summaryrefslogtreecommitdiffstats
path: root/pki/base/tps/doc/CS.cfg
diff options
context:
space:
mode:
Diffstat (limited to 'pki/base/tps/doc/CS.cfg')
-rw-r--r--pki/base/tps/doc/CS.cfg52
1 files changed, 46 insertions, 6 deletions
diff --git a/pki/base/tps/doc/CS.cfg b/pki/base/tps/doc/CS.cfg
index 57bedb8e8..5d80edde0 100644
--- a/pki/base/tps/doc/CS.cfg
+++ b/pki/base/tps/doc/CS.cfg
@@ -74,22 +74,46 @@ logging._036=# at this level
logging._037=# 9 - LL_ALL_DATA_IN_PDU dump all the data in the PDU - a more
logging._038=# chatty version of the above
logging._039=# 10 - all logging
-logging._040=#########################################
+logging._040=# logging.audit.buffer.size: # in bytes
+logging._041=# logging.audit.flush.interval: # in seconds, 0 disables flush thread
+logging._042=# logging.*.file.type:
+logging._043=# - file type: RollingLogFile or LogFile
+logging._044=# logging.*.rolloverInterval:
+logging._045=# - interval to roll over logs (seconds), 0 to disable rollover
+logging._046=# logging.*.maxFileSize:
+logging._047=# - size at which file rollover occurs, in kB
+logging._048=# logging.*.expirationTime:
+logging._049=# - maximum age of log, older unmodified logs are deleted( in seconds, 0 to disable)
+logging._050=#########################################
logging.debug.enable=true
logging.debug.filename=[SERVER_ROOT]/logs/tps-debug.log
logging.debug.level=10
+logging.debug.file.type=RollingLogFile
+logging.debug.maxFileSize=2000
+logging.debug.rolloverInterval=2592000
+logging.debug.expirationTime=0
logging.audit.enable=true
logging.audit.filename=[SERVER_ROOT]/logs/tps-audit.log
logging.audit.signedAuditFilename=[SERVER_ROOT]/logs/signedAudit/tps_audit
logging.audit.level=10
logging.audit.logSigning=false
logging.audit.signedAuditCertNickname=auditSigningCert cert-[INSTANCE_ID]
-logging.audit.selected.events=AUTHZ_SUCCESS,AUTHZ_FAIL,AUTH_FAIL,AUTH_SUCCESS,ROLE_ASSUME,CONFIG_SIGNED_AUDIT,ENROLLMENT,PIN_RESET,FORMAT,UPGRADE
-logging.audit.selectable.events=AUTHZ_SUCCESS,AUTHZ_FAIL,AUTH_FAIL,AUTH_SUCCESS,ROLE_ASSUME,CONFIG_SIGNED_AUDIT,ENROLLMENT,PIN_RESET,FORMAT,UPGRADE
+logging.audit.selected.events=AUTHZ_SUCCESS,AUTHZ_FAIL,AUTH_FAIL,AUTH_SUCCESS,ROLE_ASSUME,ENROLLMENT,PIN_RESET,FORMAT,CONFIG,CONFIG_ROLE,CONFIG_TOKEN,CONFIG_PROFILE,CONFIG_AUDIT,APPLET_UPGRADE,KEY_CHANGEOVER,RENEWAL
+logging.audit.selectable.events=AUTHZ_SUCCESS,AUTHZ_FAIL,AUTH_FAIL,AUTH_SUCCESS,ROLE_ASSUME,ENROLLMENT,PIN_RESET,FORMAT,CONFIG,CONFIG_ROLE,CONFIG_TOKEN,CONFIG_PROFILE,CONFIG_AUDIT,APPLET_UPGRADE,KEY_CHANGEOVER,RENEWAL
logging.audit.nonselectable.events=AUDIT_LOG_STARTUP,AUDIT_LOG_SHUTDOWN,LOGGING_SIGNED_AUDIT_SIGNING
+logging.audit.buffer.size=512
+logging.audit.flush.interval=5
+logging.audit.file.type=RollingLogFile
+logging.audit.maxFileSize=2000
+logging.audit.rolloverInterval=2592000
+logging.audit.expirationTime=0
logging.error.enable=true
logging.error.filename=[SERVER_ROOT]/logs/tps-error.log
logging.error.level=10
+logging.error.file.type=RollingLogFile
+logging.error.maxFileSize=2000
+logging.error.rolloverInterval=2592000
+logging.error.expirationTime=0
conn.ca1._000=#########################################
conn.ca1._001=# CA connection
conn.ca1._002=#
@@ -592,6 +616,10 @@ op.enroll.userKey._076=# Make sure the profile specified by the profileId to hav
op.enroll.userKey._077=# short validity period (eg, 7 days) for the certificate.
op.enroll.userKey._078=#########################################
op.enroll.allowUnknownToken=true
+#The three recovery schemes supported are:
+# GenerateNewKey - Generate a new cert for the encryption cert.
+# RecoverLast - Recover the most recent cert for the encryption cert.
+# GenerateNewKeyandRecoverLast - Generate new cert AND recover last for encryption cert.
op.enroll.userKey.temporaryToken.tokenType=userKeyTemporary
op.enroll.userKey.keyGen.recovery.destroyed.keyType.num=2
op.enroll.userKey.keyGen.recovery.destroyed.keyType.value.0=signing
@@ -884,6 +912,8 @@ op.enroll.userKey.renewal.keyType.value.0=signing
op.enroll.userKey.renewal.keyType.value.1=encryption
op.enroll.userKey.renewal.signing.enable=true
op.enroll.userKey.renewal.signing.certId=C1
+#encryption certId values for completeness only
+#server code calculates actual values used.
op.enroll.userKey.renewal.encryption.certId=C2
op.enroll.userKey.renewal.signing.certAttrId=c1
op.enroll.userKey.renewal.encryption.certAttrId=c2
@@ -1394,7 +1424,16 @@ tokendb._062=# - If not present, re-enrollment is allowed.
tokendb._063=# - If present, re-enrollment is allowed when RE_ENROLL
tokendb._064=# is set to YES. Otherwise, re-enrollment is not
tokendb._065=# allowed.
-tokendb._066=#########################################
+tokendb._066=# tokendb.allowedTransitions:
+tokendb._067=# - has transitions between the following states
+tokendb._068=# TOKEN_UNINITIALIZED = 0,
+tokendb._069=# TOKEN_DAMAGED =1,
+tokendb._070=# TOKEN_PERM_LOST=2,
+tokendb._071=# TOKEN_TEMP_LOST=3,
+tokendb._072=# TOKEN_FOUND =4,
+tokendb._073=# TOKEN_TEMP_LOST_PERM_LOST =5,
+tokendb._074=# TOKEN_TERMINATED = 6
+tokendb._075=#########################################
tokendb.auditLog=[SERVER_ROOT]/logs/tokendb-audit.log
tokendb.hostport=[TOKENDB_HOST]:[TOKENDB_PORT]
tokendb.ssl=false
@@ -1439,6 +1478,7 @@ tokendb.editUserTemplate=editUser.template
tokendb.indexOperatorTemplate=indexOperator.template
tokendb.auditAdminTemplate=auditAdmin.template
target.tokenType.list=userKey,soKey,soCleanUserToken,soUserKey,cleanToken,soCleanSoToken,tokenKey
-log.instance.SignedAudit.selected.events=ROLE_ASSUME,CONFIG_CERT_POLICY,CONFIG_CERT_PROFILE,CONFIG_CRL_PROFILE,CONFIG_OCSP_PROFILE,CONFIG_AUTH,CONFIG_ROLE,CONFIG_ACL,CONFIG_SIGNED_AUDIT,CONFIG_ENCRYPTION,CONFIG_TRUSTED_PUBLIC_KEY,CONFIG_DRM,SELFTESTS_EXECUTION,AUDIT_LOG_DELETE,LOG_PATH_CHANGE,LOG_EXPIRATION_CHANGE
-log.instance.SignedAudit.selectable.events=ROLE_ASSUME,CONFIG_CERT_POLICY,CONFIG_CERT_PROFILE,CONFIG_CRL_PROFILE,CONFIG_OCSP_PROFILE,CONFIG_AUTH,CONFIG_ROLE,CONFIG_ACL,CONFIG_SIGNED_AUDIT,CONFIG_ENCRYPTION,CONFIG_TRUSTED_PUBLIC_KEY,CONFIG_DRM,SELFTESTS_EXECUTION,AUDIT_LOG_DELETE,LOG_PATH_CHANGE,LOG_EXPIRATION_CHANGE,PRIVATE_KEY_ARCHIVE,PRIVATE_KEY_ARCHIVE_PROCESSED,KEY_RECOVERY_REQUEST,KEY_RECOVERY_AGENT_LOGIN,KEY_RECOVERY_PROCESSED,KEY_GEN_ASYMMETRIC,NON_PROFILE_CERT_REQUEST
+log.instance.SignedAudit.selected.events=ROLE_ASSUME,CONFIG_CERT_POLICY,CONFIG_CERT_PROFILE,CONFIG_CRL_PROFILE,CONFIG_OCSP_PROFILE,CONFIG_AUTH,CONFIG_ROLE,CONFIG_ACL,CONFIG_SIGNED_AUDIT,CONFIG_ENCRYPTION,CONFIG_TRUSTED_PUBLIC_KEY,CONFIG_DRM,SELFTESTS_EXECUTION,AUDIT_LOG_DELETE,LOG_PATH_CHANGE,LOG_EXPIRATION_CHANGE,CONFIG,CONFIG_ROLE,CONFIG_TOKEN,CONFIG_PROFILE,CONFIG_AUDIT,APPLET_UPGRADE,KEY_CHANGEOVER,RENEWAL
+log.instance.SignedAudit.selectable.events=ROLE_ASSUME,CONFIG_CERT_POLICY,CONFIG_CERT_PROFILE,CONFIG_CRL_PROFILE,CONFIG_OCSP_PROFILE,CONFIG_AUTH,CONFIG_ROLE,CONFIG_ACL,CONFIG_SIGNED_AUDIT,CONFIG_ENCRYPTION,CONFIG_TRUSTED_PUBLIC_KEY,CONFIG_DRM,SELFTESTS_EXECUTION,AUDIT_LOG_DELETE,LOG_PATH_CHANGE,LOG_EXPIRATION_CHANGE,PRIVATE_KEY_ARCHIVE,PRIVATE_KEY_ARCHIVE_PROCESSED,KEY_RECOVERY_REQUEST,KEY_RECOVERY_AGENT_LOGIN,KEY_RECOVERY_PROCESSED,KEY_GEN_ASYMMETRIC,NON_PROFILE_CERT_REQUEST,CONFIG,CONFIG_ROLE,CONFIG_TOKEN,CONFIG_PROFILE,CONFIG_AUDIT,APPLET_UPGRADE,KEY_CHANGEOVER,RENEWAL
log.instance.SignedAudit.nonselectable.events=AUDIT_LOG_STARTUP,AUDIT_LOG_SHUTDOWN,CERT_REQUEST_PROCESSED,CERT_STATUS_CHANGE_REQUEST,CERT_STATUS_CHANGE_REQUEST_PROCESSED,AUTHZ_SUCCESS,AUTHZ_FAIL,INTER_BOUNDARY,AUTH_FAIL,AUTH_SUCCESS,CERT_PROFILE_APPROVAL,PROOF_OF_POSSESSION,CRL_RETRIEVAL,CRL_VALIDATION,CMC_SIGNED_REQUEST_SIG_VERIFY,SERVER_SIDE_KEYGEN_PROCESSED,SERVER_SIDE_KEYGEN_REQUEST
+tokendb.allowedTransitions=0:1,0:2,0:3,0:4,0:5,0:6,3:4,3:5,3:6,4:1,4:2,4:3,4:6
generated by cgit (git 2.34.1) at 2024-09-19 22:35:06 +0000