summaryrefslogtreecommitdiffstats
path: root/pki/base/ca/shared/conf/CS.cfg.in
diff options
context:
space:
mode:
Diffstat (limited to 'pki/base/ca/shared/conf/CS.cfg.in')
-rw-r--r--pki/base/ca/shared/conf/CS.cfg.in1084
1 files changed, 1084 insertions, 0 deletions
diff --git a/pki/base/ca/shared/conf/CS.cfg.in b/pki/base/ca/shared/conf/CS.cfg.in
new file mode 100644
index 000000000..7f7c8e665
--- /dev/null
+++ b/pki/base/ca/shared/conf/CS.cfg.in
@@ -0,0 +1,1084 @@
+#
+#cs.state=0 (pre-operational)
+#cs.state=1 (running)
+#
+pkicreate.pki_instance_root=[PKI_INSTANCE_ROOT]
+pkicreate.pki_instance_name=[PKI_INSTANCE_ID]
+pkicreate.subsystem_type=[PKI_SUBSYSTEM_TYPE]
+pkicreate.agent_secure_port=[PKI_AGENT_SECURE_PORT]
+pkicreate.ee_secure_port=[PKI_EE_SECURE_PORT]
+pkicreate.ee_secure_client_auth_port=[PKI_EE_SECURE_CLIENT_AUTH_PORT]
+pkicreate.admin_secure_port=[PKI_ADMIN_SECURE_PORT]
+pkicreate.secure_port=[PKI_SECURE_PORT]
+pkicreate.unsecure_port=[PKI_UNSECURE_PORT]
+pkicreate.tomcat_server_port=[TOMCAT_SERVER_PORT]
+pkicreate.user=[PKI_USER]
+pkicreate.arg11.group=[PKI_GROUP]
+pkiremove.cert.subsystem.nickname=subsystemCert cert-[PKI_INSTANCE_ID]
+installDate=[INSTALL_TIME]
+preop.wizard.name=CA Setup Wizard
+preop.product.name=CS
+preop.product.version=@VERSION@
+preop.system.name=CA
+preop.system.fullname=Certificate Authority
+proxy.securePort=[PKI_PROXY_SECURE_PORT]
+proxy.unsecurePort=[PKI_PROXY_UNSECURE_PORT]
+cs.state=0
+cs.type=CA
+authType=pwd
+admin.interface.uri=ca/admin/console/config/wizard
+ee.interface.uri=ca/ee/ca
+agent.interface.uri=ca/agent/ca
+preop.securitydomain.admin_url=https://[PKI_MACHINE_NAME]:9445
+securitydomain.flushinterval=86400000
+securitydomain.source=ldap
+securitydomain.checkinterval=300000
+instanceRoot=[PKI_INSTANCE_PATH]
+machineName=[PKI_MACHINE_NAME]
+instanceId=[PKI_INSTANCE_ID]
+service.machineName=[PKI_MACHINE_NAME]
+service.instanceDir=[PKI_INSTANCE_ROOT]
+service.securePort=[PKI_AGENT_SECURE_PORT]
+service.non_clientauth_securePort=[PKI_EE_SECURE_PORT]
+service.clientauth_securePort=[PKI_EE_SECURE_CLIENT_AUTH_PORT]
+service.unsecurePort=[PKI_UNSECURE_PORT]
+service.instanceID=[PKI_INSTANCE_ID]
+preop.admin.name=Certificate System Administrator
+preop.admin.group=Certificate Manager Agents
+preop.admincert.profile=caAdminCert
+preop.pin=[PKI_RANDOM_NUMBER]
+ca.cert.list=signing,ocsp_signing,sslserver,subsystem,audit_signing
+ca.cert.signing.certusage=SSLCA
+ca.cert.ocsp_signing.certusage=StatusResponder
+ca.cert.sslserver.certusage=SSLServer
+ca.cert.subsystem.certusage=SSLClient
+ca.cert.audit_signing.certusage=ObjectSigner
+preop.cert.list=signing,ocsp_signing,sslserver,subsystem,audit_signing
+preop.cert.signing.enable=true
+preop.cert.ocsp_signing.enable=true
+preop.cert.sslserver.enable=true
+preop.cert.subsystem.enable=true
+preop.cert.audit_signing.enable=true
+preop.cert.signing.defaultSigningAlgorithm=SHA256withRSA
+preop.cert.signing.dn=CN=Certificate Authority
+preop.cert.signing.cncomponent.override=true
+preop.cert.signing.keysize.size=2048
+preop.cert.signing.keysize.custom_size=2048
+preop.cert.signing.nickname=caSigningCert cert-[PKI_INSTANCE_ID]
+preop.cert.signing.profile=caCert.profile
+preop.cert.signing.signing.required=true
+preop.cert.signing.subsystem=ca
+preop.cert.signing.type=selfsign
+preop.cert.signing.userfriendlyname=CA Signing Certificate
+preop.cert.audit_signing.defaultSigningAlgorithm=SHA256withRSA
+preop.cert.audit_signing.dn=CN=CA Audit Signing Certificate
+preop.cert.audit_signing.keysize.custom_size=2048
+preop.cert.audit_signing.keysize.size=2048
+preop.cert.audit_signing.nickname=auditSigningCert cert-[PKI_INSTANCE_ID]
+preop.cert.audit_signing.profile=caAuditSigningCert.profile
+preop.cert.audit_signing.signing.required=false
+preop.cert.audit_signing.subsystem=ca
+preop.cert.audit_signing.type=local
+preop.cert.audit_signing.userfriendlyname=CA Audit Signing Certificate
+preop.cert.audit_signing.cncomponent.override=true
+preop.cert.ocsp_signing.defaultSigningAlgorithm=SHA256withRSA
+preop.cert.ocsp_signing.dn=CN=OCSP Signing Certificate
+preop.cert.ocsp_signing.keysize.custom_size=2048
+preop.cert.ocsp_signing.keysize.size=2048
+preop.cert.ocsp_signing.nickname=ocspSigningCert cert-[PKI_INSTANCE_ID]
+preop.cert.ocsp_signing.profile=caOCSPCert.profile
+preop.cert.ocsp_signing.signing.required=true
+preop.cert.ocsp_signing.subsystem=ca
+preop.cert.ocsp_signing.type=local
+preop.cert.ocsp_signing.userfriendlyname=OCSP Signing Certificate
+preop.cert.ocsp_signing.cncomponent.override=true
+preop.cert.sslserver.defaultSigningAlgorithm=SHA256withRSA
+preop.cert.sslserver.dn=CN=[PKI_MACHINE_NAME]
+preop.cert.sslserver.keysize.custom_size=2048
+preop.cert.sslserver.keysize.size=2048
+preop.cert.sslserver.nickname=Server-Cert cert-[PKI_INSTANCE_ID]
+preop.cert.sslserver.profile=serverCert.profile
+preop.cert.sslserver.signing.required=false
+preop.cert.sslserver.subsystem=ca
+preop.cert.sslserver.type=local
+preop.cert.sslserver.userfriendlyname=SSL Server Certificate
+preop.cert.sslserver.cncomponent.override=false
+preop.cert.subsystem.defaultSigningAlgorithm=SHA256withRSA
+preop.cert.subsystem.dn=CN=CA Subsystem Certificate
+preop.cert.subsystem.keysize.custom_size=2048
+preop.cert.subsystem.keysize.size=2048
+preop.cert.subsystem.nickname=subsystemCert cert-[PKI_INSTANCE_ID]
+preop.cert.subsystem.profile=subsystemCert.profile
+preop.cert.subsystem.signing.required=false
+preop.cert.subsystem.subsystem=ca
+preop.cert.subsystem.type=local
+preop.cert.subsystem.userfriendlyname=Subsystem Certificate
+preop.cert.subsystem.cncomponent.override=true
+preop.cert.admin.defaultSigningAlgorithm=SHA256withRSA
+preop.cert.admin.dn=uid=admin,cn=admin
+preop.cert.admin.keysize.custom_size=2048
+preop.cert.admin.keysize.size=2048
+preop.cert.admin.profile=adminCert.profile
+preop.hierarchy.profile=caCert.profile
+preop.configModules.module0.userFriendlyName=NSS Internal PKCS #11 Module
+preop.configModules.module0.commonName=NSS Internal PKCS #11 Module
+preop.configModules.module0.imagePath=../img/clearpixel.gif
+preop.configModules.module1.userFriendlyName=nCipher's nFast Token Hardware Module
+preop.configModules.module1.commonName=nfast
+preop.configModules.module1.imagePath=../img/clearpixel.gif
+preop.configModules.module2.userFriendlyName=SafeNet's LunaSA Token Hardware Module
+preop.configModules.module2.commonName=lunasa
+preop.configModules.module2.imagePath=../img/clearpixel.gif
+preop.configModules.count=3
+preop.module.token=Internal Key Storage Token
+preop.name.caDN=CN=Certificate Authority
+preop.name.sslDN=CN=[PKI_MACHINE_NAME]
+preop.name.ocspDN=CN=OCSP Signing Certificate
+preop.name.subsystemDN=CN=CA Subsystem Certificate
+preop.name.canickname=caSigningCert cert-[PKI_INSTANCE_ID]
+preop.name.ocspnickname=ocspSigningCert cert-[PKI_INSTANCE_ID]
+preop.name.subsystemnickname=subsystemCert cert-[PKI_INSTANCE_ID]
+preop.name.sslnickname=Server-Cert cert-[PKI_INSTANCE_ID]
+preop.subsystem.count=0
+subsystem.count=0
+passwordFile=[PKI_INSTANCE_PATH]/conf/password.conf
+passwordClass=com.netscape.cmsutil.password.PlainPasswordFile
+CrossCertPair._000=##
+CrossCertPair._001=## CrossCertPair Import
+CrossCertPair._002=##
+CrossCertPair.ldap=internaldb
+accessEvaluator.impl.group.class=com.netscape.cms.evaluators.GroupAccessEvaluator
+accessEvaluator.impl.ipaddress.class=com.netscape.cms.evaluators.IPAddressAccessEvaluator
+accessEvaluator.impl.user.class=com.netscape.cms.evaluators.UserAccessEvaluator
+accessEvaluator.impl.user_origreq.class=com.netscape.cms.evaluators.UserOrigReqAccessEvaluator
+auths._000=##
+auths._001=## new authentication
+auths._002=##
+auths.impl._000=##
+auths.impl._001=## authentication manager implementations
+auths.impl._002=##
+auths.impl.AgentCertAuth.class=com.netscape.cms.authentication.AgentCertAuthentication
+auths.impl.CMCAuth.class=com.netscape.cms.authentication.CMCAuth
+auths.impl.NISAuth.class=com.netscape.cms.authentication.NISAuth
+auths.impl.PortalEnroll.class=com.netscape.cms.authentication.PortalEnroll
+auths.impl.SSLclientCertAuth.class=com.netscape.cms.authentication.SSLclientCertAuthentication
+auths.impl.UdnPwdDirAuth.class=com.netscape.cms.authentication.UdnPwdDirAuthentication
+auths.impl.UidPwdDirAuth.class=com.netscape.cms.authentication.UidPwdDirAuthentication
+auths.impl.UidPwdPinDirAuth.class=com.netscape.cms.authentication.UidPwdPinDirAuthentication
+auths.impl.UidPwdGroupDirAuth.class=com.netscape.cms.authentication.UidPwdGroupDirAuthentication
+auths.impl.TokenAuth.class=com.netscape.cms.authentication.TokenAuthentication
+auths.impl.FlatFileAuth.class=com.netscape.cms.authentication.FlatFileAuth
+auths.instance.TokenAuth.pluginName=TokenAuth
+auths.instance.AgentCertAuth.agentGroup=Certificate Manager Agents
+auths.instance.AgentCertAuth.pluginName=AgentCertAuth
+auths.instance.raCertAuth.agentGroup=Registration Manager Agents
+auths.instance.raCertAuth.pluginName=AgentCertAuth
+auths.instance.flatFileAuth.pluginName=FlatFileAuth
+auths.instance.flatFileAuth.fileName=[PKI_INSTANCE_PATH]/conf/flatfile.txt
+auths.instance.SSLclientCertAuth.pluginName=SSLclientCertAuth
+auths.revocationChecking.bufferSize=50
+auths.revocationChecking.ca=ca
+auths.revocationChecking.enabled=true
+auths.revocationChecking.unknownStateInterval=0
+auths.revocationChecking.validityInterval=120
+authz._000=##
+authz._001=## new authorizatioin
+authz._002=##
+authz.evaluateOrder=deny,allow
+authz.sourceType=ldap
+authz.impl._000=##
+authz.impl._001=## authorization manager implementations
+authz.impl._002=##
+authz.impl.BasicAclAuthz.class=com.netscape.cms.authorization.BasicAclAuthz
+authz.impl.DirAclAuthz.class=com.netscape.cms.authorization.DirAclAuthz
+authz.instance.BasicAclAuthz.pluginName=BasicAclAuthz
+authz.instance.DirAclAuthz.ldap=internaldb
+authz.instance.DirAclAuthz.pluginName=DirAclAuthz
+authz.instance.DirAclAuthz.ldap._000=##
+authz.instance.DirAclAuthz.ldap._001=## Internal Database
+authz.instance.DirAclAuthz.ldap._002=##
+ca.ocsp=true
+ca.certdbInc=20
+ca.crldbInc=20
+ca.id=ca
+ca.local=true
+ca.ocspUseCache=false
+ca.enableNonces=true
+ca.maxNumberOfNonces=100
+ca.reqdbInc=20
+ca.transitMaxRecords=1000000
+ca.transitRecordPageSize=200
+# maxSearchReturns - limits number of search results returned by SearchReqs and SrchCerts
+# ca.maxSearchReturns=1000
+ca.scep.enable=false
+ca.scep.hashAlgorithm=SHA1
+ca.scep.allowedHashAlgorithms=SHA1,SHA256,SHA512
+ca.scep.encryptionAlgorithm=DES3
+ca.scep.allowedEncryptionAlgorithms=DES3
+ca.scep.nonceSizeLimit=16
+## ca.scep.nickname=
+## ca.scep.tokenname=
+ca.Policy._000=##
+ca.Policy._001=## Certificate Policy Framework (deprecated)
+ca.Policy._002=##
+ca.Policy._003=## Set 'ca.Policy.enable=true' to allow the following:
+ca.Policy._004=##
+ca.Policy._005=## SERVLET-NAME URL-PATTERN
+ca.Policy._006=## ====================================================
+ca.Policy._007=## caadminEnroll ca/admin/ca/adminEnroll.html
+ca.Policy._008=## cabulkissuance ca/agent/ca/bulkissuance.html
+ca.Policy._009=## cacertbasedenrollment ca/certbasedenrollment.html
+ca.Policy._010=## caenrollment ca/enrollment.html
+ca.Policy._011=## capolicy ca/capolicy
+ca.Policy._012=##
+ca.Policy.enable=false
+ca.Policy.order=KeyAlgRule, RSAKeyRule, DefaultValidityRule, RenewalConstraintsRule, DefaultRenewalValidityRule, RevocationConstraintsRule, NSCertTypeExt, CMCertKeyUsageExt, RMCertKeyUsageExt, ClientCertKeyUsageExt, ServerCertKeyUsageExt, ObjSignCertKeyUsageExt, CRLSignCertKeyUsageExt, SubjectKeyIdentifierExt, CertificatePoliciesExt, NSCCommentExt, OCSPNoCheckExt, OCSPSigningExt, CODESigningExt, GenericASN1Ext, CRLDistributionPointsExt, SubjectAltNameExt, SigningAlgRule, AuthorityKeyIdentifierExt, AuthInfoAccessExt, BasicConstraintsExt, UniqueSubjectNameConstraints, NameConstraintsExt, PolicyConstraintsExt, SubCANameConstraints, PolicyMappingsExt, IssuerRule
+ca.Policy.processor=classic
+ca.Policy.impl._000=##
+ca.Policy.impl._001=## Policy Implementations
+ca.Policy.impl._002=##
+ca.Policy.impl.AttributePresentConstraints.class=com.netscape.cms.policy.constraints.AttributePresentConstraints
+ca.Policy.impl.AuthInfoAccessExt.class=com.netscape.cms.policy.extensions.AuthInfoAccessExt
+ca.Policy.impl.AuthorityKeyIdentifierExt.class=com.netscape.cms.policy.extensions.AuthorityKeyIdentifierExt
+ca.Policy.impl.BasicConstraintsExt.class=com.netscape.cms.policy.extensions.BasicConstraintsExt
+ca.Policy.impl.CRLDistributionPointsExt.class=com.netscape.cms.policy.extensions.CRLDistributionPointsExt
+ca.Policy.impl.CertificatePoliciesExt.class=com.netscape.cms.policy.extensions.CertificatePoliciesExt
+ca.Policy.impl.CertificateRenewalWindowExt.class=com.netscape.cms.policy.extensions.CertificateRenewalWindowExt
+ca.Policy.impl.CertificateScopeOfUseExt.class=com.netscape.cms.policy.extensions.CertificateScopeOfUseExt
+ca.Policy.impl.DSAKeyConstraints.class=com.netscape.cms.policy.constraints.DSAKeyConstraints
+ca.Policy.impl.ExtendedKeyUsageExt.class=com.netscape.cms.policy.extensions.ExtendedKeyUsageExt
+ca.Policy.impl.GenericASN1Ext.class=com.netscape.cms.policy.extensions.GenericASN1Ext
+ca.Policy.impl.IssuerAltNameExt.class=com.netscape.cms.policy.extensions.IssuerAltNameExt
+ca.Policy.impl.IssuerConstraints.class=com.netscape.cms.policy.constraints.IssuerConstraints
+ca.Policy.impl.KeyAlgorithmConstraints.class=com.netscape.cms.policy.constraints.KeyAlgorithmConstraints
+ca.Policy.impl.KeyUsageExt.class=com.netscape.cms.policy.extensions.KeyUsageExt
+ca.Policy.impl.NSCCommentExt.class=com.netscape.cms.policy.extensions.NSCCommentExt
+ca.Policy.impl.NSCertTypeExt.class=com.netscape.cms.policy.extensions.NSCertTypeExt
+ca.Policy.impl.NameConstraintsExt.class=com.netscape.cms.policy.extensions.NameConstraintsExt
+ca.Policy.impl.OCSPNoCheckExt.class=com.netscape.cms.policy.extensions.OCSPNoCheckExt
+ca.Policy.impl.PolicyConstraintsExt.class=com.netscape.cms.policy.extensions.PolicyConstraintsExt
+ca.Policy.impl.PolicyMappingsExt.class=com.netscape.cms.policy.extensions.PolicyMappingsExt
+ca.Policy.impl.PrivateKeyUsagePeriodExt.class=com.netscape.cms.policy.extensions.PrivateKeyUsagePeriodExt
+ca.Policy.impl.RSAKeyConstraints.class=com.netscape.cms.policy.constraints.RSAKeyConstraints
+ca.Policy.impl.RemoveBasicConstraintsExt.class=com.netscape.cms.policy.extensions.RemoveBasicConstraintsExt
+ca.Policy.impl.RenewalConstraints.class=com.netscape.cms.policy.constraints.RenewalConstraints
+ca.Policy.impl.RenewalValidityConstraints.class=com.netscape.cms.policy.constraints.RenewalValidityConstraints
+ca.Policy.impl.RevocationConstraints.class=com.netscape.cms.policy.constraints.RevocationConstraints
+ca.Policy.impl.SigningAlgorithmConstraints.class=com.netscape.cms.policy.constraints.SigningAlgorithmConstraints
+ca.Policy.impl.SubCANameConstraints.class=com.netscape.cms.policy.constraints.SubCANameConstraints
+ca.Policy.impl.SubjectAltNameExt.class=com.netscape.cms.policy.extensions.SubjectAltNameExt
+ca.Policy.impl.SubjectDirectoryAttributesExt.class=com.netscape.cms.policy.extensions.SubjectDirectoryAttributesExt
+ca.Policy.impl.SubjectKeyIdentifierExt.class=com.netscape.cms.policy.extensions.SubjectKeyIdentifierExt
+ca.Policy.impl.UniqueSubjectNameConstraints.class=com.netscape.cms.policy.constraints.UniqueSubjectNameConstraints
+ca.Policy.impl.ValidityConstraints.class=com.netscape.cms.policy.constraints.ValidityConstraints
+ca.Policy.rule.AuthInfoAccessExt.ad0_location=http://[PKI_MACHINE_NAME]:8080/ocsp
+ca.Policy.rule.AuthInfoAccessExt.ad0_location_type=URL
+ca.Policy.rule.AuthInfoAccessExt.ad0_method=ocsp
+ca.Policy.rule.AuthInfoAccessExt.enable=false
+ca.Policy.rule.AuthInfoAccessExt.implName=AuthInfoAccessExt
+ca.Policy.rule.AuthInfoAccessExt.numADs=1
+ca.Policy.rule.AuthInfoAccessExt.predicate=HTTP_PARAMS.certType==client
+ca.Policy.rule.AuthorityKeyIdentifierExt.enable=true
+ca.Policy.rule.AuthorityKeyIdentifierExt.implName=AuthorityKeyIdentifierExt
+ca.Policy.rule.AuthorityKeyIdentifierExt.predicate=
+ca.Policy.rule.BasicConstraintsExt.critical=true
+ca.Policy.rule.BasicConstraintsExt.enable=true
+ca.Policy.rule.BasicConstraintsExt.implName=BasicConstraintsExt
+ca.Policy.rule.BasicConstraintsExt.maxPathLen=
+ca.Policy.rule.BasicConstraintsExt.predicate=HTTP_PARAMS.certType == ca
+ca.Policy.rule.BasicConstraintsExt.removeBasicExt=true
+ca.Policy.rule.CMCertKeyUsageExt.crlSign=true
+ca.Policy.rule.CMCertKeyUsageExt.dataEncipherment=false
+ca.Policy.rule.CMCertKeyUsageExt.decipherOnly=false
+ca.Policy.rule.CMCertKeyUsageExt.digitalSignature=true
+ca.Policy.rule.CMCertKeyUsageExt.enable=true
+ca.Policy.rule.CMCertKeyUsageExt.encipherOnly=false
+ca.Policy.rule.CMCertKeyUsageExt.implName=KeyUsageExt
+ca.Policy.rule.CMCertKeyUsageExt.keyAgreement=false
+ca.Policy.rule.CMCertKeyUsageExt.keyCertsign=true
+ca.Policy.rule.CMCertKeyUsageExt.keyEncipherment=false
+ca.Policy.rule.CMCertKeyUsageExt.nonRepudiation=true
+ca.Policy.rule.CMCertKeyUsageExt.predicate=HTTP_PARAMS.certType==ca
+ca.Policy.rule.CODESigningExt.critical=false
+ca.Policy.rule.CODESigningExt.enable=true
+ca.Policy.rule.CODESigningExt.id0=1.3.6.1.5.5.7.3.3
+ca.Policy.rule.CODESigningExt.implName=ExtendedKeyUsageExt
+ca.Policy.rule.CODESigningExt.predicate=HTTP_PARAMS.certType==codeSignClient
+ca.Policy.rule.CRLDistributionPointsExt.enable=false
+ca.Policy.rule.CRLDistributionPointsExt.implName=CRLDistributionPointsExt
+ca.Policy.rule.CRLDistributionPointsExt.issuerName0=
+ca.Policy.rule.CRLDistributionPointsExt.issuerName1=
+ca.Policy.rule.CRLDistributionPointsExt.issuerName2=
+ca.Policy.rule.CRLDistributionPointsExt.issuerType0=
+ca.Policy.rule.CRLDistributionPointsExt.issuerType1=
+ca.Policy.rule.CRLDistributionPointsExt.issuerType2=
+ca.Policy.rule.CRLDistributionPointsExt.numPoints=0
+ca.Policy.rule.CRLDistributionPointsExt.pointName0=
+ca.Policy.rule.CRLDistributionPointsExt.pointName1=
+ca.Policy.rule.CRLDistributionPointsExt.pointName2=
+ca.Policy.rule.CRLDistributionPointsExt.pointType0=
+ca.Policy.rule.CRLDistributionPointsExt.pointType1=
+ca.Policy.rule.CRLDistributionPointsExt.pointType2=
+ca.Policy.rule.CRLDistributionPointsExt.predicate=
+ca.Policy.rule.CRLDistributionPointsExt.reasons0=
+ca.Policy.rule.CRLDistributionPointsExt.reasons1=
+ca.Policy.rule.CRLDistributionPointsExt.reasons2=
+ca.Policy.rule.CRLSignCertKeyUsageExt.crlSign=true
+ca.Policy.rule.CRLSignCertKeyUsageExt.dataEncipherment=false
+ca.Policy.rule.CRLSignCertKeyUsageExt.decipherOnly=false
+ca.Policy.rule.CRLSignCertKeyUsageExt.digitalSignature=false
+ca.Policy.rule.CRLSignCertKeyUsageExt.enable=true
+ca.Policy.rule.CRLSignCertKeyUsageExt.encipherOnly=false
+ca.Policy.rule.CRLSignCertKeyUsageExt.implName=KeyUsageExt
+ca.Policy.rule.CRLSignCertKeyUsageExt.keyAgreement=false
+ca.Policy.rule.CRLSignCertKeyUsageExt.keyCertsign=false
+ca.Policy.rule.CRLSignCertKeyUsageExt.keyEncipherment=false
+ca.Policy.rule.CRLSignCertKeyUsageExt.nonRepudiation=false
+ca.Policy.rule.CRLSignCertKeyUsageExt.predicate=HTTP_PARAMS.certType==caCrlSigning
+ca.Policy.rule.CertificatePoliciesExt.critical=false
+ca.Policy.rule.CertificatePoliciesExt.enable=false
+ca.Policy.rule.CertificatePoliciesExt.implName=CertificatePoliciesExt
+ca.Policy.rule.CertificatePoliciesExt.numCertPolicies=1
+ca.Policy.rule.CertificatePoliciesExt.predicate=
+ca.Policy.rule.CertificatePoliciesExt.certPolicy0.cpsURI=
+ca.Policy.rule.CertificatePoliciesExt.certPolicy0.noticeRefNumbers=
+ca.Policy.rule.CertificatePoliciesExt.certPolicy0.noticeRefOrganization=
+ca.Policy.rule.CertificatePoliciesExt.certPolicy0.policyId=
+ca.Policy.rule.CertificatePoliciesExt.certPolicy0.userNoticeExplicitText=
+ca.Policy.rule.ClientCertKeyUsageExt.crlSign=false
+ca.Policy.rule.ClientCertKeyUsageExt.dataEncipherment=false
+ca.Policy.rule.ClientCertKeyUsageExt.decipherOnly=false
+ca.Policy.rule.ClientCertKeyUsageExt.digitalSignature=true
+ca.Policy.rule.ClientCertKeyUsageExt.enable=true
+ca.Policy.rule.ClientCertKeyUsageExt.encipherOnly=false
+ca.Policy.rule.ClientCertKeyUsageExt.implName=KeyUsageExt
+ca.Policy.rule.ClientCertKeyUsageExt.keyAgreement=false
+ca.Policy.rule.ClientCertKeyUsageExt.keyCertsign=false
+ca.Policy.rule.ClientCertKeyUsageExt.keyEncipherment=true
+ca.Policy.rule.ClientCertKeyUsageExt.nonRepudiation=true
+ca.Policy.rule.ClientCertKeyUsageExt.predicate=HTTP_PARAMS.certType==client
+ca.Policy.rule.DSAKeyRule.enable=true
+ca.Policy.rule.DSAKeyRule.implName=DSAKeyConstraints
+ca.Policy.rule.DSAKeyRule.maxSize=1024
+ca.Policy.rule.DSAKeyRule.minSize=512
+ca.Policy.rule.DSAKeyRule.predicate=
+ca.Policy.rule.DefaultRenewalValidityRule.enable=true
+ca.Policy.rule.DefaultRenewalValidityRule.implName=RenewalValidityConstraints
+ca.Policy.rule.DefaultRenewalValidityRule.maxValidity=365
+ca.Policy.rule.DefaultRenewalValidityRule.minValidity=30
+ca.Policy.rule.DefaultRenewalValidityRule.predicate=
+ca.Policy.rule.DefaultRenewalValidityRule.renewalInterval=15
+ca.Policy.rule.DefaultValidityRule.enable=true
+ca.Policy.rule.DefaultValidityRule.implName=ValidityConstraints
+ca.Policy.rule.DefaultValidityRule.maxValidity=365
+ca.Policy.rule.DefaultValidityRule.minValidity=1
+ca.Policy.rule.DefaultValidityRule.predicate=
+ca.Policy.rule.GenericASN1Ext.critical=false
+ca.Policy.rule.GenericASN1Ext.enable=false
+ca.Policy.rule.GenericASN1Ext.implName=GenericASN1Ext
+ca.Policy.rule.GenericASN1Ext.name=
+ca.Policy.rule.GenericASN1Ext.oid=
+ca.Policy.rule.GenericASN1Ext.pattern=
+ca.Policy.rule.GenericASN1Ext.predicate=
+ca.Policy.rule.GenericASN1Ext.attribute.0.source=
+ca.Policy.rule.GenericASN1Ext.attribute.0.type=
+ca.Policy.rule.GenericASN1Ext.attribute.0.value=
+ca.Policy.rule.GenericASN1Ext.attribute.1.source=
+ca.Policy.rule.GenericASN1Ext.attribute.1.type=
+ca.Policy.rule.GenericASN1Ext.attribute.1.value=
+ca.Policy.rule.GenericASN1Ext.attribute.2.source=
+ca.Policy.rule.GenericASN1Ext.attribute.2.type=
+ca.Policy.rule.GenericASN1Ext.attribute.2.value=
+ca.Policy.rule.GenericASN1Ext.attribute.3.source=
+ca.Policy.rule.GenericASN1Ext.attribute.3.type=
+ca.Policy.rule.GenericASN1Ext.attribute.3.value=
+ca.Policy.rule.GenericASN1Ext.attribute.4.source=
+ca.Policy.rule.GenericASN1Ext.attribute.4.type=
+ca.Policy.rule.GenericASN1Ext.attribute.4.value=
+ca.Policy.rule.GenericASN1Ext.attribute.5.source=
+ca.Policy.rule.GenericASN1Ext.attribute.5.type=
+ca.Policy.rule.GenericASN1Ext.attribute.5.value=
+ca.Policy.rule.GenericASN1Ext.attribute.6.source=
+ca.Policy.rule.GenericASN1Ext.attribute.6.type=
+ca.Policy.rule.GenericASN1Ext.attribute.6.value=
+ca.Policy.rule.GenericASN1Ext.attribute.7.source=
+ca.Policy.rule.GenericASN1Ext.attribute.7.type=
+ca.Policy.rule.GenericASN1Ext.attribute.7.value=
+ca.Policy.rule.GenericASN1Ext.attribute.8.source=
+ca.Policy.rule.GenericASN1Ext.attribute.8.type=
+ca.Policy.rule.GenericASN1Ext.attribute.8.value=
+ca.Policy.rule.GenericASN1Ext.attribute.9.source=
+ca.Policy.rule.GenericASN1Ext.attribute.9.type=
+ca.Policy.rule.GenericASN1Ext.attribute.9.value=
+ca.Policy.rule.IssuerRule.enable=false
+ca.Policy.rule.IssuerRule.implName=IssuerConstraints
+ca.Policy.rule.IssuerRule.issuerDN=
+ca.Policy.rule.IssuerRule.predicate=HTTP_PARAMS.certType==client AND certauthEnroll==on
+ca.Policy.rule.KeyAlgRule.algorithms=RSA,DSA
+ca.Policy.rule.KeyAlgRule.enable=true
+ca.Policy.rule.KeyAlgRule.implName=KeyAlgorithmConstraints
+ca.Policy.rule.KeyAlgRule.predicate=
+ca.Policy.rule.NSCCommentExt.commentFile=
+ca.Policy.rule.NSCCommentExt.enable=false
+ca.Policy.rule.NSCCommentExt.implName=NSCCommentExt
+ca.Policy.rule.NSCCommentExt.inputType=Text
+ca.Policy.rule.NSCCommentExt.predicate=
+ca.Policy.rule.NSCertTypeExt.enable=true
+ca.Policy.rule.NSCertTypeExt.implName=NSCertTypeExt
+ca.Policy.rule.NSCertTypeExt.predicate=HTTP_PARAMS.certType!=CEP-Request
+ca.Policy.rule.NameConstraintsExt.critical=true
+ca.Policy.rule.NameConstraintsExt.enable=false
+ca.Policy.rule.NameConstraintsExt.implName=NameConstraintsExt
+ca.Policy.rule.NameConstraintsExt.numExcludedSubtrees=3
+ca.Policy.rule.NameConstraintsExt.numPermittedSubtrees=3
+ca.Policy.rule.NameConstraintsExt.predicate=HTTP_PARAMS.certType == ca
+ca.Policy.rule.NameConstraintsExt.excludedSubtrees0.max=-1
+ca.Policy.rule.NameConstraintsExt.excludedSubtrees0.min=0
+ca.Policy.rule.NameConstraintsExt.excludedSubtrees0.base.generalNameChoice=
+ca.Policy.rule.NameConstraintsExt.excludedSubtrees0.base.generalNameValue=
+ca.Policy.rule.NameConstraintsExt.excludedSubtrees1.max=-1
+ca.Policy.rule.NameConstraintsExt.excludedSubtrees1.min=0
+ca.Policy.rule.NameConstraintsExt.excludedSubtrees1.base.generalNameChoice=
+ca.Policy.rule.NameConstraintsExt.excludedSubtrees1.base.generalNameValue=
+ca.Policy.rule.NameConstraintsExt.excludedSubtrees2.max=-1
+ca.Policy.rule.NameConstraintsExt.excludedSubtrees2.min=0
+ca.Policy.rule.NameConstraintsExt.excludedSubtrees2.base.generalNameChoice=
+ca.Policy.rule.NameConstraintsExt.excludedSubtrees2.base.generalNameValue=
+ca.Policy.rule.NameConstraintsExt.permittedSubtrees0.max=-1
+ca.Policy.rule.NameConstraintsExt.permittedSubtrees0.min=0
+ca.Policy.rule.NameConstraintsExt.permittedSubtrees0.base.generalNameChoice=
+ca.Policy.rule.NameConstraintsExt.permittedSubtrees0.base.generalNameValue=
+ca.Policy.rule.NameConstraintsExt.permittedSubtrees1.max=-1
+ca.Policy.rule.NameConstraintsExt.permittedSubtrees1.min=0
+ca.Policy.rule.NameConstraintsExt.permittedSubtrees1.base.generalNameChoice=
+ca.Policy.rule.NameConstraintsExt.permittedSubtrees1.base.generalNameValue=
+ca.Policy.rule.NameConstraintsExt.permittedSubtrees2.max=-1
+ca.Policy.rule.NameConstraintsExt.permittedSubtrees2.min=0
+ca.Policy.rule.NameConstraintsExt.permittedSubtrees2.base.generalNameChoice=
+ca.Policy.rule.NameConstraintsExt.permittedSubtrees2.base.generalNameValue=
+ca.Policy.rule.OCSPNoCheckExt.critical=false
+ca.Policy.rule.OCSPNoCheckExt.enable=true
+ca.Policy.rule.OCSPNoCheckExt.implName=OCSPNoCheckExt
+ca.Policy.rule.OCSPNoCheckExt.predicate=HTTP_PARAMS.certType==ocspResponder
+ca.Policy.rule.OCSPSigningExt.critical=false
+ca.Policy.rule.OCSPSigningExt.enable=true
+ca.Policy.rule.OCSPSigningExt.id0=1.3.6.1.5.5.7.3.9
+ca.Policy.rule.OCSPSigningExt.implName=ExtendedKeyUsageExt
+ca.Policy.rule.OCSPSigningExt.predicate=HTTP_PARAMS.certType==ocspResponder
+ca.Policy.rule.ObjSignCertKeyUsageExt.crlSign=false
+ca.Policy.rule.ObjSignCertKeyUsageExt.dataEncipherment=false
+ca.Policy.rule.ObjSignCertKeyUsageExt.decipherOnly=false
+ca.Policy.rule.ObjSignCertKeyUsageExt.digitalSignature=true
+ca.Policy.rule.ObjSignCertKeyUsageExt.enable=true
+ca.Policy.rule.ObjSignCertKeyUsageExt.encipherOnly=false
+ca.Policy.rule.ObjSignCertKeyUsageExt.implName=KeyUsageExt
+ca.Policy.rule.ObjSignCertKeyUsageExt.keyAgreement=false
+ca.Policy.rule.ObjSignCertKeyUsageExt.keyCertsign=true
+ca.Policy.rule.ObjSignCertKeyUsageExt.keyEncipherment=false
+ca.Policy.rule.ObjSignCertKeyUsageExt.nonRepudiation=false
+ca.Policy.rule.ObjSignCertKeyUsageExt.predicate=HTTP_PARAMS.certType==objSignClient
+ca.Policy.rule.PolicyConstraintsExt.critical=false
+ca.Policy.rule.PolicyConstraintsExt.enable=false
+ca.Policy.rule.PolicyConstraintsExt.implName=PolicyConstraintsExt
+ca.Policy.rule.PolicyConstraintsExt.inhibitPolicyMapping=0
+ca.Policy.rule.PolicyConstraintsExt.predicate=HTTP_PARAMS.certType==ca
+ca.Policy.rule.PolicyConstraintsExt.reqExplicitPolicy=0
+ca.Policy.rule.PolicyMappingsExt.critical=false
+ca.Policy.rule.PolicyMappingsExt.enable=false
+ca.Policy.rule.PolicyMappingsExt.implName=PolicyMappingsExt
+ca.Policy.rule.PolicyMappingsExt.numPolicyMappings=1
+ca.Policy.rule.PolicyMappingsExt.predicate=HTTP_PARAMS.certType==ca
+ca.Policy.rule.PolicyMappingsExt.policyMap0.issuerDomainPolicy=
+ca.Policy.rule.PolicyMappingsExt.policyMap0.subjectDomainPolicy=
+ca.Policy.rule.RMCertKeyUsageExt.crlSign=false
+ca.Policy.rule.RMCertKeyUsageExt.dataEncipherment=false
+ca.Policy.rule.RMCertKeyUsageExt.decipherOnly=false
+ca.Policy.rule.RMCertKeyUsageExt.digitalSignature=true
+ca.Policy.rule.RMCertKeyUsageExt.enable=true
+ca.Policy.rule.RMCertKeyUsageExt.encipherOnly=false
+ca.Policy.rule.RMCertKeyUsageExt.implName=KeyUsageExt
+ca.Policy.rule.RMCertKeyUsageExt.keyAgreement=false
+ca.Policy.rule.RMCertKeyUsageExt.keyCertsign=false
+ca.Policy.rule.RMCertKeyUsageExt.keyEncipherment=false
+ca.Policy.rule.RMCertKeyUsageExt.nonRepudiation=true
+ca.Policy.rule.RMCertKeyUsageExt.predicate=HTTP_PARAMS.certType==ra
+ca.Policy.rule.RSAKeyRule.enable=false
+ca.Policy.rule.RSAKeyRule.exponents=3,7,17,65537
+ca.Policy.rule.RSAKeyRule.implName=RSAKeyConstraints
+ca.Policy.rule.RSAKeyRule.maxSize=2048
+ca.Policy.rule.RSAKeyRule.minSize=512
+ca.Policy.rule.RSAKeyRule.predicate=
+ca.Policy.rule.RenewalConstraintsRule.enable=true
+ca.Policy.rule.RenewalConstraintsRule.implName=RenewalConstraints
+ca.Policy.rule.RenewalConstraintsRule.predicate=
+ca.Policy.rule.RevocationConstraintsRule.enable=true
+ca.Policy.rule.RevocationConstraintsRule.implName=RevocationConstraints
+ca.Policy.rule.RevocationConstraintsRule.predicate=
+ca.Policy.rule.ServerCertKeyUsageExt.crlSign=false
+ca.Policy.rule.ServerCertKeyUsageExt.dataEncipherment=true
+ca.Policy.rule.ServerCertKeyUsageExt.decipherOnly=false
+ca.Policy.rule.ServerCertKeyUsageExt.digitalSignature=true
+ca.Policy.rule.ServerCertKeyUsageExt.enable=true
+ca.Policy.rule.ServerCertKeyUsageExt.encipherOnly=false
+ca.Policy.rule.ServerCertKeyUsageExt.implName=KeyUsageExt
+ca.Policy.rule.ServerCertKeyUsageExt.keyAgreement=false
+ca.Policy.rule.ServerCertKeyUsageExt.keyCertsign=false
+ca.Policy.rule.ServerCertKeyUsageExt.keyEncipherment=true
+ca.Policy.rule.ServerCertKeyUsageExt.nonRepudiation=true
+ca.Policy.rule.ServerCertKeyUsageExt.predicate=HTTP_PARAMS.certType==server
+ca.Policy.rule.SigningAlgRule.algorithms=MD5withRSA,MD2withRSA,SHA1withRSA,SHA256withRSA,SHA512withRSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC
+ca.Policy.rule.SigningAlgRule.enable=true
+ca.Policy.rule.SigningAlgRule.implName=SigningAlgorithmConstraints
+ca.Policy.rule.SigningAlgRule.predicate=
+ca.Policy.rule.SubCANameConstraints.enable=true
+ca.Policy.rule.SubCANameConstraints.implName=SubCANameConstraints
+ca.Policy.rule.SubCANameConstraints.predicate=HTTP_PARAMS.certType == ca
+ca.Policy.rule.SubjectAltNameExt.enable=true
+ca.Policy.rule.SubjectAltNameExt.implName=SubjectAltNameExt
+ca.Policy.rule.SubjectAltNameExt.numGeneralNames=3
+ca.Policy.rule.SubjectAltNameExt.predicate=HTTP_PARAMS.certType!=CEP-Request
+ca.Policy.rule.SubjectAltNameExt.generalName0.generalNameChoice=rfc822Name
+ca.Policy.rule.SubjectAltNameExt.generalName0.requestAttr=AUTH_TOKEN.mail
+ca.Policy.rule.SubjectAltNameExt.generalName1.generalNameChoice=rfc822Name
+ca.Policy.rule.SubjectAltNameExt.generalName1.requestAttr=AUTH_TOKEN.mailalternateaddress
+ca.Policy.rule.SubjectAltNameExt.generalName2.generalNameChoice=rfc822Name
+ca.Policy.rule.SubjectAltNameExt.generalName2.requestAttr=HTTP_PARAMS.csrRequestorEmail
+ca.Policy.rule.SubjectKeyIdentifierExt.enable=true
+ca.Policy.rule.SubjectKeyIdentifierExt.implName=SubjectKeyIdentifierExt
+ca.Policy.rule.SubjectKeyIdentifierExt.predicate=HTTP_PARAMS.certType==ca
+ca.Policy.rule.UniqueSubjectNameConstraints.enable=false
+ca.Policy.rule.UniqueSubjectNameConstraints.implName=UniqueSubjectNameConstraints
+ca.Policy.rule.UniqueSubjectNameConstraints.predicate=
+ca.crl._000=##
+ca.crl._001=## CA CRL
+ca.crl._002=##
+ca.crl.pageSize=100
+ca.crl.MasterCRL.allowExtensions=true
+ca.crl.MasterCRL.alwaysUpdate=false
+ca.crl.MasterCRL.autoUpdateInterval=240
+ca.crl.MasterCRL.caCertsOnly=false
+ca.crl.MasterCRL.cacheUpdateInterval=15
+ca.crl.MasterCRL.class=com.netscape.ca.CRLIssuingPoint
+ca.crl.MasterCRL.dailyUpdates=1:00
+ca.crl.MasterCRL.description=CA's complete Certificate Revocation List
+ca.crl.MasterCRL.enable=true
+ca.crl.MasterCRL.enableCRLCache=true
+ca.crl.MasterCRL.enableCRLUpdates=true
+ca.crl.MasterCRL.enableCacheTesting=false
+ca.crl.MasterCRL.enableCacheRecovery=true
+ca.crl.MasterCRL.enableDailyUpdates=true
+ca.crl.MasterCRL.enableUpdateInterval=true
+ca.crl.MasterCRL.extendedNextUpdate=true
+ca.crl.MasterCRL.includeExpiredCerts=false
+ca.crl.MasterCRL.minUpdateInterval=0
+ca.crl.MasterCRL.nextUpdateGracePeriod=0
+ca.crl.MasterCRL.publishOnStart=false
+ca.crl.MasterCRL.saveMemory=false
+ca.crl.MasterCRL.signingAlgorithm=SHA256withRSA
+ca.crl.MasterCRL.updateSchema=1
+ca.crl.MasterCRL.extension.AuthorityInformationAccess.accessLocation0=
+ca.crl.MasterCRL.extension.AuthorityInformationAccess.accessLocationType0=URI
+ca.crl.MasterCRL.extension.AuthorityInformationAccess.accessMethod0=caIssuers
+ca.crl.MasterCRL.extension.AuthorityInformationAccess.class=com.netscape.cms.crl.CMSAuthInfoAccessExtension
+ca.crl.MasterCRL.extension.AuthorityInformationAccess.critical=false
+ca.crl.MasterCRL.extension.AuthorityInformationAccess.enable=false
+ca.crl.MasterCRL.extension.AuthorityInformationAccess.numberOfAccessDescriptions=1
+ca.crl.MasterCRL.extension.AuthorityInformationAccess.type=CRLExtension
+ca.crl.MasterCRL.extension.AuthorityKeyIdentifier.class=com.netscape.cms.crl.CMSAuthorityKeyIdentifierExtension
+ca.crl.MasterCRL.extension.AuthorityKeyIdentifier.critical=false
+ca.crl.MasterCRL.extension.AuthorityKeyIdentifier.enable=false
+ca.crl.MasterCRL.extension.AuthorityKeyIdentifier.type=CRLExtension
+ca.crl.MasterCRL.extension.CRLNumber.class=com.netscape.cms.crl.CMSCRLNumberExtension
+ca.crl.MasterCRL.extension.CRLNumber.critical=false
+ca.crl.MasterCRL.extension.CRLNumber.enable=true
+ca.crl.MasterCRL.extension.CRLNumber.type=CRLExtension
+ca.crl.MasterCRL.extension.CRLReason.class=com.netscape.cms.crl.CMSCRLReasonExtension
+ca.crl.MasterCRL.extension.CRLReason.critical=false
+ca.crl.MasterCRL.extension.CRLReason.enable=true
+ca.crl.MasterCRL.extension.CRLReason.type=CRLEntryExtension
+ca.crl.MasterCRL.extension.DeltaCRLIndicator.class=com.netscape.cms.crl.CMSDeltaCRLIndicatorExtension
+ca.crl.MasterCRL.extension.DeltaCRLIndicator.critical=true
+ca.crl.MasterCRL.extension.DeltaCRLIndicator.enable=false
+ca.crl.MasterCRL.extension.DeltaCRLIndicator.type=CRLExtension
+ca.crl.MasterCRL.extension.FreshestCRL.class=com.netscape.cms.crl.CMSFreshestCRLExtension
+ca.crl.MasterCRL.extension.FreshestCRL.critical=false
+ca.crl.MasterCRL.extension.FreshestCRL.enable=false
+ca.crl.MasterCRL.extension.FreshestCRL.numPoints=0
+ca.crl.MasterCRL.extension.FreshestCRL.pointName0=
+ca.crl.MasterCRL.extension.FreshestCRL.pointType0=
+ca.crl.MasterCRL.extension.FreshestCRL.type=CRLExtension
+ca.crl.MasterCRL.extension.InvalidityDate.class=com.netscape.cms.crl.CMSInvalidityDateExtension
+ca.crl.MasterCRL.extension.InvalidityDate.critical=false
+ca.crl.MasterCRL.extension.InvalidityDate.enable=true
+ca.crl.MasterCRL.extension.InvalidityDate.type=CRLEntryExtension
+ca.crl.MasterCRL.extension.IssuerAlternativeName.class=com.netscape.cms.crl.CMSIssuerAlternativeNameExtension
+ca.crl.MasterCRL.extension.IssuerAlternativeName.critical=false
+ca.crl.MasterCRL.extension.IssuerAlternativeName.enable=false
+ca.crl.MasterCRL.extension.IssuerAlternativeName.name0=
+ca.crl.MasterCRL.extension.IssuerAlternativeName.nameType0=
+ca.crl.MasterCRL.extension.IssuerAlternativeName.numNames=0
+ca.crl.MasterCRL.extension.IssuerAlternativeName.type=CRLExtension
+ca.crl.MasterCRL.extension.IssuingDistributionPoint.class=com.netscape.cms.crl.CMSIssuingDistributionPointExtension
+ca.crl.MasterCRL.extension.IssuingDistributionPoint.critical=true
+ca.crl.MasterCRL.extension.IssuingDistributionPoint.enable=false
+ca.crl.MasterCRL.extension.IssuingDistributionPoint.indirectCRL=false
+ca.crl.MasterCRL.extension.IssuingDistributionPoint.onlyContainsCACerts=false
+ca.crl.MasterCRL.extension.IssuingDistributionPoint.onlyContainsUserCerts=false
+ca.crl.MasterCRL.extension.IssuingDistributionPoint.onlySomeReasons=
+ca.crl.MasterCRL.extension.IssuingDistributionPoint.pointName=
+ca.crl.MasterCRL.extension.IssuingDistributionPoint.pointType=
+ca.crl.MasterCRL.extension.IssuingDistributionPoint.type=CRLExtension
+ca.notification.certIssued.emailSubject=Your Certificate Request
+ca.notification.certIssued.emailTemplate=[PKI_INSTANCE_PATH]/emails/certIssued_CA.html
+ca.notification.certIssued.enabled=false
+ca.notification.certIssued.senderEmail=
+ca.notification.certRevoked.emailSubject=Your Certificate Revoked
+ca.notification.certRevoked.emailTemplate=[PKI_INSTANCE_PATH]/emails/certRevoked_CA.html
+ca.notification.certRevoked.enabled=false
+ca.notification.certRevoked.senderEmail=
+ca.notification.requestInQ.emailSubject=Certificate Request in Queue
+ca.notification.requestInQ.emailTemplate=[PKI_INSTANCE_PATH]/emails/reqInQueue_CA.html
+ca.notification.requestInQ.enabled=false
+ca.notification.requestInQ.recipientEmail=
+ca.notification.requestInQ.senderEmail=
+ca.ocsp_signing.cacertnickname=ocspSigningCert cert-[PKI_INSTANCE_ID]
+ca.ocsp_signing.defaultSigningAlgorithm=SHA256withRSA
+ca.ocsp_signing.tokenname=internal
+ca.publish.createOwnDNEntry=false
+ca.publish.queue.enable=true
+ca.publish.queue.maxNumberOfThreads=3
+ca.publish.queue.pageSize=40
+ca.publish.queue.priorityLevel=0
+ca.publish.queue.saveStatus=200
+ca.publish.mapper.impl.LdapCaSimpleMap.class=com.netscape.cms.publish.mappers.LdapCaSimpleMap
+ca.publish.mapper.impl.LdapDNCompsMap.class=com.netscape.cms.publish.mappers.LdapCertCompsMap
+ca.publish.mapper.impl.LdapDNExactMap.class=com.netscape.cms.publish.mappers.LdapCertExactMap
+ca.publish.mapper.impl.LdapEnhancedMap.class=com.netscape.cms.publish.mappers.LdapEnhancedMap
+ca.publish.mapper.impl.LdapSimpleMap.class=com.netscape.cms.publish.mappers.LdapSimpleMap
+ca.publish.mapper.impl.LdapSubjAttrMap.class=com.netscape.cms.publish.mappers.LdapCertSubjMap
+ca.publish.mapper.impl.NoMap.class=com.netscape.cms.publish.mappers.NoMap
+ca.publish.mapper.instance.LdapCaCertMap.createCAEntry=true
+ca.publish.mapper.instance.LdapCaCertMap.dnPattern=UID=$subj.cn,OU=people,O=$subj.o
+ca.publish.mapper.instance.LdapCaCertMap.pluginName=LdapCaSimpleMap
+ca.publish.mapper.instance.LdapCrlMap.createCAEntry=true
+ca.publish.mapper.instance.LdapCrlMap.dnPattern=UID=$subj.cn,OU=people,O=$subj.o
+ca.publish.mapper.instance.LdapCrlMap.pluginName=LdapCaSimpleMap
+ca.publish.mapper.instance.LdapUserCertMap.dnPattern=UID=$subj.UID,OU=people,O=$subj.o
+ca.publish.mapper.instance.LdapUserCertMap.pluginName=LdapSimpleMap
+ca.publish.mapper.instance.NoMap.pluginName=NoMap
+ca.publish.publisher.impl.FileBasedPublisher.class=com.netscape.cms.publish.publishers.FileBasedPublisher
+ca.publish.publisher.impl.LdapCaCertPublisher.class=com.netscape.cms.publish.publishers.LdapCaCertPublisher
+ca.publish.publisher.impl.LdapCertificatePairPublisher.class=com.netscape.cms.publish.publishers.LdapCertificatePairPublisher
+ca.publish.publisher.impl.LdapCrlPublisher.class=com.netscape.cms.publish.publishers.LdapCrlPublisher
+ca.publish.publisher.impl.LdapDeltaCrlPublisher.class=com.netscape.cms.publish.publishers.LdapCrlPublisher
+ca.publish.publisher.impl.LdapUserCertPublisher.class=com.netscape.cms.publish.publishers.LdapUserCertPublisher
+ca.publish.publisher.impl.OCSPPublisher.class=com.netscape.cms.publish.publishers.OCSPPublisher
+ca.publish.publisher.instance.LdapCaCertPublisher.caCertAttr=caCertificate;binary
+ca.publish.publisher.instance.LdapCaCertPublisher.caObjectClass=pkiCA
+ca.publish.publisher.instance.LdapCaCertPublisher.pluginName=LdapCaCertPublisher
+ca.publish.publisher.instance.LdapCrlPublisher.crlAttr=certificateRevocationList;binary
+ca.publish.publisher.instance.LdapCrlPublisher.pluginName=LdapCrlPublisher
+ca.publish.publisher.instance.LdapCrlPublisher.crlObjectClass=pkiCA
+ca.publish.publisher.instance.LdapCrossCertPairPublisher.caObjectClass=pkiCA
+ca.publish.publisher.instance.LdapCrossCertPairPublisher.crossCertPairAttr=crossCertificatePair;binary
+ca.publish.publisher.instance.LdapCrossCertPairPublisher.pluginName=LdapCertificatePairPublisher
+ca.publish.publisher.instance.LdapDeltaCrlPublisher.crlAttr=deltaRevocationList;binary
+ca.publish.publisher.instance.LdapDeltaCrlPublisher.crlObjectClass=pkiCA,deltaCRL
+ca.publish.publisher.instance.LdapDeltaCrlPublisher.pluginName=LdapDeltaCrlPublisher
+ca.publish.publisher.instance.LdapUserCertPublisher.certAttr=userCertificate;binary
+ca.publish.publisher.instance.LdapUserCertPublisher.pluginName=LdapUserCertPublisher
+ca.publish.rule.impl.Rule.class=com.netscape.cmscore.ldap.LdapRule
+ca.publish.rule.instance.LdapCaCertRule.enable=false
+ca.publish.rule.instance.LdapCaCertRule.mapper=LdapCaCertMap
+ca.publish.rule.instance.LdapCaCertRule.pluginName=Rule
+ca.publish.rule.instance.LdapCaCertRule.predicate=
+ca.publish.rule.instance.LdapCaCertRule.publisher=LdapCaCertPublisher
+ca.publish.rule.instance.LdapCaCertRule.type=cacert
+ca.publish.rule.instance.LdapCrlRule.enable=false
+ca.publish.rule.instance.LdapCrlRule.mapper=LdapCrlMap
+ca.publish.rule.instance.LdapCrlRule.pluginName=Rule
+ca.publish.rule.instance.LdapCrlRule.predicate=
+ca.publish.rule.instance.LdapCrlRule.publisher=LdapCrlPublisher
+ca.publish.rule.instance.LdapCrlRule.type=crl
+ca.publish.rule.instance.LdapUserCertRule.enable=false
+ca.publish.rule.instance.LdapUserCertRule.mapper=LdapUserCertMap
+ca.publish.rule.instance.LdapUserCertRule.pluginName=Rule
+ca.publish.rule.instance.LdapUserCertRule.predicate=
+ca.publish.rule.instance.LdapUserCertRule.publisher=LdapUserCertPublisher
+ca.publish.rule.instance.LdapUserCertRule.type=certs
+ca.publish.rule.instance.LdapXCertRule.enable=false
+ca.publish.rule.instance.LdapXCertRule.mapper=LdapCaCertMap
+ca.publish.rule.instance.LdapXCertRule.pluginName=Rule
+ca.publish.rule.instance.LdapXCertRule.predicate=
+ca.publish.rule.instance.LdapXCertRule.publisher=LdapCrossCertPairPublisher
+ca.publish.rule.instance.LdapXCertRule.type=xcert
+cmc.cert.confirmRequired=false
+cmc.lraPopWitness.verify.allow=true
+cmc.revokeCert.verify=true
+cmc.revokeCert.sharedSecret.class=com.netscape.cms.authentication.SharedSecret
+cmc.sharedSecret.class=com.netscape.cms.authentication.SharedSecret
+cms.passwordlist=internaldb,replicationdb
+cms.password.ignore.publishing.failure=true
+cms.version=@MAJOR_VERSION@.@MINOR_VERSION@
+cmsgateway._000=##
+cmsgateway._001=## In the event that all Admin Certificates have been lost
+cmsgateway._002=## for a given instance, perform the following steps to
+cmsgateway._003=## re-enroll for a new Admin Certificate:
+cmsgateway._004=##
+cmsgateway._005=## (1) Become 'root'
+cmsgateway._006=## (2) Type: 'service [PKI_INSTANCE_ID] stop'
+cmsgateway._007=## (3) Edit '[PKI_INSTANCE_ROOT]/[PKI_INSTANCE_ID]/conf/CS.cfg'
+cmsgateway._008=## and set the following name-value pairs (if necessary):
+cmsgateway._009=##
+cmsgateway._010=## ca.Policy.enable=true
+cmsgateway._011=## cmsgateway.enableAdminEnroll=true
+cmsgateway._012=##
+cmsgateway._013=## (4) Type: 'service [PKI_INSTANCE_ID] start'
+cmsgateway._014=## (5) Launch a browser and re-enroll for
+cmsgateway._015=## a new Admin Certificate by typing:
+cmsgateway._016=##
+cmsgateway._017=## https://[PKI_MACHINE_NAME]:[PKI_ADMIN_SECURE_PORT]/ca/admin/ca/adminEnroll.html
+cmsgateway._018=##
+cmsgateway._019=## (6) Verify that the browser contains the new
+cmsgateway._020=## Admin Certificate by successfully navigating to:
+cmsgateway._021=##
+cmsgateway._022=## https://[PKI_MACHINE_NAME]:[PKI_AGENT_SECURE_PORT]/ca/agent/ca/
+cmsgateway._023=##
+cmsgateway._024=## (7) Optionally, disable the Certificate Policies Framework
+cmsgateway._025=## by following steps (1) - (4), but ONLY resetting
+cmsgateway._026=## 'ca.Policy.enable=false', as
+cmsgateway._027=## 'cmsgateway.enableAdminEnroll=false' should have
+cmsgateway._028=## already been reset.
+cmsgateway._029=##
+cmsgateway.enableAdminEnroll=false
+https.port=8443
+http.port=8080
+dbs.enableSerialManagement=false
+dbs.beginRequestNumber=1
+dbs.endRequestNumber=10000000
+dbs.requestIncrement=10000000
+dbs.requestLowWaterMark=2000000
+dbs.requestCloneTransferNumber=10000
+dbs.requestDN=ou=ca, ou=requests
+dbs.requestRangeDN=ou=requests, ou=ranges
+dbs.beginSerialNumber=1
+dbs.endSerialNumber=10000000
+dbs.serialIncrement=10000000
+dbs.serialLowWaterMark=2000000
+dbs.serialCloneTransferNumber=10000
+dbs.serialDN=ou=certificateRepository, ou=ca
+dbs.serialRangeDN=ou=certificateRepository, ou=ranges
+dbs.beginReplicaNumber=1
+dbs.endReplicaNumber=100
+dbs.replicaIncrement=100
+dbs.replicaLowWaterMark=20
+dbs.replicaCloneTransferNumber=5
+dbs.replicaDN=ou=replica
+dbs.replicaRangeDN=ou=replica, ou=ranges
+dbs.ldap=internaldb
+dbs.newSchemaEntryAdded=true
+debug.append=true
+debug.enabled=true
+debug.filename=[PKI_INSTANCE_PATH]/logs/debug
+debug.hashkeytypes=
+debug.level=0
+debug.showcaller=false
+keys.ecc.curve.list=nistp256,nistp384,nistp521,sect163k1,nistk163,sect163r1,sect163r2,nistb163,sect193r1,sect193r2,sect233k1,nistk233,sect233r1,nistb233,sect239k1,sect283k1,nistk283,sect283r1,nistb283,sect409k1,nistk409,sect409r1,nistb409,sect571k1,nistk571,sect571r1,nistb571,secp160k1,secp160r1,secp160r2,secp192k1,secp192r1,nistp192,secp224k1,secp224r1,nistp224,secp256k1,secp256r1,secp384r1,secp521r1,prime192v1,prime192v2,prime192v3,prime239v1,prime239v2,prime239v3,c2pnb163v1,c2pnb163v2,c2pnb163v3,c2pnb176v1,c2tnb191v1,c2tnb191v2,c2tnb191v3,c2pnb208w1,c2tnb239v1,c2tnb239v2,c2tnb239v3,c2pnb272w1,c2pnb304w1,c2tnb359w1,c2pnb368w1,c2tnb431r1,secp112r1,secp112r2,secp128r1,secp128r2,sect113r1,sect113r2,sect131r1,sect131r2
+keys.ecc.curve.default=nistp521
+keys.rsa.keysize.default=2048
+internaldb._000=##
+internaldb._001=## Internal Database
+internaldb._002=##
+internaldb.basedn=
+internaldb.maxConns=15
+internaldb.minConns=3
+internaldb.ldapauth.authtype=BasicAuth
+internaldb.ldapauth.bindDN=cn=Directory Manager
+internaldb.ldapauth.bindPWPrompt=Internal LDAP Database
+internaldb.ldapauth.clientCertNickname=
+internaldb.ldapconn.host=
+internaldb.ldapconn.port=
+internaldb.ldapconn.secureConn=false
+preop.internaldb.schema.ldif=/usr/share/[PKI_FLAVOR]/ca/conf/schema.ldif
+preop.internaldb.ldif=/usr/share/[PKI_FLAVOR]/ca/conf/database.ldif
+preop.internaldb.data_ldif=/usr/share/[PKI_FLAVOR]/ca/conf/db.ldif,/usr/share/[PKI_FLAVOR]/ca/conf/acl.ldif
+preop.internaldb.index_ldif=
+preop.internaldb.post_ldif=/usr/share/[PKI_FLAVOR]/ca/conf/index.ldif,/usr/share/[PKI_FLAVOR]/ca/conf/vlv.ldif,/usr/share/[PKI_FLAVOR]/ca/conf/vlvtasks.ldif
+preop.internaldb.wait_dn=cn=index1160589769, cn=index, cn=tasks, cn=config
+internaldb.multipleSuffix.enable=false
+jobsScheduler._000=##
+jobsScheduler._001=## jobScheduler
+jobsScheduler._002=##
+jobsScheduler.enabled=false
+jobsScheduler.interval=1
+jobsScheduler.impl.PublishCertsJob.class=com.netscape.cms.jobs.PublishCertsJob
+jobsScheduler.impl.RenewalNotificationJob.class=com.netscape.cms.jobs.RenewalNotificationJob
+jobsScheduler.impl.RequestInQueueJob.class=com.netscape.cms.jobs.RequestInQueueJob
+jobsScheduler.impl.UnpublishExpiredJob.class=com.netscape.cms.jobs.UnpublishExpiredJob
+jobsScheduler.job.certRenewalNotifier.cron=0 3 * * 1-5
+jobsScheduler.job.certRenewalNotifier.emailSubject=Certificate Renewal Notification
+jobsScheduler.job.certRenewalNotifier.emailTemplate=[PKI_INSTANCE_PATH]/emails/rnJob1.txt
+jobsScheduler.job.certRenewalNotifier.enabled=false
+jobsScheduler.job.certRenewalNotifier.notifyEndOffset=30
+jobsScheduler.job.certRenewalNotifier.notifyTriggerOffset=30
+jobsScheduler.job.certRenewalNotifier.pluginName=RenewalNotificationJob
+jobsScheduler.job.certRenewalNotifier.senderEmail=
+jobsScheduler.job.certRenewalNotifier.summary.emailSubject=Certificate Renewal Notification Summary
+jobsScheduler.job.certRenewalNotifier.summary.emailTemplate=[PKI_INSTANCE_PATH]/emails/rnJob1Summary.txt
+jobsScheduler.job.certRenewalNotifier.summary.enabled=true
+jobsScheduler.job.certRenewalNotifier.summary.itemTemplate=[PKI_INSTANCE_PATH]/emails/rnJob1Item.txt
+jobsScheduler.job.certRenewalNotifier.summary.recipientEmail=
+jobsScheduler.job.certRenewalNotifier.summary.senderEmail=
+jobsScheduler.job.publishCerts.cron=0 0 * * 2
+jobsScheduler.job.publishCerts.enabled=false
+jobsScheduler.job.publishCerts.pluginName=PublishCertsJob
+jobsScheduler.job.publishCerts.summary.emailSubject=Certs Publishing Summary
+jobsScheduler.job.publishCerts.summary.emailTemplate=[PKI_INSTANCE_PATH]/emails/publishCerts.html
+jobsScheduler.job.publishCerts.summary.enabled=true
+jobsScheduler.job.publishCerts.summary.itemTemplate=[PKI_INSTANCE_PATH]/emails/publishCertsItem.html
+jobsScheduler.job.publishCerts.summary.recipientEmail=
+jobsScheduler.job.publishCerts.summary.senderEmail=
+jobsScheduler.job.requestInQueueNotifier.cron=0 0 * * 0
+jobsScheduler.job.requestInQueueNotifier.enabled=false
+jobsScheduler.job.requestInQueueNotifier.pluginName=RequestInQueueJob
+jobsScheduler.job.requestInQueueNotifier.subsystemId=ca
+jobsScheduler.job.requestInQueueNotifier.summary.emailSubject=Requests in Queue Summary Report
+jobsScheduler.job.requestInQueueNotifier.summary.emailTemplate=[PKI_INSTANCE_PATH]/emails/riq1Summary.html
+jobsScheduler.job.requestInQueueNotifier.summary.enabled=true
+jobsScheduler.job.requestInQueueNotifier.summary.recipientEmail=
+jobsScheduler.job.requestInQueueNotifier.summary.senderEmail=
+jobsScheduler.job.unpublishExpiredCerts.cron=0 0 * * 6
+jobsScheduler.job.unpublishExpiredCerts.enabled=false
+jobsScheduler.job.unpublishExpiredCerts.pluginName=UnpublishExpiredJob
+jobsScheduler.job.unpublishExpiredCerts.summary.emailSubject=Expired Certs Unpublished Summary
+jobsScheduler.job.unpublishExpiredCerts.summary.emailTemplate=[PKI_INSTANCE_PATH]/emails/euJob1.html
+jobsScheduler.job.unpublishExpiredCerts.summary.enabled=true
+jobsScheduler.job.unpublishExpiredCerts.summary.itemTemplate=[PKI_INSTANCE_PATH]/emails/euJob1Item.html
+jobsScheduler.job.unpublishExpiredCerts.summary.recipientEmail=
+jobsScheduler.job.unpublishExpiredCerts.summary.senderEmail=
+jss._000=##
+jss._001=## JSS
+jss._002=##
+jss.configDir=[PKI_INSTANCE_PATH]/alias/
+jss.enable=true
+jss.secmodName=secmod.db
+jss.ocspcheck.enable=false
+jss.ssl.cipherfortezza=true
+jss.ssl.cipherpref=
+jss.ssl.cipherversion=cipherdomestic
+log._000=##
+log._001=## Logging
+log._002=##
+log.impl.file.class=com.netscape.cms.logging.RollingLogFile
+log.instance.SignedAudit._000=##
+log.instance.SignedAudit._001=## Signed Audit Logging
+log.instance.SignedAudit._002=##
+log.instance.SignedAudit._003=##
+log.instance.SignedAudit._004=## Available Audit events:
+log.instance.SignedAudit._005=## AUDIT_LOG_STARTUP,AUDIT_LOG_SHUTDOWN,ROLE_ASSUME,CONFIG_CERT_POLICY,CONFIG_CERT_PROFILE,CONFIG_CRL_PROFILE,CONFIG_OCSP_PROFILE,CONFIG_AUTH,CONFIG_ROLE,CONFIG_ACL,CONFIG_SIGNED_AUDIT,CONFIG_ENCRYPTION,CONFIG_TRUSTED_PUBLIC_KEY,CONFIG_DRM,SELFTESTS_EXECUTION,AUDIT_LOG_DELETE,LOG_PATH_CHANGE,LOG_EXPIRATION_CHANGE,PRIVATE_KEY_ARCHIVE_REQUEST,PRIVATE_KEY_ARCHIVE_REQUEST_PROCESSED,PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS,PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE,KEY_RECOVERY_REQUEST,KEY_RECOVERY_REQUEST_ASYNC,KEY_RECOVERY_AGENT_LOGIN,KEY_RECOVERY_REQUEST_PROCESSED,KEY_RECOVERY_REQUEST_PROCESSED_ASYNC,KEY_GEN_ASYMMETRIC,NON_PROFILE_CERT_REQUEST,PROFILE_CERT_REQUEST,CERT_REQUEST_PROCESSED,CERT_STATUS_CHANGE_REQUEST,CERT_STATUS_CHANGE_REQUEST_PROCESSED,AUTHZ_SUCCESS,AUTHZ_FAIL,INTER_BOUNDARY,AUTH_FAIL,AUTH_SUCCESS,CERT_PROFILE_APPROVAL,PROOF_OF_POSSESSION,CRL_RETRIEVAL,CRL_VALIDATION,CMC_SIGNED_REQUEST_SIG_VERIFY,SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_FAILURE,SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_SUCCESS,SERVER_SIDE_KEYGEN_REQUEST,COMPUTE_SESSION_KEY_REQUEST,COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS, COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE,DIVERSIFY_KEY_REQUEST,DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS, DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE,ENCRYPT_DATA_REQUEST,ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS,ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE,OCSP_ADD_CA_REQUEST,OCSP_ADD_CA_REQUEST_PROCESSED,OCSP_REMOVE_CA_REQUEST,OCSP_REMOVE_CA_REQUEST_PROCESSED_SUCCESS,OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE,COMPUTE_RANDOM_DATA_REQUEST,COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_SUCCESS,COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_FAILURE,CIMC_CERT_VERIFICATION
+log.instance.SignedAudit._006=##
+log.instance.SignedAudit.bufferSize=512
+log.instance.SignedAudit.enable=true
+log.instance.SignedAudit.events=AUDIT_LOG_STARTUP,AUDIT_LOG_SHUTDOWN,ROLE_ASSUME,CONFIG_CERT_POLICY,CONFIG_CERT_PROFILE,CONFIG_CRL_PROFILE,CONFIG_OCSP_PROFILE,CONFIG_AUTH,CONFIG_ROLE,CONFIG_ACL,CONFIG_SIGNED_AUDIT,CONFIG_ENCRYPTION,CONFIG_TRUSTED_PUBLIC_KEY,CONFIG_DRM,SELFTESTS_EXECUTION,AUDIT_LOG_DELETE,LOG_PATH_CHANGE,PRIVATE_KEY_ARCHIVE_REQUEST,PRIVATE_KEY_ARCHIVE_REQUEST_PROCESSED,PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS,PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE,KEY_RECOVERY_REQUEST,KEY_RECOVERY_REQUEST_ASYNC,KEY_RECOVERY_AGENT_LOGIN,KEY_RECOVERY_REQUEST_PROCESSED,KEY_RECOVERY_REQUEST_PROCESSED_ASYNC,KEY_GEN_ASYMMETRIC,NON_PROFILE_CERT_REQUEST,PROFILE_CERT_REQUEST,CERT_REQUEST_PROCESSED,CERT_STATUS_CHANGE_REQUEST,CERT_STATUS_CHANGE_REQUEST_PROCESSED,AUTHZ_SUCCESS,AUTHZ_FAIL,INTER_BOUNDARY,AUTH_FAIL,AUTH_SUCCESS,CERT_PROFILE_APPROVAL,PROOF_OF_POSSESSION,CRL_RETRIEVAL,CRL_VALIDATION,CMC_SIGNED_REQUEST_SIG_VERIFY,SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_FAILURE,SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_SUCCESS,SERVER_SIDE_KEYGEN_REQUEST,COMPUTE_SESSION_KEY_REQUEST,COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS, COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE,DIVERSIFY_KEY_REQUEST,DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS, DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE,ENCRYPT_DATA_REQUEST,ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS,ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE,OCSP_ADD_CA_REQUEST,OCSP_ADD_CA_REQUEST_PROCESSED,OCSP_REMOVE_CA_REQUEST,OCSP_REMOVE_CA_REQUEST_PROCESSED_SUCCESS,OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE,COMPUTE_RANDOM_DATA_REQUEST,COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_SUCCESS,COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_FAILURE,CIMC_CERT_VERIFICATION
+log.instance.SignedAudit.expirationTime=0
+log.instance.SignedAudit.fileName=[PKI_INSTANCE_PATH]/logs/signedAudit/ca_audit
+log.instance.SignedAudit.flushInterval=5
+log.instance.SignedAudit.level=1
+log.instance.SignedAudit.logSigning=false
+log.instance.SignedAudit.maxFileSize=2000
+log.instance.SignedAudit.pluginName=file
+log.instance.SignedAudit.rolloverInterval=2592000
+log.instance.SignedAudit.signedAudit=_002=##
+log.instance.SignedAudit.signedAuditCertNickname=auditSigningCert cert-[PKI_INSTANCE_ID]
+log.instance.SignedAudit.type=signedAudit
+log.instance.System._000=##
+log.instance.System._001=## System Logging
+log.instance.System._002=##
+log.instance.System.bufferSize=512
+log.instance.System.enable=true
+log.instance.System.expirationTime=0
+log.instance.System.fileName=[PKI_INSTANCE_PATH]/logs/system
+log.instance.System.flushInterval=5
+log.instance.System.level=3
+log.instance.System.maxFileSize=2000
+log.instance.System.pluginName=file
+log.instance.System.rolloverInterval=2592000
+log.instance.System.type=system
+log.instance.Transactions._000=##
+log.instance.Transactions._001=## Transaction Logging
+log.instance.Transactions._002=##
+log.instance.Transactions.bufferSize=512
+log.instance.Transactions.enable=true
+log.instance.Transactions.expirationTime=0
+log.instance.Transactions.fileName=[PKI_INSTANCE_PATH]/logs/transactions
+log.instance.Transactions.flushInterval=5
+log.instance.Transactions.level=1
+log.instance.Transactions.maxFileSize=2000
+log.instance.Transactions.pluginName=file
+log.instance.Transactions.rolloverInterval=2592000
+log.instance.Transactions.type=transaction
+logAudit.fileName=[PKI_INSTANCE_PATH]/logs/access
+logError.fileName=[PKI_INSTANCE_PATH]/logs/error
+oidmap.auth_info_access.class=netscape.security.extensions.AuthInfoAccessExtension
+oidmap.auth_info_access.oid=1.3.6.1.5.5.7.1.1
+oidmap.challenge_password.class=com.netscape.cms.servlet.cert.scep.ChallengePassword
+oidmap.challenge_password.oid=1.2.840.113549.1.9.7
+oidmap.extended_key_usage.class=netscape.security.extensions.ExtendedKeyUsageExtension
+oidmap.extended_key_usage.oid=2.5.29.37
+oidmap.extensions_requested_pkcs9.class=com.netscape.cms.servlet.cert.scep.ExtensionsRequested
+oidmap.extensions_requested_pkcs9.oid=1.2.840.113549.1.9.14
+oidmap.extensions_requested_vsgn.class=com.netscape.cms.servlet.cert.scep.ExtensionsRequested
+oidmap.extensions_requested_vsgn.oid=2.16.840.1.113733.1.9.8
+oidmap.netscape_comment.class=netscape.security.x509.NSCCommentExtension
+oidmap.netscape_comment.oid=2.16.840.1.113730.1.13
+oidmap.ocsp_no_check.class=netscape.security.extensions.OCSPNoCheckExtension
+oidmap.ocsp_no_check.oid=1.3.6.1.5.5.7.48.1.5
+oidmap.pse.class=netscape.security.extensions.PresenceServerExtension
+oidmap.pse.oid=2.16.840.1.113730.1.18
+oidmap.subject_info_access.class=netscape.security.extensions.SubjectInfoAccessExtension
+oidmap.subject_info_access.oid=1.3.6.1.5.5.7.1.11
+os.userid=nobody
+profile.list=caUserCert,caUserSMIMEcapCert,caDualCert,caSignedLogCert,caTPSCert,caRARouterCert,caRouterCert,caServerCert,caOtherCert,caCACert,caInstallCACert,caRACert,caOCSPCert,caTransportCert,caDirUserCert,caAgentServerCert,caAgentFileSigning,caCMCUserCert,caFullCMCUserCert,caSimpleCMCUserCert,caTokenDeviceKeyEnrollment,caTokenUserEncryptionKeyEnrollment,caTokenUserSigningKeyEnrollment,caTempTokenDeviceKeyEnrollment,caTempTokenUserEncryptionKeyEnrollment,caTempTokenUserSigningKeyEnrollment,caAdminCert,caInternalAuthServerCert,caInternalAuthTransportCert,caInternalAuthDRMstorageCert,caInternalAuthSubsystemCert,caInternalAuthOCSPCert,caInternalAuthAuditSigningCert,DomainController,caDualRAuserCert,caRAagentCert,caRAserverCert,caUUIDdeviceCert,caSSLClientSelfRenewal,caDirUserRenewal,caManualRenewal,caTokenMSLoginEnrollment,caTokenUserSigningKeyRenewal,caTokenUserEncryptionKeyRenewal,caJarSigningCert,caIPAserviceCert
+profile.caUUIDdeviceCert.class_id=caEnrollImpl
+profile.caUUIDdeviceCert.config=[PKI_INSTANCE_PATH]/profiles/ca/caUUIDdeviceCert.cfg
+profile.caManualRenewal.class_id=caEnrollImpl
+profile.caManualRenewal.config=[PKI_INSTANCE_PATH]/profiles/ca/caManualRenewal.cfg
+profile.caDirUserRenewal.class_id=caEnrollImpl
+profile.caDirUserRenewal.config=[PKI_INSTANCE_PATH]/profiles/ca/caDirUserRenewal.cfg
+profile.caSSLClientSelfRenewal.class_id=caEnrollImpl
+profile.caSSLClientSelfRenewal.config=[PKI_INSTANCE_PATH]/profiles/ca/caSSLClientSelfRenewal.cfg
+profile.DomainController.class_id=caEnrollImpl
+profile.DomainController.config=[PKI_INSTANCE_PATH]/profiles/ca/DomainController.cfg
+profile.caAgentFileSigning.class_id=caEnrollImpl
+profile.caAgentFileSigning.config=[PKI_INSTANCE_PATH]/profiles/ca/caAgentFileSigning.cfg
+profile.caAgentServerCert.class_id=caEnrollImpl
+profile.caAgentServerCert.config=[PKI_INSTANCE_PATH]/profiles/ca/caAgentServerCert.cfg
+profile.caRAserverCert.class_id=caEnrollImpl
+profile.caRAserverCert.config=[PKI_INSTANCE_PATH]/profiles/ca/caRAserverCert.cfg
+profile.caCACert.class_id=caEnrollImpl
+profile.caCACert.config=[PKI_INSTANCE_PATH]/profiles/ca/caCACert.cfg
+profile.caInstallCACert.class_id=caEnrollImpl
+profile.caInstallCACert.config=[PKI_INSTANCE_PATH]/profiles/ca/caInstallCACert.cfg
+profile.caCMCUserCert.class_id=caEnrollImpl
+profile.caCMCUserCert.config=[PKI_INSTANCE_PATH]/profiles/ca/caCMCUserCert.cfg
+profile.caDirUserCert.class_id=caEnrollImpl
+profile.caDirUserCert.config=[PKI_INSTANCE_PATH]/profiles/ca/caDirUserCert.cfg
+profile.caDualCert.class_id=caEnrollImpl
+profile.caDualCert.config=[PKI_INSTANCE_PATH]/profiles/ca/caDualCert.cfg
+profile.caDualRAuserCert.class_id=caEnrollImpl
+profile.caDualRAuserCert.config=[PKI_INSTANCE_PATH]/profiles/ca/caDualRAuserCert.cfg
+profile.caRAagentCert.class_id=caEnrollImpl
+profile.caRAagentCert.config=[PKI_INSTANCE_PATH]/profiles/ca/caRAagentCert.cfg
+profile.caFullCMCUserCert.class_id=caEnrollImpl
+profile.caFullCMCUserCert.config=[PKI_INSTANCE_PATH]/profiles/ca/caFullCMCUserCert.cfg
+profile.caInternalAuthOCSPCert.class_id=caEnrollImpl
+profile.caInternalAuthOCSPCert.config=[PKI_INSTANCE_PATH]/profiles/ca/caInternalAuthOCSPCert.cfg
+profile.caInternalAuthAuditSigningCert.class_id=caEnrollImpl
+profile.caInternalAuthAuditSigningCert.config=[PKI_INSTANCE_PATH]/profiles/ca/caInternalAuthAuditSigningCert.cfg
+profile.caInternalAuthServerCert.class_id=caEnrollImpl
+profile.caInternalAuthServerCert.config=[PKI_INSTANCE_PATH]/profiles/ca/caInternalAuthServerCert.cfg
+profile.caInternalAuthSubsystemCert.class_id=caEnrollImpl
+profile.caInternalAuthSubsystemCert.config=[PKI_INSTANCE_PATH]/profiles/ca/caInternalAuthSubsystemCert.cfg
+profile.caInternalAuthDRMstorageCert.class_id=caEnrollImpl
+profile.caInternalAuthDRMstorageCert.config=[PKI_INSTANCE_PATH]/profiles/ca/caInternalAuthDRMstorageCert.cfg
+profile.caInternalAuthTransportCert.class_id=caEnrollImpl
+profile.caInternalAuthTransportCert.config=[PKI_INSTANCE_PATH]/profiles/ca/caInternalAuthTransportCert.cfg
+profile.caOCSPCert.class_id=caEnrollImpl
+profile.caOCSPCert.config=[PKI_INSTANCE_PATH]/profiles/ca/caOCSPCert.cfg
+profile.caOtherCert.class_id=caEnrollImpl
+profile.caOtherCert.config=[PKI_INSTANCE_PATH]/profiles/ca/caOtherCert.cfg
+profile.caRACert.class_id=caEnrollImpl
+profile.caRACert.config=[PKI_INSTANCE_PATH]/profiles/ca/caRACert.cfg
+profile.caRARouterCert.class_id=caEnrollImpl
+profile.caRARouterCert.config=[PKI_INSTANCE_PATH]/profiles/ca/caRARouterCert.cfg
+profile.caRouterCert.class_id=caEnrollImpl
+profile.caRouterCert.config=[PKI_INSTANCE_PATH]/profiles/ca/caRouterCert.cfg
+profile.caServerCert.class_id=caEnrollImpl
+profile.caServerCert.config=[PKI_INSTANCE_PATH]/profiles/ca/caServerCert.cfg
+profile.caSignedLogCert.class_id=caEnrollImpl
+profile.caSignedLogCert.config=[PKI_INSTANCE_PATH]/profiles/ca/caSignedLogCert.cfg
+profile.caSimpleCMCUserCert.class_id=caEnrollImpl
+profile.caSimpleCMCUserCert.config=[PKI_INSTANCE_PATH]/profiles/ca/caSimpleCMCUserCert.cfg
+profile.caTPSCert.class_id=caEnrollImpl
+profile.caTPSCert.config=[PKI_INSTANCE_PATH]/profiles/ca/caTPSCert.cfg
+profile.caAdminCert.class_id=caEnrollImpl
+profile.caAdminCert.config=[PKI_INSTANCE_PATH]/profiles/ca/caAdminCert.cfg
+profile.caTempTokenDeviceKeyEnrollment.class_id=caUserCertEnrollImpl
+profile.caTempTokenDeviceKeyEnrollment.config=[PKI_INSTANCE_PATH]/profiles/ca/caTempTokenDeviceKeyEnrollment.cfg
+profile.caTempTokenUserEncryptionKeyEnrollment.class_id=caUserCertEnrollImpl
+profile.caTempTokenUserEncryptionKeyEnrollment.config=[PKI_INSTANCE_PATH]/profiles/ca/caTempTokenUserEncryptionKeyEnrollment.cfg
+profile.caTokenUserEncryptionKeyRenewal.class_id=caUserCertEnrollImpl
+profile.caTokenUserEncryptionKeyRenewal.config=[PKI_INSTANCE_PATH]/profiles/ca/caTokenUserEncryptionKeyRenewal.cfg
+profile.caTempTokenUserSigningKeyEnrollment.class_id=caUserCertEnrollImpl
+profile.caTempTokenUserSigningKeyEnrollment.config=[PKI_INSTANCE_PATH]/profiles/ca/caTempTokenUserSigningKeyEnrollment.cfg
+profile.caTokenUserSigningKeyRenewal.class_id=caUserCertEnrollImpl
+profile.caTokenUserSigningKeyRenewal.config=[PKI_INSTANCE_PATH]/profiles/ca/caTokenUserSigningKeyRenewal.cfg
+profile.caTokenDeviceKeyEnrollment.class_id=caUserCertEnrollImpl
+profile.caTokenDeviceKeyEnrollment.config=[PKI_INSTANCE_PATH]/profiles/ca/caTokenDeviceKeyEnrollment.cfg
+profile.caTokenUserEncryptionKeyEnrollment.class_id=caUserCertEnrollImpl
+profile.caTokenUserEncryptionKeyEnrollment.config=[PKI_INSTANCE_PATH]/profiles/ca/caTokenUserEncryptionKeyEnrollment.cfg
+profile.caTokenUserSigningKeyEnrollment.class_id=caUserCertEnrollImpl
+profile.caTokenUserSigningKeyEnrollment.config=[PKI_INSTANCE_PATH]/profiles/ca/caTokenUserSigningKeyEnrollment.cfg
+profile.caTokenMSLoginEnrollment.class_id=caUserCertEnrollImpl
+profile.caTokenMSLoginEnrollment.config=[PKI_INSTANCE_PATH]/profiles/ca/caTokenMSLoginEnrollment.cfg
+profile.caTransportCert.class_id=caEnrollImpl
+profile.caTransportCert.config=[PKI_INSTANCE_PATH]/profiles/ca/caTransportCert.cfg
+profile.caUserCert.class_id=caEnrollImpl
+profile.caUserCert.config=[PKI_INSTANCE_PATH]/profiles/ca/caUserCert.cfg
+profile.caUserSMIMEcapCert.class_id=caEnrollImpl
+profile.caUserSMIMEcapCert.config=[PKI_INSTANCE_PATH]/profiles/ca/caUserSMIMEcapCert.cfg
+profile.caJarSigningCert.class_id=caEnrollImpl
+profile.caJarSigningCert.config=[PKI_INSTANCE_PATH]/profiles/ca/caJarSigningCert.cfg
+profile.caIPAserviceCert.class_id=caEnrollImpl
+profile.caIPAserviceCert.config=[PKI_INSTANCE_PATH]/profiles/ca/caIPAserviceCert.cfg
+registry.file=[PKI_INSTANCE_PATH]/conf/registry.cfg
+request.assignee.enable=true
+selftests._000=##
+selftests._001=## Self Tests
+selftests._002=##
+selftests._003=## The Self-Test plugin SystemCertsVerification uses the
+selftests._004=## following parameters (where certusage is optional):
+selftests._005=## ca.cert.list = <list of cert tag names deliminated by ",">
+selftests._006=## ca.cert.<cert tag name>.nickname
+selftests._007=## ca.cert.<cert tag name>.certusage
+selftests._008=##
+selftests.container.instance.CAPresence=com.netscape.cms.selftests.ca.CAPresence
+selftests.container.instance.CAValidity=com.netscape.cms.selftests.ca.CAValidity
+selftests.container.instance.SystemCertsVerification=com.netscape.cms.selftests.common.SystemCertsVerification
+selftests.container.logger.bufferSize=512
+selftests.container.logger.class=com.netscape.cms.logging.RollingLogFile
+selftests.container.logger.enable=true
+selftests.container.logger.expirationTime=0
+selftests.container.logger.fileName=[PKI_INSTANCE_PATH]/logs/selftests.log
+selftests.container.logger.flushInterval=5
+selftests.container.logger.level=1
+selftests.container.logger.maxFileSize=2000
+selftests.container.logger.register=false
+selftests.container.logger.rolloverInterval=2592000
+selftests.container.logger.type=transaction
+selftests.container.order.onDemand=CAPresence:critical, SystemCertsVerification:critical, CAValidity:critical
+selftests.container.order.startup=CAPresence:critical, SystemCertsVerification:critical
+selftests.plugin.CAPresence.CaSubId=ca
+selftests.plugin.CAValidity.CaSubId=ca
+selftests.plugin.SystemCertsVerification.SubId=ca
+smtp.host=localhost
+smtp.port=25
+subsystem.0.class=com.netscape.ca.CertificateAuthority
+subsystem.0.id=ca
+subsystem.1.class=com.netscape.cmscore.profile.ProfileSubsystem
+subsystem.1.id=profile
+subsystem.2.class=com.netscape.cmscore.selftests.SelfTestSubsystem
+subsystem.2.id=selftests
+subsystem.3.class=com.netscape.cmscore.cert.CrossCertPairSubsystem
+subsystem.3.id=CrossCertPair
+subsystem.4.class=com.netscape.cmscore.util.StatsSubsystem
+subsystem.4.id=stats
+usrgrp._000=##
+usrgrp._001=## User/Group
+usrgrp._002=##
+usrgrp.ldap=internaldb
+multiroles._000=##
+multiroles._001=## multiroles
+multiroles._002=##
+multiroles.enable=true
+multiroles.false.groupEnforceList=Administrators,Auditors,Trusted Managers,Certificate Manager Agents,Registration Manager Agents,Data Recovery Manager Agents,Online Certificate Status Manager Agents,Token Key Service Manager Agents,Enterprise CA Administrators,Enterprise KRA Adminstrators,Enterprise OCSP Administrators,Enterprise RA Administrators,Enterprise TKS Administrators,Enterprise TPS Administrators,Security Domain Administrators,Subsystem Group
generated by cgit (git 2.34.1) at 2024-04-26 18:03:39 +0000