From 5b004df074027d1eba33c2f9038030406830cc3c Mon Sep 17 00:00:00 2001 From: Matthew Harmsen Date: Thu, 19 Jul 2012 01:04:54 -0700 Subject: PKI Deployment Scriptlets * In 'catalina.properties', removed commented out jars for each of the subsystems in the 'common.loader' * In 'server.xml', removed the line containing a '1' * Moved all parameters from the [Mandatory] and [Optional] sections of the 'pkideployment.cfg' file to other more appropriate sections (e.g. - [Common], [CA], [KRA], etc.), and removed these sections and all of their associated logic from the 'pki-deploy' package * Resolved Dogtag TRAC Ticket #225 Dogtag 10: Move "pkispawn"/"pkidestroy" logs * Removed all security domain references from external CA logic * Added new 'pki_subsystem_name' parameter to 'pkideployment.cfg' file, and applied logic throughout 'pki-deploy' * Added new error message in the case of an unset DNS domain name, and replaced the log message with a simple print in the case of a 'domainname' exception --- base/deploy/config/pkideployment.cfg | 95 +++++++++++++++++------------------- 1 file changed, 46 insertions(+), 49 deletions(-) (limited to 'base/deploy/config/pkideployment.cfg') diff --git a/base/deploy/config/pkideployment.cfg b/base/deploy/config/pkideployment.cfg index a4513d712..fb04c85fa 100644 --- a/base/deploy/config/pkideployment.cfg +++ b/base/deploy/config/pkideployment.cfg @@ -15,85 +15,60 @@ pki_ds_password= pki_pkcs12_password= pki_security_domain_password= ############################################################################### -## 'Mandatory' Data: ## -## ## -## Values in this section pertain to various PKI subsystems, and contain ## -## required information which MUST ALWAYS be provided by users. ## -############################################################################### -[Mandatory] -############################################################################### -## 'Optional' Data: ## +## 'Common' Data: ## ## ## -## Values in this section pertain to various PKI subsystems, and contain ## -## required information which MAY OPTIONALLY be provided by users. ## +## Values in this section are common to more than one PKI subsystem, and ## +## contain required information which MAY be overridden by users as ## +## necessary. ## ## ## ## NOTE: Default values will be generated for any and all required ## -## 'optional' data values which are left undefined. ## -############################################################################### -[Optional] -pki_admin_domain_name= -pki_admin_email= -pki_admin_nickname= -pki_admin_subject_dn= -pki_audit_signing_nickname= -pki_audit_signing_subject_dn= -pki_audit_signing_token= -pki_backup_file= -pki_ca_signing_nickname= -pki_ca_signing_subject_dn= -pki_ca_signing_token= -pki_ds_base_dn= -pki_ds_database= -pki_ds_hostname= -pki_ocsp_signing_nickname= -pki_ocsp_signing_subject_dn= -pki_ocsp_signing_token= -pki_security_domain_hostname= -pki_security_domain_name= -pki_ssl_server_nickname= -pki_ssl_server_subject_dn= -pki_ssl_server_token= -pki_storage_nickname= -pki_storage_subject_dn= -pki_storage_token= -pki_subsystem_nickname= -pki_subsystem_subject_dn= -pki_subsystem_token= -pki_transport_nickname= -pki_transport_subject_dn= -pki_transport_token= -############################################################################### -## 'Common' Data: ## -## ## -## Values in this section are common to ALL PKI subsystems, and contain ## -## required information which MAY be overridden by users as necessary. ## +## 'common' data values which are left undefined. ## ############################################################################### [Common] pki_admin_cert_request_type=crmf +pki_admin_domain_name= pki_admin_dualkey=False +pki_admin_email= pki_admin_keysize=2048 pki_admin_name=admin +pki_admin_nickname= +pki_admin_subject_dn= pki_admin_uid=admin pki_audit_group=pkiaudit pki_audit_signing_key_algorithm=SHA256withRSA pki_audit_signing_key_size=2048 pki_audit_signing_key_type=rsa +pki_audit_signing_nickname= pki_audit_signing_signing_algorithm=SHA256withRSA +pki_audit_signing_subject_dn= +pki_audit_signing_token= +pki_backup_file= pki_backup_keys=False +pki_ds_base_dn= pki_ds_bind_dn=cn=Directory Manager +pki_ds_database= +pki_ds_hostname= pki_ds_http_port=389 pki_ds_https_port=636 pki_ds_remove_data=True pki_ds_secure_connection=False pki_group=pkiuser +pki_security_domain_hostname= pki_security_domain_https_port=8443 +pki_security_domain_name= pki_security_domain_user=admin pki_ssl_server_key_algorithm=SHA256withRSA pki_ssl_server_key_size=2048 pki_ssl_server_key_type=rsa +pki_ssl_server_nickname= +pki_ssl_server_subject_dn= +pki_ssl_server_token= pki_subsystem_key_algorithm=SHA256withRSA pki_subsystem_key_size=2048 pki_subsystem_key_type=rsa +pki_subsystem_nickname= +pki_subsystem_subject_dn= +pki_subsystem_token= pki_user=pkiuser ############################################################################### ## 'Apache' Data: ## @@ -152,14 +127,21 @@ pki_tomcat_server_port=8005 pki_ca_signing_key_algorithm=SHA256withRSA pki_ca_signing_key_size=2048 pki_ca_signing_key_type=rsa +pki_ca_signing_nickname= pki_ca_signing_signing_algorithm=SHA256withRSA +pki_ca_signing_subject_dn= +pki_ca_signing_token= pki_external=False pki_ocsp_signing_key_algorithm=SHA256withRSA pki_ocsp_signing_key_size=2048 pki_ocsp_signing_key_type=rsa +pki_ocsp_signing_nickname= pki_ocsp_signing_signing_algorithm=SHA256withRSA +pki_ocsp_signing_subject_dn= +pki_ocsp_signing_token= pki_subordinate=False pki_subsystem=CA +pki_subsystem_name= pki_war_name=ca.war ############################################################################### ## 'KRA' Data: ## @@ -172,12 +154,19 @@ pki_war_name=ca.war pki_storage_key_algorithm=SHA256withRSA pki_storage_key_size=2048 pki_storage_key_type=rsa +pki_storage_nickname= pki_storage_signing_algorithm=SHA256withRSA +pki_storage_subject_dn= +pki_storage_token= pki_subsystem=KRA +pki_subsystem_name= pki_transport_key_algorithm=SHA256withRSA pki_transport_key_size=2048 pki_transport_key_type=rsa +pki_transport_nickname= pki_transport_signing_algorithm=SHA256withRSA +pki_transport_subject_dn= +pki_transport_token= pki_war_name=kra.war ############################################################################### ## 'OCSP' Data: ## @@ -190,8 +179,13 @@ pki_war_name=kra.war pki_ocsp_signing_key_algorithm=SHA256withRSA pki_ocsp_signing_key_size=2048 pki_ocsp_signing_key_type=rsa +pki_ocsp_signing_nickname= pki_ocsp_signing_signing_algorithm=SHA256withRSA +pki_ocsp_signing_subject_dn= +pki_ocsp_signing_token= +pki_subordinate=False pki_subsystem=OCSP +pki_subsystem_name= pki_war_name=ocsp.war ############################################################################### ## 'RA' Data: ## @@ -201,6 +195,7 @@ pki_war_name=ocsp.war ############################################################################### [RA] pki_subsystem=RA +pki_subsystem_name= ############################################################################### ## 'TKS' Data: ## ## ## @@ -210,6 +205,7 @@ pki_subsystem=RA ############################################################################### [TKS] pki_subsystem=TKS +pki_subsystem_name= pki_war_name=tks.war ############################################################################### ## 'TPS' Data: ## @@ -219,3 +215,4 @@ pki_war_name=tks.war ############################################################################### [TPS] pki_subsystem=TPS +pki_subsystem_name= -- cgit