summaryrefslogtreecommitdiffstats
path: root/pki/base/kra/shared/conf/CS.cfg
diff options
context:
space:
mode:
Diffstat (limited to 'pki/base/kra/shared/conf/CS.cfg')
-rw-r--r--pki/base/kra/shared/conf/CS.cfg286
1 files changed, 286 insertions, 0 deletions
diff --git a/pki/base/kra/shared/conf/CS.cfg b/pki/base/kra/shared/conf/CS.cfg
new file mode 100644
index 000000000..7bd887274
--- /dev/null
+++ b/pki/base/kra/shared/conf/CS.cfg
@@ -0,0 +1,286 @@
+installDate=[INSTALL_TIME]
+preop.wizard.name=DRM Setup Wizard
+preop.product.name=CS
+preop.product.version=
+preop.system.name=DRM
+preop.system.fullname=Data Recovery Manager
+cs.state=0
+cs.type=KRA
+admin.interface.uri=kra/admin/console/config/wizard
+agent.interface.uri=kra/agent/kra
+authType=pwd
+preop.securitydomain.url=https://[PKI_MACHINE_NAME]:9443
+instanceRoot=[PKI_INSTANCE_PATH]
+machineName=[PKI_MACHINE_NAME]
+instanceId=[PKI_INSTANCE_ID]
+service.securePort=[PKI_SECURE_PORT]
+preop.admin.name=Data Recovery Manager Administrator
+preop.admin.group=Data Recovery Manager Agents
+preop.admincert.profile=caAdminCert
+preop.pin=[PKI_RANDOM_NUMBER]
+preop.cert.list=transport,storage,sslserver,subsystem
+preop.cert.transport.enable=true
+preop.cert.storage.enable=true
+preop.cert.sslserver.enable=true
+preop.cert.subsystem.enable=true
+preop.cert.storage.defaultSigningAlgorithm=SHA1withRSA
+preop.cert.storage.dn=CN=DRM Storage Certificate
+preop.cert.storage.keysize.custom_size=2048
+preop.cert.storage.keysize.size=2048
+preop.cert.storage.nickname=storageCert cert-[PKI_INSTANCE_ID]
+preop.cert.storage.profile=caInternalAuthDRMstorageCert
+preop.cert.storage.subsystem=kra
+preop.cert.storage.type=remote
+preop.cert.storage.userfriendlyname=Storage Certificate
+preop.cert.storage.cncomponent.override=true
+preop.cert.transport.defaultSigningAlgorithm=SHA1withRSA
+preop.cert.transport.dn=CN=DRM Transport Certificate
+preop.cert.transport.keysize.custom_size=2048
+preop.cert.transport.keysize.size=2048
+preop.cert.transport.nickname=transportCert cert-[PKI_INSTANCE_ID]
+preop.cert.transport.profile=caInternalAuthTransportCert
+preop.cert.transport.subsystem=kra
+preop.cert.transport.type=remote
+preop.cert.transport.userfriendlyname=Transport Certificate
+preop.cert.transport.cncomponent.override=true
+preop.cert.sslserver.defaultSigningAlgorithm=SHA1withRSA
+preop.cert.sslserver.dn=CN=[PKI_MACHINE_NAME]
+preop.cert.sslserver.keysize.custom_size=2048
+preop.cert.sslserver.keysize.size=2048
+preop.cert.sslserver.nickname=Server-Cert cert-[PKI_INSTANCE_ID]
+preop.cert.sslserver.profile=caInternalAuthServerCert
+preop.cert.sslserver.subsystem=kra
+preop.cert.sslserver.type=remote
+preop.cert.sslserver.userfriendlyname=SSL Server Certificate
+preop.cert.sslserver.cncomponent.override=false
+preop.cert.subsystem.defaultSigningAlgorithm=SHA1withRSA
+preop.cert.subsystem.dn=CN=DRM Subsystem Certificate
+preop.cert.subsystem.keysize.custom_size=2048
+preop.cert.subsystem.keysize.size=2048
+preop.cert.subsystem.nickname=subsystemCert cert-[PKI_INSTANCE_ID]
+preop.cert.subsystem.profile=caInternalAuthSubsystemCert
+preop.cert.subsystem.subsystem=kra
+preop.cert.subsystem.type=remote
+preop.cert.subsystem.userfriendlyname=Subsystem Certificate
+preop.cert.subsystem.cncomponent.override=true
+preop.hierarchy.profile=caCert.profile
+preop.configModules.module0.userFriendlyName=NSS Internal PKCS #11 Module
+preop.configModules.module0.commonName=NSS Internal PKCS #11 Module
+preop.configModules.module0.imagePath=../img/clearpixel.gif
+preop.configModules.module1.userFriendlyName=nCipher's nFast Token Hardware Module
+preop.configModules.module1.commonName=nfast
+preop.configModules.module1.imagePath=../img/clearpixel.gif
+preop.configModules.module2.userFriendlyName=SafeNet's LunaSA Token Hardware Module
+preop.configModules.module2.commonName=lunasa
+preop.configModules.module2.imagePath=../img/clearpixel.gif
+preop.configModules.count=3
+preop.module.token=Internal Key Storage Token
+passwordFile=[PKI_INSTANCE_PATH]/conf/password.conf
+passwordClass=com.netscape.cmsutil.password.PlainPasswordFile
+multiroles=true
+CrossCertPair._000=##
+CrossCertPair._001=## CrossCertPair Import
+CrossCertPair._002=##
+CrossCertPair.ldap=internaldb
+accessEvaluator.impl.group.class=com.netscape.cms.evaluators.GroupAccessEvaluator
+accessEvaluator.impl.ipaddress.class=com.netscape.cms.evaluators.IPAddressAccessEvaluator
+accessEvaluator.impl.user.class=com.netscape.cms.evaluators.UserAccessEvaluator
+auths._000=##
+auths._001=## new authentication
+auths._002=##
+auths.impl._000=##
+auths.impl._001=## authentication manager implementations
+auths.impl._002=##
+auths.impl.AgentCertAuth.class=com.netscape.cms.authentication.AgentCertAuthentication
+auths.impl.CMCAuth.class=com.netscape.cms.authentication.CMCAuth
+auths.impl.NISAuth.class=com.netscape.cms.authentication.NISAuth
+auths.impl.PortalEnroll.class=com.netscape.cms.authentication.PortalEnroll
+auths.impl.TokenAuth.class=com.netscape.cms.authentication.TokenAuthentication
+auths.impl.UdnPwdDirAuth.class=com.netscape.cms.authentication.UdnPwdDirAuthentication
+auths.impl.UidPwdDirAuth.class=com.netscape.cms.authentication.UidPwdDirAuthentication
+auths.impl.UidPwdPinDirAuth.class=com.netscape.cms.authentication.UidPwdPinDirAuthentication
+auths.instance.AgentCertAuth.agentGroup=Certificate Manager Agents
+auths.instance.AgentCertAuth.pluginName=AgentCertAuth
+auths.instance.TokenAuth.pluginName=TokenAuth
+auths.revocationChecking.bufferSize=50
+auths.revocationChecking.enabled=false
+auths.revocationChecking.kra=kra
+authz._000=##
+authz._001=## new authorizatioin
+authz._002=##
+authz.evaluateOrder=deny,allow
+authz.sourceType=ldap
+authz.impl._000=##
+authz.impl._001=## authorization manager implementations
+authz.impl._002=##
+authz.impl.BasicAclAuthz.class=com.netscape.cms.authorization.BasicAclAuthz
+authz.impl.DirAclAuthz.class=com.netscape.cms.authorization.DirAclAuthz
+authz.instance.BasicAclAuthz.pluginName=BasicAclAuthz
+authz.instance.DirAclAuthz.ldap=internaldb
+authz.instance.DirAclAuthz.pluginName=DirAclAuthz
+authz.instance.DirAclAuthz.ldap._000=##
+authz.instance.DirAclAuthz.ldap._001=## Internal Database
+authz.instance.DirAclAuthz.ldap._002=##
+cmc.cert.confirmRequired=false
+cmc.lraPopWitness.verify.allow=true
+cmc.revokeCert.verify=true
+cmc.revokeCert.sharedSecret.class=com.netscape.cms.authentication.SharedSecret
+cmc.sharedSecret.class=com.netscape.cms.authentication.SharedSecret
+cms.version=
+dbs.beginRequestNumber=1
+dbs.endRequestNumber=10000000
+dbs.requestNumber.increment=10000000
+dbs.beginSerialNumber=1
+dbs.endSerialNumber=10000000
+dbs.serialNumber.increment=10000000
+dbs.ldap=internaldb
+dbs.newSchemaEntryAdded=true
+debug.append=true
+debug.enabled=true
+debug.filename=[PKI_INSTANCE_PATH]/logs/debug
+debug.hashkeytypes=
+debug.level=0
+debug.showcaller=false
+internaldb._000=##
+internaldb._001=## Internal Database
+internaldb._002=##
+internaldb.maxConns=15
+internaldb.minConns=3
+internaldb.ldapauth.authtype=BasicAuth
+internaldb.ldapauth.bindDN=cn=Directory Manager
+internaldb.ldapauth.bindPWPrompt=Internal LDAP Database
+internaldb.ldapauth.clientCertNickname=
+internaldb.ldapconn.host=
+internaldb.ldapconn.port=
+internaldb.ldapconn.secureConn=false
+preop.internaldb.ldif=/usr/share/[PKI_FLAVOR]/kra/conf/schema.ldif,/usr/share/[PKI_FLAVOR]/kra/conf/database.ldif
+preop.internaldb.data_ldif=/usr/share/[PKI_FLAVOR]/kra/conf/db.ldif,/usr/share/[PKI_FLAVOR]/kra/conf/acl.ldif
+preop.internaldb.index_ldif=
+preop.internaldb.post_ldif=/usr/share/[PKI_FLAVOR]/kra/conf/index.ldif,/usr/share/[PKI_FLAVOR]/kra/conf/vlv.ldif,/usr/share/[PKI_FLAVOR]/kra/conf/vlvtasks.ldif
+preop.internaldb.wait_dn=cn=index1160527115, cn=index, cn=tasks, cn=config
+internaldb.multipleSuffix.enable=false
+jobsScheduler._000=##
+jobsScheduler._001=## jobScheduler
+jobsScheduler._002=##
+jobsScheduler.enabled=false
+jobsScheduler.interval=1
+jss._000=##
+jss._001=## JSS
+jss._002=##
+jss.configDir=[PKI_INSTANCE_PATH]/alias/
+jss.enable=true
+jss.secmodName=secmod.db
+jss.ocspcheck.enable=false
+jss.ssl.cipherfortezza=true
+jss.ssl.cipherpref=
+jss.ssl.cipherversion=cipherdomestic
+kra.keySplitting=false
+kra.noOfRequiredRecoveryAgents=1
+kra.recoveryAgentGroup=Data Recovery Manager Agents
+kra.reqdbInc=20
+kra.entropy.bitsperkeypair=0
+kra.entropy.blockwarnms=0
+kra.storageUnit.nickName=storageCert cert-[PKI_INSTANCE_ID]
+kra.transportUnit.nickName=transportCert cert-[PKI_INSTANCE_ID]
+log._000=##
+log._001=## Logging
+log._002=##
+log.impl.file.class=com.netscape.cms.logging.RollingLogFile
+log.instance.SignedAudit._000=##
+log.instance.SignedAudit._001=## Signed Audit Logging
+log.instance.SignedAudit._002=##
+log.instance.SignedAudit.bufferSize=512
+log.instance.SignedAudit.enable=true
+log.instance.SignedAudit.events=AUDIT_LOG_STARTUP,AUDIT_LOG_SHUTDOWN,ROLE_ASSUME,CONFIG_CERT_POLICY,CONFIG_CERT_PROFILE,CONFIG_CRL_PROFILE,CONFIG_OCSP_PROFILE,CONFIG_AUTH,CONFIG_ROLE,CONFIG_ACL,CONFIG_SIGNED_AUDIT,CONFIG_ENCRYPTION,CONFIG_TRUSTED_PUBLIC_KEY,CONFIG_DRM,SELFTESTS_EXECUTION,AUDIT_LOG_DELETE,LOG_PATH_CHANGE,LOG_EXPIRATION_CHANGE,PRIVATE_KEY_ARCHIVE,PRIVATE_KEY_ARCHIVE_PROCESSED,KEY_RECOVERY_REQUEST,KEY_RECOVERY_AGENT_LOGIN,KEY_RECOVERY_PROCESSED,KEY_GEN_ASYMMETRIC,NON_PROFILE_CERT_REQUEST,PROFILE_CERT_REQUEST,CERT_REQUEST_PROCESSED,CERT_STATUS_CHANGE_REQUEST,CERT_STATUS_CHANGE_REQUEST_PROCESSED,AUTHZ_SUCCESS,AUTHZ_FAIL,INTER_BOUNDARY,AUTH_FAIL,AUTH_SUCCESS,CERT_PROFILE_APPROVAL,PROOF_OF_POSSESSION,CRL_RETRIEVAL,CRL_VALIDATION,CMC_SIGNED_REQUEST_SIG_VERIFY,SERVER_SIDE_KEYGEN_PROCESSED,SERVER_SIDE_KEYGEN_REQUEST
+log.instance.SignedAudit.expirationTime=0
+log.instance.SignedAudit.fileName=[PKI_INSTANCE_PATH]/logs/signedAudit/kra_cert-kra_audit
+log.instance.SignedAudit.flushInterval=5
+log.instance.SignedAudit.level=1
+log.instance.SignedAudit.logSigning=false
+log.instance.SignedAudit.maxFileSize=2000
+log.instance.SignedAudit.pluginName=file
+log.instance.SignedAudit.rolloverInterval=2592000
+log.instance.SignedAudit.signedAudit:_000=##
+log.instance.SignedAudit.signedAudit:_001=## Fill in the nickname of a trusted signing certificate to allow KRA audit logs to be signed
+log.instance.SignedAudit.signedAudit:_002=##
+log.instance.SignedAudit.signedAuditCertNickname=
+log.instance.SignedAudit.type=signedAudit
+log.instance.System._000=##
+log.instance.System._001=## System Logging
+log.instance.System._002=##
+log.instance.System.bufferSize=512
+log.instance.System.enable=true
+log.instance.System.expirationTime=0
+log.instance.System.fileName=[PKI_INSTANCE_PATH]/logs/system
+log.instance.System.flushInterval=5
+log.instance.System.level=3
+log.instance.System.maxFileSize=2000
+log.instance.System.pluginName=file
+log.instance.System.rolloverInterval=2592000
+log.instance.System.type=system
+log.instance.Transactions._000=##
+log.instance.Transactions._001=## Transaction Logging
+log.instance.Transactions._002=##
+log.instance.Transactions.bufferSize=512
+log.instance.Transactions.enable=true
+log.instance.Transactions.expirationTime=0
+log.instance.Transactions.fileName=[PKI_INSTANCE_PATH]/logs/transactions
+log.instance.Transactions.flushInterval=5
+log.instance.Transactions.level=1
+log.instance.Transactions.maxFileSize=2000
+log.instance.Transactions.pluginName=file
+log.instance.Transactions.rolloverInterval=2592000
+log.instance.Transactions.type=transaction
+logAudit.fileName=[PKI_INSTANCE_PATH]/logs/access
+logError.fileName=[PKI_INSTANCE_PATH]/logs/error
+oidmap.auth_info_access.class=netscape.security.extensions.AuthInfoAccessExtension
+oidmap.auth_info_access.oid=1.3.6.1.5.5.7.1.1
+oidmap.challenge_password.class=com.netscape.cms.servlet.cert.scep.ChallengePassword
+oidmap.challenge_password.oid=1.2.840.113549.1.9.7
+oidmap.extended_key_usage.class=netscape.security.extensions.ExtendedKeyUsageExtension
+oidmap.extended_key_usage.oid=2.5.29.37
+oidmap.extensions_requested_pkcs9.class=com.netscape.cms.servlet.cert.scep.ExtensionsRequested
+oidmap.extensions_requested_pkcs9.oid=1.2.840.113549.1.9.14
+oidmap.extensions_requested_vsgn.class=com.netscape.cms.servlet.cert.scep.ExtensionsRequested
+oidmap.extensions_requested_vsgn.oid=2.16.840.1.113733.1.9.8
+oidmap.netscape_comment.class=netscape.security.x509.NSCCommentExtension
+oidmap.netscape_comment.oid=2.16.840.1.113730.1.13
+oidmap.ocsp_no_check.class=netscape.security.extensions.OCSPNoCheckExtension
+oidmap.ocsp_no_check.oid=1.3.6.1.5.5.7.48.1.5
+oidmap.pse.class=netscape.security.extensions.PresenceServerExtension
+oidmap.pse.oid=2.16.840.1.113730.1.18
+oidmap.subject_info_access.class=netscape.security.extensions.SubjectInfoAccessExtension
+oidmap.subject_info_access.oid=1.3.6.1.5.5.7.1.11
+os.serverName=cert-[PKI_INSTANCE_ID]
+os.userid=nobody
+registry.file=[PKI_INSTANCE_PATH]/conf/registry.cfg
+selftests._000=##
+selftests._001=## Self Tests
+selftests._002=##
+selftests.container.instance.KRAPresence=com.netscape.cms.selftests.kra.KRAPresence
+selftests.container.logger.bufferSize=512
+selftests.container.logger.class=com.netscape.cms.logging.RollingLogFile
+selftests.container.logger.enable=true
+selftests.container.logger.expirationTime=0
+selftests.container.logger.fileName=[PKI_INSTANCE_PATH]/logs/selftests.log
+selftests.container.logger.flushInterval=5
+selftests.container.logger.level=1
+selftests.container.logger.maxFileSize=2000
+selftests.container.logger.register=false
+selftests.container.logger.rolloverInterval=2592000
+selftests.container.logger.type=transaction
+selftests.container.order.onDemand=KRAPresence:critical
+selftests.container.order.startup=
+selftests.plugin.KRAPresence.SubId=kra
+smtp.host=localhost
+smtp.port=25
+subsystem.0.class=com.netscape.kra.KeyRecoveryAuthority
+subsystem.0.id=kra
+subsystem.1.class=com.netscape.cmscore.selftests.SelfTestSubsystem
+subsystem.1.id=selftests
+subsystem.2.class=com.netscape.cmscore.util.StatsSubsystem
+subsystem.2.id=stats
+usrgrp._000=##
+usrgrp._001=## User/Group
+usrgrp._002=##
+usrgrp.ldap=internaldb
generated by cgit (git 2.34.1) at 2024-07-04 05:23:54 +0000