summaryrefslogtreecommitdiffstats
path: root/pki/base/tks/shared/conf/CS.cfg
diff options
context:
space:
mode:
Diffstat (limited to 'pki/base/tks/shared/conf/CS.cfg')
-rw-r--r--pki/base/tks/shared/conf/CS.cfg263
1 files changed, 263 insertions, 0 deletions
diff --git a/pki/base/tks/shared/conf/CS.cfg b/pki/base/tks/shared/conf/CS.cfg
new file mode 100644
index 000000000..6e83b455a
--- /dev/null
+++ b/pki/base/tks/shared/conf/CS.cfg
@@ -0,0 +1,263 @@
+# --- BEGIN COPYRIGHT BLOCK ---
+# Copyright (C) 2006 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+_000=##
+_001=## File Created On : Mon Oct 10 15:57:03 PDT 2005
+_002=##
+installDate=[INSTALL_TIME]
+cs.type=TKS
+admin.interface.uri=tks/admin/console/config/wizard
+preop.admin.name=Token Key Service Manager Administrator
+preop.admin.group=Token Key Service Manager Agents
+preop.admincert.profile=caAdminCert
+preop.securitydomain.url=https://[PKI_MACHINE_NAME]:9443
+preop.wizard.name=TKS Setup Wizard
+preop.system.name=TKS
+preop.product.name=CS
+preop.product.version=
+preop.system.fullname=Token Key Service
+preop.cert.list=sslserver,subsystem
+preop.cert.sslserver.enable=true
+preop.cert.subsystem.enable=true
+preop.cert.sslserver.defaultSigningAlgorithm=SHA1withRSA
+preop.cert.sslserver.dn=CN=[PKI_MACHINE_NAME]
+preop.cert.sslserver.keysize.custom_size=2048
+preop.cert.sslserver.keysize.size=2048
+preop.cert.sslserver.nickname=Server-Cert cert-[PKI_INSTANCE_ID]
+preop.cert.sslserver.profile=caInternalAuthServerCert
+preop.cert.sslserver.subsystem=tks
+preop.cert.sslserver.type=remote
+preop.cert.sslserver.userfriendlyname=SSL Server Certificate
+preop.cert.sslserver.cncomponent.override=false
+preop.cert.subsystem.defaultSigningAlgorithm=SHA1withRSA
+preop.cert.subsystem.dn=CN=TKS Subsystem Certificate
+preop.cert.subsystem.keysize.custom_size=2048
+preop.cert.subsystem.keysize.size=2048
+preop.cert.subsystem.nickname=subsystemCert cert-[PKI_INSTANCE_ID]
+preop.cert.subsystem.profile=caInternalAuthSubsystemCert
+preop.cert.subsystem.subsystem=tks
+preop.cert.subsystem.type=remote
+preop.cert.subsystem.userfriendlyname=Subsystem Certificate
+preop.cert.subsystem.cncomponent.override=true
+preop.cert.admin.defaultSigningAlgorithm=SHA1withRSA
+preop.cert.admin.dn=uid=admin,cn=admin
+preop.cert.admin.keysize.custom_size=2048
+preop.cert.admin.keysize.size=2048
+preop.cert.admin.profile=adminCert.profile
+preop.hierarchy.profile=caCert.profile
+preop.configModules.module0.userFriendlyName=NSS Internal PKCS #11 Module
+preop.configModules.module0.commonName=NSS Internal PKCS #11 Module
+preop.configModules.module0.imagePath=../img/clearpixel.gif
+preop.configModules.module1.userFriendlyName=nCipher's nFast Token Hardware Module
+preop.configModules.module1.commonName=nfast
+preop.configModules.module1.imagePath=../img/clearpixel.gif
+preop.configModules.module2.userFriendlyName=SafeNet's LunaSA Token Hardware Module
+preop.configModules.module2.commonName=lunasa
+preop.configModules.module2.imagePath=../img/clearpixel.gif
+preop.configModules.count=3
+preop.module.token=Internal Key Storage Token
+cs.state=0
+authType=pwd
+instanceRoot=[PKI_INSTANCE_PATH]
+machineName=[PKI_MACHINE_NAME]
+instanceId=[PKI_INSTANCE_ID]
+preop.pin=[PKI_RANDOM_NUMBER]
+service.securePort=[PKI_SECURE_PORT]
+passwordFile=[PKI_INSTANCE_PATH]/conf/password.conf
+passwordClass=com.netscape.cmsutil.password.PlainPasswordFile
+multiroles=true
+CrossCertPair._000=##
+CrossCertPair._001=## CrossCertPair Import
+CrossCertPair._002=##
+CrossCertPair.ldap=internaldb
+accessEvaluator.impl.group.class=com.netscape.cms.evaluators.GroupAccessEvaluator
+accessEvaluator.impl.ipaddress.class=com.netscape.cms.evaluators.IPAddressAccessEvaluator
+accessEvaluator.impl.user.class=com.netscape.cms.evaluators.UserAccessEvaluator
+auths._000=##
+auths._001=## new authentication
+auths._002=##
+auths.impl._000=##
+auths.impl._001=## authentication manager implementations
+auths.impl._002=##
+auths.impl.AgentCertAuth.class=com.netscape.cms.authentication.AgentCertAuthentication
+auths.impl.CMCAuth.class=com.netscape.cms.authentication.CMCAuth
+auths.impl.NISAuth.class=com.netscape.cms.authentication.NISAuth
+auths.impl.PortalEnroll.class=com.netscape.cms.authentication.PortalEnroll
+auths.impl.TokenAuth.class=com.netscape.cms.authentication.TokenAuthentication
+auths.impl.UdnPwdDirAuth.class=com.netscape.cms.authentication.UdnPwdDirAuthentication
+auths.impl.UidPwdDirAuth.class=com.netscape.cms.authentication.UidPwdDirAuthentication
+auths.impl.UidPwdPinDirAuth.class=com.netscape.cms.authentication.UidPwdPinDirAuthentication
+auths.instance.AgentCertAuth.agentGroup=Certificate Manager Agents
+auths.instance.AgentCertAuth.pluginName=AgentCertAuth
+auths.instance.TokenAuth.pluginName=TokenAuth
+auths.revocationChecking.bufferSize=50
+authz._000=##
+authz._001=## new authorizatioin
+authz._002=##
+authz.evaluateOrder=deny,allow
+authz.sourceType=ldap
+authz.impl._000=##
+authz.impl._001=## authorization manager implementations
+authz.impl._002=##
+authz.impl.BasicAclAuthz.class=com.netscape.cms.authorization.BasicAclAuthz
+authz.impl.DirAclAuthz.class=com.netscape.cms.authorization.DirAclAuthz
+authz.instance.BasicAclAuthz.pluginName=BasicAclAuthz
+authz.instance.DirAclAuthz.ldap=internaldb
+authz.instance.DirAclAuthz.pluginName=DirAclAuthz
+authz.instance.DirAclAuthz.ldap._000=##
+authz.instance.DirAclAuthz.ldap._001=## Internal Database
+authz.instance.DirAclAuthz.ldap._002=##
+cardcryptogram.validate.enable=true
+cmc.cert.confirmRequired=false
+cmc.lraPopWitness.verify.allow=true
+cmc.revokeCert.verify=true
+cmc.revokeCert.sharedSecret.class=com.netscape.cms.authentication.SharedSecret
+cmc.sharedSecret.class=com.netscape.cms.authentication.SharedSecret
+cms.version=
+dbs.ldap=internaldb
+dbs.newSchemaEntryAdded=true
+debug.append=true
+debug.enabled=true
+debug.filename=[PKI_INSTANCE_PATH]/logs/debug
+debug.hashkeytypes=
+debug.level=0
+debug.showcaller=false
+internaldb._000=##
+internaldb._001=## Internal Database
+internaldb._002=##
+internaldb.maxConns=15
+internaldb.minConns=3
+internaldb.ldapauth.authtype=BasicAuth
+internaldb.ldapauth.bindDN=cn=Directory Manager
+internaldb.ldapauth.bindPWPrompt=Internal LDAP Database
+internaldb.ldapauth.clientCertNickname=
+internaldb.ldapconn.host=
+internaldb.ldapconn.port=
+internaldb.ldapconn.secureConn=false
+preop.internaldb.ldif=/usr/share/[PKI_FLAVOR]/tks/conf/schema.ldif,/usr/share/[PKI_FLAVOR]/tks/conf/database.ldif
+preop.internaldb.data_ldif=/usr/share/[PKI_FLAVOR]/tks/conf/db.ldif,/usr/share/[PKI_FLAVOR]/tks/conf/acl.ldif
+preop.internaldb.index_ldif=/usr/share/[PKI_FLAVOR]/tks/conf/index.ldif
+preop.internaldb.post_ldif=
+preop.internaldb.wait_dn=
+internaldb.multipleSuffix.enable=false
+jss._000=##
+jss._001=## JSS
+jss._002=##
+jss.configDir=[PKI_INSTANCE_PATH]/alias/
+jss.enable=true
+jss.secmodName=secmod.db
+jss.ocspcheck.enable=false
+jss.ssl.cipherfortezza=true
+jss.ssl.cipherpref=
+jss.ssl.cipherversion=cipherdomestic
+log._000=##
+log._001=## Logging
+log._002=##
+log.impl.file.class=com.netscape.cms.logging.RollingLogFile
+log.instance.SignedAudit._000=##
+log.instance.SignedAudit._001=## Signed Audit Logging
+log.instance.SignedAudit._002=##
+log.instance.SignedAudit.bufferSize=512
+log.instance.SignedAudit.enable=true
+log.instance.SignedAudit.events=AUDIT_LOG_STARTUP,AUDIT_LOG_SHUTDOWN,ROLE_ASSUME,CONFIG_CERT_POLICY,CONFIG_CERT_PROFILE,CONFIG_CRL_PROFILE,CONFIG_OCSP_PROFILE,CONFIG_AUTH,CONFIG_ROLE,CONFIG_ACL,CONFIG_SIGNED_AUDIT,CONFIG_ENCRYPTION,CONFIG_TRUSTED_PUBLIC_KEY,CONFIG_DRM,SELFTESTS_EXECUTION,AUDIT_LOG_DELETE,LOG_PATH_CHANGE,LOG_EXPIRATION_CHANGE,PRIVATE_KEY_ARCHIVE,PRIVATE_KEY_ARCHIVE_PROCESSED,KEY_RECOVERY_REQUEST,KEY_RECOVERY_AGENT_LOGIN,KEY_RECOVERY_PROCESSED,KEY_GEN_ASYMMETRIC,NON_PROFILE_CERT_REQUEST,PROFILE_CERT_REQUEST,CERT_REQUEST_PROCESSED,CERT_STATUS_CHANGE_REQUEST,CERT_STATUS_CHANGE_REQUEST_PROCESSED,AUTHZ_SUCCESS,AUTHZ_FAIL,INTER_BOUNDARY,AUTH_FAIL,AUTH_SUCCESS,CERT_PROFILE_APPROVAL,PROOF_OF_POSSESSION,CRL_RETRIEVAL,CRL_VALIDATION,CMC_SIGNED_REQUEST_SIG_VERIFY,SERVER_SIDE_KEYGEN_PROCESSED,SERVER_SIDE_KEYGEN_REQUEST
+log.instance.SignedAudit.expirationTime=0
+log.instance.SignedAudit.fileName=[PKI_INSTANCE_PATH]/logs/signedAudit/tks_cert-tks_audit
+log.instance.SignedAudit.flushInterval=5
+log.instance.SignedAudit.level=1
+log.instance.SignedAudit.logSigning=false
+log.instance.SignedAudit.maxFileSize=2000
+log.instance.SignedAudit.pluginName=file
+log.instance.SignedAudit.rolloverInterval=2592000
+log.instance.SignedAudit.signedAudit:_000=##
+log.instance.SignedAudit.signedAudit:_001=## Fill in the nickname of a trusted signing certificate to allow TKS audit logs to be signed
+log.instance.SignedAudit.signedAudit:_002=##
+log.instance.SignedAudit.signedAuditCertNickname=
+log.instance.SignedAudit.type=signedAudit
+log.instance.System._000=##
+log.instance.System._001=## System Logging
+log.instance.System._002=##
+log.instance.System.bufferSize=512
+log.instance.System.enable=true
+log.instance.System.expirationTime=0
+log.instance.System.fileName=[PKI_INSTANCE_PATH]/logs/system
+log.instance.System.flushInterval=5
+log.instance.System.level=3
+log.instance.System.maxFileSize=2000
+log.instance.System.pluginName=file
+log.instance.System.rolloverInterval=2592000
+log.instance.System.type=system
+log.instance.Transactions._000=##
+log.instance.Transactions._001=## Transaction Logging
+log.instance.Transactions._002=##
+log.instance.Transactions.bufferSize=512
+log.instance.Transactions.enable=true
+log.instance.Transactions.expirationTime=0
+log.instance.Transactions.fileName=[PKI_INSTANCE_PATH]/logs/transactions
+log.instance.Transactions.flushInterval=5
+log.instance.Transactions.level=1
+log.instance.Transactions.maxFileSize=2000
+log.instance.Transactions.pluginName=file
+log.instance.Transactions.rolloverInterval=2592000
+log.instance.Transactions.type=transaction
+logAudit.fileName=[PKI_INSTANCE_PATH]/logs/access
+logError.fileName=[PKI_INSTANCE_PATH]/logs/error
+oidmap.auth_info_access.class=netscape.security.extensions.AuthInfoAccessExtension
+oidmap.auth_info_access.oid=1.3.6.1.5.5.7.1.1
+oidmap.challenge_password.class=com.netscape.cms.servlet.cert.scep.ChallengePassword
+oidmap.challenge_password.oid=1.2.840.113549.1.9.7
+oidmap.extended_key_usage.class=netscape.security.extensions.ExtendedKeyUsageExtension
+oidmap.extended_key_usage.oid=2.5.29.37
+oidmap.extensions_requested_pkcs9.class=com.netscape.cms.servlet.cert.scep.ExtensionsRequested
+oidmap.extensions_requested_pkcs9.oid=1.2.840.113549.1.9.14
+oidmap.extensions_requested_vsgn.class=com.netscape.cms.servlet.cert.scep.ExtensionsRequested
+oidmap.extensions_requested_vsgn.oid=2.16.840.1.113733.1.9.8
+oidmap.netscape_comment.class=netscape.security.x509.NSCCommentExtension
+oidmap.netscape_comment.oid=2.16.840.1.113730.1.13
+oidmap.ocsp_no_check.class=netscape.security.extensions.OCSPNoCheckExtension
+oidmap.ocsp_no_check.oid=1.3.6.1.5.5.7.48.1.5
+oidmap.pse.class=netscape.security.extensions.PresenceServerExtension
+oidmap.pse.oid=2.16.840.1.113730.1.18
+oidmap.subject_info_access.class=netscape.security.extensions.SubjectInfoAccessExtension
+oidmap.subject_info_access.oid=1.3.6.1.5.5.7.1.11
+os.serverName=cert-[PKI_INSTANCE_ID]
+os.userid=nobody
+registry.file=[PKI_INSTANCE_PATH]/conf/registry.cfg
+smtp.host=localhost
+smtp.port=25
+subsystem.0.class=com.netscape.tks.TKSAuthority
+subsystem.0.id=tks
+subsystem.1.class=com.netscape.cmscore.selftests.SelfTestSubsystem
+subsystem.1.id=selftests
+subsystem.2.class=com.netscape.cmscore.util.StatsSubsystem
+subsystem.2.id=stats
+tks._000=##
+tks._001=## TKS
+tks._002=##
+tks._003=##
+tks.debug=false
+tks.defaultSlot=Internal Key Storage Token
+tks.drm_transport_cert_nickname=
+tks.master_key_prefix=
+tks.useDefaultSlot=true
+usrgrp._000=##
+usrgrp._001=## User/Group
+usrgrp._002=##
+usrgrp.ldap=internaldb
+tks.defKeySet._000=##
+tks.defKeySet._001=## Axalto default key set:
+tks.defKeySet._002=##
+tks.defKeySet._003=## tks.defKeySet.mk_mappings.#02#01=<tokenname>:<nickname>
+tks.defKeySet._004=##
+tks.defKeySet.auth_key=#40#41#42#43#44#45#46#47#48#49#4a#4b#4c#4d#4e#4f
+tks.defKeySet.mac_key=#40#41#42#43#44#45#46#47#48#49#4a#4b#4c#4d#4e#4f
+tks.defKeySet.kek_key=#40#41#42#43#44#45#46#47#48#49#4a#4b#4c#4d#4e#4f
+tks.jForte._000=##
+tks.jForte._001=## SAFLink's jForte default key set:
+tks.jForte._002=##
+tks.jForte._003=## tks.jForte.mk_mappings.#02#01=<tokenname>:<nickname>
+tks.jForte._004=##
+tks.jForte.auth_key=#30#31#32#33#34#35#36#37#38#39#3a#3b#3c#3d#3e#3f
+tks.jForte.mac_key=#40#41#42#43#44#45#46#47#48#49#4a#4b#4c#4d#4e#4f
+tks.jForte.kek_key=#50#51#52#53#54#55#56#57#58#59#5a#5b#5c#5d#5e#5f
generated by cgit (git 2.34.1) at 2024-07-01 00:09:16 +0000