1.pluginName=UidPwdDirAuth +auths.instance.SSLclientCertAuth.pluginName=SSLclientCertAuth +auths.revocationChecking.bufferSize=50 authType=pwd -instanceRoot=[PKI_INSTANCE_PATH] +authz._000=## +authz._001=## new authorizatioin +authz._002=## +authz.evaluateOrder=deny,allow +authz.impl._000=## +authz.impl._001=## authorization manager implementations +authz.impl._002=## +authz.impl.BasicAclAuthz.class=com.netscape.cms.authorization.BasicAclAuthz +authz.impl.DirAclAuthz.class=com.netscape.cms.authorization.DirAclAuthz +authz.instance.BasicAclAuthz.pluginName=BasicAclAuthz +authz.instance.DirAclAuthz.ldap._000=## +authz.instance.DirAclAuthz.ldap._001=## Internal Database +authz.instance.DirAclAuthz.ldap._002=## +authz.instance.DirAclAuthz.ldap=internaldb +authz.instance.DirAclAuthz.pluginName=DirAclAuthz +authz.sourceType=ldap +channel._000=######################################### +channel._001=# channel.encryption: +channel._002=# +channel._003=# - enable encryption for all operation commands to token +channel._004=# - default is true +channel._005=# channel.blocksize=242 +channel._006=# channel.defKeyVersion=0 +channel._007=# channel.defKeyIndex=0 +channel._008=# +channel._009=# Config the size of memory managed memory in the applet +channel._010=# Default is 5000, try not go get close to the instanceSize +channel._011=# which defaults to 18000: +channel._012=# +channel._013=# * channel.instanceSize=18000 +channel._014=# * channel.appletMemorySize=5000 +channel._015=######################################### +channel.encryption=true +channel.blocksize=248 +channel.defKeyVersion=0 +channel.defKeyIndex=0 +cms.product.version=@APPLICATION_VERSION@ +cms.version=@APPLICATION_VERSION_MAJOR@.@APPLICATION_VERSION_MINOR@ +config.Generals.General.state=Enabled +config.Generals.General.timestamp=1280283607424406 configurationRoot=/[PKI_SUBSYSTEM_TYPE]/conf/ -machineName=[PKI_HOSTNAME] -instanceId=[PKI_INSTANCE_NAME] -service.machineName=[PKI_HOSTNAME] -service.instanceDir=[PKI_INSTANCE_PATH] -service.securePort=[PKI_SECURE_PORT] -service.non_clientauth_securePort=[NON_CLIENTAUTH_SECURE_PORT] -service.unsecurePort=[PKI_UNSECURE_PORT] -service.instanceID=[PKI_INSTANCE_NAME] -logging._000=######################################### -logging._001=# RA configuration File -logging._002=# -logging._003=# All <...> must be replaced with -logging._004=# appropriate values. -logging._005=######################################### -logging._006=######################################## -logging._007=# logging -logging._008=# -logging._009=# logging.debug.enable: -logging._010=# logging.audit.enable: -logging._011=# logging.error.enable: -logging._012=# - enable or disable the corresponding logging -logging._013=# logging.debug.filename: -logging._014=# logging.audit.filename: -logging._015=# logging.error.filename: -logging._016=# - name of the log file -logging._017=# logging.debug.level: -logging._018=# logging.audit.level: -logging._019=# logging.error.level: -logging._020=# - level of logging. (0-10) -logging._021=# 0 - no logging, -logging._022=# 4 - LL_PER_SERVER these messages will occur only once -logging._023=# during the entire invocation of the -logging._024=# server, e. g. at startup or shutdown -logging._025=# time., reading the conf parameters. -logging._026=# Perhaps other infrequent events -logging._027=# relating to failing over of CA, TKS, -logging._028=# too -logging._029=# 6 - LL_PER_CONNECTION these messages happen once per -logging._030=# connection - most of the log events -logging._031=# will be at this level -logging._032=# 8 - LL_PER_PDU these messages relate to PDU -logging._033=# processing. If you have something that -logging._034=# is done for every PDU, such as -logging._035=# applying the MAC, it should be logged -logging._036=# at this level -logging._037=# 9 - LL_ALL_DATA_IN_PDU dump all the data in the PDU - a more -logging._038=# chatty version of the above -logging._039=# 10 - all logging -logging._040=# logging.audit.buffer.size: # in bytes -logging._041=# logging.audit.flush.interval: # in seconds, 0 disables flush thread -logging._042=# logging.*.file.type: -logging._043=# - file type: RollingLogFile or LogFile -logging._044=# logging.*.rolloverInterval: -logging._045=# - interval to roll over logs (seconds), 0 to disable rollover -logging._046=# logging.*.maxFileSize: -logging._047=# - size at which file rollover occurs, in kB -logging._048=# logging.*.expirationTime: -logging._049=# - maximum age of log, older unmodified logs are deleted( in seconds, 0 to disable) -logging._050=######################################### -logging.debug.enable=true -logging.debug.filename=[PKI_INSTANCE_PATH]/logs/tps-debug.log -logging.debug.level=10 -logging.debug.file.type=RollingLogFile -logging.debug.maxFileSize=2000 -logging.debug.rolloverInterval=2592000 -logging.debug.expirationTime=0 -logging.audit.enable=true -logging.audit.filename=[PKI_INSTANCE_PATH]/logs/tps-audit.log -logging.audit.signedAuditFilename=[PKI_INSTANCE_PATH]/logs/signedAudit/tps_audit -logging.audit.level=10 -logging.audit.logSigning=false -logging.audit.signedAuditCertNickname=auditSigningCert cert-[PKI_INSTANCE_NAME] -logging.audit.selected.events=AUTHZ_SUCCESS,AUTHZ_FAIL,AUTH_FAIL,AUTH_SUCCESS,ROLE_ASSUME,ENROLLMENT,PIN_RESET,FORMAT,CONFIG,CONFIG_ROLE,CONFIG_TOKEN,CONFIG_PROFILE,CONFIG_AUDIT,APPLET_UPGRADE,KEY_CHANGEOVER,RENEWAL,CIMC_CERT_VERIFICATION -logging.audit.selectable.events=AUTHZ_SUCCESS,AUTHZ_FAIL,AUTH_FAIL,AUTH_SUCCESS,ROLE_ASSUME,ENROLLMENT,PIN_RESET,FORMAT,CONFIG,CONFIG_ROLE,CONFIG_TOKEN,CONFIG_PROFILE,CONFIG_AUDIT,APPLET_UPGRADE,KEY_CHANGEOVER,RENEWAL,CIMC_CERT_VERIFICATION -logging.audit.nonselectable.events=AUDIT_LOG_STARTUP,AUDIT_LOG_SHUTDOWN,LOGGING_SIGNED_AUDIT_SIGNING -logging.audit.buffer.size=512 -logging.audit.flush.interval=5 -logging.audit.file.type=RollingLogFile -logging.audit.maxFileSize=2000 -logging.audit.rolloverInterval=2592000 -logging.audit.expirationTime=0 -logging.error.enable=true -logging.error.filename=[PKI_INSTANCE_PATH]/logs/tps-error.log -logging.error.level=10 -logging.error.file.type=RollingLogFile -logging.error.maxFileSize=2000 -logging.error.rolloverInterval=2592000 -logging.error.expirationTime=0 -log._000=## -log._001=## Logging -log._002=## -log.impl.file.class=com.netscape.cms.logging.RollingLogFile -log.instance.SignedAudit._000=## -log.instance.SignedAudit._001=## Signed Audit Logging -log.instance.SignedAudit._002=## -log.instance.SignedAudit._003=## -log.instance.SignedAudit._004=## Available Audit events: -log.instance.SignedAudit._005=## AUDIT_LOG_STARTUP,AUDIT_LOG_SHUTDOWN,ROLE_ASSUME,CONFIG_CERT_POLICY,CONFIG_CERT_PROFILE,CONFIG_CRL_PROFILE,CONFIG_OCSP_PROFILE,CONFIG_AUTH,CONFIG_ROLE,CONFIG_ACL,CONFIG_SIGNED_AUDIT,CONFIG_ENCRYPTION,CONFIG_TRUSTED_PUBLIC_KEY,CONFIG_DRM,SELFTESTS_EXECUTION,AUDIT_LOG_DELETE,LOG_PATH_CHANGE,LOG_EXPIRATION_CHANGE,PRIVATE_KEY_ARCHIVE_REQUEST,PRIVATE_KEY_ARCHIVE_REQUEST_PROCESSED,PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS,PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE,KEY_RECOVERY_REQUEST,KEY_RECOVERY_REQUEST_ASYNC,KEY_RECOVERY_AGENT_LOGIN,KEY_RECOVERY_REQUEST_PROCESSED,KEY_RECOVERY_REQUEST_PROCESSED_ASYNC,KEY_GEN_ASYMMETRIC,NON_PROFILE_CERT_REQUEST,PROFILE_CERT_REQUEST,CERT_REQUEST_PROCESSED,CERT_STATUS_CHANGE_REQUEST,CERT_STATUS_CHANGE_REQUEST_PROCESSED,AUTHZ_SUCCESS,AUTHZ_FAIL,INTER_BOUNDARY,AUTH_FAIL,AUTH_SUCCESS,CERT_PROFILE_APPROVAL,PROOF_OF_POSSESSION,CRL_RETRIEVAL,CRL_VALIDATION,CMC_SIGNED_REQUEST_SIG_VERIFY,SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_FAILURE,SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_SUCCESS,SERVER_SIDE_KEYGEN_REQUEST,COMPUTE_SESSION_KEY_REQUEST,COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS, COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE,DIVERSIFY_KEY_REQUEST,DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS, DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE,ENCRYPT_DATA_REQUEST,ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS,ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE,OCSP_ADD_CA_REQUEST,OCSP_ADD_CA_REQUEST_PROCESSED,OCSP_REMOVE_CA_REQUEST,OCSP_REMOVE_CA_REQUEST_PROCESSED_SUCCESS,OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE,COMPUTE_RANDOM_DATA_REQUEST,COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_SUCCESS,COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_FAILURE,CIMC_CERT_VERIFICATION -log.instance.SignedAudit._006=## -log.instance.SignedAudit.bufferSize=512 -log.instance.SignedAudit.enable=true -log.instance.SignedAudit.events=AUDIT_LOG_STARTUP,AUDIT_LOG_SHUTDOWN,ROLE_ASSUME,CONFIG_CERT_POLICY,CONFIG_CERT_PROFILE,CONFIG_CRL_PROFILE,CONFIG_OCSP_PROFILE,CONFIG_AUTH,CONFIG_ROLE,CONFIG_ACL,CONFIG_SIGNED_AUDIT,CONFIG_ENCRYPTION,CONFIG_TRUSTED_PUBLIC_KEY,CONFIG_DRM,SELFTESTS_EXECUTION,AUDIT_LOG_DELETE,LOG_PATH_CHANGE,PRIVATE_KEY_ARCHIVE_REQUEST,PRIVATE_KEY_ARCHIVE_REQUEST_PROCESSED,PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS,PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE,KEY_RECOVERY_REQUEST,KEY_RECOVERY_REQUEST_ASYNC,KEY_RECOVERY_AGENT_LOGIN,KEY_RECOVERY_REQUEST_PROCESSED,KEY_RECOVERY_REQUEST_PROCESSED_ASYNC,KEY_GEN_ASYMMETRIC,NON_PROFILE_CERT_REQUEST,PROFILE_CERT_REQUEST,CERT_REQUEST_PROCESSED,CERT_STATUS_CHANGE_REQUEST,CERT_STATUS_CHANGE_REQUEST_PROCESSED,AUTHZ_SUCCESS,AUTHZ_FAIL,INTER_BOUNDARY,AUTH_FAIL,AUTH_SUCCESS,CERT_PROFILE_APPROVAL,PROOF_OF_POSSESSION,CRL_RETRIEVAL,CRL_VALIDATION,CMC_SIGNED_REQUEST_SIG_VERIFY,SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_FAILURE,SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_SUCCESS,SERVER_SIDE_KEYGEN_REQUEST,COMPUTE_SESSION_KEY_REQUEST,COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS, COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE,DIVERSIFY_KEY_REQUEST,DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS, DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE,ENCRYPT_DATA_REQUEST,ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS,ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE,OCSP_ADD_CA_REQUEST,OCSP_ADD_CA_REQUEST_PROCESSED,OCSP_REMOVE_CA_REQUEST,OCSP_REMOVE_CA_REQUEST_PROCESSED_SUCCESS,OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE,COMPUTE_RANDOM_DATA_REQUEST,COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_SUCCESS,COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_FAILURE,CIMC_CERT_VERIFICATION -log.instance.SignedAudit.expirationTime=0 -log.instance.SignedAudit.fileName=[PKI_INSTANCE_PATH]/logs/[PKI_SUBSYSTEM_TYPE]/signedAudit/tps_cert-tps_audit -log.instance.SignedAudit.flushInterval=5 -log.instance.SignedAudit.level=1 -log.instance.SignedAudit.logSigning=false -log.instance.SignedAudit.maxFileSize=2000 -log.instance.SignedAudit.pluginName=file -log.instance.SignedAudit.rolloverInterval=2592000 -log.instance.SignedAudit.signedAudit:_000=## -log.instance.SignedAudit.signedAudit:_001=## Fill in the nickname of a trusted signing certificate to allow TPS audit logs to be signed -log.instance.SignedAudit.signedAudit:_002=## -log.instance.SignedAudit.signedAuditCertNickname=auditSigningCert cert-[PKI_INSTANCE_NAME] -log.instance.SignedAudit.type=signedAudit -log.instance.System._000=## -log.instance.System._001=## System Logging -log.instance.System._002=## -log.instance.System.bufferSize=512 -log.instance.System.enable=true -log.instance.System.expirationTime=0 -log.instance.System.fileName=[PKI_INSTANCE_PATH]/logs/[PKI_SUBSYSTEM_TYPE]/system -log.instance.System.flushInterval=5 -log.instance.System.level=3 -log.instance.System.maxFileSize=2000 -log.instance.System.pluginName=file -log.instance.System.rolloverInterval=2592000 -log.instance.System.type=system -log.instance.Transactions._000=## -log.instance.Transactions._001=## Transaction Logging -log.instance.Transactions._002=## -log.instance.Transactions.bufferSize=512 -log.instance.Transactions.enable=true -log.instance.Transactions.expirationTime=0 -log.instance.Transactions.fileName=[PKI_INSTANCE_PATH]/logs/[PKI_SUBSYSTEM_TYPE]/transactions -log.instance.Transactions.flushInterval=5 -log.instance.Transactions.level=1 -log.instance.Transactions.maxFileSize=2000 -log.instance.Transactions.pluginName=file -log.instance.Transactions.rolloverInterval=2592000 -log.instance.Transactions.type=transaction -logAudit.fileName=[PKI_INSTANCE_PATH]/logs/[PKI_SUBSYSTEM_TYPE]/access -logError.fileName=[PKI_INSTANCE_PATH]/logs/[PKI_SUBSYSTEM_TYPE]/error conn.ca1._000=######################################### conn.ca1._001=# CA connection conn.ca1._002=# @@ -210,17 +124,51 @@ conn.ca1._027=# conn.ca1._028=# where conn.ca1._029=# <n> - CA connection ID conn.ca1._030=######################################### -failover.pod.enable=false -conn.ca1.hostport=[PKI_CA_HOSTNAME]:[PKI_CA_PORT] conn.ca1.clientNickname=[HSM_LABEL][NICKNAME] +conn.ca1.hostport=[PKI_CA_HOSTNAME]:[PKI_CA_PORT] +conn.ca1.keepAlive=true +conn.ca1.retryConnect=3 conn.ca1.servlet.enrollment=/ca/ee/ca/profileSubmitSSLClient conn.ca1.servlet.renewal=/ca/ee/ca/profileSubmitSSLClient conn.ca1.servlet.revoke=/ca/ee/subsystem/ca/doRevoke conn.ca1.servlet.unrevoke=/ca/ee/subsystem/ca/doUnrevoke -conn.ca1.retryConnect=3 -conn.ca1.timeout=100 conn.ca1.SSLOn=true -conn.ca1.keepAlive=true +conn.ca1.timeout=100 +conn.drm1._000=######################################### +conn.drm1._001=# DRM connection +conn.drm1._002=# +conn.drm1._003=#conn.drm.totalConns +conn.drm1._004=# - # of DRM connections +conn.drm1._005=#conn.drm<n>.hostport +conn.drm1._006=# - host name and port number of your DRM, the format is host:port +conn.drm1._007=#conn.drm<n>.clientNickname +conn.drm1._008=# - nickname of the client certificate for +conn.drm1._009=# authentication +conn.drm1._010=#conn.drm<n>.servlet.GenerateKeyPair +conn.drm1._011=# - servlet to generate key pairs and archive keys on DRM +conn.drm1._012=# - must be '/kra/GenerateKeyPair' +conn.drm1._013=#conn.drm<n>.servlet.TokenKeyRecovery=/kra/TokenKeyRecovery +conn.drm1._014=# - servlet to handle key recovery +conn.drm1._015=# - must be '/kra/TokenKeyRecovery' +conn.drm1._016=#conn.drm<n>.retryConnect=3 +conn.drm1._017=# - number of reconnection attempts on failure +conn.drm1._018=#conn.drm<n>.SSLOn=true +conn.drm1._019=# - enable SSL or not +conn.drm1._020=#conn.drm<n>.keepAlive=false +conn.drm1._021=# - enable keep alive or not +conn.drm1._022=# +conn.drm1._023=# where +conn.drm1._024=# <n> - DRM connection ID +conn.drm1._025=######################################### +conn.drm1.clientNickname=[HSM_LABEL][NICKNAME] +conn.drm1.hostport=[DRM_HOST]:[DRM_PORT] +conn.drm1.keepAlive=false +conn.drm1.retryConnect=3 +conn.drm1.servlet.GenerateKeyPair=/kra/agent/kra/GenerateKeyPair +conn.drm1.servlet.TokenKeyRecovery=/kra/agent/kra/TokenKeyRecovery +conn.drm1.SSLOn=true +conn.drm1.timeout=100 +conn.drm.totalConns=1 conn.tks1._000=######################################### conn.tks1._001=# TKS connection conn.tks1._002=# @@ -250,191 +198,22 @@ conn.tks1._025=# <n> - TKS connection ID conn.tks1._026=# conn.tks<n>.tksSharedSymKeyName: conn.tks1._027=# - set shared secret key name conn.tks1._028=######################################### -conn.tks1.hostport=[TKS_HOST]:[TKS_PORT] conn.tks1.clientNickname=[HSM_LABEL][NICKNAME] -conn.tks1.servlet.computeSessionKey=/tks/agent/tks/computeSessionKey -conn.tks1.servlet.encryptData=/tks/agent/tks/encryptData -conn.tks1.servlet.createKeySetData=/tks/agent/tks/createKeySetData -conn.tks1.servlet.computeRandomData=/tks/agent/tks/computeRandomData -conn.tks1.retryConnect=3 -conn.tks1.timeout=100 conn.tks1.generateHostChallenge=true -conn.tks1.SSLOn=true +conn.tks1.hostport=[TKS_HOST]:[TKS_PORT] conn.tks1.keepAlive=false conn.tks1.keySet=defKeySet +conn.tks1.retryConnect=3 conn.tks1.serverKeygen=[SERVER_KEYGEN] +conn.tks1.servlet.computeRandomData=/tks/agent/tks/computeRandomData +conn.tks1.servlet.computeSessionKey=/tks/agent/tks/computeSessionKey +conn.tks1.servlet.createKeySetData=/tks/agent/tks/createKeySetData +conn.tks1.servlet.encryptData=/tks/agent/tks/encryptData +conn.tks1.SSLOn=true +conn.tks1.timeout=100 conn.tks1.tksSharedSymKeyName=sharedSecret -conn.drm1._000=######################################### -conn.drm1._001=# DRM connection -conn.drm1._002=# -conn.drm1._003=#conn.drm.totalConns -conn.drm1._004=# - # of DRM connections -conn.drm1._005=#conn.drm<n>.hostport -conn.drm1._006=# - host name and port number of your DRM, the format is host:port -conn.drm1._007=#conn.drm<n>.clientNickname -conn.drm1._008=# - nickname of the client certificate for -conn.drm1._009=# authentication -conn.drm1._010=#conn.drm<n>.servlet.GenerateKeyPair -conn.drm1._011=# - servlet to generate key pairs and archive keys on DRM -conn.drm1._012=# - must be '/kra/GenerateKeyPair' -conn.drm1._013=#conn.drm<n>.servlet.TokenKeyRecovery=/kra/TokenKeyRecovery -conn.drm1._014=# - servlet to handle key recovery -conn.drm1._015=# - must be '/kra/TokenKeyRecovery' -conn.drm1._016=#conn.drm<n>.retryConnect=3 -conn.drm1._017=# - number of reconnection attempts on failure -conn.drm1._018=#conn.drm<n>.SSLOn=true -conn.drm1._019=# - enable SSL or not -conn.drm1._020=#conn.drm<n>.keepAlive=false -conn.drm1._021=# - enable keep alive or not -conn.drm1._022=# -conn.drm1._023=# where -conn.drm1._024=# <n> - DRM connection ID -conn.drm1._025=######################################### -conn.drm.totalConns=1 -conn.drm1.hostport=[DRM_HOST]:[DRM_PORT] -conn.drm1.clientNickname=[HSM_LABEL][NICKNAME] -conn.drm1.servlet.GenerateKeyPair=/kra/agent/kra/GenerateKeyPair -conn.drm1.servlet.TokenKeyRecovery=/kra/agent/kra/TokenKeyRecovery -conn.drm1.retryConnect=3 -conn.drm1.timeout=100 -conn.drm1.SSLOn=true -conn.drm1.keepAlive=false -auth.instance._000=######################################## -auth.instance._001=# publishing -auth.instance._002=# -auth.instance._003=# publisher.instance.<n>.libraryName: -auth.instance._004=# - name of the library specified with a fully qualified path name -auth.instance._005=# publisher.instance.<n>.libraryFactory: -auth.instance._006=# - the name of the function which instantiates the publisher -auth.instance._007=# publisher.instance.<n>.publisherId: -auth.instance._008=# - the publisher ID -auth.instance._009=# -auth.instance._010=# where -auth.instance._011=# <n> - publisher connection ID -auth.instance._012=######################################## -auth.instance._013=######################################### -auth.instance._014=# authentication -auth.instance._015=# -auth.instance._016=# auth.instance.<n>.libraryName: -auth.instance._017=# - name of the library specified with a fully qualified path name -auth.instance._018=# auth.instance.<n>.libraryFactory: -auth.instance._019=# - the name of the function which instantiates the authentication -auth.instance._020=# auth.instance.<n>.authId -auth.instance._021=# - the authentication ID -auth.instance._022=# auth.instance.<n>.hostport -auth.instance._023=# - parameter specific to the given authentication, -auth.instance._024=# i. e., LDAPAuthentication (id=ldap1) -auth.instance._025=# - host name and port number, host:port -auth.instance._026=# - for failover, provide multiple host:port designations -auth.instance._027=# separated by " " -auth.instance._028=# auth.instance.<n>.SSLOn: -auth.instance._029=# - parameter specific to the given authentication, -auth.instance._030=# i. e., LDAPAuthentication (id=ldap1) -auth.instance._031=# - use SSL or not for LDAP service -auth.instance._032=# auth.instance.<n>.retries: -auth.instance._033=# - parameter specific to the given authentication, -auth.instance._034=# i. e., LDAPAuthentication (id=ldap1) -auth.instance._035=# - number of authentication re-attempts when authentication failed -auth.instance._036=# auth.instance.<n>.retryConnect: -auth.instance._037=# - parameter specific to the given authentication, -auth.instance._038=# i. e., LDAPAuthentication (id=ldap1) -auth.instance._039=# - number of connection re-attempts when connection failed -auth.instance._040=# -auth.instance._041=# where -auth.instance._042=# <n> - authentication connection ID -auth.instance._043=######################################### -auth.instance.0.type=LDAP_Authentication -auth.instance.0.libraryName=[SYSTEM_USER_LIBRARIES]/tps/[LIB_PREFIX]ldapauth[OBJ_EXT] -auth.instance.0.libraryFactory=GetAuthentication -auth.instance.0.authId=ldap1 -auth.instance.0.hostport=[LDAP_HOST]:[LDAP_PORT] -auth.instance.0.SSLOn=false -auth.instance.0.retries=1 -auth.instance.0.retryConnect=3 -auth.instance.0.baseDN=[LDAP_ROOT] -auth.instance.0.ssl=false -auth.instance.0.attributes._001=############################################## -auth.instance.0.attributes._002=# attributes will be available -auth.instance.0.attributes._003=# as $auth.<attribute>$ -auth.instance.0.attributes._004=############################################## -auth.instance.0.attributes=mail,cn,uid -auth.instance.0.ui.title.en=LDAP Authentication -auth.instance.0.ui.description.en=This authenticates user against the LDAP directory. -auth.instance.0.ui.id.UID.name.en=LDAP User ID -auth.instance.0.ui.id.PASSWORD.name.en=LDAP Password -auth.instance.0.ui.id.UID.description.en=LDAP User ID -auth.instance.0.ui.id.PASSWORD.description.en=LDAP Password -auth.instance.1.type=LDAP_Authentication -auth.instance.1.libraryName=[SYSTEM_USER_LIBRARIES]/tps/[LIB_PREFIX]ldapauth[OBJ_EXT] -auth.instance.1.libraryFactory=GetAuthentication -auth.instance.1.authId=ldap2 -auth.instance.1.bindDN=cn=Directory Manager -auth.instance.1.bindPWD=[PKI_INSTANCE_PATH]/conf/password.conf -auth.instance.1.hostport=[TOKENDB_HOST]:[TOKENDB_PORT] -auth.instance.1.SSLOn=false -auth.instance.1.retries=1 -auth.instance.1.retryConnect=3 -auth.instance.1.baseDN=[TOKENDB_ROOT] -auth.instance.1.ssl=false -auth.instance.1.attributes._001=############################################## -auth.instance.1.attributes._002=# attributes will be available -auth.instance.1.attributes._003=# as $auth.<attribute>$ -auth.instance.1.attributes._004=############################################## -auth.instance.1.attributes=mail,cn,uid -auth.instance.1.ui.title.en=LDAP Authentication -auth.instance.1.ui.description.en=This authenticates user against the LDAP directory. -auth.instance.1.ui.id.UID.name.en=LDAP User ID -auth.instance.1.ui.id.PASSWORD.name.en=LDAP Password -auth.instance.1.ui.id.UID.description.en=LDAP User ID -auth.instance.1.ui.id.PASSWORD.description.en=LDAP Password -applet._000=######################################### -applet._001=# applet information -applet._002=# SAF Key: -applet._003=# applet.aid.cardmgr_instance=A0000001510000 -applet._004=######################################### -applet.aid.cardmgr_instance=A0000000030000 -applet.aid.netkey_instance=627601FF000000 -applet.aid.netkey_file=627601FF0000 -applet.aid.netkey_old_instance=A00000000101 -applet.aid.netkey_old_file=A000000001 -applet.so_pin=000000000000 -applet.delete_old=true -general.verifyProof=1 -general.applet_ext=ijc -general.search.sizelimit.max=2000 -general.search.sizelimit.default=100 -general.search.timelimit.max=10 -general.search.timelimit.default=10 -general.pwlength.min=16 -channel._000=######################################### -channel._001=# channel.encryption: -channel._002=# -channel._003=# - enable encryption for all operation commands to token -channel._004=# - default is true -channel._005=# channel.blocksize=242 -channel._006=# channel.defKeyVersion=0 -channel._007=# channel.defKeyIndex=0 -channel._008=######################################### -channel.encryption=true -channel.blocksize=248 -channel.defKeyVersion=0 -channel.defKeyIndex=0 -# NOTE: Since the following comments will be 'scrubbed' from any TPS -# instance's configuration file, they will ONLY be viewable in -# the '/usr/share/pki/tps/conf/CS.cfg' TPS subsystem template! -# -# Config the size of memory managed memory in the applet -# Default is 5000, try not go get close to the instanceSize -# which defaults to 18000: -# -# * channel.instanceSize=18000 -# * channel.appletMemorySize=5000 -# -preop.pin=[PKI_RANDOM_NUMBER] -cms.product.version=@APPLICATION_VERSION@ -preop.admin.name=Token Processing Service Manager Administrator -preop.admin.group=Token Processing Service Manager Agents -preop.admincert.profile=caAdminCert +cs.state=0 +cs.type=TPS dbs.ldap=internaldb dbs.newSchemaEntryAdded=true debug.append=true @@ -443,11 +222,20 @@ debug.filename=[PKI_INSTANCE_PATH]/logs/[PKI_SUBSYSTEM_TYPE]/debug debug.hashkeytypes= debug.level=0 debug.showcaller=false +failover.pod.enable=false +general.applet_ext=ijc +general.pwlength.min=16 +general.search.sizelimit.default=100 +general.search.sizelimit.max=2000 +general.search.timelimit.default=10 +general.search.timelimit.max=10 +general.verifyProof=1 +installDate=[INSTALL_TIME] +instanceId=[PKI_INSTANCE_NAME] +instanceRoot=[PKI_INSTANCE_PATH] internaldb._000=## internaldb._001=## Internal Database internaldb._002=## -internaldb.maxConns=15 -internaldb.minConns=3 internaldb.ldapauth.authtype=BasicAuth internaldb.ldapauth.bindDN=cn=Directory Manager internaldb.ldapauth.bindPWPrompt=Internal LDAP Database @@ -455,101 +243,86 @@ internaldb.ldapauth.clientCertNickname= internaldb.ldapconn.host= internaldb.ldapconn.port= internaldb.ldapconn.secureConn=false -preop.internaldb.schema.ldif=/usr/share/pki/tps/conf/schema.ldif -preop.internaldb.ldif=/usr/share/pki/tps/conf/database.ldif -preop.internaldb.data_ldif=/usr/share/pki/tps/conf/db.ldif,/usr/share/pki/tps/conf/acl.ldif -preop.internaldb.index_ldif=/usr/share/pki/tps/conf/index.ldif -preop.internaldb.manager_ldif=/usr/share/pki/ca/conf/manager.ldif -preop.internaldb.post_ldif= -preop.internaldb.wait_dn= -preop.cert._000=######################################### -preop.cert._001=# Installation configuration "preop" certs parameters -preop.cert._002=######################################### -preop.cert.list=sslserver,subsystem,audit_signing -tps.cert.audit_signing.certusage=ObjectSigner -tps.cert.sslserver.certusage=SSLServer -tps.cert.subsystem.certusage=SSLClient -preop.cert.sslserver.enable=true -preop.cert.subsystem.enable=true -preop.cert.audit_signing.enable=false -preop.cert.sslserver.defaultSigningAlgorithm=SHA256withRSA -preop.cert.sslserver.dn=CN=[PKI_HOSTNAME], OU=[PKI_INSTANCE_NAME] -preop.cert.sslserver.keysize.customsize=2048 -preop.cert.sslserver.keysize.size=2048 -preop.cert.sslserver.keysize.select=default -preop.cert.sslserver.nickname=Server-Cert cert-[PKI_INSTANCE_NAME] -preop.cert.sslserver.profile=caInternalAuthServerCert -preop.cert.sslserver.subsystem=tps -preop.cert._003=#preop.cert.sslserver.type=local -preop.cert.sslserver.type=remote -preop.cert.sslserver.userfriendlyname=SSL Server Certificate -preop.cert._004=#preop.cert.sslserver.cncomponent.override=false -preop.cert.subsystem.defaultSigningAlgorithm=SHA256withRSA -preop.cert.subsystem.dn=CN=TPS Subsystem Certificate, OU=[PKI_INSTANCE_NAME] -preop.cert.subsystem.keysize.customsize=2048 -preop.cert.subsystem.keysize.size=2048 -preop.cert.subsystem.keysize.select=default -preop.cert.subsystem.nickname=subsystemCert cert-[PKI_INSTANCE_NAME] -preop.cert.subsystem.profile=caInternalAuthSubsystemCert -preop.cert.subsystem.subsystem=tps -preop.cert._005=#preop.cert.subsystem.type=local -preop.cert.subsystem.userfriendlyname=Subsystem Certificate -preop.cert._006=#preop.cert.subsystem.cncomponent.override=true -preop.cert.audit_signing.defaultSigningAlgorithm=SHA256withRSA -preop.cert.audit_signing.dn=CN=TPS Audit Signing Certificate, OU=[PKI_INSTANCE_NAME] -preop.cert.audit_signing.keysize.customsize=2048 -preop.cert.audit_signing.keysize.size=2048 -preop.cert.audit_signing.keysize.select=default -preop.cert.audit_signing.nickname=auditSigningCert cert-[PKI_INSTANCE_NAME] -preop.cert.audit_signing.profile=caInternalAuthAuditSigningCert -preop.cert.audit_signing.subsystem=tps -preop.cert._005=#preop.cert.audit_signing.type=local -preop.cert.audit_signing.userfriendlyname=Audit Log Signing Certificate -preop.cert._006=#preop.cert.audit_signing.cncomponent.override=true -preop.configModules._000=######################################### -preop.configModules._001=# Installation configuration "preop" module parameters -preop.configModules._002=######################################### -preop.configModules.count=3 -preop.configModules.module0.commonName=NSS Internal PKCS #11 Module -preop.configModules.module0.imagePath=/pki/images/clearpixel.gif -preop.configModules.module0.userFriendlyName=NSS Internal PKCS #11 Module -preop.configModules.module1.commonName=nfast -preop.configModules.module1.imagePath=/pki/images/clearpixel.gif -preop.configModules.module1.userFriendlyName=nCipher's nFast Token Hardware Module -preop.configModules.module2.commonName=lunasa -preop.configModules.module2.imagePath=/pki/images/clearpixel.gif -preop.configModules.module2.userFriendlyName=SafeNet's LunaSA Token Hardware Module -preop.module.token=NSS Certificate DB -preop.keysize._000=######################################### -preop.keysize._001=# Installation configuration "preop" keysize parameters -preop.keysize._002=######################################### -preop.keysize.customsize=2048 -preop.keysize.select=default -preop.keysize.size=2048 -preop.keysize.ecc.size=256 -preop.adminauth.done=false -preop.adminpanel.done=false -preop.agentauth.done=false -preop.authdb.done=false -preop.cainfo.done=false -preop.certprettyprint.done=false -preop.certrequest.done=false -preop.confighsmlogin.done=false -preop.confighsm.done=false -preop.database.done=false -preop.displaycertchain2.done=false -preop.displaycertchain.done=false -preop.donepanel.done=false -preop.drminfo.done=false -preop.importadmincert.done=false -preop.loginpanel.done=false -preop.ModulePanel.done=false -preop.namepanel.done=false -preop.securitydomain.done=false -preop.SizePanel.done=false -preop.subsystemtype.done=false -preop.tksinfo.done=false -preop.welcome.done=false +internaldb.maxConns=15 +internaldb.minConns=3 +internaldb.multipleSuffix.enable=false +jss._000=## +jss._001=## JSS +jss._002=## +jss.configDir=[PKI_INSTANCE_PATH]/alias/ +jss.enable=true +jss.ocspcheck.enable=false +jss.secmodName=secmod.db +jss.ssl.cipherfortezza=true +jss.ssl.cipherpref= +jss.ssl.cipherversion=cipherdomestic +keys.ecc.curve.default=nistp256 +keys.ecc.curve.display.list=nistp256 (secp256r1),nistp384 (secp384r1),nistp521 (secp521r1),nistk163 (sect163k1),sect163r1,nistb163 (sect163r2),sect193r1,sect193r2,nistk233 (sect233k1),nistb233 (sect233r1),sect239k1,nistk283 (sect283k1),nistb283 (sect283r1),nistk409 (sect409k1),nistb409 (sect409r1),nistk571 (sect571k1),nistb571 (sect571r1),secp160k1,secp160r1,secp160r2,secp192k1,nistp192 (secp192r1, prime192v1),secp224k1,nistp224 (secp224r1),secp256k1,prime192v2,prime192v3,prime239v1,prime239v2,prime239v3,c2pnb163v1,c2pnb163v2,c2pnb163v3,c2pnb176v1,c2tnb191v1,c2tnb191v2,c2tnb191v3,c2pnb208w1,c2tnb239v1,c2tnb239v2,c2tnb239v3,c2pnb272w1,c2pnb304w1,c2tnb359w1,c2pnb368w1,c2tnb431r1,secp112r1,secp112r2,secp128r1,secp128r2,sect113r1,sect113r2,sect131r1,sect131r2 +keys.ecc.curve.list=nistp256,nistp384,nistp521,sect163k1,nistk163,sect163r1,sect163r2,nistb163,sect193r1,sect193r2,sect233k1,nistk233,sect233r1,nistb233,sect239k1,sect283k1,nistk283,sect283r1,nistb283,sect409k1,nistk409,sect409r1,nistb409,sect571k1,nistk571,sect571r1,nistb571,secp160k1,secp160r1,secp160r2,secp192k1,secp192r1,nistp192,secp224k1,secp224r1,nistp224,secp256k1,secp256r1,secp384r1,secp521r1,prime192v1,prime192v2,prime192v3,prime239v1,prime239v2,prime239v3,c2pnb163v1,c2pnb163v2,c2pnb163v3,c2pnb176v1,c2tnb191v1,c2tnb191v2,c2tnb191v3,c2pnb208w1,c2tnb239v1,c2tnb239v2,c2tnb239v3,c2pnb272w1,c2pnb304w1,c2tnb359w1,c2pnb368w1,c2tnb431r1,secp112r1,secp112r2,secp128r1,secp128r2,sect113r1,sect113r2,sect131r1,sect131r2 +keys.rsa.keysize.default=2048 +log._000=## +log._001=## Logging +log._002=## +logAudit.fileName=[PKI_INSTANCE_PATH]/logs/[PKI_SUBSYSTEM_TYPE]/access +logError.fileName=[PKI_INSTANCE_PATH]/logs/[PKI_SUBSYSTEM_TYPE]/error +log.impl.file.class=com.netscape.cms.logging.RollingLogFile +log.instance.SignedAudit._000=## +log.instance.SignedAudit._001=## Signed Audit Logging +log.instance.SignedAudit._002=## +log.instance.SignedAudit._003=## +log.instance.SignedAudit._004=## Available Audit events: +log.instance.SignedAudit._005=## AUDIT_LOG_STARTUP,AUDIT_LOG_SHUTDOWN,ROLE_ASSUME,CONFIG_CERT_POLICY,CONFIG_CERT_PROFILE,CONFIG_CRL_PROFILE,CONFIG_OCSP_PROFILE,CONFIG_AUTH,CONFIG_ROLE,CONFIG_ACL,CONFIG_SIGNED_AUDIT,CONFIG_ENCRYPTION,CONFIG_TRUSTED_PUBLIC_KEY,CONFIG_DRM,SELFTESTS_EXECUTION,AUDIT_LOG_DELETE,LOG_PATH_CHANGE,LOG_EXPIRATION_CHANGE,PRIVATE_KEY_ARCHIVE_REQUEST,PRIVATE_KEY_ARCHIVE_REQUEST_PROCESSED,PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS,PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE,KEY_RECOVERY_REQUEST,KEY_RECOVERY_REQUEST_ASYNC,KEY_RECOVERY_AGENT_LOGIN,KEY_RECOVERY_REQUEST_PROCESSED,KEY_RECOVERY_REQUEST_PROCESSED_ASYNC,KEY_GEN_ASYMMETRIC,NON_PROFILE_CERT_REQUEST,PROFILE_CERT_REQUEST,CERT_REQUEST_PROCESSED,CERT_STATUS_CHANGE_REQUEST,CERT_STATUS_CHANGE_REQUEST_PROCESSED,AUTHZ_SUCCESS,AUTHZ_FAIL,INTER_BOUNDARY,AUTH_FAIL,AUTH_SUCCESS,CERT_PROFILE_APPROVAL,PROOF_OF_POSSESSION,CRL_RETRIEVAL,CRL_VALIDATION,CMC_SIGNED_REQUEST_SIG_VERIFY,SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_FAILURE,SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_SUCCESS,SERVER_SIDE_KEYGEN_REQUEST,COMPUTE_SESSION_KEY_REQUEST,COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS, COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE,DIVERSIFY_KEY_REQUEST,DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS, DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE,ENCRYPT_DATA_REQUEST,ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS,ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE,OCSP_ADD_CA_REQUEST,OCSP_ADD_CA_REQUEST_PROCESSED,OCSP_REMOVE_CA_REQUEST,OCSP_REMOVE_CA_REQUEST_PROCESSED_SUCCESS,OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE,COMPUTE_RANDOM_DATA_REQUEST,COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_SUCCESS,COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_FAILURE,CIMC_CERT_VERIFICATION +log.instance.SignedAudit._006=## +log.instance.SignedAudit.bufferSize=512 +log.instance.SignedAudit.enable=true +log.instance.SignedAudit.events=AUDIT_LOG_STARTUP,AUDIT_LOG_SHUTDOWN,ROLE_ASSUME,CONFIG_CERT_POLICY,CONFIG_CERT_PROFILE,CONFIG_CRL_PROFILE,CONFIG_OCSP_PROFILE,CONFIG_AUTH,CONFIG_ROLE,CONFIG_ACL,CONFIG_SIGNED_AUDIT,CONFIG_ENCRYPTION,CONFIG_TRUSTED_PUBLIC_KEY,CONFIG_DRM,SELFTESTS_EXECUTION,AUDIT_LOG_DELETE,LOG_PATH_CHANGE,LOG_EXPIRATION_CHANGE,PRIVATE_KEY_ARCHIVE_REQUEST,PRIVATE_KEY_ARCHIVE_REQUEST_PROCESSED,PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS,PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE,KEY_RECOVERY_REQUEST,KEY_RECOVERY_REQUEST_ASYNC,KEY_RECOVERY_AGENT_LOGIN,KEY_RECOVERY_REQUEST_PROCESSED,KEY_RECOVERY_REQUEST_PROCESSED_ASYNC,KEY_GEN_ASYMMETRIC,NON_PROFILE_CERT_REQUEST,PROFILE_CERT_REQUEST,CERT_REQUEST_PROCESSED,CERT_STATUS_CHANGE_REQUEST,CERT_STATUS_CHANGE_REQUEST_PROCESSED,AUTHZ_SUCCESS,AUTHZ_FAIL,INTER_BOUNDARY,AUTH_FAIL,AUTH_SUCCESS,CERT_PROFILE_APPROVAL,PROOF_OF_POSSESSION,CRL_RETRIEVAL,CRL_VALIDATION,CMC_SIGNED_REQUEST_SIG_VERIFY,SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_FAILURE,SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_SUCCESS,SERVER_SIDE_KEYGEN_REQUEST,COMPUTE_SESSION_KEY_REQUEST,COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS, COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE,DIVERSIFY_KEY_REQUEST,DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS, DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE,ENCRYPT_DATA_REQUEST,ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS,ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE,OCSP_ADD_CA_REQUEST,OCSP_ADD_CA_REQUEST_PROCESSED,OCSP_REMOVE_CA_REQUEST,OCSP_REMOVE_CA_REQUEST_PROCESSED_SUCCESS,OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE,COMPUTE_RANDOM_DATA_REQUEST,COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_SUCCESS,COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_FAILURE,CIMC_CERT_VERIFICATION,LOGGING_SIGNED_AUDIT_SIGNING,ENROLLMENT,PIN_RESET,FORMAT,CONFIG,CONFIG_TOKEN,CONFIG_PROFILE,APPLET_UPGRADE,KEY_CHANGEOVER,RENEWAL,CIMC_CERT_VERIFICATION +log.instance.SignedAudit.expirationTime=0 +log.instance.SignedAudit.fileName=[PKI_INSTANCE_PATH]/logs/[PKI_SUBSYSTEM_TYPE]/signedAudit/tps_cert-tps_audit +log.instance.SignedAudit.flushInterval=5 +log.instance.SignedAudit.level=1 +log.instance.SignedAudit.logSigning=false +log.instance.SignedAudit.maxFileSize=2000 +log.instance.SignedAudit.pluginName=file +log.instance.SignedAudit.rolloverInterval=2592000 +log.instance.SignedAudit.signedAudit:_000=## +log.instance.SignedAudit.signedAudit:_001=## Fill in the nickname of a trusted signing certificate to allow TPS audit logs to be signed +log.instance.SignedAudit.signedAudit:_002=## +log.instance.SignedAudit.signedAuditCertNickname=auditSigningCert cert-[PKI_INSTANCE_NAME] +log.instance.SignedAudit.type=signedAudit +log.instance.System._000=## +log.instance.System._001=## System Logging +log.instance.System._002=## +log.instance.System.bufferSize=512 +log.instance.System.enable=true +log.instance.System.expirationTime=0 +log.instance.System.fileName=[PKI_INSTANCE_PATH]/logs/[PKI_SUBSYSTEM_TYPE]/system +log.instance.System.flushInterval=5 +log.instance.System.level=3 +log.instance.System.maxFileSize=2000 +log.instance.System.pluginName=file +log.instance.System.rolloverInterval=2592000 +log.instance.System.type=system +log.instance.Transactions._000=## +log.instance.Transactions._001=## Transaction Logging +log.instance.Transactions._002=## +log.instance.Transactions.bufferSize=512 +log.instance.Transactions.enable=true +log.instance.Transactions.expirationTime=0 +log.instance.Transactions.fileName=[PKI_INSTANCE_PATH]/logs/[PKI_SUBSYSTEM_TYPE]/transactions +log.instance.Transactions.flushInterval=5 +log.instance.Transactions.level=1 +log.instance.Transactions.maxFileSize=2000 +log.instance.Transactions.pluginName=file +log.instance.Transactions.rolloverInterval=2592000 +log.instance.Transactions.type=transaction +machineName=[PKI_HOSTNAME] +multiroles._000=## +multiroles._001=## multiroles +multiroles._002=## +multiroles.enable=true +multiroles.false.groupEnforceList=Administrators,Auditors,Trusted Managers,Certificate Manager Agents,Registration Manager Agents,Data Recovery Manager Agents,Online Certificate Status Manager Agents,Token Key Service Manager Agents,Enterprise CA Administrators,Enterprise KRA Administrators,Enterprise OCSP Administrators,Enterprise RA Administrators,Enterprise TKS Administrators,Enterprise TPS Administrators,Security Domain Administrators,Subsystem Group,ClonedSubsystems +multiroles.false.groupEnforceList=Administrators,Auditors,Trusted Managers,Certificate Manager Agents,Registration Manager Agents,Data Recovery Manager Agents,Online Certificate Status Manager Agents,Token Key Service Manager Agents,Enterprise CA Administrators,Enterprise KRA Adminstrators,Enterprise OCSP Administrators,Enterprise RA Administrators,Enterprise TKS Administrators,Enterprise TPS Administrators,Security Domain Administrators,Subsystem Group +multiroles=true op.enroll._000=######################################### op.enroll._001=# Default Operations op.enroll._002=# @@ -585,85 +358,311 @@ op.enroll._031=# op.enroll._032=# Token ATR: op.enroll._033=# Web Store - 3B759400006202020201 op.enroll._034=######################################### -op.enroll.mapping.order=0,1,2 -op.enroll.mapping.0.filter.tokenType=userKey -op.enroll.mapping.0.filter.tokenATR= -op.enroll.mapping.0.filter.tokenCUID.start= -op.enroll.mapping.0.filter.tokenCUID.end= +op.enroll.allowUnknownToken=true op.enroll.mapping.0.filter.appletMajorVersion=1 op.enroll.mapping.0.filter.appletMinorVersion= +op.enroll.mapping.0.filter.tokenATR= +op.enroll.mapping.0.filter.tokenCUID.end= +op.enroll.mapping.0.filter.tokenCUID.start= +op.enroll.mapping.0.filter.tokenType=userKey op.enroll.mapping.0.target.tokenType=userKey -op.enroll.mapping.1.filter.tokenType=soKey -op.enroll.mapping.1.filter.tokenATR= -op.enroll.mapping.1.filter.tokenCUID.start= -op.enroll.mapping.1.filter.tokenCUID.end= op.enroll.mapping.1.filter.appletMajorVersion= op.enroll.mapping.1.filter.appletMinorVersion= +op.enroll.mapping.1.filter.tokenATR= +op.enroll.mapping.1.filter.tokenCUID.end= +op.enroll.mapping.1.filter.tokenCUID.start= +op.enroll.mapping.1.filter.tokenType=soKey op.enroll.mapping.1.target.tokenType=soKey -op.enroll.mapping.2.filter.tokenType= -op.enroll.mapping.2.filter.tokenATR= -op.enroll.mapping.2.filter.tokenCUID.start= -op.enroll.mapping.2.filter.tokenCUID.end= op.enroll.mapping.2.filter.appletMajorVersion= op.enroll.mapping.2.filter.appletMinorVersion= +op.enroll.mapping.2.filter.tokenATR= +op.enroll.mapping.2.filter.tokenCUID.end= +op.enroll.mapping.2.filter.tokenCUID.start= +op.enroll.mapping.2.filter.tokenType= op.enroll.mapping.2.target.tokenType=userKey -op.pinReset.mapping.order=0 -op.pinReset.mapping.0.filter.tokenType= -op.pinReset.mapping.0.filter.tokenATR= -op.pinReset.mapping.0.filter.tokenCUID.start= -op.pinReset.mapping.0.filter.tokenCUID.end= -op.pinReset.mapping.0.filter.appletMajorVersion= -op.pinReset.mapping.0.filter.appletMinorVersion= -op.pinReset.mapping.0.target.tokenType=userKey -op.format.mapping.order=0,1,2,3,4,5,6 -op.format.mapping.0.filter.tokenType=soCleanUserToken -op.format.mapping.0.filter.tokenATR= -op.format.mapping.0.filter.tokenCUID.start= -op.format.mapping.0.filter.tokenCUID.end= -op.format.mapping.0.filter.appletMajorVersion= -op.format.mapping.0.filter.appletMinorVersion= -op.format.mapping.0.target.tokenType=soCleanUserToken -op.format.mapping.1.filter.tokenType=soUserKey -op.format.mapping.1.filter.tokenATR= -op.format.mapping.1.filter.tokenCUID.start= -op.format.mapping.1.filter.tokenCUID.end= -op.format.mapping.1.filter.appletMajorVersion= -op.format.mapping.1.filter.appletMinorVersion= -op.format.mapping.1.target.tokenType=soUserKey -op.format.mapping.2.filter.tokenType=soKey -op.format.mapping.2.filter.tokenATR= -op.format.mapping.2.filter.tokenCUID.start= -op.format.mapping.2.filter.tokenCUID.end= -op.format.mapping.2.filter.appletMajorVersion= -op.format.mapping.2.filter.appletMinorVersion= -op.format.mapping.2.target.tokenType=soKey -op.format.mapping.3.filter.tokenType=userKey -op.format.mapping.3.filter.tokenATR= -op.format.mapping.3.filter.tokenCUID.start= -op.format.mapping.3.filter.tokenCUID.end= -op.format.mapping.3.filter.appletMajorVersion= -op.format.mapping.3.filter.appletMinorVersion= -op.format.mapping.3.target.tokenType=userKey -op.format.mapping.4.filter.tokenType=soCleanSOToken -op.format.mapping.4.filter.tokenATR= -op.format.mapping.4.filter.tokenCUID.start= -op.format.mapping.4.filter.tokenCUID.end= -op.format.mapping.4.filter.appletMajorVersion= -op.format.mapping.4.filter.appletMinorVersion= -op.format.mapping.5.filter.tokenType=cleanToken -op.format.mapping.5.filter.tokenATR= -op.format.mapping.5.filter.tokenCUID.start= -op.format.mapping.5.filter.tokenCUID.end= -op.format.mapping.5.filter.appletMajorVersion= -op.format.mapping.5.filter.appletMinorVersion= -op.format.mapping.5.target.tokenType=cleanToken -op.format.mapping.4.target.tokenType=soCleanSOToken -op.format.mapping.6.filter.tokenATR= -op.format.mapping.6.filter.tokenCUID.start= -op.format.mapping.6.filter.tokenCUID.end= -op.format.mapping.6.filter.appletMajorVersion= -op.format.mapping.6.filter.appletMinorVersion= -op.format.mapping.6.target.tokenType=tokenKey +op.enroll.mapping.order=0,1,2 +op.enroll.soKey._079=#op.enroll.userKey.keyGen.signing.publisherId=fileBasedPublisher +op.enroll.soKey.auth.enable=true +op.enroll.soKey.auth.id=ldap2 +op.enroll.soKey.cardmgr_instance=A0000000030000 +op.enroll.soKey.issuerinfo.enable=true +op.enroll.soKey.issuerinfo.value=http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/cgi-bin/so/index.cgi +op.enroll.soKey.keyGen.encryption.ca.conn=ca1 +op.enroll.soKey.keyGen.encryption.ca.profileId=caTokenUserEncryptionKeyEnrollment +op.enroll.soKey.keyGen.encryption.certAttrId=c2 +op.enroll.soKey.keyGen.encryption.certId=C2 +op.enroll.soKey.keyGen.encryption.cuid_label=$cuid$ +op.enroll.soKey.keyGen.encryption.keySize=1024 +op.enroll.soKey.keyGen.encryption.keyUsage=0 +op.enroll.soKey.keyGen.encryption.keyUser=0 +op.enroll.soKey.keyGen.encryption.label=encryption key for $userid$ +op.enroll.soKey.keyGen.encryption.overwrite=true +op.enroll.soKey.keyGen.encryption.privateKeyAttrId=k4 +op.enroll.soKey.keyGen.encryption.private.keyCapabilities.decrypt=true +op.enroll.soKey.keyGen.encryption.private.keyCapabilities.derive=false +op.enroll.soKey.keyGen.encryption.private.keyCapabilities.encrypt=false +op.enroll.soKey.keyGen.encryption.private.keyCapabilities.private=true +op.enroll.soKey.keyGen.encryption.private.keyCapabilities.sensitive=true +op.enroll.soKey.keyGen.encryption.private.keyCapabilities.sign=false +op.enroll.soKey.keyGen.encryption.private.keyCapabilities.signRecover=false +op.enroll.soKey.keyGen.encryption.private.keyCapabilities.token=true +op.enroll.soKey.keyGen.encryption.private.keyCapabilities.unwrap=true +op.enroll.soKey.keyGen.encryption.private.keyCapabilities.verify=false +op.enroll.soKey.keyGen.encryption.private.keyCapabilities.verifyRecover=false +op.enroll.soKey.keyGen.encryption.private.keyCapabilities.wrap=false +op.enroll.soKey.keyGen.encryption.privateKeyNumber=4 +op.enroll.soKey.keyGen.encryption.publicKeyAttrId=k5 +op.enroll.soKey.keyGen.encryption.public.keyCapabilities.decrypt=false +op.enroll.soKey.keyGen.encryption.public.keyCapabilities.derive=false +op.enroll.soKey.keyGen.encryption.public.keyCapabilities.encrypt=true +op.enroll.soKey.keyGen.encryption.public.keyCapabilities.private=false +op.enroll.soKey.keyGen.encryption.public.keyCapabilities.sensitive=false +op.enroll.soKey.keyGen.encryption.public.keyCapabilities.sign=false +op.enroll.soKey.keyGen.encryption.public.keyCapabilities.signRecover=false +op.enroll.soKey.keyGen.encryption.public.keyCapabilities.token=true +op.enroll.soKey.keyGen.encryption.public.keyCapabilities.unwrap=false +op.enroll.soKey.keyGen.encryption.public.keyCapabilities.verify=false +op.enroll.soKey.keyGen.encryption.public.keyCapabilities.verifyRecover=false +op.enroll.soKey.keyGen.encryption.public.keyCapabilities.wrap=true +op.enroll.soKey.keyGen.encryption.publicKeyNumber=5 +op.enroll.soKey.keyGen.encryption.recovery.destroyed.revokeCert=false +op.enroll.soKey.keyGen.encryption.recovery.destroyed.revokeCert.reason=0 +op.enroll.soKey.keyGen.encryption.recovery.destroyed.scheme=RecoverLast +op.enroll.soKey.keyGen.encryption.recovery.keyCompromise.revokeCert.reason=1 +op.enroll.soKey.keyGen.encryption.recovery.keyCompromise.revokeCert=true +op.enroll.soKey.keyGen.encryption.recovery.keyCompromise.scheme=GenerateNewKey +op.enroll.soKey.keyGen.encryption.recovery.onHold.revokeCert.reason=6 +op.enroll.soKey.keyGen.encryption.recovery.onHold.revokeCert=true +op.enroll.soKey.keyGen.encryption.recovery.onHold.scheme=GenerateNewKey +op.enroll.soKey.keyGen.encryption.serverKeygen.archive=true +op.enroll.soKey.keyGen.encryption.serverKeygen.drm.conn=drm1 +op.enroll.soKey.keyGen.encryption.serverKeygen.enable=[SERVER_KEYGEN] +op.enroll.soKey.keyGen.keyType.num=2 +op.enroll.soKey.keyGen.keyType.value.0=signing +op.enroll.soKey.keyGen.keyType.value.1=encryption +op.enroll.soKey.keyGen.recovery.destroyed.keyType.num=2 +op.enroll.soKey.keyGen.recovery.destroyed.keyType.value.0=signing +op.enroll.soKey.keyGen.recovery.destroyed.keyType.value.1=encryption +op.enroll.soKey.keyGen.recovery.keyCompromise.keyType.num=2 +op.enroll.soKey.keyGen.recovery.keyCompromise.keyType.value.0=signing +op.enroll.soKey.keyGen.recovery.keyCompromise.keyType.value.1=encryption +op.enroll.soKey.keyGen.recovery.onHold.keyType.num=2 +op.enroll.soKey.keyGen.recovery.onHold.keyType.value.0=signing +op.enroll.soKey.keyGen.recovery.onHold.keyType.value.1=encryption +op.enroll.soKey.keyGen.signing.ca.conn=ca1 +op.enroll.soKey.keyGen.signing.ca.profileId=caTokenUserSigningKeyEnrollment +op.enroll.soKey.keyGen.signing.certAttrId=c1 +op.enroll.soKey.keyGen.signing.certId=C1 +op.enroll.soKey.keyGen.signing.cuid_label=$cuid$ +op.enroll.soKey.keyGen.signing.keySize=1024 +op.enroll.soKey.keyGen.signing.keyUsage=0 +op.enroll.soKey.keyGen.signing.keyUser=0 +op.enroll.soKey.keyGen.signing.label=signing key for $userid$ +op.enroll.soKey.keyGen.signing.overwrite=true +op.enroll.soKey.keyGen.signing.privateKeyAttrId=k2 +op.enroll.soKey.keyGen.signing.private.keyCapabilities.decrypt=false +op.enroll.soKey.keyGen.signing.private.keyCapabilities.derive=false +op.enroll.soKey.keyGen.signing.private.keyCapabilities.encrypt=false +op.enroll.soKey.keyGen.signing.private.keyCapabilities.private=true +op.enroll.soKey.keyGen.signing.private.keyCapabilities.sensitive=true +op.enroll.soKey.keyGen.signing.private.keyCapabilities.signRecover=true +op.enroll.soKey.keyGen.signing.private.keyCapabilities.sign=true +op.enroll.soKey.keyGen.signing.private.keyCapabilities.token=true +op.enroll.soKey.keyGen.signing.private.keyCapabilities.unwrap=false +op.enroll.soKey.keyGen.signing.private.keyCapabilities.verify=false +op.enroll.soKey.keyGen.signing.private.keyCapabilities.verifyRecover=false +op.enroll.soKey.keyGen.signing.private.keyCapabilities.wrap=false +op.enroll.soKey.keyGen.signing.privateKeyNumber=2 +op.enroll.soKey.keyGen.signing.publicKeyAttrId=k3 +op.enroll.soKey.keyGen.signing.public.keyCapabilities.decrypt=false +op.enroll.soKey.keyGen.signing.public.keyCapabilities.derive=false +op.enroll.soKey.keyGen.signing.public.keyCapabilities.encrypt=false +op.enroll.soKey.keyGen.signing.public.keyCapabilities.private=false +op.enroll.soKey.keyGen.signing.public.keyCapabilities.sensitive=false +op.enroll.soKey.keyGen.signing.public.keyCapabilities.sign=false +op.enroll.soKey.keyGen.signing.public.keyCapabilities.signRecover=false +op.enroll.soKey.keyGen.signing.public.keyCapabilities.token=true +op.enroll.soKey.keyGen.signing.public.keyCapabilities.unwrap=false +op.enroll.soKey.keyGen.signing.public.keyCapabilities.verifyRecover=true +op.enroll.soKey.keyGen.signing.public.keyCapabilities.verify=true +op.enroll.soKey.keyGen.signing.public.keyCapabilities.wrap=false +op.enroll.soKey.keyGen.signing.publicKeyNumber=3 +op.enroll.soKey.keyGen.signing.recovery.destroyed.revokeCert.reason=0 +op.enroll.soKey.keyGen.signing.recovery.destroyed.revokeCert=true +op.enroll.soKey.keyGen.signing.recovery.destroyed.scheme=GenerateNewKey +op.enroll.soKey.keyGen.signing.recovery.keyCompromise.revokeCert.reason=1 +op.enroll.soKey.keyGen.signing.recovery.keyCompromise.revokeCert=true +op.enroll.soKey.keyGen.signing.recovery.keyCompromise.scheme=GenerateNewKey +op.enroll.soKey.keyGen.signing.recovery.onHold.revokeCert.reason=6 +op.enroll.soKey.keyGen.signing.recovery.onHold.revokeCert=true +op.enroll.soKey.keyGen.signing.recovery.onHold.scheme=GenerateNewKey +op.enroll.soKey.keyGen.tokenName=$auth.cn$ +op.enroll.soKey.loginRequest.enable=true +op.enroll.soKey.pinReset.enable=true +op.enroll.soKey.pinReset.pin.maxLen=10 +op.enroll.soKey.pinReset.pin.maxRetries=127 +op.enroll.soKey.pinReset.pin.minLen=4 +op.enroll.soKey.pkcs11obj.compress.enable=true +op.enroll.soKey.pkcs11obj.enable=true +op.enroll.soKeyTemporary.auth.enable=true +op.enroll.soKeyTemporary.auth.id=ldap2 +op.enroll.soKeyTemporary.cardmgr_instance=A0000000030000 +op.enroll.soKeyTemporary.keyGen.auth.ca.conn=ca1 +op.enroll.soKeyTemporary.keyGen.auth.ca.profileId=caTempTokenDeviceKeyEnrollment +op.enroll.soKeyTemporary.keyGen.auth.certAttrId=c0 +op.enroll.soKeyTemporary.keyGen.auth.certId=C0 +op.enroll.soKeyTemporary.keyGen.auth.cuid_label=$cuid$ +op.enroll.soKeyTemporary.keyGen.auth.keySize=1024 +op.enroll.soKeyTemporary.keyGen.auth.keyUsage=0 +op.enroll.soKeyTemporary.keyGen.auth.keyUser=15 +op.enroll.soKeyTemporary.keyGen.auth.label=Temporary Key for $userid$ +op.enroll.soKeyTemporary.keyGen.auth.overwrite=false +op.enroll.soKeyTemporary.keyGen.auth.privateKeyAttrId=k0 +op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.decrypt=false +op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.derive=false +op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.encrypt=false +op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.private=false +op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.sensitive=true +op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.signRecover=true +op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.sign=true +op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.token=true +op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.unwrap=false +op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.verifyRecover=true +op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.verify=true +op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.wrap=false +op.enroll.soKeyTemporary.keyGen.auth.privateKeyNumber=0 +op.enroll.soKeyTemporary.keyGen.auth.publicKeyAttrId=k1 +op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.decrypt=false +op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.derive=false +op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.encrypt=false +op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.private=false +op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.sensitive=true +op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.signRecover=true +op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.sign=true +op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.token=true +op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.unwrap=false +op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.verifyRecover=true +op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.verify=true +op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.wrap=false +op.enroll.soKeyTemporary.keyGen.auth.publicKeyNumber=1 +op.enroll.soKeyTemporary.keyGen.encryption.ca.conn=ca1 +op.enroll.soKeyTemporary.keyGen.encryption.ca.profileId=caTempTokenUserEncryptionKeyEnrollment +op.enroll.soKeyTemporary.keyGen.encryption.certAttrId=c2 +op.enroll.soKeyTemporary.keyGen.encryption.certId=C2 +op.enroll.soKeyTemporary.keyGen.encryption.cuid_label=$cuid$ +op.enroll.soKeyTemporary.keyGen.encryption.keySize=1024 +op.enroll.soKeyTemporary.keyGen.encryption.keyUsage=0 +op.enroll.soKeyTemporary.keyGen.encryption.keyUser=0 +op.enroll.soKeyTemporary.keyGen.encryption.label=encryption key for $userid$ +op.enroll.soKeyTemporary.keyGen.encryption.overwrite=true +op.enroll.soKeyTemporary.keyGen.encryption.privateKeyAttrId=k4 +op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.decrypt=true +op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.derive=false +op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.encrypt=false +op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.private=true +op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.sensitive=true +op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.sign=false +op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.signRecover=false +op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.token=true +op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.unwrap=true +op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.verify=false +op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.verifyRecover=false +op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.wrap=false +op.enroll.soKeyTemporary.keyGen.encryption.privateKeyNumber=4 +op.enroll.soKeyTemporary.keyGen.encryption.publicKeyAttrId=k5 +op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.decrypt=false +op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.derive=false +op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.encrypt=true +op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.private=false +op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.sensitive=false +op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.sign=false +op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.signRecover=false +op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.token=true +op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.unwrap=false +op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.verify=false +op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.verifyRecover=false +op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.wrap=true +op.enroll.soKeyTemporary.keyGen.encryption.publicKeyNumber=5 +op.enroll.soKeyTemporary.keyGen.encryption.recovery.onHold.revokeCert.reason=0 +op.enroll.soKeyTemporary.keyGen.encryption.recovery.onHold.revokeCert=true +op.enroll.soKeyTemporary.keyGen.encryption.recovery.onHold.scheme=RecoverLast +op.enroll.soKeyTemporary.keyGen.encryption.serverKeygen.archive=true +op.enroll.soKeyTemporary.keyGen.encryption.serverKeygen.drm.conn=drm1 +op.enroll.soKeyTemporary.keyGen.encryption.serverKeygen.enable=true +op.enroll.soKeyTemporary.keyGen.keyType.num=3 +op.enroll.soKeyTemporary.keyGen.keyType.value.0=auth +op.enroll.soKeyTemporary.keyGen.keyType.value.1=signing +op.enroll.soKeyTemporary.keyGen.keyType.value.2=encryption +op.enroll.soKeyTemporary.keyGen.recovery.onHold.keyType.num=2 +op.enroll.soKeyTemporary.keyGen.recovery.onHold.keyType.value.0=signing +op.enroll.soKeyTemporary.keyGen.recovery.onHold.keyType.value.1=encryption +op.enroll.soKeyTemporary.keyGen.signing.ca.conn=ca1 +op.enroll.soKeyTemporary.keyGen.signing.ca.profileId=caTempTokenUserSigningKeyEnrollment +op.enroll.soKeyTemporary.keyGen.signing.certAttrId=c1 +op.enroll.soKeyTemporary.keyGen.signing.certId=C1 +op.enroll.soKeyTemporary.keyGen.signing.cuid_label=$cuid$ +op.enroll.soKeyTemporary.keyGen.signing.keySize=1024 +op.enroll.soKeyTemporary.keyGen.signing.keyUsage=0 +op.enroll.soKeyTemporary.keyGen.signing.keyUser=0 +op.enroll.soKeyTemporary.keyGen.signing.label=signing key for $userid$ +op.enroll.soKeyTemporary.keyGen.signing.overwrite=true +op.enroll.soKeyTemporary.keyGen.signing.privateKeyAttrId=k2 +op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.decrypt=false +op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.derive=false +op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.encrypt=false +op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.private=true +op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.sensitive=true +op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.signRecover=true +op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.sign=true +op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.token=true +op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.unwrap=false +op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.verify=false +op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.verifyRecover=false +op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.wrap=false +op.enroll.soKeyTemporary.keyGen.signing.privateKeyNumber=2 +op.enroll.soKeyTemporary.keyGen.signing.publicKeyAttrId=k3 +op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.decrypt=false +op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.derive=false +op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.encrypt=false +op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.private=false +op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.sensitive=false +op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.sign=false +op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.signRecover=false +op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.token=true +op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.unwrap=false +op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.verifyRecover=true +op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.verify=true +op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.wrap=false +op.enroll.soKeyTemporary.keyGen.signing.publicKeyNumber=3 +op.enroll.soKeyTemporary.keyGen.signing.recovery.onHold.revokeCert.reason=0 +op.enroll.soKeyTemporary.keyGen.signing.recovery.onHold.revokeCert=true +op.enroll.soKeyTemporary.keyGen.signing.recovery.onHold.scheme=GenerateNewKey +op.enroll.soKeyTemporary.keyGen.tokenName=$auth.cn$ (Temporary) +op.enroll.soKeyTemporary.loginRequest.enable=true +op.enroll.soKeyTemporary.pinReset.enable=true +op.enroll.soKeyTemporary.pinReset.pin.maxLen=10 +op.enroll.soKeyTemporary.pinReset.pin.maxRetries=127 +op.enroll.soKeyTemporary.pinReset.pin.minLen=4 +op.enroll.soKeyTemporary.pkcs11obj.compress.enable=true +op.enroll.soKeyTemporary.pkcs11obj.enable=true +op.enroll.soKeyTemporary.tks.conn=tks1 +op.enroll.soKeyTemporary.tks.keySet=defKeyset +op.enroll.soKey.temporaryToken.tokenType=soKeyTemporary +op.enroll.soKeyTemporary.update.applet.directory=[TPS_DIR]/applets +op.enroll.soKeyTemporary.update.applet.emptyToken.enable=true +op.enroll.soKeyTemporary.update.applet.enable=true +op.enroll.soKeyTemporary.update.applet.encryption=true +op.enroll.soKeyTemporary.update.applet.requiredVersion=1.4.4d40a449 +op.enroll.soKeyTemporary.update.symmetricKeys.enable=false +op.enroll.soKeyTemporary.update.symmetricKeys.requiredVersion=1 +op.enroll.soKey.tks.conn=tks1 +op.enroll.soKey.update.applet.directory=[TPS_DIR]/applets +op.enroll.soKey.update.applet.emptyToken.enable=true +op.enroll.soKey.update.applet.enable=true +op.enroll.soKey.update.applet.encryption=true +op.enroll.soKey.update.applet.requiredVersion=1.4.4d40a449 +op.enroll.soKey.update.symmetricKeys.enable=false +op.enroll.soKey.update.symmetricKeys.requiredVersion=1 op.enroll.userKey._000=######################################### op.enroll.userKey._001=# Enrollment Operation For CoolKey op.enroll.userKey._002=# @@ -743,8 +742,10 @@ op.enroll.userKey._075=# There is a special case of tokenType userKeyTemporary. op.enroll.userKey._076=# Make sure the profile specified by the profileId to have op.enroll.userKey._077=# short validity period (eg, 7 days) for the certificate. op.enroll.userKey._078=# +op.enroll.userKey._079=#op.enroll.userKey.keyGen.signing.publisherId=fileBasedPublisher op.enroll.userKey._079=# The three recovery schemes supported are: op.enroll.userKey._080=# +op.enroll.userKey._080=#op.enroll.userKeyTemporary.keyGen.signing.publisherId=fileBasedPublisher op.enroll.userKey._081=# * GenerateNewKey - Generate a new op.enroll.userKey._082=# cert for the op.enroll.userKey._083=# encryption cert. @@ -755,289 +756,128 @@ op.enroll.userKey._087=# * GenerateNewKeyandRecoverLast - Generate new cert AND op.enroll.userKey._088=# recover last for op.enroll.userKey._089=# encryption cert. op.enroll.userKey._090=######################################### -op.enroll.allowUnknownToken=true -op.enroll.userKey.temporaryToken.tokenType=userKeyTemporary +op.enroll.userKey.auth.enable=true +op.enroll.userKey.auth.id=ldap1 +op.enroll.userKey.cardmgr_instance=A0000000030000 +op.enroll.userKey.issuerinfo.enable=true +op.enroll.userKey.issuerinfo.value=http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/cgi-bin/home/index.cgi +op.enroll.userKey.keyGen.encryption.ca.conn=ca1 +op.enroll.userKey.keyGen.encryption.ca.profileId=caTokenUserEncryptionKeyEnrollment +op.enroll.userKey.keyGen.encryption.certAttrId=c2 +op.enroll.userKey.keyGen.encryption.certId=C2 +op.enroll.userKey.keyGen.encryption.cuid_label=$cuid$ +op.enroll.userKey.keyGen.encryption.keySize=1024 +op.enroll.userKey.keyGen.encryption.keyUsage=0 +op.enroll.userKey.keyGen.encryption.keyUser=0 +op.enroll.userKey.keyGen.encryption.label=encryption key for $userid$ +op.enroll.userKey.keyGen.encryption.overwrite=true +op.enroll.userKey.keyGen.encryption.privateKeyAttrId=k4 +op.enroll.userKey.keyGen.encryption.private.keyCapabilities.decrypt=true +op.enroll.userKey.keyGen.encryption.private.keyCapabilities.derive=false +op.enroll.userKey.keyGen.encryption.private.keyCapabilities.encrypt=false +op.enroll.userKey.keyGen.encryption.private.keyCapabilities.private=true +op.enroll.userKey.keyGen.encryption.private.keyCapabilities.sensitive=true +op.enroll.userKey.keyGen.encryption.private.keyCapabilities.sign=false +op.enroll.userKey.keyGen.encryption.private.keyCapabilities.signRecover=false +op.enroll.userKey.keyGen.encryption.private.keyCapabilities.token=true +op.enroll.userKey.keyGen.encryption.private.keyCapabilities.unwrap=true +op.enroll.userKey.keyGen.encryption.private.keyCapabilities.verify=false +op.enroll.userKey.keyGen.encryption.private.keyCapabilities.verifyRecover=false +op.enroll.userKey.keyGen.encryption.private.keyCapabilities.wrap=false +op.enroll.userKey.keyGen.encryption.privateKeyNumber=4 +op.enroll.userKey.keyGen.encryption.publicKeyAttrId=k5 +op.enroll.userKey.keyGen.encryption.public.keyCapabilities.decrypt=false +op.enroll.userKey.keyGen.encryption.public.keyCapabilities.derive=false +op.enroll.userKey.keyGen.encryption.public.keyCapabilities.encrypt=true +op.enroll.userKey.keyGen.encryption.public.keyCapabilities.private=false +op.enroll.userKey.keyGen.encryption.public.keyCapabilities.sensitive=false +op.enroll.userKey.keyGen.encryption.public.keyCapabilities.sign=false +op.enroll.userKey.keyGen.encryption.public.keyCapabilities.signRecover=false +op.enroll.userKey.keyGen.encryption.public.keyCapabilities.token=true +op.enroll.userKey.keyGen.encryption.public.keyCapabilities.unwrap=false +op.enroll.userKey.keyGen.encryption.public.keyCapabilities.verify=false +op.enroll.userKey.keyGen.encryption.public.keyCapabilities.verifyRecover=false +op.enroll.userKey.keyGen.encryption.public.keyCapabilities.wrap=true +op.enroll.userKey.keyGen.encryption.publicKeyNumber=5 +op.enroll.userKey.keyGen.encryption.recovery.destroyed.revokeCert=false +op.enroll.userKey.keyGen.encryption.recovery.destroyed.revokeCert.reason=0 +op.enroll.userKey.keyGen.encryption.recovery.destroyed.scheme=RecoverLast +op.enroll.userKey.keyGen.encryption.recovery.keyCompromise.revokeCert.reason=1 +op.enroll.userKey.keyGen.encryption.recovery.keyCompromise.revokeCert=true +op.enroll.userKey.keyGen.encryption.recovery.keyCompromise.scheme=GenerateNewKey +op.enroll.userKey.keyGen.encryption.recovery.onHold.revokeCert.reason=6 +op.enroll.userKey.keyGen.encryption.recovery.onHold.revokeCert=true +op.enroll.userKey.keyGen.encryption.recovery.onHold.scheme=GenerateNewKey +op.enroll.userKey.keyGen.encryption.serverKeygen.archive=true +op.enroll.userKey.keyGen.encryption.serverKeygen.drm.conn=drm1 +op.enroll.userKey.keyGen.encryption.serverKeygen.enable=[SERVER_KEYGEN] +op.enroll.userKey.keyGen.keyType.num=2 +op.enroll.userKey.keyGen.keyType.value.0=signing +op.enroll.userKey.keyGen.keyType.value.1=encryption op.enroll.userKey.keyGen.recovery.destroyed.keyType.num=2 op.enroll.userKey.keyGen.recovery.destroyed.keyType.value.0=signing op.enroll.userKey.keyGen.recovery.destroyed.keyType.value.1=encryption -op.enroll.userKey.keyGen.signing.recovery.destroyed.scheme=GenerateNewKey -op.enroll.userKey.keyGen.signing.recovery.destroyed.revokeCert=true -op.enroll.userKey.keyGen.signing.recovery.destroyed.revokeCert.reason=0 -op.enroll.userKey.keyGen.encryption.recovery.destroyed.scheme=RecoverLast -op.enroll.userKey.keyGen.encryption.recovery.destroyed.revokeCert=false -op.enroll.userKey.keyGen.encryption.recovery.destroyed.revokeCert.reason=0 op.enroll.userKey.keyGen.recovery.keyCompromise.keyType.num=2 op.enroll.userKey.keyGen.recovery.keyCompromise.keyType.value.0=signing op.enroll.userKey.keyGen.recovery.keyCompromise.keyType.value.1=encryption -op.enroll.userKey.keyGen.signing.recovery.keyCompromise.scheme=GenerateNewKey -op.enroll.userKey.keyGen.signing.recovery.keyCompromise.revokeCert=true -op.enroll.userKey.keyGen.signing.recovery.keyCompromise.revokeCert.reason=1 -op.enroll.userKey.keyGen.encryption.recovery.keyCompromise.scheme=GenerateNewKey -op.enroll.userKey.keyGen.encryption.recovery.keyCompromise.revokeCert=true -op.enroll.userKey.keyGen.encryption.recovery.keyCompromise.revokeCert.reason=1 op.enroll.userKey.keyGen.recovery.onHold.keyType.num=2 op.enroll.userKey.keyGen.recovery.onHold.keyType.value.0=signing op.enroll.userKey.keyGen.recovery.onHold.keyType.value.1=encryption -op.enroll.userKey.keyGen.signing.recovery.onHold.scheme=GenerateNewKey -op.enroll.userKey.keyGen.signing.recovery.onHold.revokeCert=true -op.enroll.userKey.keyGen.signing.recovery.onHold.revokeCert.reason=6 -op.enroll.userKey.keyGen.encryption.recovery.onHold.scheme=GenerateNewKey -op.enroll.userKey.keyGen.encryption.recovery.onHold.revokeCert=true -op.enroll.userKey.keyGen.encryption.recovery.onHold.revokeCert.reason=6 -op.enroll.userKey.keyGen.tokenName=$auth.cn$ -op.enroll.userKey.keyGen.keyType.num=2 -op.enroll.userKey.keyGen.keyType.value.0=signing -op.enroll.userKey.keyGen.keyType.value.1=encryption +op.enroll.userKey.keyGen.signing.ca.conn=ca1 +op.enroll.userKey.keyGen.signing.ca.profileId=caTokenUserSigningKeyEnrollment +op.enroll.userKey.keyGen.signing.certAttrId=c1 +op.enroll.userKey.keyGen.signing.certId=C1 +op.enroll.userKey.keyGen.signing.cuid_label=$cuid$ op.enroll.userKey.keyGen.signing.keySize=1024 +op.enroll.userKey.keyGen.signing.keyUsage=0 +op.enroll.userKey.keyGen.signing.keyUser=0 +op.enroll.userKey.keyGen.signing.label=signing key for $userid$ +op.enroll.userKey.keyGen.signing.overwrite=true +op.enroll.userKey.keyGen.signing.privateKeyAttrId=k2 +op.enroll.userKey.keyGen.signing.private.keyCapabilities.decrypt=false +op.enroll.userKey.keyGen.signing.private.keyCapabilities.derive=false +op.enroll.userKey.keyGen.signing.private.keyCapabilities.encrypt=false +op.enroll.userKey.keyGen.signing.private.keyCapabilities.private=true +op.enroll.userKey.keyGen.signing.private.keyCapabilities.sensitive=true +op.enroll.userKey.keyGen.signing.private.keyCapabilities.signRecover=true +op.enroll.userKey.keyGen.signing.private.keyCapabilities.sign=true +op.enroll.userKey.keyGen.signing.private.keyCapabilities.token=true +op.enroll.userKey.keyGen.signing.private.keyCapabilities.unwrap=false +op.enroll.userKey.keyGen.signing.private.keyCapabilities.verify=false +op.enroll.userKey.keyGen.signing.private.keyCapabilities.verifyRecover=false +op.enroll.userKey.keyGen.signing.private.keyCapabilities.wrap=false +op.enroll.userKey.keyGen.signing.privateKeyNumber=2 +op.enroll.userKey.keyGen.signing.publicKeyAttrId=k3 +op.enroll.userKey.keyGen.signing.public.keyCapabilities.decrypt=false +op.enroll.userKey.keyGen.signing.public.keyCapabilities.derive=false op.enroll.userKey.keyGen.signing.public.keyCapabilities.encrypt=false +op.enroll.userKey.keyGen.signing.public.keyCapabilities.private=false +op.enroll.userKey.keyGen.signing.public.keyCapabilities.sensitive=false op.enroll.userKey.keyGen.signing.public.keyCapabilities.sign=false op.enroll.userKey.keyGen.signing.public.keyCapabilities.signRecover=false -op.enroll.userKey.keyGen.signing.public.keyCapabilities.decrypt=false -op.enroll.userKey.keyGen.signing.public.keyCapabilities.derive=false +op.enroll.userKey.keyGen.signing.public.keyCapabilities.token=true op.enroll.userKey.keyGen.signing.public.keyCapabilities.unwrap=false -op.enroll.userKey.keyGen.signing.public.keyCapabilities.wrap=false op.enroll.userKey.keyGen.signing.public.keyCapabilities.verifyRecover=true op.enroll.userKey.keyGen.signing.public.keyCapabilities.verify=true -op.enroll.userKey.keyGen.signing.public.keyCapabilities.sensitive=false -op.enroll.userKey.keyGen.signing.public.keyCapabilities.private=false -op.enroll.userKey.keyGen.signing.public.keyCapabilities.token=true -op.enroll.userKey.keyGen.signing.private.keyCapabilities.encrypt=false -op.enroll.userKey.keyGen.signing.private.keyCapabilities.sign=true -op.enroll.userKey.keyGen.signing.private.keyCapabilities.signRecover=true -op.enroll.userKey.keyGen.signing.private.keyCapabilities.decrypt=false -op.enroll.userKey.keyGen.signing.private.keyCapabilities.derive=false -op.enroll.userKey.keyGen.signing.private.keyCapabilities.unwrap=false -op.enroll.userKey.keyGen.signing.private.keyCapabilities.wrap=false -op.enroll.userKey.keyGen.signing.private.keyCapabilities.verifyRecover=false -op.enroll.userKey.keyGen.signing.private.keyCapabilities.verify=false -op.enroll.userKey.keyGen.signing.private.keyCapabilities.sensitive=true -op.enroll.userKey.keyGen.signing.private.keyCapabilities.private=true -op.enroll.userKey.keyGen.signing.private.keyCapabilities.token=true -op.enroll.userKey.keyGen.signing.label=signing key for $userid$ -op.enroll.userKey.keyGen.signing.cuid_label=$cuid$ -op.enroll.userKey.keyGen.signing.overwrite=true -op.enroll.userKey.keyGen.signing.certId=C1 -op.enroll.userKey.keyGen.signing.certAttrId=c1 -op.enroll.userKey.keyGen.signing.privateKeyAttrId=k2 -op.enroll.userKey.keyGen.signing.publicKeyAttrId=k3 -op.enroll.userKey.keyGen.signing.keyUsage=0 -op.enroll.userKey.keyGen.signing.keyUser=0 -op.enroll.userKey.keyGen.signing.privateKeyNumber=2 +op.enroll.userKey.keyGen.signing.public.keyCapabilities.wrap=false op.enroll.userKey.keyGen.signing.publicKeyNumber=3 -op.enroll.userKey.keyGen.signing.ca.profileId=caTokenUserSigningKeyEnrollment -op.enroll.userKey.keyGen.signing.ca.conn=ca1 -op.enroll.userKey._079=#op.enroll.userKey.keyGen.signing.publisherId=fileBasedPublisher -op.enroll.userKey.keyGen.encryption.keySize=1024 -op.enroll.userKey.keyGen.encryption.public.keyCapabilities.encrypt=true -op.enroll.userKey.keyGen.encryption.public.keyCapabilities.sign=false -op.enroll.userKey.keyGen.encryption.public.keyCapabilities.signRecover=false -op.enroll.userKey.keyGen.encryption.public.keyCapabilities.decrypt=false -op.enroll.userKey.keyGen.encryption.public.keyCapabilities.derive=false -op.enroll.userKey.keyGen.encryption.public.keyCapabilities.unwrap=false -op.enroll.userKey.keyGen.encryption.public.keyCapabilities.wrap=true -op.enroll.userKey.keyGen.encryption.public.keyCapabilities.verifyRecover=false -op.enroll.userKey.keyGen.encryption.public.keyCapabilities.verify=false -op.enroll.userKey.keyGen.encryption.public.keyCapabilities.sensitive=false -op.enroll.userKey.keyGen.encryption.public.keyCapabilities.private=false -op.enroll.userKey.keyGen.encryption.public.keyCapabilities.token=true -op.enroll.userKey.keyGen.encryption.private.keyCapabilities.encrypt=false -op.enroll.userKey.keyGen.encryption.private.keyCapabilities.sign=false -op.enroll.userKey.keyGen.encryption.private.keyCapabilities.signRecover=false -op.enroll.userKey.keyGen.encryption.private.keyCapabilities.decrypt=true -op.enroll.userKey.keyGen.encryption.private.keyCapabilities.derive=false -op.enroll.userKey.keyGen.encryption.private.keyCapabilities.unwrap=true -op.enroll.userKey.keyGen.encryption.private.keyCapabilities.wrap=false -op.enroll.userKey.keyGen.encryption.private.keyCapabilities.verifyRecover=false -op.enroll.userKey.keyGen.encryption.private.keyCapabilities.verify=false -op.enroll.userKey.keyGen.encryption.private.keyCapabilities.sensitive=true -op.enroll.userKey.keyGen.encryption.private.keyCapabilities.private=true -op.enroll.userKey.keyGen.encryption.private.keyCapabilities.token=true -op.enroll.userKey.keyGen.encryption.label=encryption key for $userid$ -op.enroll.userKey.keyGen.encryption.cuid_label=$cuid$ -op.enroll.userKey.keyGen.encryption.overwrite=true -op.enroll.userKey.keyGen.encryption.certId=C2 -op.enroll.userKey.keyGen.encryption.certAttrId=c2 -op.enroll.userKey.keyGen.encryption.privateKeyAttrId=k4 -op.enroll.userKey.keyGen.encryption.publicKeyAttrId=k5 -op.enroll.userKey.keyGen.encryption.keyUsage=0 -op.enroll.userKey.keyGen.encryption.keyUser=0 -op.enroll.userKey.keyGen.encryption.privateKeyNumber=4 -op.enroll.userKey.keyGen.encryption.publicKeyNumber=5 -op.enroll.userKey.keyGen.encryption.ca.profileId=caTokenUserEncryptionKeyEnrollment -op.enroll.userKey.keyGen.encryption.ca.conn=ca1 -op.enroll.userKey.pkcs11obj.enable=true -op.enroll.userKey.pkcs11obj.compress.enable=true -op.enroll.userKey.update.applet.emptyToken.enable=true -op.enroll.userKey.update.applet.enable=true -op.enroll.userKey.update.applet.requiredVersion=1.4.4d40a449 -op.enroll.userKey.update.applet.directory=[TPS_DIR]/applets -op.enroll.userKey.update.applet.encryption=true -op.enroll.userKey.update.symmetricKeys.enable=false -op.enroll.userKey.update.symmetricKeys.requiredVersion=1 +op.enroll.userKey.keyGen.signing.recovery.destroyed.revokeCert.reason=0 +op.enroll.userKey.keyGen.signing.recovery.destroyed.revokeCert=true +op.enroll.userKey.keyGen.signing.recovery.destroyed.scheme=GenerateNewKey +op.enroll.userKey.keyGen.signing.recovery.keyCompromise.revokeCert.reason=1 +op.enroll.userKey.keyGen.signing.recovery.keyCompromise.revokeCert=true +op.enroll.userKey.keyGen.signing.recovery.keyCompromise.scheme=GenerateNewKey +op.enroll.userKey.keyGen.signing.recovery.onHold.revokeCert.reason=6 +op.enroll.userKey.keyGen.signing.recovery.onHold.revokeCert=true +op.enroll.userKey.keyGen.signing.recovery.onHold.scheme=GenerateNewKey +op.enroll.userKey.keyGen.tokenName=$auth.cn$ op.enroll.userKey.loginRequest.enable=true op.enroll.userKey.pinReset.enable=true +op.enroll.userKey.pinReset.pin.maxLen=10 op.enroll.userKey.pinReset.pin.maxRetries=127 op.enroll.userKey.pinReset.pin.minLen=4 -op.enroll.userKey.pinReset.pin.maxLen=10 -op.enroll.userKey.cardmgr_instance=A0000000030000 -op.enroll.userKey.tks.conn=tks1 -op.enroll.userKey.auth.id=ldap1 -op.enroll.userKey.auth.enable=true -op.enroll.userKey.issuerinfo.enable=true -op.enroll.userKey.issuerinfo.value=http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/cgi-bin/home/index.cgi -op.enroll.userKeyTemporary.keyGen.recovery.onHold.keyType.num=2 -op.enroll.userKeyTemporary.keyGen.recovery.onHold.keyType.value.0=signing -op.enroll.userKeyTemporary.keyGen.recovery.onHold.keyType.value.1=encryption -op.enroll.userKeyTemporary.keyGen.signing.recovery.onHold.scheme=GenerateNewKey -op.enroll.userKeyTemporary.keyGen.signing.recovery.onHold.revokeCert=true -op.enroll.userKeyTemporary.keyGen.signing.recovery.onHold.revokeCert.reason=0 -op.enroll.userKeyTemporary.keyGen.encryption.recovery.onHold.scheme=RecoverLast -op.enroll.userKeyTemporary.keyGen.encryption.recovery.onHold.revokeCert=true -op.enroll.userKeyTemporary.keyGen.encryption.recovery.onHold.revokeCert.reason=0 -op.enroll.userKey.keyGen.encryption.serverKeygen.enable=[SERVER_KEYGEN] -op.enroll.userKey.keyGen.encryption.serverKeygen.drm.conn=drm1 -op.enroll.userKey.keyGen.encryption.serverKeygen.archive=true -op.enroll.userKeyTemporary.keyGen.encryption.serverKeygen.enable=true -op.enroll.userKeyTemporary.keyGen.encryption.serverKeygen.drm.conn=drm1 -op.enroll.userKeyTemporary.keyGen.encryption.serverKeygen.archive=true -op.enroll.userKeyTemporary.keyGen.tokenName=$auth.cn$ (Temporary) -op.enroll.userKeyTemporary.keyGen.keyType.num=3 -op.enroll.userKeyTemporary.keyGen.keyType.value.0=auth -op.enroll.userKeyTemporary.keyGen.keyType.value.1=signing -op.enroll.userKeyTemporary.keyGen.keyType.value.2=encryption -op.enroll.userKeyTemporary.keyGen.auth.keySize=1024 -op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.encrypt=false -op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.sign=true -op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.signRecover=true -op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.decrypt=false -op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.derive=false -op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.unwrap=false -op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.wrap=false -op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.verifyRecover=true -op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.verify=true -op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.sensitive=true -op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.private=false -op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.token=true -op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.encrypt=false -op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.sign=true -op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.signRecover=true -op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.decrypt=false -op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.derive=false -op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.unwrap=false -op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.wrap=false -op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.verifyRecover=true -op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.verify=true -op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.sensitive=true -op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.private=false -op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.token=true -op.enroll.userKeyTemporary.keyGen.auth.label=Temporary Key for $userid$ -op.enroll.userKeyTemporary.keyGen.auth.cuid_label=$cuid$ -op.enroll.userKeyTemporary.keyGen.auth.overwrite=false -op.enroll.userKeyTemporary.keyGen.auth.certId=C0 -op.enroll.userKeyTemporary.keyGen.auth.certAttrId=c0 -op.enroll.userKeyTemporary.keyGen.auth.privateKeyAttrId=k0 -op.enroll.userKeyTemporary.keyGen.auth.publicKeyAttrId=k1 -op.enroll.userKeyTemporary.keyGen.auth.keyUsage=0 -op.enroll.userKeyTemporary.keyGen.auth.keyUser=15 -op.enroll.userKeyTemporary.keyGen.auth.privateKeyNumber=0 -op.enroll.userKeyTemporary.keyGen.auth.publicKeyNumber=1 -op.enroll.userKeyTemporary.keyGen.auth.ca.profileId=caTempTokenDeviceKeyEnrollment -op.enroll.userKeyTemporary.keyGen.auth.ca.conn=ca1 -op.enroll.userKeyTemporary.keyGen.signing.keySize=1024 -op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.encrypt=false -op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.sign=false -op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.signRecover=false -op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.decrypt=false -op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.derive=false -op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.unwrap=false -op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.wrap=false -op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.verifyRecover=true -op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.verify=true -op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.sensitive=false -op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.private=false -op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.token=true -op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.encrypt=false -op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.sign=true -op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.signRecover=true -op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.decrypt=false -op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.derive=false -op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.unwrap=false -op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.wrap=false -op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.verifyRecover=false -op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.verify=false -op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.sensitive=true -op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.private=true -op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.token=true -op.enroll.userKeyTemporary.keyGen.signing.label=signing key for $userid$ -op.enroll.userKeyTemporary.keyGen.signing.cuid_label=$cuid$ -op.enroll.userKeyTemporary.keyGen.signing.overwrite=true -op.enroll.userKeyTemporary.keyGen.signing.certId=C1 -op.enroll.userKeyTemporary.keyGen.signing.certAttrId=c1 -op.enroll.userKeyTemporary.keyGen.signing.privateKeyAttrId=k2 -op.enroll.userKeyTemporary.keyGen.signing.publicKeyAttrId=k3 -op.enroll.userKeyTemporary.keyGen.signing.keyUsage=0 -op.enroll.userKeyTemporary.keyGen.signing.keyUser=0 -op.enroll.userKeyTemporary.keyGen.signing.privateKeyNumber=2 -op.enroll.userKeyTemporary.keyGen.signing.publicKeyNumber=3 -op.enroll.userKeyTemporary.keyGen.signing.ca.profileId=caTempTokenUserSigningKeyEnrollment -op.enroll.userKeyTemporary.keyGen.signing.ca.conn=ca1 -op.enroll.userKey._080=#op.enroll.userKeyTemporary.keyGen.signing.publisherId=fileBasedPublisher -op.enroll.userKeyTemporary.keyGen.encryption.keySize=1024 -op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.encrypt=true -op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.sign=false -op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.signRecover=false -op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.decrypt=false -op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.derive=false -op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.unwrap=false -op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.wrap=true -op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.verifyRecover=false -op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.verify=false -op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.sensitive=false -op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.private=false -op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.token=true -op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.encrypt=false -op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.sign=false -op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.signRecover=false -op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.decrypt=true -op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.derive=false -op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.unwrap=true -op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.wrap=false -op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.verifyRecover=false -op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.verify=false -op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.sensitive=true -op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.private=true -op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.token=true -op.enroll.userKeyTemporary.keyGen.encryption.label=encryption key for $userid$ -op.enroll.userKeyTemporary.keyGen.encryption.cuid_label=$cuid$ -op.enroll.userKeyTemporary.keyGen.encryption.overwrite=true -op.enroll.userKeyTemporary.keyGen.encryption.certId=C2 -op.enroll.userKeyTemporary.keyGen.encryption.certAttrId=c2 -op.enroll.userKeyTemporary.keyGen.encryption.privateKeyAttrId=k4 -op.enroll.userKeyTemporary.keyGen.encryption.publicKeyAttrId=k5 -op.enroll.userKeyTemporary.keyGen.encryption.keyUsage=0 -op.enroll.userKeyTemporary.keyGen.encryption.keyUser=0 -op.enroll.userKeyTemporary.keyGen.encryption.privateKeyNumber=4 -op.enroll.userKeyTemporary.keyGen.encryption.publicKeyNumber=5 -op.enroll.userKeyTemporary.keyGen.encryption.ca.profileId=caTempTokenUserEncryptionKeyEnrollment -op.enroll.userKeyTemporary.keyGen.encryption.ca.conn=ca1 -op.enroll.userKeyTemporary.pkcs11obj.enable=true -op.enroll.userKeyTemporary.pkcs11obj.compress.enable=true -op.enroll.userKeyTemporary.update.applet.emptyToken.enable=true -op.enroll.userKeyTemporary.update.applet.enable=true -op.enroll.userKeyTemporary.update.applet.requiredVersion=1.4.4d40a449 -op.enroll.userKeyTemporary.update.applet.directory=[TPS_DIR]/applets -op.enroll.userKeyTemporary.update.applet.encryption=true -op.enroll.userKeyTemporary.update.symmetricKeys.enable=false -op.enroll.userKeyTemporary.update.symmetricKeys.requiredVersion=1 -op.enroll.userKeyTemporary.loginRequest.enable=true -op.enroll.userKeyTemporary.pinReset.enable=true -op.enroll.userKeyTemporary.pinReset.pin.maxRetries=127 -op.enroll.userKeyTemporary.pinReset.pin.minLen=4 -op.enroll.userKeyTemporary.pinReset.pin.maxLen=10 -op.enroll.userKeyTemporary.tks.conn=tks1 -op.enroll.userKeyTemporary.cardmgr_instance=A0000000030000 -op.enroll.userKeyTemporary.auth.id=ldap1 -op.enroll.userKeyTemporary.auth.enable=true +op.enroll.userKey.pkcs11obj.compress.enable=true +op.enroll.userKey.pkcs11obj.enable=true op.enroll.userKey.renewal._000=######################################### op.enroll.userKey.renewal._001=# Token Renewal. op.enroll.userKey.renewal._002=# @@ -1056,307 +896,348 @@ op.enroll.userKey.renewal._014=# values are for completeness only, server op.enroll.userKey.renewal._015=# code calculates actual values used. op.enroll.userKey.renewal._016=# op.enroll.userKey.renewal._017=######################################### -op.enroll.userKey.renewal.keyType.num=2 -op.enroll.userKey.renewal.keyType.value.0=signing -op.enroll.userKey.renewal.keyType.value.1=encryption -op.enroll.userKey.renewal.signing.enable=true -op.enroll.userKey.renewal.signing.gracePeriod.enable=false -op.enroll.userKey.renewal.signing.gracePeriod.before=30 -op.enroll.userKey.renewal.signing.gracePeriod.after=30 -op.enroll.userKey.renewal.signing.certId=C1 -op.enroll.userKey.renewal.encryption.certId=C2 -op.enroll.userKey.renewal.signing.certAttrId=c1 +op.enroll.userKey.renewal.encryption.ca.conn=ca1 +op.enroll.userKey.renewal.encryption.ca.profileId=caTokenUserEncryptionKeyRenewal op.enroll.userKey.renewal.encryption.certAttrId=c2 +op.enroll.userKey.renewal.encryption.certId=C2 op.enroll.userKey.renewal.encryption.enable=true -op.enroll.userKey.renewal.encryption.gracePeriod.enable=false -op.enroll.userKey.renewal.encryption.gracePeriod.before=30 op.enroll.userKey.renewal.encryption.gracePeriod.after=30 +op.enroll.userKey.renewal.encryption.gracePeriod.before=30 +op.enroll.userKey.renewal.encryption.gracePeriod.enable=false +op.enroll.userKey.renewal.keyType.num=2 +op.enroll.userKey.renewal.keyType.value.0=signing +op.enroll.userKey.renewal.keyType.value.1=encryption op.enroll.userKey.renewal.signing.ca.conn=ca1 -op.enroll.userKey.renewal.encryption.ca.conn=ca1 op.enroll.userKey.renewal.signing.ca.profileId=caTokenUserSigningKeyRenewal -op.enroll.userKey.renewal.encryption.ca.profileId=caTokenUserEncryptionKeyRenewal -op.enroll.soKey.temporaryToken.tokenType=soKeyTemporary -op.enroll.soKey.keyGen.recovery.destroyed.keyType.num=2 -op.enroll.soKey.keyGen.recovery.destroyed.keyType.value.0=signing -op.enroll.soKey.keyGen.recovery.destroyed.keyType.value.1=encryption -op.enroll.soKey.keyGen.signing.recovery.destroyed.scheme=GenerateNewKey -op.enroll.soKey.keyGen.signing.recovery.destroyed.revokeCert=true -op.enroll.soKey.keyGen.signing.recovery.destroyed.revokeCert.reason=0 -op.enroll.soKey.keyGen.encryption.recovery.destroyed.scheme=RecoverLast -op.enroll.soKey.keyGen.encryption.recovery.destroyed.revokeCert=false -op.enroll.soKey.keyGen.encryption.recovery.destroyed.revokeCert.reason=0 -op.enroll.soKey.keyGen.recovery.keyCompromise.keyType.num=2 -op.enroll.soKey.keyGen.recovery.keyCompromise.keyType.value.0=signing -op.enroll.soKey.keyGen.recovery.keyCompromise.keyType.value.1=encryption -op.enroll.soKey.keyGen.signing.recovery.keyCompromise.scheme=GenerateNewKey -op.enroll.soKey.keyGen.signing.recovery.keyCompromise.revokeCert=true -op.enroll.soKey.keyGen.signing.recovery.keyCompromise.revokeCert.reason=1 -op.enroll.soKey.keyGen.encryption.recovery.keyCompromise.scheme=GenerateNewKey -op.enroll.soKey.keyGen.encryption.recovery.keyCompromise.revokeCert=true -op.enroll.soKey.keyGen.encryption.recovery.keyCompromise.revokeCert.reason=1 -op.enroll.soKey.keyGen.recovery.onHold.keyType.num=2 -op.enroll.soKey.keyGen.recovery.onHold.keyType.value.0=signing -op.enroll.soKey.keyGen.recovery.onHold.keyType.value.1=encryption -op.enroll.soKey.keyGen.signing.recovery.onHold.scheme=GenerateNewKey -op.enroll.soKey.keyGen.signing.recovery.onHold.revokeCert=true -op.enroll.soKey.keyGen.signing.recovery.onHold.revokeCert.reason=6 -op.enroll.soKey.keyGen.encryption.recovery.onHold.scheme=GenerateNewKey -op.enroll.soKey.keyGen.encryption.recovery.onHold.revokeCert=true -op.enroll.soKey.keyGen.encryption.recovery.onHold.revokeCert.reason=6 -op.enroll.soKey.keyGen.tokenName=$auth.cn$ -op.enroll.soKey.keyGen.keyType.num=2 -op.enroll.soKey.keyGen.keyType.value.0=signing -op.enroll.soKey.keyGen.keyType.value.1=encryption -op.enroll.soKey.keyGen.signing.keySize=1024 -op.enroll.soKey.keyGen.signing.public.keyCapabilities.encrypt=false -op.enroll.soKey.keyGen.signing.public.keyCapabilities.sign=false -op.enroll.soKey.keyGen.signing.public.keyCapabilities.signRecover=false -op.enroll.soKey.keyGen.signing.public.keyCapabilities.decrypt=false -op.enroll.soKey.keyGen.signing.public.keyCapabilities.derive=false -op.enroll.soKey.keyGen.signing.public.keyCapabilities.unwrap=false -op.enroll.soKey.keyGen.signing.public.keyCapabilities.wrap=false -op.enroll.soKey.keyGen.signing.public.keyCapabilities.verifyRecover=true -op.enroll.soKey.keyGen.signing.public.keyCapabilities.verify=true -op.enroll.soKey.keyGen.signing.public.keyCapabilities.sensitive=false -op.enroll.soKey.keyGen.signing.public.keyCapabilities.private=false -op.enroll.soKey.keyGen.signing.public.keyCapabilities.token=true -op.enroll.soKey.keyGen.signing.private.keyCapabilities.encrypt=false -op.enroll.soKey.keyGen.signing.private.keyCapabilities.sign=true -op.enroll.soKey.keyGen.signing.private.keyCapabilities.signRecover=true -op.enroll.soKey.keyGen.signing.private.keyCapabilities.decrypt=false -op.enroll.soKey.keyGen.signing.private.keyCapabilities.derive=false -op.enroll.soKey.keyGen.signing.private.keyCapabilities.unwrap=false -op.enroll.soKey.keyGen.signing.private.keyCapabilities.wrap=false -op.enroll.soKey.keyGen.signing.private.keyCapabilities.verifyRecover=false -op.enroll.soKey.keyGen.signing.private.keyCapabilities.verify=false -op.enroll.soKey.keyGen.signing.private.keyCapabilities.sensitive=true -op.enroll.soKey.keyGen.signing.private.keyCapabilities.private=true -op.enroll.soKey.keyGen.signing.private.keyCapabilities.token=true -op.enroll.soKey.keyGen.signing.label=signing key for $userid$ -op.enroll.soKey.keyGen.signing.cuid_label=$cuid$ -op.enroll.soKey.keyGen.signing.overwrite=true -op.enroll.soKey.keyGen.signing.certId=C1 -op.enroll.soKey.keyGen.signing.certAttrId=c1 -op.enroll.soKey.keyGen.signing.privateKeyAttrId=k2 -op.enroll.soKey.keyGen.signing.publicKeyAttrId=k3 -op.enroll.soKey.keyGen.signing.keyUsage=0 -op.enroll.soKey.keyGen.signing.keyUser=0 -op.enroll.soKey.keyGen.signing.privateKeyNumber=2 -op.enroll.soKey.keyGen.signing.publicKeyNumber=3 -op.enroll.soKey.keyGen.signing.ca.profileId=caTokenUserSigningKeyEnrollment -op.enroll.soKey.keyGen.signing.ca.conn=ca1 -op.enroll.soKey._079=#op.enroll.userKey.keyGen.signing.publisherId=fileBasedPublisher -op.enroll.soKey.keyGen.encryption.keySize=1024 -op.enroll.soKey.keyGen.encryption.public.keyCapabilities.encrypt=true -op.enroll.soKey.keyGen.encryption.public.keyCapabilities.sign=false -op.enroll.soKey.keyGen.encryption.public.keyCapabilities.signRecover=false -op.enroll.soKey.keyGen.encryption.public.keyCapabilities.decrypt=false -op.enroll.soKey.keyGen.encryption.public.keyCapabilities.derive=false -op.enroll.soKey.keyGen.encryption.public.keyCapabilities.unwrap=false -op.enroll.soKey.keyGen.encryption.public.keyCapabilities.wrap=true -op.enroll.soKey.keyGen.encryption.public.keyCapabilities.verifyRecover=false -op.enroll.soKey.keyGen.encryption.public.keyCapabilities.verify=false -op.enroll.soKey.keyGen.encryption.public.keyCapabilities.sensitive=false -op.enroll.soKey.keyGen.encryption.public.keyCapabilities.private=false -op.enroll.soKey.keyGen.encryption.public.keyCapabilities.token=true -op.enroll.soKey.keyGen.encryption.private.keyCapabilities.encrypt=false -op.enroll.soKey.keyGen.encryption.private.keyCapabilities.sign=false -op.enroll.soKey.keyGen.encryption.private.keyCapabilities.signRecover=false -op.enroll.soKey.keyGen.encryption.private.keyCapabilities.decrypt=true -op.enroll.soKey.keyGen.encryption.private.keyCapabilities.derive=false -op.enroll.soKey.keyGen.encryption.private.keyCapabilities.unwrap=true -op.enroll.soKey.keyGen.encryption.private.keyCapabilities.wrap=false -op.enroll.soKey.keyGen.encryption.private.keyCapabilities.verifyRecover=false -op.enroll.soKey.keyGen.encryption.private.keyCapabilities.verify=false -op.enroll.soKey.keyGen.encryption.private.keyCapabilities.sensitive=true -op.enroll.soKey.keyGen.encryption.private.keyCapabilities.private=true -op.enroll.soKey.keyGen.encryption.private.keyCapabilities.token=true -op.enroll.soKey.keyGen.encryption.label=encryption key for $userid$ -op.enroll.soKey.keyGen.encryption.cuid_label=$cuid$ -op.enroll.soKey.keyGen.encryption.overwrite=true -op.enroll.soKey.keyGen.encryption.certId=C2 -op.enroll.soKey.keyGen.encryption.certAttrId=c2 -op.enroll.soKey.keyGen.encryption.privateKeyAttrId=k4 -op.enroll.soKey.keyGen.encryption.publicKeyAttrId=k5 -op.enroll.soKey.keyGen.encryption.keyUsage=0 -op.enroll.soKey.keyGen.encryption.keyUser=0 -op.enroll.soKey.keyGen.encryption.privateKeyNumber=4 -op.enroll.soKey.keyGen.encryption.publicKeyNumber=5 -op.enroll.soKey.keyGen.encryption.ca.profileId=caTokenUserEncryptionKeyEnrollment -op.enroll.soKey.keyGen.encryption.ca.conn=ca1 -op.enroll.soKey.pkcs11obj.enable=true -op.enroll.soKey.pkcs11obj.compress.enable=true -op.enroll.soKey.update.applet.emptyToken.enable=true -op.enroll.soKey.update.applet.enable=true -op.enroll.soKey.update.applet.requiredVersion=1.4.4d40a449 -op.enroll.soKey.update.applet.directory=[TPS_DIR]/applets -op.enroll.soKey.update.applet.encryption=true -op.enroll.soKey.update.symmetricKeys.enable=false -op.enroll.soKey.update.symmetricKeys.requiredVersion=1 -op.enroll.soKey.loginRequest.enable=true -op.enroll.soKey.pinReset.enable=true -op.enroll.soKey.pinReset.pin.maxRetries=127 -op.enroll.soKey.pinReset.pin.minLen=4 -op.enroll.soKey.pinReset.pin.maxLen=10 -op.enroll.soKey.cardmgr_instance=A0000000030000 -op.enroll.soKey.tks.conn=tks1 -op.enroll.soKey.auth.id=ldap2 -op.enroll.soKey.auth.enable=true -op.enroll.soKey.issuerinfo.enable=true -op.enroll.soKey.issuerinfo.value=http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/cgi-bin/so/index.cgi -op.enroll.soKeyTemporary.keyGen.recovery.onHold.keyType.num=2 -op.enroll.soKeyTemporary.keyGen.recovery.onHold.keyType.value.0=signing -op.enroll.soKeyTemporary.keyGen.recovery.onHold.keyType.value.1=encryption -op.enroll.soKeyTemporary.keyGen.signing.recovery.onHold.scheme=GenerateNewKey -op.enroll.soKeyTemporary.keyGen.signing.recovery.onHold.revokeCert=true -op.enroll.soKeyTemporary.keyGen.signing.recovery.onHold.revokeCert.reason=0 -op.enroll.soKeyTemporary.keyGen.encryption.recovery.onHold.scheme=RecoverLast -op.enroll.soKeyTemporary.keyGen.encryption.recovery.onHold.revokeCert=true -op.enroll.soKeyTemporary.keyGen.encryption.recovery.onHold.revokeCert.reason=0 -op.enroll.soKey.keyGen.encryption.serverKeygen.enable=[SERVER_KEYGEN] -op.enroll.soKey.keyGen.encryption.serverKeygen.drm.conn=drm1 -op.enroll.soKey.keyGen.encryption.serverKeygen.archive=true -op.enroll.soKeyTemporary.keyGen.encryption.serverKeygen.enable=true -op.enroll.soKeyTemporary.keyGen.encryption.serverKeygen.drm.conn=drm1 -op.enroll.soKeyTemporary.keyGen.encryption.serverKeygen.archive=true -op.enroll.soKeyTemporary.keyGen.tokenName=$auth.cn$ (Temporary) -op.enroll.soKeyTemporary.keyGen.keyType.num=3 -op.enroll.soKeyTemporary.keyGen.keyType.value.0=auth -op.enroll.soKeyTemporary.keyGen.keyType.value.1=signing -op.enroll.soKeyTemporary.keyGen.keyType.value.2=encryption -op.enroll.soKeyTemporary.keyGen.auth.keySize=1024 -op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.encrypt=false -op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.sign=true -op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.signRecover=true -op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.decrypt=false -op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.derive=false -op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.unwrap=false -op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.wrap=false -op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.verifyRecover=true -op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.verify=true -op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.sensitive=true -op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.private=false -op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.token=true -op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.encrypt=false -op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.sign=true -op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.signRecover=true -op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.decrypt=false -op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.derive=false -op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.unwrap=false -op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.wrap=false -op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.verifyRecover=true -op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.verify=true -op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.sensitive=true -op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.private=false -op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.token=true -op.enroll.soKeyTemporary.keyGen.auth.label=Temporary Key for $userid$ -op.enroll.soKeyTemporary.keyGen.auth.cuid_label=$cuid$ -op.enroll.soKeyTemporary.keyGen.auth.overwrite=false -op.enroll.soKeyTemporary.keyGen.auth.certId=C0 -op.enroll.soKeyTemporary.keyGen.auth.certAttrId=c0 -op.enroll.soKeyTemporary.keyGen.auth.privateKeyAttrId=k0 -op.enroll.soKeyTemporary.keyGen.auth.publicKeyAttrId=k1 -op.enroll.soKeyTemporary.keyGen.auth.keyUsage=0 -op.enroll.soKeyTemporary.keyGen.auth.keyUser=15 -op.enroll.soKeyTemporary.keyGen.auth.privateKeyNumber=0 -op.enroll.soKeyTemporary.keyGen.auth.publicKeyNumber=1 -op.enroll.soKeyTemporary.keyGen.auth.ca.profileId=caTempTokenDeviceKeyEnrollment -op.enroll.soKeyTemporary.keyGen.auth.ca.conn=ca1 -op.enroll.soKeyTemporary.keyGen.signing.keySize=1024 -op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.encrypt=false -op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.sign=false -op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.signRecover=false -op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.decrypt=false -op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.derive=false -op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.unwrap=false -op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.wrap=false -op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.verifyRecover=true -op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.verify=true -op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.sensitive=false -op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.private=false -op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.token=true -op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.encrypt=false -op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.sign=true -op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.signRecover=true -op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.decrypt=false -op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.derive=false -op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.unwrap=false -op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.wrap=false -op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.verifyRecover=false -op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.verify=false -op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.sensitive=true -op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.private=true -op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.token=true -op.enroll.soKeyTemporary.keyGen.signing.label=signing key for $userid$ -op.enroll.soKeyTemporary.keyGen.signing.cuid_label=$cuid$ -op.enroll.soKeyTemporary.keyGen.signing.overwrite=true -op.enroll.soKeyTemporary.keyGen.signing.certId=C1 -op.enroll.soKeyTemporary.keyGen.signing.certAttrId=c1 -op.enroll.soKeyTemporary.keyGen.signing.privateKeyAttrId=k2 -op.enroll.soKeyTemporary.keyGen.signing.publicKeyAttrId=k3 -op.enroll.soKeyTemporary.keyGen.signing.keyUsage=0 -op.enroll.soKeyTemporary.keyGen.signing.keyUser=0 -op.enroll.soKeyTemporary.keyGen.signing.privateKeyNumber=2 -op.enroll.soKeyTemporary.keyGen.signing.publicKeyNumber=3 -op.enroll.soKeyTemporary.keyGen.signing.ca.profileId=caTempTokenUserSigningKeyEnrollment -op.enroll.soKeyTemporary.keyGen.signing.ca.conn=ca1 -op.enroll.soKeyTemporary.keyGen.encryption.keySize=1024 -op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.encrypt=true -op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.sign=false -op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.signRecover=false -op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.decrypt=false -op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.derive=false -op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.unwrap=false -op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.wrap=true -op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.verifyRecover=false -op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.verify=false -op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.sensitive=false -op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.private=false -op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.token=true -op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.encrypt=false -op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.sign=false -op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.signRecover=false -op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.decrypt=true -op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.derive=false -op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.unwrap=true -op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.wrap=false -op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.verifyRecover=false -op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.verify=false -op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.sensitive=true -op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.private=true -op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.token=true -op.enroll.soKeyTemporary.keyGen.encryption.label=encryption key for $userid$ -op.enroll.soKeyTemporary.keyGen.encryption.cuid_label=$cuid$ -op.enroll.soKeyTemporary.keyGen.encryption.overwrite=true -op.enroll.soKeyTemporary.keyGen.encryption.certId=C2 -op.enroll.soKeyTemporary.keyGen.encryption.certAttrId=c2 -op.enroll.soKeyTemporary.keyGen.encryption.privateKeyAttrId=k4 -op.enroll.soKeyTemporary.keyGen.encryption.publicKeyAttrId=k5 -op.enroll.soKeyTemporary.keyGen.encryption.keyUsage=0 -op.enroll.soKeyTemporary.keyGen.encryption.keyUser=0 -op.enroll.soKeyTemporary.keyGen.encryption.privateKeyNumber=4 -op.enroll.soKeyTemporary.keyGen.encryption.publicKeyNumber=5 -op.enroll.soKeyTemporary.keyGen.encryption.ca.profileId=caTempTokenUserEncryptionKeyEnrollment -op.enroll.soKeyTemporary.keyGen.encryption.ca.conn=ca1 -op.enroll.soKeyTemporary.pkcs11obj.enable=true -op.enroll.soKeyTemporary.pkcs11obj.compress.enable=true -op.enroll.soKeyTemporary.update.applet.emptyToken.enable=true -op.enroll.soKeyTemporary.update.applet.enable=true -op.enroll.soKeyTemporary.update.applet.requiredVersion=1.4.4d40a449 -op.enroll.soKeyTemporary.update.applet.directory=[TPS_DIR]/applets -op.enroll.soKeyTemporary.update.applet.encryption=true -op.enroll.soKeyTemporary.update.symmetricKeys.enable=false -op.enroll.soKeyTemporary.update.symmetricKeys.requiredVersion=1 -op.enroll.soKeyTemporary.loginRequest.enable=true -op.enroll.soKeyTemporary.pinReset.enable=true -op.enroll.soKeyTemporary.pinReset.pin.maxRetries=127 -op.enroll.soKeyTemporary.pinReset.pin.minLen=4 -op.enroll.soKeyTemporary.pinReset.pin.maxLen=10 -op.enroll.soKeyTemporary.cardmgr_instance=A0000000030000 -op.enroll.soKeyTemporary.tks.conn=tks1 -op.enroll.soKeyTemporary.tks.keySet=defKeyset -op.enroll.soKeyTemporary.auth.id=ldap2 -op.enroll.soKeyTemporary.auth.enable=true +op.enroll.userKey.renewal.signing.certAttrId=c1 +op.enroll.userKey.renewal.signing.certId=C1 +op.enroll.userKey.renewal.signing.enable=true +op.enroll.userKey.renewal.signing.gracePeriod.after=30 +op.enroll.userKey.renewal.signing.gracePeriod.before=30 +op.enroll.userKey.renewal.signing.gracePeriod.enable=false +op.enroll.userKeyTemporary.auth.enable=true +op.enroll.userKeyTemporary.auth.id=ldap1 +op.enroll.userKeyTemporary.cardmgr_instance=A0000000030000 +op.enroll.userKeyTemporary.keyGen.auth.ca.conn=ca1 +op.enroll.userKeyTemporary.keyGen.auth.ca.profileId=caTempTokenDeviceKeyEnrollment +op.enroll.userKeyTemporary.keyGen.auth.certAttrId=c0 +op.enroll.userKeyTemporary.keyGen.auth.certId=C0 +op.enroll.userKeyTemporary.keyGen.auth.cuid_label=$cuid$ +op.enroll.userKeyTemporary.keyGen.auth.keySize=1024 +op.enroll.userKeyTemporary.keyGen.auth.keyUsage=0 +op.enroll.userKeyTemporary.keyGen.auth.keyUser=15 +op.enroll.userKeyTemporary.keyGen.auth.label=Temporary Key for $userid$ +op.enroll.userKeyTemporary.keyGen.auth.overwrite=false +op.enroll.userKeyTemporary.keyGen.auth.privateKeyAttrId=k0 +op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.decrypt=false +op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.derive=false +op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.encrypt=false +op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.private=false +op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.sensitive=true +op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.signRecover=true +op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.sign=true +op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.token=true +op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.unwrap=false +op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.verifyRecover=true +op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.verify=true +op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.wrap=false +op.enroll.userKeyTemporary.keyGen.auth.privateKeyNumber=0 +op.enroll.userKeyTemporary.keyGen.auth.publicKeyAttrId=k1 +op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.decrypt=false +op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.derive=false +op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.encrypt=false +op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.private=false +op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.sensitive=true +op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.signRecover=true +op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.sign=true +op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.token=true +op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.unwrap=false +op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.verifyRecover=true +op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.verify=true +op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.wrap=false +op.enroll.userKeyTemporary.keyGen.auth.publicKeyNumber=1 +op.enroll.userKeyTemporary.keyGen.encryption.ca.conn=ca1 +op.enroll.userKeyTemporary.keyGen.encryption.ca.profileId=caTempTokenUserEncryptionKeyEnrollment +op.enroll.userKeyTemporary.keyGen.encryption.certAttrId=c2 +op.enroll.userKeyTemporary.keyGen.encryption.certId=C2 +op.enroll.userKeyTemporary.keyGen.encryption.cuid_label=$cuid$ +op.enroll.userKeyTemporary.keyGen.encryption.keySize=1024 +op.enroll.userKeyTemporary.keyGen.encryption.keyUsage=0 +op.enroll.userKeyTemporary.keyGen.encryption.keyUser=0 +op.enroll.userKeyTemporary.keyGen.encryption.label=encryption key for $userid$ +op.enroll.userKeyTemporary.keyGen.encryption.overwrite=true +op.enroll.userKeyTemporary.keyGen.encryption.privateKeyAttrId=k4 +op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.decrypt=true +op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.derive=false +op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.encrypt=false +op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.private=true +op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.sensitive=true +op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.sign=false +op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.signRecover=false +op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.token=true +op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.unwrap=true +op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.verify=false +op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.verifyRecover=false +op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.wrap=false +op.enroll.userKeyTemporary.keyGen.encryption.privateKeyNumber=4 +op.enroll.userKeyTemporary.keyGen.encryption.publicKeyAttrId=k5 +op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.decrypt=false +op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.derive=false +op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.encrypt=true +op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.private=false +op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.sensitive=false +op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.sign=false +op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.signRecover=false +op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.token=true +op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.unwrap=false +op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.verify=false +op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.verifyRecover=false +op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.wrap=true +op.enroll.userKeyTemporary.keyGen.encryption.publicKeyNumber=5 +op.enroll.userKeyTemporary.keyGen.encryption.recovery.onHold.revokeCert.reason=0 +op.enroll.userKeyTemporary.keyGen.encryption.recovery.onHold.revokeCert=true +op.enroll.userKeyTemporary.keyGen.encryption.recovery.onHold.scheme=RecoverLast +op.enroll.userKeyTemporary.keyGen.encryption.serverKeygen.archive=true +op.enroll.userKeyTemporary.keyGen.encryption.serverKeygen.drm.conn=drm1 +op.enroll.userKeyTemporary.keyGen.encryption.serverKeygen.enable=true +op.enroll.userKeyTemporary.keyGen.keyType.num=3 +op.enroll.userKeyTemporary.keyGen.keyType.value.0=auth +op.enroll.userKeyTemporary.keyGen.keyType.value.1=signing +op.enroll.userKeyTemporary.keyGen.keyType.value.2=encryption +op.enroll.userKeyTemporary.keyGen.recovery.onHold.keyType.num=2 +op.enroll.userKeyTemporary.keyGen.recovery.onHold.keyType.value.0=signing +op.enroll.userKeyTemporary.keyGen.recovery.onHold.keyType.value.1=encryption +op.enroll.userKeyTemporary.keyGen.signing.ca.conn=ca1 +op.enroll.userKeyTemporary.keyGen.signing.ca.profileId=caTempTokenUserSigningKeyEnrollment +op.enroll.userKeyTemporary.keyGen.signing.certAttrId=c1 +op.enroll.userKeyTemporary.keyGen.signing.certId=C1 +op.enroll.userKeyTemporary.keyGen.signing.cuid_label=$cuid$ +op.enroll.userKeyTemporary.keyGen.signing.keySize=1024 +op.enroll.userKeyTemporary.keyGen.signing.keyUsage=0 +op.enroll.userKeyTemporary.keyGen.signing.keyUser=0 +op.enroll.userKeyTemporary.keyGen.signing.label=signing key for $userid$ +op.enroll.userKeyTemporary.keyGen.signing.overwrite=true +op.enroll.userKeyTemporary.keyGen.signing.privateKeyAttrId=k2 +op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.decrypt=false +op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.derive=false +op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.encrypt=false +op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.private=true +op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.sensitive=true +op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.signRecover=true +op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.sign=true +op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.token=true +op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.unwrap=false +op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.verify=false +op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.verifyRecover=false +op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.wrap=false +op.enroll.userKeyTemporary.keyGen.signing.privateKeyNumber=2 +op.enroll.userKeyTemporary.keyGen.signing.publicKeyAttrId=k3 +op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.decrypt=false +op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.derive=false +op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.encrypt=false +op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.private=false +op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.sensitive=false +op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.sign=false +op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.signRecover=false +op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.token=true +op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.unwrap=false +op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.verifyRecover=true +op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.verify=true +op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.wrap=false +op.enroll.userKeyTemporary.keyGen.signing.publicKeyNumber=3 +op.enroll.userKeyTemporary.keyGen.signing.recovery.onHold.revokeCert.reason=0 +op.enroll.userKeyTemporary.keyGen.signing.recovery.onHold.revokeCert=true +op.enroll.userKeyTemporary.keyGen.signing.recovery.onHold.scheme=GenerateNewKey +op.enroll.userKeyTemporary.keyGen.tokenName=$auth.cn$ (Temporary) +op.enroll.userKeyTemporary.loginRequest.enable=true +op.enroll.userKeyTemporary.pinReset.enable=true +op.enroll.userKeyTemporary.pinReset.pin.maxLen=10 +op.enroll.userKeyTemporary.pinReset.pin.maxRetries=127 +op.enroll.userKeyTemporary.pinReset.pin.minLen=4 +op.enroll.userKeyTemporary.pkcs11obj.compress.enable=true +op.enroll.userKeyTemporary.pkcs11obj.enable=true +op.enroll.userKeyTemporary.tks.conn=tks1 +op.enroll.userKey.temporaryToken.tokenType=userKeyTemporary +op.enroll.userKeyTemporary.update.applet.directory=[TPS_DIR]/applets +op.enroll.userKeyTemporary.update.applet.emptyToken.enable=true +op.enroll.userKeyTemporary.update.applet.enable=true +op.enroll.userKeyTemporary.update.applet.encryption=true +op.enroll.userKeyTemporary.update.applet.requiredVersion=1.4.4d40a449 +op.enroll.userKeyTemporary.update.symmetricKeys.enable=false +op.enroll.userKeyTemporary.update.symmetricKeys.requiredVersion=1 +op.enroll.userKey.tks.conn=tks1 +op.enroll.userKey.update.applet.directory=[TPS_DIR]/applets +op.enroll.userKey.update.applet.emptyToken.enable=true +op.enroll.userKey.update.applet.enable=true +op.enroll.userKey.update.applet.encryption=true +op.enroll.userKey.update.applet.requiredVersion=1.4.4d40a449 +op.enroll.userKey.update.symmetricKeys.enable=false +op.enroll.userKey.update.symmetricKeys.requiredVersion=1 +op.format._000=######################################### +op.format._001=# Format Operation For tokenKey +op.format._002=# +op.format._003=# op.format.tokenKey.update.applet.emptyToken.enable=false +op.format._004=# - update applet or not if token is empty +op.format._005=# +op.format._006=# - applicable to CoolKey +op.format._007=# - applicable to HouseKey +op.format._008=# - applicable to HouseKey with Legacy Applet +op.format._009=######################################### +op.format.allowUnknownToken=true +op.format.cleanToken.auth.enable=false +op.format.cleanToken.auth.id=ldap1 +op.format.cleanToken.ca.conn=ca1 +op.format.cleanToken.cardmgr_instance=A0000000030000 +op.format.cleanToken.issuerinfo.enable=true +op.format.cleanToken.issuerinfo.value= +op.format.cleanToken.loginRequest.enable=true +op.format.cleanToken.revokeCert=true +op.format.cleanToken.tks.conn=tks1 +op.format.cleanToken.update.applet.directory=[TPS_DIR]/applets +op.format.cleanToken.update.applet.emptyToken.enable=true +op.format.cleanToken.update.applet.encryption=true +op.format.cleanToken.update.applet.requiredVersion=1.4.4d40a449 +op.format.cleanToken.update.symmetricKeys.enable=false +op.format.cleanToken.update.symmetricKeys.requiredVersion=1 +op.format.mapping.0.filter.appletMajorVersion= +op.format.mapping.0.filter.appletMinorVersion= +op.format.mapping.0.filter.tokenATR= +op.format.mapping.0.filter.tokenCUID.end= +op.format.mapping.0.filter.tokenCUID.start= +op.format.mapping.0.filter.tokenType=soCleanUserToken +op.format.mapping.0.target.tokenType=soCleanUserToken +op.format.mapping.1.filter.appletMajorVersion= +op.format.mapping.1.filter.appletMinorVersion= +op.format.mapping.1.filter.tokenATR= +op.format.mapping.1.filter.tokenCUID.end= +op.format.mapping.1.filter.tokenCUID.start= +op.format.mapping.1.filter.tokenType=soUserKey +op.format.mapping.1.target.tokenType=soUserKey +op.format.mapping.2.filter.appletMajorVersion= +op.format.mapping.2.filter.appletMinorVersion= +op.format.mapping.2.filter.tokenATR= +op.format.mapping.2.filter.tokenCUID.end= +op.format.mapping.2.filter.tokenCUID.start= +op.format.mapping.2.filter.tokenType=soKey +op.format.mapping.2.target.tokenType=soKey +op.format.mapping.3.filter.appletMajorVersion= +op.format.mapping.3.filter.appletMinorVersion= +op.format.mapping.3.filter.tokenATR= +op.format.mapping.3.filter.tokenCUID.end= +op.format.mapping.3.filter.tokenCUID.start= +op.format.mapping.3.filter.tokenType=userKey +op.format.mapping.3.target.tokenType=userKey +op.format.mapping.4.filter.appletMajorVersion= +op.format.mapping.4.filter.appletMinorVersion= +op.format.mapping.4.filter.tokenATR= +op.format.mapping.4.filter.tokenCUID.end= +op.format.mapping.4.filter.tokenCUID.start= +op.format.mapping.4.filter.tokenType=soCleanSOToken +op.format.mapping.4.target.tokenType=soCleanSOToken +op.format.mapping.5.filter.appletMajorVersion= +op.format.mapping.5.filter.appletMinorVersion= +op.format.mapping.5.filter.tokenATR= +op.format.mapping.5.filter.tokenCUID.end= +op.format.mapping.5.filter.tokenCUID.start= +op.format.mapping.5.filter.tokenType=cleanToken +op.format.mapping.5.target.tokenType=cleanToken +op.format.mapping.6.filter.appletMajorVersion= +op.format.mapping.6.filter.appletMinorVersion= +op.format.mapping.6.filter.tokenATR= +op.format.mapping.6.filter.tokenCUID.end= +op.format.mapping.6.filter.tokenCUID.start= +op.format.mapping.6.target.tokenType=tokenKey +op.format.mapping.order=0,1,2,3,4,5,6 +op.format.soCleanSOToken.auth.enable=false +op.format.soCleanSOToken.auth.id=ldap1 +op.format.soCleanSOToken.ca.conn=ca1 +op.format.soCleanSOToken.cardmgr_instance=A0000000030000 +op.format.soCleanSOToken.issuerinfo.enable=true +op.format.soCleanSOToken.issuerinfo.value= +op.format.soCleanSOToken.loginRequest.enable=false +op.format.soCleanSOToken.revokeCert=true +op.format.soCleanSOToken.tks.conn=tks1 +op.format.soCleanSOToken.update.applet.directory=[TPS_DIR]/applets +op.format.soCleanSOToken.update.applet.emptyToken.enable=true +op.format.soCleanSOToken.update.applet.encryption=true +op.format.soCleanSOToken.update.applet.requiredVersion=1.4.4d40a449 +op.format.soCleanSOToken.update.symmetricKeys.enable=false +op.format.soCleanSOToken.update.symmetricKeys.requiredVersion=1 +op.format.soCleanUserToken.auth.enable=false +op.format.soCleanUserToken.auth.id=ldap1 +op.format.soCleanUserToken.ca.conn=ca1 +op.format.soCleanUserToken.cardmgr_instance=A0000000030000 +op.format.soCleanUserToken.issuerinfo.enable=true +op.format.soCleanUserToken.issuerinfo.value= +op.format.soCleanUserToken.loginRequest.enable=false +op.format.soCleanUserToken.revokeCert=true +op.format.soCleanUserToken.tks.conn=tks1 +op.format.soCleanUserToken.update.applet.directory=[TPS_DIR]/applets +op.format.soCleanUserToken.update.applet.emptyToken.enable=true +op.format.soCleanUserToken.update.applet.encryption=true +op.format.soCleanUserToken.update.applet.requiredVersion=1.4.4d40a449 +op.format.soCleanUserToken.update.symmetricKeys.enable=false +op.format.soCleanUserToken.update.symmetricKeys.requiredVersion=1 +op.format.soKey.auth.enable=true +op.format.soKey.auth.id=ldap2 +op.format.soKey.ca.conn=ca1 +op.format.soKey.cardmgr_instance=A0000000030000 +op.format.soKey.issuerinfo.enable=true +op.format.soKey.issuerinfo.value=http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/cgi-bin/so/index.cgi +op.format.soKey.loginRequest.enable=true +op.format.soKey.revokeCert=true +op.format.soKey.tks.conn=tks1 +op.format.soKey.update.applet.directory=[TPS_DIR]/applets +op.format.soKey.update.applet.emptyToken.enable=true +op.format.soKey.update.applet.encryption=true +op.format.soKey.update.applet.requiredVersion=1.4.4d40a449 +op.format.soKey.update.symmetricKeys.enable=false +op.format.soKey.update.symmetricKeys.requiredVersion=1 +op.format.soUserKey.auth.enable=false +op.format.soUserKey.auth.id=ldap1 +op.format.soUserKey.ca.conn=ca1 +op.format.soUserKey.cardmgr_instance=A0000000030000 +op.format.soUserKey.issuerinfo.enable=true +op.format.soUserKey.issuerinfo.value=http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/cgi-bin/home/index.cgi +op.format.soUserKey.loginRequest.enable=false +op.format.soUserKey.revokeCert=true +op.format.soUserKey.tks.conn=tks1 +op.format.soUserKey.update.applet.directory=[TPS_DIR]/applets +op.format.soUserKey.update.applet.emptyToken.enable=true +op.format.soUserKey.update.applet.encryption=true +op.format.soUserKey.update.applet.requiredVersion=1.4.4d40a449 +op.format.soUserKey.update.symmetricKeys.enable=false +op.format.soUserKey.update.symmetricKeys.requiredVersion=1 +op.format.tokenKey.auth.enable=true +op.format.tokenKey.auth.id=ldap1 +op.format.tokenKey.ca.conn=ca1 +op.format.tokenKey.cardmgr_instance=A0000000030000 +op.format.tokenKey.issuerinfo.enable=true +op.format.tokenKey.issuerinfo.value=http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/cgi-bin/home/index.cgi +op.format.tokenKey.loginRequest.enable=true +op.format.tokenKey.revokeCert=true +op.format.tokenKey.tks.conn=tks1 +op.format.tokenKey.update.applet.directory=[TPS_DIR]/applets +op.format.tokenKey.update.applet.emptyToken.enable=true +op.format.tokenKey.update.applet.encryption=true +op.format.tokenKey.update.applet.requiredVersion=1.4.4d40a449 +op.format.tokenKey.update.symmetricKeys.enable=false +op.format.tokenKey.update.symmetricKeys.requiredVersion=1 +op.format.userKey.auth.enable=true +op.format.userKey.auth.id=ldap1 +op.format.userKey.ca.conn=ca1 +op.format.userKey.cardmgr_instance=A0000000030000 +op.format.userKey.issuerinfo.enable=true +op.format.userKey.issuerinfo.value=http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/cgi-bin/home/index.cgi +op.format.userKey.loginRequest.enable=true +op.format.userKey.revokeCert=true +op.format.userKey.tks.conn=tks1 +op.format.userKey.update.applet.directory=[TPS_DIR]/applets +op.format.userKey.update.applet.emptyToken.enable=true +op.format.userKey.update.applet.encryption=true +op.format.userKey.update.applet.requiredVersion=1.4.4d40a449 +op.format.userKey.update.symmetricKeys.enable=false +op.format.userKey.update.symmetricKeys.requiredVersion=1 op.pinReset._000=######################################### op.pinReset._001=# Certificate Chain Imports op.pinReset._002=# @@ -1376,141 +1257,194 @@ op.pinReset._015=# op.pinReset._016=# - N/A for HouseKey op.pinReset._017=# - N/A for HouseKey with Legacy Applet op.pinReset._018=######################################### +op.pinReset.mapping.0.filter.appletMajorVersion= +op.pinReset.mapping.0.filter.appletMinorVersion= +op.pinReset.mapping.0.filter.tokenATR= +op.pinReset.mapping.0.filter.tokenCUID.end= +op.pinReset.mapping.0.filter.tokenCUID.start= +op.pinReset.mapping.0.filter.tokenType= +op.pinReset.mapping.0.target.tokenType=userKey +op.pinReset.mapping.order=0 +op.pinReset.userKey.auth.enable=true +op.pinReset.userKey.auth.id=ldap1 +op.pinReset.userKey.cardmgr_instance=A0000000030000 +op.pinReset.userKey.loginRequest.enable=true +op.pinReset.userKey.pinReset.pin.maxLen=10 +op.pinReset.userKey.pinReset.pin.minLen=4 +op.pinReset.userKey.tks.conn=tks1 +op.pinReset.userKey.update.applet.directory=[TPS_DIR]/applets op.pinReset.userKey.update.applet.emptyToken.enable=true op.pinReset.userKey.update.applet.enable=false -op.pinReset.userKey.update.applet.requiredVersion=1.4.4d40a449 -op.pinReset.userKey.update.applet.directory=[TPS_DIR]/applets op.pinReset.userKey.update.applet.encryption=true +op.pinReset.userKey.update.applet.requiredVersion=1.4.4d40a449 op.pinReset.userKey.update.symmetricKeys.enable=false op.pinReset.userKey.update.symmetricKeys.requiredVersion=1 -op.pinReset.userKey.loginRequest.enable=true -op.pinReset.userKey.pinReset.pin.minLen=4 -op.pinReset.userKey.pinReset.pin.maxLen=10 -op.pinReset.userKey.tks.conn=tks1 -op.pinReset.userKey.cardmgr_instance=A0000000030000 -op.pinReset.userKey.auth.id=ldap1 -op.pinReset.userKey.auth.enable=true -op.format._000=######################################### -op.format._001=# Format Operation For tokenKey -op.format._002=# -op.format._003=# op.format.tokenKey.update.applet.emptyToken.enable=false -op.format._004=# - update applet or not if token is empty -op.format._005=# -op.format._006=# - applicable to CoolKey -op.format._007=# - applicable to HouseKey -op.format._008=# - applicable to HouseKey with Legacy Applet -op.format._009=######################################### -op.format.allowUnknownToken=true -op.format.soCleanUserToken.update.applet.emptyToken.enable=true -op.format.soCleanUserToken.update.applet.requiredVersion=1.4.4d40a449 -op.format.soCleanUserToken.update.applet.directory=[TPS_DIR]/applets -op.format.soCleanUserToken.update.applet.encryption=true -op.format.soCleanUserToken.update.symmetricKeys.enable=false -op.format.soCleanUserToken.update.symmetricKeys.requiredVersion=1 -op.format.soCleanUserToken.revokeCert=true -op.format.soCleanUserToken.ca.conn=ca1 -op.format.soCleanUserToken.loginRequest.enable=false -op.format.soCleanUserToken.cardmgr_instance=A0000000030000 -op.format.soCleanUserToken.tks.conn=tks1 -op.format.soCleanUserToken.auth.id=ldap1 -op.format.soCleanUserToken.auth.enable=false -op.format.soCleanUserToken.issuerinfo.enable=true -op.format.soCleanUserToken.issuerinfo.value= -op.format.soCleanSOToken.update.applet.emptyToken.enable=true -op.format.soCleanSOToken.update.applet.requiredVersion=1.4.4d40a449 -op.format.soCleanSOToken.update.applet.directory=[TPS_DIR]/applets -op.format.soCleanSOToken.update.applet.encryption=true -op.format.soCleanSOToken.update.symmetricKeys.enable=false -op.format.soCleanSOToken.update.symmetricKeys.requiredVersion=1 -op.format.soCleanSOToken.revokeCert=true -op.format.soCleanSOToken.ca.conn=ca1 -op.format.soCleanSOToken.loginRequest.enable=false -op.format.soCleanSOToken.cardmgr_instance=A0000000030000 -op.format.soCleanSOToken.tks.conn=tks1 -op.format.soCleanSOToken.auth.id=ldap1 -op.format.soCleanSOToken.auth.enable=false -op.format.soCleanSOToken.issuerinfo.enable=true -op.format.soCleanSOToken.issuerinfo.value= -op.format.cleanToken.update.applet.emptyToken.enable=true -op.format.cleanToken.update.applet.requiredVersion=1.4.4d40a449 -op.format.cleanToken.update.applet.directory=[TPS_DIR]/applets -op.format.cleanToken.update.applet.encryption=true -op.format.cleanToken.update.symmetricKeys.enable=false -op.format.cleanToken.update.symmetricKeys.requiredVersion=1 -op.format.cleanToken.revokeCert=true -op.format.cleanToken.ca.conn=ca1 -op.format.cleanToken.loginRequest.enable=true -op.format.cleanToken.cardmgr_instance=A0000000030000 -op.format.cleanToken.tks.conn=tks1 -op.format.cleanToken.auth.id=ldap1 -op.format.cleanToken.auth.enable=false -op.format.cleanToken.issuerinfo.enable=true -op.format.cleanToken.issuerinfo.value= -op.format.soUserKey.update.applet.emptyToken.enable=true -op.format.soUserKey.update.applet.requiredVersion=1.4.4d40a449 -op.format.soUserKey.update.applet.directory=[TPS_DIR]/applets -op.format.soUserKey.update.applet.encryption=true -op.format.soUserKey.update.symmetricKeys.enable=false -op.format.soUserKey.update.symmetricKeys.requiredVersion=1 -op.format.soUserKey.revokeCert=true -op.format.soUserKey.ca.conn=ca1 -op.format.soUserKey.loginRequest.enable=false -op.format.soUserKey.cardmgr_instance=A0000000030000 -op.format.soUserKey.tks.conn=tks1 -op.format.soUserKey.auth.id=ldap1 -op.format.soUserKey.auth.enable=false -op.format.soUserKey.issuerinfo.enable=true -op.format.soUserKey.issuerinfo.value=http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/cgi-bin/home/index.cgi -op.format.soKey.update.applet.emptyToken.enable=true -op.format.soKey.update.applet.requiredVersion=1.4.4d40a449 -op.format.soKey.update.applet.directory=[TPS_DIR]/applets -op.format.soKey.update.applet.encryption=true -op.format.soKey.update.symmetricKeys.enable=false -op.format.soKey.update.symmetricKeys.requiredVersion=1 -op.format.soKey.revokeCert=true -op.format.soKey.ca.conn=ca1 -op.format.soKey.loginRequest.enable=true -op.format.soKey.cardmgr_instance=A0000000030000 -op.format.soKey.tks.conn=tks1 -op.format.soKey.auth.id=ldap2 -op.format.soKey.auth.enable=true -op.format.soKey.issuerinfo.enable=true -op.format.soKey.issuerinfo.value=http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/cgi-bin/so/index.cgi -op.format.userKey.update.applet.emptyToken.enable=true -op.format.userKey.update.applet.requiredVersion=1.4.4d40a449 -op.format.userKey.update.applet.directory=[TPS_DIR]/applets -op.format.userKey.update.applet.encryption=true -op.format.userKey.update.symmetricKeys.enable=false -op.format.userKey.update.symmetricKeys.requiredVersion=1 -op.format.userKey.revokeCert=true -op.format.userKey.ca.conn=ca1 -op.format.userKey.loginRequest.enable=true -op.format.userKey.cardmgr_instance=A0000000030000 -op.format.userKey.tks.conn=tks1 -op.format.userKey.auth.id=ldap1 -op.format.userKey.auth.enable=true -op.format.userKey.issuerinfo.enable=true -op.format.userKey.issuerinfo.value=http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/cgi-bin/home/index.cgi -op.format.tokenKey.update.applet.emptyToken.enable=true -op.format.tokenKey.update.applet.requiredVersion=1.4.4d40a449 -op.format.tokenKey.update.applet.directory=[TPS_DIR]/applets -op.format.tokenKey.update.applet.encryption=true -op.format.tokenKey.update.symmetricKeys.enable=false -op.format.tokenKey.update.symmetricKeys.requiredVersion=1 -op.format.tokenKey.revokeCert=true -op.format.tokenKey.ca.conn=ca1 -op.format.tokenKey.loginRequest.enable=true -op.format.tokenKey.cardmgr_instance=A0000000030000 -op.format.tokenKey.tks.conn=tks1 -op.format.tokenKey.auth.id=ldap1 -op.format.tokenKey.auth.enable=true -op.format.tokenKey.issuerinfo.enable=true -op.format.tokenKey.issuerinfo.value=http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/cgi-bin/home/index.cgi -passwordFile=[PKI_INSTANCE_PATH]/conf/password.conf +os.serverName=cert-[PKI_INSTANCE_NAME] +os.userid=nobody passwordClass=com.netscape.cmsutil.password.PlainPasswordFile +passwordFile=[PKI_INSTANCE_PATH]/conf/password.conf +pidDir=[PKI_PIDDIR] +pkicreate.admin_secure_port=[PKI_ADMIN_SECURE_PORT] +pkicreate.agent_secure_port=[PKI_AGENT_SECURE_PORT] +pkicreate.ee_secure_port=[PKI_EE_SECURE_PORT] +pkicreate.group=[PKI_GROUP] +pkicreate.pki_instance_name=[PKI_INSTANCE_NAME] +pkicreate.pki_instance_root=[PKI_INSTANCE_ROOT] +pkicreate.secure_port=[PKI_SECURE_PORT] +pkicreate.subsystem_type=[PKI_SUBSYSTEM_TYPE] +pkicreate.systemd.servicename=[PKI_SYSTEMD_SERVICENAME] +pkicreate.tomcat_server_port=[TOMCAT_SERVER_PORT] +pkicreate.unsecure_port=[PKI_UNSECURE_PORT] +pkicreate.user=[PKI_USER] +pkiremove.cert.subsystem.nickname=subsystemCert cert-[PKI_INSTANCE_NAME] +preop.admincert.profile=caAdminCert +preop.admin.group=TUS Agents,TUS Operators,TUS Administrators,TUS Officers +preop.admin.name=Token Processing Service Manager Administrator +preop.cert.admin.defaultSigningAlgorithm=SHA256withRSA +preop.cert.admin.dn=uid=admin,cn=admin +preop.cert.admin.keysize.custom_size=2048 +preop.cert.admin.keysize.size=2048 +preop.cert.admin.profile=adminCert.profile +preop.cert.audit_signing.cncomponent.override=true +preop.cert.audit_signing.defaultSigningAlgorithm=SHA256withRSA +preop.cert.audit_signing.dn=CN=TPS Audit Signing Certificate +preop.cert.audit_signing.enable=true +preop.cert.audit_signing.keysize.custom_size=2048 +preop.cert.audit_signing.keysize.size=2048 +preop.cert.audit_signing.nickname=auditSigningCert cert-[PKI_INSTANCE_NAME] +preop.cert.audit_signing.profile=caInternalAuthAuditSigningCert +preop.cert.audit_signing.signing.required=false +preop.cert.audit_signing.subsystem=tps +preop.cert.audit_signing.type=remote +preop.cert.audit_signing.userfriendlyname=TPS Audit Signing Certificate +preop.cert.list=sslserver,subsystem,audit_signing +preop.cert.rsalist=audit_signing +preop.cert.sslserver.cncomponent.override=false +preop.cert.sslserver.defaultSigningAlgorithm=SHA256withRSA +preop.cert.sslserver.dn=CN=[PKI_HOSTNAME] +preop.cert.sslserver.enable=true +preop.cert.sslserver.keysize.custom_size=2048 +preop.cert.sslserver.keysize.size=2048 +preop.cert.sslserver.nickname=[PKI_SSL_SERVER_NICKNAME] +preop.cert.sslserver.profile=caInternalAuthServerCert +preop.cert.sslserver.signing.required=false +preop.cert.sslserver.subsystem=tps +preop.cert.sslserver.type=remote +preop.cert.sslserver.userfriendlyname=SSL Server Certificate +preop.cert.subsystem.cncomponent.override=true +preop.cert.subsystem.defaultSigningAlgorithm=SHA256withRSA +preop.cert.subsystem.dn=CN=TPS Subsystem Certificate +preop.cert.subsystem.enable=true +preop.cert.subsystem.keysize.custom_size=2048 +preop.cert.subsystem.keysize.size=2048 +preop.cert.subsystem.nickname=subsystemCert cert-[PKI_INSTANCE_NAME] +preop.cert.subsystem.profile=caInternalAuthSubsystemCert +preop.cert.subsystem.signing.required=false +preop.cert.subsystem.subsystem=tps +preop.cert.subsystem.type=remote +preop.cert.subsystem.userfriendlyname=Subsystem Certificate +preop.configModules.count=3 +preop.configModules.module0.commonName=NSS Internal PKCS #11 Module +preop.configModules.module0.imagePath=/pki/images/clearpixel.gif +preop.configModules.module0.userFriendlyName=NSS Internal PKCS #11 Module +preop.configModules.module1.commonName=nfast +preop.configModules.module1.imagePath=/pki/images/clearpixel.gif +preop.configModules.module1.userFriendlyName=nCipher's nFast Token Hardware Module +preop.configModules.module2.commonName=lunasa +preop.configModules.module2.imagePath=/pki/images/clearpixel.gif +preop.configModules.module2.userFriendlyName=SafeNet's LunaSA Token Hardware Module +preop.hierarchy.profile=caCert.profile +preop.internaldb.data_ldif=/usr/share/pki/tps/conf/db.ldif +preop.internaldb.index_ldif=/usr/share/pki/tps/conf/index.ldif +preop.internaldb.ldif=/usr/share/pki/tps/conf/database.ldif +preop.internaldb.manager_ldif=/usr/share/pki/ca/conf/manager.ldif +preop.internaldb.post_ldif= +preop.internaldb.schema.ldif=/usr/share/pki/tps/conf/schema.ldif +preop.internaldb.wait_dn= +preop.module.token=Internal Key Storage Token +preop.pin=[PKI_RANDOM_NUMBER] +preop.product.name=CS +preop.securitydomain.admin_url=https://[PKI_HOSTNAME]:8443 +preop.system.fullname=Token Key Service +preop.system.name=TPS +preop.wizard.name=TPS Setup Wizard +proxy.securePort=[PKI_PROXY_SECURE_PORT] +proxy.unsecurePort=[PKI_PROXY_UNSECURE_PORT] registry.file=[PKI_INSTANCE_PATH]/conf/registry.cfg +selftests._000=## +selftests._001=## Self Tests +selftests._002=## +selftests._003=## The Self-Test plugin TPSSystemCertsVerification uses the +selftests._004=## following parameters (where certusage is optional): +selftests._005=## tps.cert.list = <list of cert tag names deliminated by ","> +selftests._006=## tps.cert.<cert tag name>.nickname +selftests._007=## tps.cert.<cert tag name>.certusage +selftests._008=## +selftests.container.instance.SystemCertsVerification=com.netscape.cms.selftests.common.SystemCertsVerification +selftests.container.logger.bufferSize=512 +selftests.container.logger.class=com.netscape.cms.logging.RollingLogFile +selftests.container.logger.enable=true +selftests.container.logger.expirationTime=0 +selftests.container.logger.fileName=[PKI_INSTANCE_PATH]/logs/[PKI_SUBSYSTEM_TYPE]/selftests.log +selftests.container.logger.flushInterval=5 +selftests.container.logger.level=1 +selftests.container.logger.maxFileSize=2000 +selftests.container.logger.register=false +selftests.container.logger.rolloverInterval=2592000 +selftests.container.logger.type=transaction +selftests.container.order.onDemand=SystemCertsVerification:critical +selftests.container.order.startup=SystemCertsVerification:critical +selftests.plugin.SystemCertsVerification.SubId=tps +service.instanceDir=[PKI_INSTANCE_ROOT] +service.instanceID=[PKI_INSTANCE_NAME] +service.machineName=[PKI_HOSTNAME] +service.non_clientauth_securePort=[PKI_EE_SECURE_PORT] +service.securePort=[PKI_AGENT_SECURE_PORT] +service.unsecurePort=[PKI_UNSECURE_PORT] +smtp.host=localhost +smtp.port=25 subsystem.0.class=org.dogtagpki.tps.server.TPSSubsystem subsystem.0.id=tps +subsystem.1.class=com.netscape.cmscore.selftests.SelfTestSubsystem +subsystem.1.id=selftests +subsystem.2.class=com.netscape.cmscore.util.StatsSubsystem +subsystem.2.id=stats +target._000=######################################### +target._001=# entries to enable configuration of parameter sets through the TPS UI agent and admin tabs +target._002=# +target._003=# target.configure.list = comma separated lists of all parameter sets that can be configured by the admin. +target._004=# Each entry will show up (with underscore replaced by space) under Advanced Configuration on the admin tab. +target._005=# +target._006=# target.agent_approve.list = comma separated subset of above list. Parameter sets in this list +target._007=# will show up in the agent tab (under advanced configuration) and will require agent involvement +target._008=# (enable/ disable) to be edited. +target._009=# +target._010=# For the wording to display correctly, the values in the above list should be plurals. +target._011=# +target._012=# Each parameter set in the lists above requires three parameters: +target._013=# target.<type name>.list : list of choices of this parameter set type (will display in the drop down box) +target._014=# target.<type name>.pattern : the regular expression to select parameters in CS.cfg for this parameter set. +target._015=# target.<type_name>.displayname: used in the UI display text. This should be the singular form of <type_name>. +target._016=# +target._017=# The exception is the parameter set Generals, which has only a pattern and displayname defined. +target._018=# +target._019=######################################## +target.agent_approve.list=Profiles +target.Authentication_Sources.displayname=Authentication Source +target.Authentication_Sources.list=0,1 +target.Authentication_Sources.pattern=auth\.instance\.$name\..* +target.configure.list=Profiles,Subsystem_Connections,Profile_Mappings,Authentication_Sources +target.Generals.displayname=General +target.Generals.pattern=^applet\..*\|^general\..*\|^failover.pod.enable\|^channel\..* +target.Profile_Mappings.displayname=Profile Mapping +target.Profile_Mappings.list=enroll,format,pinReset +target.Profile_Mappings.pattern=op\.$name\.mapping\..* +target.Profiles.displayname=Profile +target.Profiles.list=userKey,soKey,soCleanUserToken,soUserKey,cleanToken,soCleanSoToken,tokenKey +target.Profiles.pattern=op\..*\.$name\..* +target.Subsystem_Connections.displayname=Subsystem Connection +target.Subsystem_Connections.list=ca1,drm1,tks1 +target.Subsystem_Connections.pattern=conn\.$name\..* tokendb._000=######################################### tokendb._001=# tokendb.auditLog: tokendb._002=# - audit log path @@ -1587,100 +1521,59 @@ tokendb._072=# TOKEN_FOUND =4, tokendb._073=# TOKEN_TEMP_LOST_PERM_LOST =5, tokendb._074=# TOKEN_TERMINATED = 6 tokendb._075=######################################### +tokendb.activityBaseDN=ou=Activities,[TOKENDB_ROOT] +tokendb.addConfigTemplate=addConfig.template +tokendb.addResultTemplate=addResults.template +tokendb.agentSelectConfigTemplate=agentSelectConfig.template +tokendb.agentViewConfigTemplate=agentViewConfig.template +tokendb.allowedTransitions=0:1,0:2,0:3,0:4,0:5,0:6,3:4,3:5,3:6,4:1,4:2,4:3,4:6 +tokendb.auditAdminTemplate=auditAdmin.template tokendb.auditLog=[PKI_INSTANCE_PATH]/logs/tokendb-audit.log -tokendb.hostport=[TOKENDB_HOST]:[TOKENDB_PORT] -tokendb.ssl=false +tokendb.baseDN=ou=Tokens,[TOKENDB_ROOT] tokendb.bindDN=cn=Directory Manager tokendb.bindPassPath=[PKI_INSTANCE_PATH]/conf/password.conf -tokendb.templateDir=[PKI_INSTANCE_PATH]/docroot/tus -tokendb.userBaseDN=[TOKENDB_ROOT] -tokendb.baseDN=ou=Tokens,[TOKENDB_ROOT] -tokendb.activityBaseDN=ou=Activities,[TOKENDB_ROOT] tokendb.certBaseDN=ou=Certificates,[TOKENDB_ROOT] -tokendb.indexTemplate=index.template -tokendb.indexAdminTemplate=indexAdmin.template -tokendb.newTemplate=new.template -tokendb.showTemplate=show.template -tokendb.showCertTemplate=showCert.template -tokendb.errorTemplate=error.template -tokendb.searchTemplate=search.template -tokendb.searchResultTemplate=searchResults.template -tokendb.searchCertificateResultTemplate=searchCertificateResults.template -tokendb.editTemplate=edit.template -tokendb.editResultTemplate=editResults.template -tokendb.addResultTemplate=addResults.template -tokendb.deleteTemplate=delete.template +tokendb.confirmConfigChangesTemplate=confirmConfigChanges.template +tokendb.confirmDeleteConfigTemplate=confirmDeleteConfig.template +tokendb.defaultPolicy=RE_ENROLL=YES tokendb.deleteResultTemplate=deleteResults.template -tokendb.searchActivityTemplate=searchActivity.template -tokendb.searchCertificateTemplate=searchCertificate.template -tokendb.searchActivityResultTemplate=searchActivityResults.template -tokendb.searchActivityAdminTemplate=searchActivityAdmin.template -tokendb.searchActivityAdminResultTemplate=searchActivityAdminResults.template -tokendb.showAdminTemplate=showAdmin.template -tokendb.doTokenTemplate=doToken.template +tokendb.deleteTemplate=delete.template tokendb.doTokenConfirmTemplate=doTokenConfirm.template +tokendb.doTokenTemplate=doToken.template +tokendb.editConfigTemplate=editConfig.template +tokendb.editResultTemplate=editResults.template +tokendb.editTemplate=edit.template +tokendb.editUserTemplate=editUser.template +tokendb.errorTemplate=error.template +tokendb.hostport=[TOKENDB_HOST]:[TOKENDB_PORT] +tokendb.indexAdminTemplate=indexAdmin.template +tokendb.indexOperatorTemplate=indexOperator.template +tokendb.indexTemplate=index.template +tokendb.newTemplate=new.template +tokendb.newUserTemplate=newUser.template tokendb.revokeTemplate=revoke.template -tokendb.searchAdminTemplate=searchAdmin.template +tokendb.searchActivityAdminResultTemplate=searchActivityAdminResults.template +tokendb.searchActivityAdminTemplate=searchActivityAdmin.template +tokendb.searchActivityResultTemplate=searchActivityResults.template +tokendb.searchActivityTemplate=searchActivity.template tokendb.searchAdminResultTemplate=searchAdminResults.template -tokendb.defaultPolicy=RE_ENROLL=YES -tokendb.newUserTemplate=newUser.template -tokendb.userDeleteTemplate=userDelete.template +tokendb.searchAdminTemplate=searchAdmin.template +tokendb.searchCertificateResultTemplate=searchCertificateResults.template +tokendb.searchCertificateTemplate=searchCertificate.template +tokendb.searchResultTemplate=searchResults.template +tokendb.searchTemplate=search.template tokendb.searchUserResultTemplate=searchUserResults.template tokendb.searchUserTemplate=searchUser.template -tokendb.editUserTemplate=editUser.template -tokendb.indexOperatorTemplate=indexOperator.template -tokendb.selfTestTemplate=selfTest.template -tokendb.selfTestResultsTemplate=selfTestResults.template -tokendb.auditAdminTemplate=auditAdmin.template tokendb.selectConfigTemplate=selectConfig.template -tokendb.agentSelectConfigTemplate=agentSelectConfig.template -tokendb.editConfigTemplate=editConfig.template -tokendb.agentViewConfigTemplate=agentViewConfig.template -tokendb.addConfigTemplate=addConfig.template -tokendb.confirmConfigChangesTemplate=confirmConfigChanges.template -tokendb.confirmDeleteConfigTemplate=confirmDeleteConfig.template -log.instance.SignedAudit.selected.events=ROLE_ASSUME,CONFIG_CERT_POLICY,CONFIG_CERT_PROFILE,CONFIG_CRL_PROFILE,CONFIG_OCSP_PROFILE,CONFIG_AUTH,CONFIG_ROLE,CONFIG_ACL,CONFIG_SIGNED_AUDIT,CONFIG_ENCRYPTION,CONFIG_TRUSTED_PUBLIC_KEY,CONFIG_DRM,SELFTESTS_EXECUTION,AUDIT_LOG_DELETE,LOG_PATH_CHANGE,LOG_EXPIRATION_CHANGE,CONFIG,CONFIG_ROLE,CONFIG_TOKEN,CONFIG_PROFILE,CONFIG_AUDIT,APPLET_UPGRADE,KEY_CHANGEOVER,RENEWAL -log.instance.SignedAudit.selectable.events=ROLE_ASSUME,CONFIG_CERT_POLICY,CONFIG_CERT_PROFILE,CONFIG_CRL_PROFILE,CONFIG_OCSP_PROFILE,CONFIG_AUTH,CONFIG_ROLE,CONFIG_ACL,CONFIG_SIGNED_AUDIT,CONFIG_ENCRYPTION,CONFIG_TRUSTED_PUBLIC_KEY,CONFIG_DRM,SELFTESTS_EXECUTION,AUDIT_LOG_DELETE,LOG_PATH_CHANGE,LOG_EXPIRATION_CHANGE,PRIVATE_KEY_ARCHIVE,PRIVATE_KEY_ARCHIVE_PROCESSED,KEY_RECOVERY_REQUEST,KEY_RECOVERY_AGENT_LOGIN,KEY_RECOVERY_PROCESSED,KEY_GEN_ASYMMETRIC,NON_PROFILE_CERT_REQUEST,CONFIG,CONFIG_ROLE,CONFIG_TOKEN,CONFIG_PROFILE,CONFIG_AUDIT,APPLET_UPGRADE,KEY_CHANGEOVER,RENEWAL -log.instance.SignedAudit.nonselectable.events=AUDIT_LOG_STARTUP,AUDIT_LOG_SHUTDOWN,CERT_REQUEST_PROCESSED,CERT_STATUS_CHANGE_REQUEST,CERT_STATUS_CHANGE_REQUEST_PROCESSED,AUTHZ_SUCCESS,AUTHZ_FAIL,INTER_BOUNDARY,AUTH_FAIL,AUTH_SUCCESS,CERT_PROFILE_APPROVAL,PROOF_OF_POSSESSION,CRL_RETRIEVAL,CRL_VALIDATION,CMC_SIGNED_REQUEST_SIG_VERIFY,SERVER_SIDE_KEYGEN_PROCESSED,SERVER_SIDE_KEYGEN_REQUEST -tokendb.allowedTransitions=0:1,0:2,0:3,0:4,0:5,0:6,3:4,3:5,3:6,4:1,4:2,4:3,4:6 -target._000=######################################### -target._001=# entries to enable configuration of parameter sets through the TPS UI agent and admin tabs -target._002=# -target._003=# target.configure.list = comma separated lists of all parameter sets that can be configured by the admin. -target._004=# Each entry will show up (with underscore replaced by space) under Advanced Configuration on the admin tab. -target._005=# -target._006=# target.agent_approve.list = comma separated subset of above list. Parameter sets in this list -target._007=# will show up in the agent tab (under advanced configuration) and will require agent involvement -target._008=# (enable/ disable) to be edited. -target._009=# -target._010=# For the wording to display correctly, the values in the above list should be plurals. -target._011=# -target._012=# Each parameter set in the lists above requires three parameters: -target._013=# target.<type name>.list : list of choices of this parameter set type (will display in the drop down box) -target._014=# target.<type name>.pattern : the regular expression to select parameters in CS.cfg for this parameter set. -target._015=# target.<type_name>.displayname: used in the UI display text. This should be the singular form of <type_name>. -target._016=# -target._017=# The exception is the parameter set Generals, which has only a pattern and displayname defined. -target._018=# -target._019=######################################## -target.configure.list=Profiles,Subsystem_Connections,Profile_Mappings,Authentication_Sources -target.agent_approve.list=Profiles -target.Profiles.list=userKey,soKey,soCleanUserToken,soUserKey,cleanToken,soCleanSoToken,tokenKey -target.Profiles.pattern=op\..*\.$name\..* -target.Profiles.displayname=Profile -target.Subsystem_Connections.list=ca1,drm1,tks1 -target.Subsystem_Connections.pattern=conn\.$name\..* -target.Subsystem_Connections.displayname=Subsystem Connection -target.Profile_Mappings.list=enroll,format,pinReset -target.Profile_Mappings.pattern=op\.$name\.mapping\..* -target.Profile_Mappings.displayname=Profile Mapping -target.Authentication_Sources.list=0,1 -target.Authentication_Sources.pattern=auth\.instance\.$name\..* -target.Authentication_Sources.displayname=Authentication Source -target.Generals.displayname=General -target.Generals.pattern=^applet\..*\|^general\..*\|^failover.pod.enable\|^channel\..* -config.Generals.General.state=Enabled -config.Generals.General.timestamp=1280283607424406 +tokendb.selfTestResultsTemplate=selfTestResults.template +tokendb.selfTestTemplate=selfTest.template +tokendb.showAdminTemplate=showAdmin.template +tokendb.showCertTemplate=showCert.template +tokendb.showTemplate=show.template +tokendb.ssl=false +tokendb.templateDir=[PKI_INSTANCE_PATH]/docroot/tus +tokendb.userBaseDN=[TOKENDB_ROOT] +tokendb.userDeleteTemplate=userDelete.template tps._000=######################################## tps._001=# For verifying system certificates tps._002=# tps.cert.list=sslserver,subsystem,audit_signing @@ -1698,11 +1591,12 @@ tps._015=# TOKEN_TEMP_LOST_PERM_LOST =5, tps._016=# TOKEN_TERMINATED = 6 tps._017=# Sample: tps.operations.allowedTransitions=0:0,0:4,4:6,6:0 tps._018=######################################## -tps.operations.allowedTransitions=0:0,0:4,4:0 -tps.cert.list=sslserver,subsystem,audit_signing -tps.cert.sslserver.nickname=[HSM_LABEL][NICKNAME] -tps.cert.subsystem.nickname=[HSM_LABEL][NICKNAME] +tps.cert.audit_signing.certusage=ObjectSigner tps.cert.audit_signing.nickname=[HSM_LABEL][NICKNAME] +tps.cert.list=sslserver,subsystem,audit_signing +tps.cert.sslserver.certusage=SSLServer +tps.cert.subsystem.certusage=SSLClient +tps.operations.allowedTransitions=0:0,0:4,4:0 usrgrp._000=## usrgrp._001=## User/Group usrgrp._002=## diff --git a/base/tps/shared/conf/db.ldif b/base/tps/shared/conf/db.ldif index 050118d1f..1dada984a 100644 --- a/base/tps/shared/conf/db.ldif +++ b/base/tps/shared/conf/db.ldif @@ -3,64 +3,52 @@ # All rights reserved. # --- END COPYRIGHT BLOCK --- # -dn: ou=people,{rootSuffix} -objectClass: top -objectClass: organizationalUnit -ou: people +dn: ou=Tokens,{rootSuffix} +objectclass: top +objectclass: organizationalunit +ou: Tokens + +dn: ou=Activities,{rootSuffix} +objectclass: top +objectclass: organizationalunit +ou: Activities + +dn: ou=Certificates,{rootSuffix} +objectclass: top +objectclass: organizationalunit +ou: Certificates + +dn: ou=People,{rootSuffix} +objectclass: top +objectclass: organizationalunit +ou: People aci: (targetattr!="userPassword")(version 3.0; acl "Enable anonymous access"; allow (read, search, compare)userdn="ldap:///anyone";) -dn: ou=groups,{rootSuffix} -objectClass: top -objectClass: organizationalUnit -ou: groups - -dn: cn=Token Processing Service Manager Agents,ou=groups,{rootSuffix} -objectClass: top -objectClass: groupOfUniqueNames -cn: Token Processing Service Manager Agents -description: Agents for Token Processing Service Manager - -dn: cn=Subsystem Group, ou=groups, {rootSuffix} -objectClass: top -objectClass: groupOfUniqueNames -cn: Subsystem Group -description: Subsystem Group +dn: ou=Groups,{rootSuffix} +objectclass: top +objectclass: organizationalunit +ou: Groups -dn: cn=Trusted Managers,ou=groups,{rootSuffix} +dn: cn=TUS Agents,ou=Groups,{rootSuffix} objectClass: top objectClass: groupOfUniqueNames -cn: Trusted Managers -description: Managers trusted by this PKI instance +cn: TUS Agents +description: Agents for TUS -dn: cn=Administrators,ou=groups,{rootSuffix} +dn: cn=TUS Officers,ou=Groups,{rootSuffix} objectClass: top objectClass: groupOfUniqueNames -cn: Administrators -description: People who manage the Certificate System +cn: TUS Officers +description: Security Officers for TUS -dn: cn=Auditors,ou=groups,{rootSuffix} +dn: cn=TUS Administrators,ou=Groups,{rootSuffix} objectClass: top objectClass: groupOfUniqueNames -cn: Auditors -description: People who can read the signed audits +cn: TUS Administrators +description: Administrators for TUS -dn: cn=ClonedSubsystems,ou=groups,{rootSuffix} +dn: cn=TUS Operators,ou=Groups,{rootSuffix} objectClass: top objectClass: groupOfUniqueNames -cn: ClonedSubsystems -description: People who can clone the master subsystem - -dn: ou=requests,{rootSuffix} -objectClass: top -objectClass: organizationalUnit -ou: requests - -dn: cn=crossCerts,{rootSuffix} -cn: crossCerts -sn: crossCerts -objectClass: top -objectClass: person -objectClass: pkiCA -cACertificate;binary: -authorityRevocationList;binary: -certificateRevocationList;binary: +cn: TUS Operators +description: Operators for TUS diff --git a/base/tps/shared/conf/index.ldif b/base/tps/shared/conf/index.ldif index fa4f2828c..d896de394 100644 --- a/base/tps/shared/conf/index.ldif +++ b/base/tps/shared/conf/index.ldif @@ -1,203 +1,76 @@ # --- BEGIN COPYRIGHT BLOCK --- -# Copyright (C) 2006 Red Hat, Inc. +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; +# version 2.1 of the License. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301 USA +# +# Copyright (C) 2007 Red Hat, Inc. # All rights reserved. # --- END COPYRIGHT BLOCK --- # -dn: cn=revokedby,cn=index,cn={database},cn=ldbm database, cn=plugins, cn=config -objectClass: top -objectClass: nsIndex -nsIndexType: eq -nsSystemIndex: false -cn: revokedby - -dn: cn=issuedby,cn=index,cn={database},cn=ldbm database, cn=plugins, cn=config -objectClass: top -objectClass: nsIndex -nsIndexType: eq -nsSystemIndex: false -cn: issuedby - -dn: cn=publicKeyData,cn=index,cn={database},cn=ldbm database, cn=plugins, cn=config -objectClass: top -objectClass: nsIndex -nsIndexType: eq -nsSystemIndex: false -cn: publicKeyData - -dn: cn=clientId,cn=index,cn={database},cn=ldbm database, cn=plugins, cn=config -objectClass: top -objectClass: nsIndex -nsIndexType: eq -nsSystemIndex: false -cn: clientId - -dn: cn=dataType,cn=index,cn={database},cn=ldbm database, cn=plugins, cn=config -objectClass: top -objectClass: nsIndex -nsIndexType: eq -nsSystemIndex: false -cn: dataType - -dn: cn=status,cn=index,cn={database},cn=ldbm database, cn=plugins, cn=config -objectClass: top -objectClass: nsIndex -nsIndexType: eq -nsSystemIndex: false -cn: status - -dn: cn=description,cn=index,cn={database},cn=ldbm database, cn=plugins, cn=config -objectClass: top -objectClass: nsIndex -nsIndexType: eq -nsIndexType: pres -nsSystemIndex: false -cn: description - -dn: cn=serialno,cn=index,cn={database},cn=ldbm database, cn=plugins, cn=config -objectClass: top -objectClass: nsIndex -nsIndexType: eq -nsIndexType: pres -nsSystemIndex: false -cn: serialno - -dn: cn=metaInfo,cn=index,cn={database},cn=ldbm database, cn=plugins, cn=config -objectClass: top -objectClass: nsIndex -nsIndexType: eq -nsIndexType: pres -nsSystemIndex: false -cn: metaInfo - -dn: cn=certstatus,cn=index,cn={database},cn=ldbm database, cn=plugins, cn=config -objectClass: top -objectClass: nsIndex -nsIndexType: eq -nsIndexType: pres -nsSystemIndex: false -cn: certstatus - -dn: cn=requestid,cn=index,cn={database},cn=ldbm database, cn=plugins, cn=config -objectClass: top -objectClass: nsIndex -nsIndexType: eq -nsIndexType: pres -nsSystemIndex: false -cn: requestid - -dn: cn=requesttype,cn=index,cn={database},cn=ldbm database, cn=plugins, cn=config -objectClass: top -objectClass: nsIndex -nsIndexType: eq -nsIndexType: pres -nsSystemIndex: false -cn: requesttype - -dn: cn=requeststate,cn=index,cn={database},cn=ldbm database, cn=plugins, cn=config -objectClass: top -objectClass: nsIndex -nsIndexType: eq -nsIndexType: pres -nsSystemIndex: false -cn: requeststate - -dn: cn=requestowner,cn=index,cn={database},cn=ldbm database, cn=plugins, cn=config -objectClass: top -objectClass: nsIndex -nsIndexType: eq -nsIndexType: pres -nsSystemIndex: false -cn: requestowner - -dn: cn=notbefore,cn=index,cn={database},cn=ldbm database, cn=plugins, cn=config -objectClass: top -objectClass: nsIndex -nsIndexType: eq -nsIndexType: pres -nsSystemIndex: false -cn: notbefore - -dn: cn=notafter,cn=index,cn={database},cn=ldbm database, cn=plugins, cn=config -objectClass: top -objectClass: nsIndex -nsIndexType: eq -nsIndexType: pres -nsSystemIndex: false -cn: notafter - -dn: cn=duration,cn=index,cn={database},cn=ldbm database, cn=plugins, cn=config -objectClass: top -objectClass: nsIndex -nsIndexType: eq -nsIndexType: pres -nsSystemIndex: false -cn: duration - -dn: cn=dateOfCreate,cn=index,cn={database},cn=ldbm database, cn=plugins, cn=config -objectClass: top -objectClass: nsIndex -nsIndexType: eq -nsIndexType: pres -nsSystemIndex: false +dn: cn=tokenUserID,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config +objectclass: top +objectclass: nsIndex +cn: tokenUserID +nsindextype: eq +nsindextype: pres +nsindextype: sub +nssystemindex: false + +dn: cn=tokenID,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config +objectclass: top +objectclass: nsIndex +cn: tokenID +nsindextype: eq +nsindextype: pres +nsindextype: sub +nssystemindex: false + +dn: cn=dateOfCreate,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config +objectclass: top +objectclass: nsIndex cn: dateOfCreate - -dn: cn=revokedOn,cn=index,cn={database},cn=ldbm database, cn=plugins, cn=config -objectClass: top -objectClass: nsIndex -nsIndexType: eq -nsIndexType: pres -nsSystemIndex: false -cn: revokedOn - -dn: cn=archivedBy,cn=index,cn={database},cn=ldbm database, cn=plugins, cn=config -objectClass: top -objectClass: nsIndex -nsIndexType: eq -nsIndexType: pres -nsSystemIndex: false -cn: archivedBy - -dn: cn=ownername,cn=index,cn={database},cn=ldbm database, cn=plugins, cn=config -objectClass: top -objectClass: nsIndex -nsIndexType: eq -nsIndexType: pres -nsIndexType: sub -nsSystemIndex: false -cn: ownername - -dn: cn=subjectname,cn=index,cn={database},cn=ldbm database, cn=plugins, cn=config -objectClass: top -objectClass: nsIndex -nsIndexType: eq -nsIndexType: pres -nsIndexType: sub -nsSystemIndex: false -cn: subjectname - -dn: cn=requestsourceid,cn=index,cn={database},cn=ldbm database, cn=plugins, cn=config -objectClass: top -objectClass: nsIndex -nsIndexType: eq -nsIndexType: pres -nsIndexType: sub -nsSystemIndex: false -cn: requestsourceid - -dn: cn=revInfo,cn=index,cn={database},cn=ldbm database, cn=plugins, cn=config -objectClass: top -objectClass: nsIndex -nsIndexType: eq -nsIndexType: pres -nsIndexType: sub -nsSystemIndex: false -cn: revInfo - -dn: cn=extension,cn=index,cn={database},cn=ldbm database, cn=plugins, cn=config -objectClass: top -objectClass: nsIndex -nsIndexType: eq -nsIndexType: pres -nsIndexType: sub -nsSystemIndex: false -cn: extension +nsindextype: eq +nsindextype: pres +nsindextype: sub +nssystemindex: false + +dn: cn=dateOfModify,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config +objectclass: top +objectclass: nsIndex +cn: dateOfModify +nsindextype: eq +nsindextype: pres +nsindextype: sub +nssystemindex: false + +dn: cn=userCertificate,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config +objectclass: top +objectclass: nsIndex +cn: userCertificate +nsindextype: eq +nssystemindex: false + +dn: cn=tokenSerial,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config +objectclass: top +objectclass: nsIndex +cn: tokenSerial +nsindextype: eq +nssystemindex: false + +dn: cn=tokenKeyType,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config +objectclass: top +objectclass: nsIndex +cn: tokenKeyType +nsindextype: eq +nssystemindex: false diff --git a/base/tps/shared/conf/schema.ldif b/base/tps/shared/conf/schema.ldif index 777bbef12..bde045630 100644 --- a/base/tps/shared/conf/schema.ldif +++ b/base/tps/shared/conf/schema.ldif @@ -1,489 +1,58 @@ -dn: cn=schema -changetype: modify -add: attributeTypes -attributeTypes: ( usertype-oid NAME 'usertype' DESC 'Distinguish whether the user is administrator, agent or subsystem.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) - -dn: cn=schema -changetype: modify -add: attributeTypes -attributeTypes: ( userstate-oid NAME 'userstate' DESC 'Distinguish whether the user is administrator, agent or subsystem.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) - -dn: cn=schema -changetype: modify -add: objectClasses -objectClasses: ( cmsuser-oid NAME 'cmsuser' DESC 'CMS User' SUP top STRUCTURAL MUST usertype MAY userstate X-ORIGIN 'user defined' ) - -dn: cn=schema -changetype: modify -add: attributeTypes -attributeTypes: ( archivedBy-oid NAME 'archivedBy' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) - -dn: cn=schema -changetype: modify -add: attributeTypes -attributeTypes: ( adminMessages-oid NAME 'adminMessages' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) - -dn: cn=schema -changetype: modify -add: attributeTypes -attributeTypes: ( algorithm-oid NAME 'algorithm' DESC 'CMS defined attribute'SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) - -dn: cn=schema -changetype: modify -add: attributeTypes -attributeTypes: ( algorithmId-oid NAME 'algorithmId' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) - -dn: cn=schema -changetype: modify -add: attributeTypes -attributeTypes: ( signingAlgorithmId-oid NAME 'signingAlgorithmId' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) - -dn: cn=schema -changetype: modify -add: attributeTypes -attributeTypes: ( autoRenew-oid NAME 'autoRenew' DESC 'CMS defined attribute'SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) - -dn: cn=schema -changetype: modify -add: attributeTypes -attributeTypes: ( certStatus-oid NAME 'certStatus' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) - -dn: cn=schema -changetype: modify -add: attributeTypes -attributeTypes: ( crlName-oid NAME 'crlName' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) - -dn: cn=schema -changetype: modify -add: attributeTypes -attributeTypes: ( crlSize-oid NAME 'crlSize' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) - -dn: cn=schema -changetype: modify -add: attributeTypes -attributeTypes: ( deltaSize-oid NAME 'deltaSize' DESC 'CMS defined attribute'SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) - -dn: cn=schema -changetype: modify -add: attributeTypes -attributeTypes: ( crlNumber-oid NAME 'crlNumber' DESC 'CMS defined attribute'SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) - -dn: cn=schema -changetype: modify -add: attributeTypes -attributeTypes: ( deltaNumber-oid NAME 'deltaNumber' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) - -dn: cn=schema -changetype: modify -add: attributeTypes -attributeTypes: ( firstUnsaved-oid NAME 'firstUnsaved' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) - -dn: cn=schema -changetype: modify -add: attributeTypes -attributeTypes: ( crlCache-oid NAME 'crlCache' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'user defined' ) - -dn: cn=schema -changetype: modify -add: attributeTypes -attributeTypes: ( revokedCerts-oid NAME 'revokedCerts' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'user defined' ) - -dn: cn=schema -changetype: modify -add: attributeTypes -attributeTypes: ( unrevokedCerts-oid NAME 'unrevokedCerts' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'user defined' ) - -dn: cn=schema -changetype: modify -add: attributeTypes -attributeTypes: ( expiredCerts-oid NAME 'expiredCerts' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'user defined' ) - -dn: cn=schema -changetype: modify -add: attributeTypes -attributeTypes: ( crlExtensions-oid NAME 'crlExtensions' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'user defined' ) - -dn: cn=schema -changetype: modify -add: attributeTypes -attributeTypes: ( dateOfArchival-oid NAME 'dateOfArchival' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) - -dn: cn=schema -changetype: modify -add: attributeTypes -attributeTypes: ( dateOfRecovery-oid NAME 'dateOfRecovery' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) - -dn: cn=schema -changetype: modify -add: attributeTypes -attributeTypes: ( dateOfRevocation-oid NAME 'dateOfRevocation' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) - +# --- BEGIN COPYRIGHT BLOCK --- +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; +# version 2.1 of the License. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301 USA +# +# Copyright (C) 2007 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- +# dn: cn=schema changetype: modify add: attributeTypes attributeTypes: ( dateOfCreate-oid NAME 'dateOfCreate' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) - -dn: cn=schema -changetype: modify -add: attributeTypes attributeTypes: ( dateOfModify-oid NAME 'dateOfModify' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) - -dn: cn=schema -changetype: modify -add: attributeTypes -attributeTypes: ( duration-oid NAME 'duration' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) - -dn: cn=schema -changetype: modify -add: attributeTypes -attributeTypes: ( extension-oid NAME 'extension' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) - -dn: cn=schema -changetype: modify -add: attributeTypes -attributeTypes: ( issuedBy-oid NAME 'issuedBy' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) - -dn: cn=schema -changetype: modify -add: attributeTypes -attributeTypes: ( issueInfo-oid NAME 'issueInfo' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'user defined' ) - -dn: cn=schema -changetype: modify -add: attributeTypes -attributeTypes: ( issuerName-oid NAME 'issuerName' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) - -dn: cn=schema -changetype: modify -add: attributeTypes -attributeTypes: ( keySize-oid NAME 'keySize' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) - -dn: cn=schema -changetype: modify -add: attributeTypes -attributeTypes: ( clientId-oid NAME 'clientId' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) - -dn: cn=schema -changetype: modify -add: attributeTypes -attributeTypes: ( dataType-oid NAME 'dataType' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) - -dn: cn=schema -changetype: modify -add: attributeTypes -attributeTypes: ( status-oid NAME 'status' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) - -dn: cn=schema -changetype: modify -add: attributeTypes -attributeTypes: ( keyState-oid NAME 'keyState' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) - -dn: cn=schema -changetype: modify -add: attributeTypes -attributeTypes: ( metaInfo-oid NAME 'metaInfo' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) - -dn: cn=schema -changetype: modify -add: attributeTypes -attributeTypes: ( nextUpdate-oid NAME 'nextUpdate' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) - -dn: cn=schema -changetype: modify -add: attributeTypes -attributeTypes: ( notAfter-oid NAME 'notAfter' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) - -dn: cn=schema -changetype: modify -add: attributeTypes -attributeTypes: ( notBefore-oid NAME 'notBefore' DESC 'CMS defined attribute'SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) - -dn: cn=schema -changetype: modify -add: attributeTypes -attributeTypes: ( ownerName-oid NAME 'ownerName' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) - -dn: cn=schema -changetype: modify -add: attributeTypes -attributeTypes: ( password-oid NAME 'password' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) - -dn: cn=schema -changetype: modify -add: attributeTypes -attributeTypes: ( p12Expiration-oid NAME 'p12Expiration' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) - -dn: cn=schema -changetype: modify -add: attributeTypes -attributeTypes: ( proofOfArchival-oid NAME 'proofOfArchival' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'user defined' ) - -dn: cn=schema -changetype: modify -add: attributeTypes -attributeTypes: ( publicKeyData-oid NAME 'publicKeyData' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'user defined' ) - -dn: cn=schema -changetype: modify -add: attributeTypes -attributeTypes: ( publicKeyFormat-oid NAME 'publicKeyFormat' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) - -dn: cn=schema -changetype: modify -add: attributeTypes -attributeTypes: ( privateKeyData-oid NAME 'privateKeyData' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'user defined' ) - -dn: cn=schema -changetype: modify -add: attributeTypes -attributeTypes: ( requestId-oid NAME 'requestId' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) - -dn: cn=schema -changetype: modify -add: attributeTypes -attributeTypes: ( requestInfo-oid NAME 'requestInfo' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) - -dn: cn=schema -changetype: modify -add: attributeTypes -attributeTypes: ( requestState-oid NAME 'requestState' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) - -dn: cn=schema -changetype: modify -add: attributeTypes -attributeTypes: ( requestResult-oid NAME 'requestResult' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) - -dn: cn=schema -changetype: modify -add: attributeTypes -attributeTypes: ( requestOwner-oid NAME 'requestOwner' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) - -dn: cn=schema -changetype: modify -add: attributeTypes -attributeTypes: ( requestAgentGroup-oid NAME 'requestAgentGroup' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) - -dn: cn=schema -changetype: modify -add: attributeTypes -attributeTypes: ( requestSourceId-oid NAME 'requestSourceId' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) - -dn: cn=schema -changetype: modify -add: attributeTypes -attributeTypes: ( requestType-oid NAME 'requestType' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) - -dn: cn=schema -changetype: modify -add: attributeTypes -attributeTypes: ( requestFlag-oid NAME 'requestFlag' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) - -dn: cn=schema -changetype: modify -add: attributeTypes -attributeTypes: ( requestError-oid NAME 'requestError' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) - -dn: cn=schema -changetype: modify -add: attributeTypes -attributeTypes: ( resourceACLS-oid NAME 'resourceACLS' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) - -dn: cn=schema -changetype: modify -add: attributeTypes -attributeTypes: ( revInfo-oid NAME 'revInfo' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) - -dn: cn=schema -changetype: modify -add: attributeTypes -attributeTypes: ( revokedBy-oid NAME 'revokedBy' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) - -dn: cn=schema -changetype: modify -add: attributeTypes -attributeTypes: ( revokedOn-oid NAME 'revokedOn' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) - -dn: cn=schema -changetype: modify -add: attributeTypes -attributeTypes: ( serialno-oid NAME 'serialno' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) - -dn: cn=schema -changetype: modify -add: attributeTypes -attributeTypes: ( nextRange-oid NAME 'nextRange' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) - -dn: cn=schema -changetype: modify -add: attributeTypes -attributeTypes: ( publishingStatus-oid NAME 'publishingStatus' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) - -dn: cn=schema -changetype: modify -add: attributeTypes -attributeTypes: ( beginRange-oid NAME 'beginRange' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) - -dn: cn=schema -changetype: modify -add: attributeTypes -attributeTypes: ( endRange-oid NAME 'endRange' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) - -dn: cn=schema -changetype: modify -add: attributeTypes -attributeTypes: ( subjectName-oid NAME 'subjectName' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) - -dn: cn=schema -changetype: modify -add: attributeTypes -attributeTypes: ( sessionContext-oid NAME 'sessionContext' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'user defined' ) - -dn: cn=schema -changetype: modify -add: attributeTypes -attributeTypes: ( thisUpdate-oid NAME 'thisUpdate' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) - -dn: cn=schema -changetype: modify -add: attributeTypes -attributeTypes: ( transId-oid NAME 'transId' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) - -dn: cn=schema -changetype: modify -add: attributeTypes -attributeTypes: ( transStatus-oid NAME 'transStatus' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) - -dn: cn=schema -changetype: modify -add: attributeTypes -attributeTypes: ( transName-oid NAME 'transName' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) - -dn: cn=schema -changetype: modify -add: attributeTypes -attributeTypes: ( transOps-oid NAME 'transOps' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) - -dn: cn=schema -changetype: modify -add: attributeTypes -attributeTypes: ( userDN-oid NAME 'userDN' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) - -dn: cn=schema -changetype: modify -add: attributeTypes -attributeTypes: ( userMessages-oid NAME 'userMessages' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) - -dn: cn=schema -changetype: modify -add: attributeTypes -attributeTypes: ( version-oid NAME 'version' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) - -dn: cn=schema -changetype: modify -add: attributeTypes -attributeTypes: ( Clone-oid NAME 'Clone' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN 'user defined' ) - -dn: cn=schema -changetype: modify -add: attributeTypes -attributeTypes: ( DomainManager-oid NAME 'DomainManager' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN 'user defined' ) - -dn: cn=schema -changetype: modify -add: attributeTypes -attributeTypes: ( SecurePort-oid NAME 'SecurePort' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'user defined' ) - -dn: cn=schema -changetype: modify -add: attributeTypes -attributeTypes: ( SecureAgentPort-oid NAME 'SecureAgentPort' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'user defined' ) - -dn: cn=schema -changetype: modify -add: attributeTypes -attributeTypes: ( SecureAdminPort-oid NAME 'SecureAdminPort' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'user defined' ) - -dn: cn=schema -changetype: modify -add: attributeTypes -attributeTypes: ( SecureEEClientAuthPort-oid NAME 'SecureEEClientAuthPort' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'user defined' ) - -dn: cn=schema -changetype: modify -add: attributeTypes -attributeTypes: ( UnSecurePort-oid NAME 'UnSecurePort' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'user defined' ) - -dn: cn=schema -changetype: modify -add: attributeTypes -attributeTypes: ( SubsystemName-oid NAME 'SubsystemName' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'user defined' ) - -dn: cn=schema -changetype: modify -add: attributeTypes -attributeTypes: ( cmsUserGroup-oid NAME 'cmsUserGroup' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) - -dn: cn=schema -changetype: modify -add: objectClasses -objectClasses: ( CertACLS-oid NAME 'CertACLS' DESC 'CMS defined class' SUP top STRUCTURAL MUST cn MAY resourceACLS X-ORIGIN 'user defined' ) - -dn: cn=schema -changetype: modify -add: objectClasses -objectClasses: ( repository-oid NAME 'repository' DESC 'CMS defined class' SUP top STRUCTURAL MUST ou MAY ( serialno $ description $ nextRange $ publishingStatus ) X-ORIGIN 'user defined' ) - -dn: cn=schema -changetype: modify -add: objectClasses -objectClasses: ( request-oid NAME 'request' DESC 'CMS defined class' SUP top STRUCTURAL MUST cn MAY ( requestId $ dateOfCreate $ dateOfModify $ requestState $ requestResult $ requestOwner $ requestAgentGroup $ requestSourceId $ requestType $ requestFlag $ requestError $ userMessages $ adminMessages ) X-ORIGIN 'user defined' ) - -dn: cn=schema -changetype: modify -add: objectClasses -objectClasses: ( transaction-oid NAME 'transaction' DESC 'CMS defined class' SUP top STRUCTURAL MUST cn MAY ( transId $ description $ transName $ transStatus $ transOps ) X-ORIGIN 'user defined' ) - -dn: cn=schema -changetype: modify -add: objectClasses -objectClasses: ( crlIssuingPointRecord-oid NAME 'crlIssuingPointRecord' DESC 'CMS defined class' SUP top STRUCTURAL MUST cn MAY ( dateOfCreate $ dateOfModify $ crlNumber $ crlSize $ thisUpdate $ nextUpdate $ deltaNumber $ deltaSize $ firstUnsaved $ certificateRevocationList $ deltaRevocationList $ crlCache $ revokedCerts $ unrevokedCerts $ expiredCerts $ cACertificate ) X-ORIGIN 'user defined' ) - -dn: cn=schema -changetype: modify -add: objectClasses -objectClasses: ( certificateRecord-oid NAME 'certificateRecord' DESC 'CMS defined class' SUP top STRUCTURAL MUST cn MAY ( serialno $ dateOfCreate $ dateOfModify $ certStatus $ autoRenew $ issueInfo $ metaInfo $ revInfo $ version $ duration $ notAfter $ notBefore $ algorithmId $ subjectName $ signingAlgorithmId $ userCertificate $ issuedBy $ revokedBy $ revokedOn $ extension $ publicKeyData $ issuerName ) X-ORIGIN 'user defined' ) - -dn: cn=schema -changetype: modify -add: objectClasses -objectClasses: ( userDetails-oid NAME 'userDetails' DESC 'CMS defined class' SUP top STRUCTURAL MUST userDN MAY ( dateOfCreate $ dateOfModify $ password $ p12Expiration ) X-ORIGIN 'user defined' ) - -dn: cn=schema -changetype: modify -add: objectClasses -objectClasses: ( keyRecord-oid NAME 'keyRecord' DESC 'CMS defined class' SUP top STRUCTURAL MUST cn MAY ( serialno $ dateOfCreate $ dateOfModify $ keyState $ privateKeyData $ ownerName $ keySize $ metaInfo $ dateOfArchival $ dateOfRecovery $ algorithm $ publicKeyFormat $ publicKeyData $ archivedBy $ clientId $ dataType $ status ) X-ORIGIN 'user defined' ) - -dn: cn=schema -changetype: modify -add: objectClasses -objectClasses: ( pkiSecurityDomain-oid NAME 'pkiSecurityDomain' DESC 'CMS defined class' SUP top STRUCTURAL MUST ( ou $ name ) X-ORIGIN 'user defined' ) - -dn: cn=schema -changetype: modify -add: objectClasses -objectClasses: ( pkiSecurityGroup-oid NAME 'pkiSecurityGroup' DESC 'CMS defined class' SUP top STRUCTURAL MUST cn X-ORIGIN 'user defined' ) - -dn: cn=schema -changetype: modify -add: objectClasses -objectClasses: ( pkiSubsystem-oid NAME 'pkiSubsystem' DESC 'CMS defined class' SUP top STRUCTURAL MUST ( cn $ Host $ SecurePort $ SubsystemName $ Clone ) MAY ( DomainManager $ SecureAgentPort $ SecureAdminPort $SecureEEClientAuthPort $ UnSecurePort ) X-ORIGIN 'user defined' ) - -dn: cn=schema -changetype: modify -add: objectClasses -objectClasses: ( pkiRange-oid NAME 'pkiRange' DESC 'CMS defined class' SUP top STRUCTURAL MUST ( cn $ beginRange $ endRange $ Host $ SecurePort ) X-ORIGIN 'user defined' ) - -dn: cn=schema -changetype: modify -add: objectClasses -objectClasses: ( securityDomainSessionEntry-oid NAME 'securityDomainSessionEntry' DESC 'CMS defined class' SUP top STRUCTURAL MUST ( cn $ host $ uid $ cmsUserGroup $ dateOfCreate ) X-ORIGIN 'user defined' ) +attributeTypes: ( modified-oid NAME 'modified' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN 'user defined' ) +attributeTypes: ( tokenUserID-oid NAME 'tokenUserID' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( tokenStatus-oid NAME 'tokenStatus' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( tokenAppletID-oid NAME 'tokenAppletID' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( keyInfo-oid NAME 'keyInfo' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( numberOfResets-oid NAME 'numberOfResets' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN 'user defined' ) +attributeTypes: ( numberOfEnrollments-oid NAME 'numberOfEnrollments' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN 'user defined' ) +attributeTypes: ( numberOfRenewals-oid NAME 'numberOfRenewals' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN 'user defined' ) +attributeTypes: ( numberOfRecoveries-oid NAME 'numberOfRecoveries' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN 'user defined' ) +attributeTypes: ( allowPinReset-oid NAME 'allowPinReset' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( extensions-oid NAME 'extensions' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( tokenOp-oid NAME 'tokenOp' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( tokenID-oid NAME 'tokenID' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( tokenMsg-oid NAME 'tokenMsg' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( tokenResult-oid NAME 'tokenResult' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( tokenIP-oid NAME 'tokenIP' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( tokenPolicy-oid NAME 'tokenPolicy' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( tokenIssuer-oid NAME 'tokenIssuer' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( tokenSubject-oid NAME 'tokenSubject' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( tokenSerial-oid NAME 'tokenSerial' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( tokenOrigin-oid NAME 'tokenOrigin' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( tokenType-oid NAME 'tokenType' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( tokenKeyType-oid NAME 'tokenKeyType' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( tokenReason-oid NAME 'tokenReason' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( tokenNotBefore-oid NAME 'tokenNotBefore' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( tokenNotAfter-oid NAME 'tokenNotAfter' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +attributeTypes: ( profileID-oid NAME 'profileID' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' ) +- +add: objectClasses +objectClasses: ( tokenRecord-oid NAME 'tokenRecord' DESC 'CMS defined class' SUP top STRUCTURAL MUST cn MAY ( dateOfCreate $ dateOfModify $ modified $ tokenReason $ tokenUserID $ tokenStatus $ tokenAppletID $ keyInfo $ tokenPolicy $ extensions $ numberOfResets $ numberOfEnrollments $ numberOfRenewals $ numberOfRecoveries $ userCertificate $ tokenType ) X-ORIGIN 'user defined' ) +objectClasses: ( tokenActivity-oid NAME 'tokenActivity' DESC 'CMS defined class' SUP top STRUCTURAL MUST cn MAY ( dateOfCreate $ dateOfModify $ tokenOp $ tokenIP $ tokenResult $ tokenID $ tokenUserID $ tokenMsg $ extensions $ tokenType ) X-ORIGIN 'user defined' ) +objectClasses: ( tokenCert-oid NAME 'tokenCert' DESC 'CMS defined class' SUP top STRUCTURAL MUST cn MAY ( dateOfCreate $ dateOfModify $ userCertificate $ tokenUserID $ tokenID $ tokenIssuer $ tokenOrigin $ tokenSubject $ tokenSerial $ tokenStatus $ tokenType $ tokenKeyType $ tokenNotBefore $ tokenNotAfter $ extensions ) X-ORIGIN 'user defined' ) +objectClasses: ( tpsProfileID-oid NAME 'tpsProfileID' DESC 'CMS defined class' SUP top AUXILIARY MAY ( profileID ) X-ORIGIN 'user-defined' ) |