_000=## _001=## Certificate Authority (CA) Configuration File _002=## pkicreate.pki_instance_root=[PKI_INSTANCE_ROOT] pkicreate.pki_instance_name=[PKI_INSTANCE_ID] pkicreate.subsystem_type=[PKI_SUBSYSTEM_TYPE] pkicreate.agent_secure_port=[PKI_AGENT_SECURE_PORT] pkicreate.ee_secure_port=[PKI_EE_SECURE_PORT] pkicreate.ee_secure_client_auth_port=[PKI_EE_SECURE_CLIENT_AUTH_PORT] pkicreate.admin_secure_port=[PKI_ADMIN_SECURE_PORT] pkicreate.secure_port=[PKI_SECURE_PORT] pkicreate.unsecure_port=[PKI_UNSECURE_PORT] pkicreate.tomcat_server_port=[TOMCAT_SERVER_PORT] pkicreate.user=[PKI_USER] pkicreate.arg11.group=[PKI_GROUP] pkicreate.systemd.servicename=[PKI_SYSTEMD_SERVICENAME] pkiremove.cert.subsystem.nickname=subsystemCert cert-[PKI_INSTANCE_ID] installDate=[INSTALL_TIME] preop.wizard.name=CA Setup Wizard preop.product.name=CS preop.product.version=@APPLICATION_VERSION@ preop.system.name=CA preop.system.fullname=Certificate Authority proxy.securePort=[PKI_PROXY_SECURE_PORT] proxy.unsecurePort=[PKI_PROXY_UNSECURE_PORT] cs.state._000=## cs.state._001=## cs.state=0 (pre-operational) cs.state._002=## cs.state=1 (running) cs.state._003=## cs.state=0 cs.type=CA authType=pwd admin.interface.uri=ca/admin/console/config/wizard ee.interface.uri=ca/ee/ca agent.interface.uri=ca/agent/ca preop.securitydomain.admin_url=https://[PKI_MACHINE_NAME]:9445 securitydomain.flushinterval=86400000 securitydomain.source=ldap securitydomain.checkinterval=300000 instanceRoot=[PKI_INSTANCE_PATH] configurationRoot=/[PKI_SUBSYSTEM_DIR]conf/ machineName=[PKI_MACHINE_NAME] instanceId=[PKI_INSTANCE_ID] pidDir=[PKI_PIDDIR] service.machineName=[PKI_MACHINE_NAME] service.instanceDir=[PKI_INSTANCE_ROOT] service.securePort=[PKI_AGENT_SECURE_PORT] service.non_clientauth_securePort=[PKI_EE_SECURE_PORT] service.clientauth_securePort=[PKI_EE_SECURE_CLIENT_AUTH_PORT] service.unsecurePort=[PKI_UNSECURE_PORT] service.instanceID=[PKI_INSTANCE_ID] preop.admin.name=Certificate System Administrator preop.admin.group=Certificate Manager Agents preop.admincert.profile=caAdminCert preop.pin=[PKI_RANDOM_NUMBER] ca.cert.list=signing,ocsp_signing,sslserver,subsystem,audit_signing ca.cert.signing.certusage=SSLCA ca.cert.ocsp_signing.certusage=StatusResponder ca.cert.sslserver.certusage=SSLServer ca.cert.subsystem.certusage=SSLClient ca.cert.audit_signing.certusage=ObjectSigner preop.cert.list=signing,ocsp_signing,sslserver,subsystem,audit_signing preop.cert.rsalist=audit_signing preop.cert.signing.enable=true preop.cert.ocsp_signing.enable=true preop.cert.sslserver.enable=true preop.cert.subsystem.enable=true preop.cert.audit_signing.enable=true preop.cert.signing.defaultSigningAlgorithm=SHA256withRSA preop.cert.signing.dn=CN=Certificate Authority preop.cert.signing.cncomponent.override=true preop.cert.signing.keysize.size=2048 preop.cert.signing.keysize.custom_size=2048 preop.cert.signing.nickname=caSigningCert cert-[PKI_INSTANCE_ID] preop.cert.signing.profile=caCert.profile preop.cert.signing.signing.required=true preop.cert.signing.subsystem=ca preop.cert.signing.type=selfsign preop.cert.signing.userfriendlyname=CA Signing Certificate preop.cert.audit_signing.defaultSigningAlgorithm=SHA256withRSA preop.cert.audit_signing.dn=CN=CA Audit Signing Certificate preop.cert.audit_signing.keysize.custom_size=2048 preop.cert.audit_signing.keysize.size=2048 preop.cert.audit_signing.nickname=auditSigningCert cert-[PKI_INSTANCE_ID] preop.cert.audit_signing.profile=caAuditSigningCert.profile preop.cert.audit_signing.signing.required=false preop.cert.audit_signing.subsystem=ca preop.cert.audit_signing.type=local preop.cert.audit_signing.userfriendlyname=CA Audit Signing Certificate preop.cert.audit_signing.cncomponent.override=true preop.cert.ocsp_signing.defaultSigningAlgorithm=SHA256withRSA preop.cert.ocsp_signing.dn=CN=OCSP Signing Certificate preop.cert.ocsp_signing.keysize.custom_size=2048 preop.cert.ocsp_signing.keysize.size=2048 preop.cert.ocsp_signing.nickname=ocspSigningCert cert-[PKI_INSTANCE_ID] preop.cert.ocsp_signing.profile=caOCSPCert.profile preop.cert.ocsp_signing.signing.required=true preop.cert.ocsp_signing.subsystem=ca preop.cert.ocsp_signing.type=local preop.cert.ocsp_signing.userfriendlyname=OCSP Signing Certificate preop.cert.ocsp_signing.cncomponent.override=true preop.cert.sslserver.defaultSigningAlgorithm=SHA256withRSA preop.cert.sslserver.dn=CN=[PKI_MACHINE_NAME] preop.cert.sslserver.keysize.custom_size=2048 preop.cert.sslserver.keysize.size=2048 preop.cert.sslserver.nickname=Server-Cert cert-[PKI_INSTANCE_ID] preop.cert.sslserver.profile=serverCert.profile preop.cert.sslserver.signing.required=false preop.cert.sslserver.subsystem=ca preop.cert.sslserver.type=local preop.cert.sslserver.userfriendlyname=SSL Server Certificate preop.cert.sslserver.cncomponent.override=false preop.cert.subsystem.defaultSigningAlgorithm=SHA256withRSA preop.cert.subsystem.dn=CN=CA Subsystem Certificate preop.cert.subsystem.keysize.custom_size=2048 preop.cert.subsystem.keysize.size=2048 preop.cert.subsystem.nickname=subsystemCert cert-[PKI_INSTANCE_ID] preop.cert.subsystem.profile=subsystemCert.profile preop.cert.subsystem.signing.required=false preop.cert.subsystem.subsystem=ca preop.cert.subsystem.type=local preop.cert.subsystem.userfriendlyname=Subsystem Certificate preop.cert.subsystem.cncomponent.override=true preop.cert.admin.defaultSigningAlgorithm=SHA256withRSA preop.cert.admin.dn=uid=admin,cn=admin preop.cert.admin.keysize.custom_size=2048 preop.cert.admin.keysize.size=2048 preop.cert.admin.profile=adminCert.profile preop.hierarchy.profile=caCert.profile preop.configModules.module0.userFriendlyName=NSS Internal PKCS #11 Module preop.configModules.module0.commonName=NSS Internal PKCS #11 Module preop.configModules.module0.imagePath=../img/clearpixel.gif preop.configModules.module1.userFriendlyName=nCipher's nFast Token Hardware Module preop.configModules.module1.commonName=nfast preop.configModules.module1.imagePath=../img/clearpixel.gif preop.configModules.module2.userFriendlyName=SafeNet's LunaSA Token Hardware Module preop.configModules.module2.commonName=lunasa preop.configModules.module2.imagePath=../img/clearpixel.gif preop.configModules.count=3 preop.module.token=Internal Key Storage Token preop.name.caDN=CN=Certificate Authority preop.name.sslDN=CN=[PKI_MACHINE_NAME] preop.name.ocspDN=CN=OCSP Signing Certificate preop.name.subsystemDN=CN=CA Subsystem Certificate preop.name.canickname=caSigningCert cert-[PKI_INSTANCE_ID] preop.name.ocspnickname=ocspSigningCert cert-[PKI_INSTANCE_ID] preop.name.subsystemnickname=subsystemCert cert-[PKI_INSTANCE_ID] preop.name.sslnickname=Server-Cert cert-[PKI_INSTANCE_ID] preop.subsystem.count=0 subsystem.count=0 passwordFile=[PKI_INSTANCE_PATH]/conf/password.conf passwordClass=com.netscape.cmsutil.password.PlainPasswordFile CrossCertPair._000=## CrossCertPair._001=## CrossCertPair Import CrossCertPair._002=## CrossCertPair.ldap=internaldb accessEvaluator.impl.group.class=com.netscape.cms.evaluators.GroupAccessEvaluator accessEvaluator.impl.ipaddress.class=com.netscape.cms.evaluators.IPAddressAccessEvaluator accessEvaluator.impl.user.class=com.netscape.cms.evaluators.UserAccessEvaluator accessEvaluator.impl.user_origreq.class=com.netscape.cms.evaluators.UserOrigReqAccessEvaluator auths._000=## auths._001=## new authentication auths._002=## auths.impl._000=## auths.impl._001=## authentication manager implementations auths.impl._002=## auths.impl.AgentCertAuth.class=com.netscape.cms.authentication.AgentCertAuthentication auths.impl.CMCAuth.class=com.netscape.cms.authentication.CMCAuth auths.impl.NISAuth.class=com.netscape.cms.authentication.NISAuth auths.impl.PortalEnroll.class=com.netscape.cms.authentication.PortalEnroll auths.impl.SSLclientCertAuth.class=com.netscape.cms.authentication.SSLclientCertAuthentication auths.impl.UdnPwdDirAuth.class=com.netscape.cms.authentication.UdnPwdDirAuthentication auths.impl.UidPwdDirAuth.class=com.netscape.cms.authentication.UidPwdDirAuthentication auths.impl.UidPwdPinDirAuth.class=com.netscape.cms.authentication.UidPwdPinDirAuthentication auths.impl.UidPwdGroupDirAuth.class=com.netscape.cms.authentication.UidPwdGroupDirAuthentication auths.impl.TokenAuth.class=com.netscape.cms.authentication.TokenAuthentication auths.impl.FlatFileAuth.class=com.netscape.cms.authentication.FlatFileAuth auths.instance.TokenAuth.pluginName=TokenAuth auths.instance.AgentCertAuth.agentGroup=Certificate Manager Agents auths.instance.AgentCertAuth.pluginName=AgentCertAuth auths.instance.raCertAuth.agentGroup=Registration Manager Agents auths.instance.raCertAuth.pluginName=AgentCertAuth auths.instance.flatFileAuth.pluginName=FlatFileAuth auths.instance.flatFileAuth.fileName=[PKI_INSTANCE_PATH]/conf/[PKI_SUBSYSTEM_DIR]flatfile.txt auths.instance.SSLclientCertAuth.pluginName=SSLclientCertAuth auths.revocationChecking.bufferSize=50 auths.revocationChecking.ca=ca auths.revocationChecking.enabled=true auths.revocationChecking.unknownStateInterval=0 auths.revocationChecking.validityInterval=120 authz._000=## authz._001=## new authorizatioin authz._002=## authz.evaluateOrder=deny,allow authz.sourceType=ldap authz.impl._000=## authz.impl._001=## authorization manager implementations authz.impl._002=## authz.impl.BasicAclAuthz.class=com.netscape.cms.authorization.BasicAclAuthz authz.impl.DirAclAuthz.class=com.netscape.cms.authorization.DirAclAuthz authz.instance.BasicAclAuthz.pluginName=BasicAclAuthz authz.instance.DirAclAuthz.ldap=internaldb authz.instance.DirAclAuthz.pluginName=DirAclAuthz authz.instance.DirAclAuthz.ldap._000=## authz.instance.DirAclAuthz.ldap._001=## Internal Database authz.instance.DirAclAuthz.ldap._002=## ca.ocsp=true ca.certdbInc=20 ca.crldbInc=20 ca.id=ca ca.local=true ca.ocspUseCache=false ca.enableNonces=true ca.maxNumberOfNonces=100 ca.reqdbInc=20 ca.transitMaxRecords=1000000 ca.transitRecordPageSize=200 ca.maxSearchReturns._000=## ca.maxSearchReturns._001=## limits number of search results ca.maxSearchReturns._002=## returned by SearchReqs and SrchCerts ca.maxSearchReturns._003=## ca.maxSearchReturns=1000 ca.scep._000=## ca.scep._001=## Enable the following parameters to enable SCEP requests ca.scep._002=## to be signed by a separate key pair: ca.scep._003=## ca.scep._004=## ca.scep.nickname= ca.scep._005=## ca.scep.tokenname= ca.scep._006=## ca.scep.enable=false ca.scep.hashAlgorithm=SHA1 ca.scep.allowedHashAlgorithms=SHA1,SHA256,SHA512 ca.scep.encryptionAlgorithm=DES3 ca.scep.allowedEncryptionAlgorithms=DES3 ca.scep.nonceSizeLimit=16 ca.Policy._000=## ca.Policy._001=## Certificate Policy Framework (deprecated) ca.Policy._002=## ca.Policy._003=## Set 'ca.Policy.enable=true' to allow the following: ca.Policy._004=## ca.Policy._005=## SERVLET-NAME URL-PATTERN ca.Policy._006=## ==================================================== ca.Policy._007=## caadminEnroll ca/admin/ca/adminEnroll.html ca.Policy._008=## cabulkissuance ca/agent/ca/bulkissuance.html ca.Policy._009=## cacertbasedenrollment ca/certbasedenrollment.html ca.Policy._010=## caenrollment ca/enrollment.html ca.Policy._011=## capolicy ca/capolicy ca.Policy._012=## ca.Policy.enable=false ca.Policy.order=KeyAlgRule, RSAKeyRule, DefaultValidityRule, RenewalConstraintsRule, DefaultRenewalValidityRule, RevocationConstraintsRule, NSCertTypeExt, CMCertKeyUsageExt, RMCertKeyUsageExt, ClientCertKeyUsageExt, ServerCertKeyUsageExt, ObjSignCertKeyUsageExt, CRLSignCertKeyUsageExt, SubjectKeyIdentifierExt, CertificatePoliciesExt, NSCCommentExt, OCSPNoCheckExt, OCSPSigningExt, CODESigningExt, GenericASN1Ext, CRLDistributionPointsExt, SubjectAltNameExt, SigningAlgRule, AuthorityKeyIdentifierExt, AuthInfoAccessExt, BasicConstraintsExt, UniqueSubjectNameConstraints, NameConstraintsExt, PolicyConstraintsExt, SubCANameConstraints, PolicyMappingsExt, IssuerRule ca.Policy.processor=classic ca.Policy.impl._000=## ca.Policy.impl._001=## Policy Implementations ca.Policy.impl._002=## ca.Policy.impl.AttributePresentConstraints.class=com.netscape.cms.policy.constraints.AttributePresentConstraints ca.Policy.impl.AuthInfoAccessExt.class=com.netscape.cms.policy.extensions.AuthInfoAccessExt ca.Policy.impl.AuthorityKeyIdentifierExt.class=com.netscape.cms.policy.extensions.AuthorityKeyIdentifierExt ca.Policy.impl.BasicConstraintsExt.class=com.netscape.cms.policy.extensions.BasicConstraintsExt ca.Policy.impl.CRLDistributionPointsExt.class=com.netscape.cms.policy.extensions.CRLDistributionPointsExt ca.Policy.impl.CertificatePoliciesExt.class=com.netscape.cms.policy.extensions.CertificatePoliciesExt ca.Policy.impl.CertificateRenewalWindowExt.class=com.netscape.cms.policy.extensions.CertificateRenewalWindowExt ca.Policy.impl.CertificateScopeOfUseExt.class=com.netscape.cms.policy.extensions.CertificateScopeOfUseExt ca.Policy.impl.DSAKeyConstraints.class=com.netscape.cms.policy.constraints.DSAKeyConstraints ca.Policy.impl.ExtendedKeyUsageExt.class=com.netscape.cms.policy.extensions.ExtendedKeyUsageExt ca.Policy.impl.GenericASN1Ext.class=com.netscape.cms.policy.extensions.GenericASN1Ext ca.Policy.impl.IssuerAltNameExt.class=com.netscape.cms.policy.extensions.IssuerAltNameExt ca.Policy.impl.IssuerConstraints.class=com.netscape.cms.policy.constraints.IssuerConstraints ca.Policy.impl.KeyAlgorithmConstraints.class=com.netscape.cms.policy.constraints.KeyAlgorithmConstraints ca.Policy.impl.KeyUsageExt.class=com.netscape.cms.policy.extensions.KeyUsageExt ca.Policy.impl.NSCCommentExt.class=com.netscape.cms.policy.extensions.NSCCommentExt ca.Policy.impl.NSCertTypeExt.class=com.netscape.cms.policy.extensions.NSCertTypeExt ca.Policy.impl.NameConstraintsExt.class=com.netscape.cms.policy.extensions.NameConstraintsExt ca.Policy.impl.OCSPNoCheckExt.class=com.netscape.cms.policy.extensions.OCSPNoCheckExt ca.Policy.impl.PolicyConstraintsExt.class=com.netscape.cms.policy.extensions.PolicyConstraintsExt ca.Policy.impl.PolicyMappingsExt.class=com.netscape.cms.policy.extensions.PolicyMappingsExt ca.Policy.impl.PrivateKeyUsagePeriodExt.class=com.netscape.cms.policy.extensions.PrivateKeyUsagePeriodExt ca.Policy.impl.RSAKeyConstraints.class=com.netscape.cms.policy.constraints.RSAKeyConstraints ca.Policy.impl.RemoveBasicConstraintsExt.class=com.netscape.cms.policy.extensions.RemoveBasicConstraintsExt ca.Policy.impl.RenewalConstraints.class=com.netscape.cms.policy.constraints.RenewalConstraints ca.Policy.impl.RenewalValidityConstraints.class=com.netscape.cms.policy.constraints.RenewalValidityConstraints ca.Policy.impl.RevocationConstraints.class=com.netscape.cms.policy.constraints.RevocationConstraints ca.Policy.impl.SigningAlgorithmConstraints.class=com.netscape.cms.policy.constraints.SigningAlgorithmConstraints ca.Policy.impl.SubCANameConstraints.class=com.netscape.cms.policy.constraints.SubCANameConstraints ca.Policy.impl.SubjectAltNameExt.class=com.netscape.cms.policy.extensions.SubjectAltNameExt ca.Policy.impl.SubjectDirectoryAttributesExt.class=com.netscape.cms.policy.extensions.SubjectDirectoryAttributesExt ca.Policy.impl.SubjectKeyIdentifierExt.class=com.netscape.cms.policy.extensions.SubjectKeyIdentifierExt ca.Policy.impl.UniqueSubjectNameConstraints.class=com.netscape.cms.policy.constraints.UniqueSubjectNameConstraints ca.Policy.impl.ValidityConstraints.class=com.netscape.cms.policy.constraints.ValidityConstraints ca.Policy.rule.AuthInfoAccessExt.ad0_location=http://[PKI_MACHINE_NAME]:8080/ocsp ca.Policy.rule.AuthInfoAccessExt.ad0_location_type=URL ca.Policy.rule.AuthInfoAccessExt.ad0_method=ocsp ca.Policy.rule.AuthInfoAccessExt.enable=false ca.Policy.rule.AuthInfoAccessExt.implName=AuthInfoAccessExt ca.Policy.rule.AuthInfoAccessExt.numADs=1 ca.Policy.rule.AuthInfoAccessExt.predicate=HTTP_PARAMS.certType==client ca.Policy.rule.AuthorityKeyIdentifierExt.enable=true ca.Policy.rule.AuthorityKeyIdentifierExt.implName=AuthorityKeyIdentifierExt ca.Policy.rule.AuthorityKeyIdentifierExt.predicate= ca.Policy.rule.BasicConstraintsExt.critical=true ca.Policy.rule.BasicConstraintsExt.enable=true ca.Policy.rule.BasicConstraintsExt.implName=BasicConstraintsExt ca.Policy.rule.BasicConstraintsExt.maxPathLen= ca.Policy.rule.BasicConstraintsExt.predicate=HTTP_PARAMS.certType == ca ca.Policy.rule.BasicConstraintsExt.removeBasicExt=true ca.Policy.rule.CMCertKeyUsageExt.crlSign=true ca.Policy.rule.CMCertKeyUsageExt.dataEncipherment=false ca.Policy.rule.CMCertKeyUsageExt.decipherOnly=false ca.Policy.rule.CMCertKeyUsageExt.digitalSignature=true ca.Policy.rule.CMCertKeyUsageExt.enable=true ca.Policy.rule.CMCertKeyUsageExt.encipherOnly=false ca.Policy.rule.CMCertKeyUsageExt.implName=KeyUsageExt ca.Policy.rule.CMCertKeyUsageExt.keyAgreement=false ca.Policy.rule.CMCertKeyUsageExt.keyCertsign=true ca.Policy.rule.CMCertKeyUsageExt.keyEncipherment=false ca.Policy.rule.CMCertKeyUsageExt.nonRepudiation=true ca.Policy.rule.CMCertKeyUsageExt.predicate=HTTP_PARAMS.certType==ca ca.Policy.rule.CODESigningExt.critical=false ca.Policy.rule.CODESigningExt.enable=true ca.Policy.rule.CODESigningExt.id0=1.3.6.1.5.5.7.3.3 ca.Policy.rule.CODESigningExt.implName=ExtendedKeyUsageExt ca.Policy.rule.CODESigningExt.predicate=HTTP_PARAMS.certType==codeSignClient ca.Policy.rule.CRLDistributionPointsExt.enable=false ca.Policy.rule.CRLDistributionPointsExt.implName=CRLDistributionPointsExt ca.Policy.rule.CRLDistributionPointsExt.issuerName0= ca.Policy.rule.CRLDistributionPointsExt.issuerName1= ca.Policy.rule.CRLDistributionPointsExt.issuerName2= ca.Policy.rule.CRLDistributionPointsExt.issuerType0= ca.Policy.rule.CRLDistributionPointsExt.issuerType1= ca.Policy.rule.CRLDistributionPointsExt.issuerType2= ca.Policy.rule.CRLDistributionPointsExt.numPoints=0 ca.Policy.rule.CRLDistributionPointsExt.pointName0= ca.Policy.rule.CRLDistributionPointsExt.pointName1= ca.Policy.rule.CRLDistributionPointsExt.pointName2= ca.Policy.rule.CRLDistributionPointsExt.pointType0= ca.Policy.rule.CRLDistributionPointsExt.pointType1= ca.Policy.rule.CRLDistributionPointsExt.pointType2= ca.Policy.rule.CRLDistributionPointsExt.predicate= ca.Policy.rule.CRLDistributionPointsExt.reasons0= ca.Policy.rule.CRLDistributionPointsExt.reasons1= ca.Policy.rule.CRLDistributionPointsExt.reasons2= ca.Policy.rule.CRLSignCertKeyUsageExt.crlSign=true ca.Policy.rule.CRLSignCertKeyUsageExt.dataEncipherment=false ca.Policy.rule.CRLSignCertKeyUsageExt.decipherOnly=false ca.Policy.rule.CRLSignCertKeyUsageExt.digitalSignature=false ca.Policy.rule.CRLSignCertKeyUsageExt.enable=true ca.Policy.rule.CRLSignCertKeyUsageExt.encipherOnly=false ca.Policy.rule.CRLSignCertKeyUsageExt.implName=KeyUsageExt ca.Policy.rule.CRLSignCertKeyUsageExt.keyAgreement=false ca.Policy.rule.CRLSignCertKeyUsageExt.keyCertsign=false ca.Policy.rule.CRLSignCertKeyUsageExt.keyEncipherment=false ca.Policy.rule.CRLSignCertKeyUsageExt.nonRepudiation=false ca.Policy.rule.CRLSignCertKeyUsageExt.predicate=HTTP_PARAMS.certType==caCrlSigning ca.Policy.rule.CertificatePoliciesExt.critical=false ca.Policy.rule.CertificatePoliciesExt.enable=false ca.Policy.rule.CertificatePoliciesExt.implName=CertificatePoliciesExt ca.Policy.rule.CertificatePoliciesExt.numCertPolicies=1 ca.Policy.rule.CertificatePoliciesExt.predicate= ca.Policy.rule.CertificatePoliciesExt.certPolicy0.cpsURI= ca.Policy.rule.CertificatePoliciesExt.certPolicy0.noticeRefNumbers= ca.Policy.rule.CertificatePoliciesExt.certPolicy0.noticeRefOrganization= ca.Policy.rule.CertificatePoliciesExt.certPolicy0.policyId= ca.Policy.rule.CertificatePoliciesExt.certPolicy0.userNoticeExplicitText= ca.Policy.rule.ClientCertKeyUsageExt.crlSign=false ca.Policy.rule.ClientCertKeyUsageExt.dataEncipherment=false ca.Policy.rule.ClientCertKeyUsageExt.decipherOnly=false ca.Policy.rule.ClientCertKeyUsageExt.digitalSignature=true ca.Policy.rule.ClientCertKeyUsageExt.enable=true ca.Policy.rule.ClientCertKeyUsageExt.encipherOnly=false ca.Policy.rule.ClientCertKeyUsageExt.implName=KeyUsageExt ca.Policy.rule.ClientCertKeyUsageExt.keyAgreement=false ca.Policy.rule.ClientCertKeyUsageExt.keyCertsign=false ca.Policy.rule.ClientCertKeyUsageExt.keyEncipherment=true ca.Policy.rule.ClientCertKeyUsageExt.nonRepudiation=true ca.Policy.rule.ClientCertKeyUsageExt.predicate=HTTP_PARAMS.certType==client ca.Policy.rule.DSAKeyRule.enable=true ca.Policy.rule.DSAKeyRule.implName=DSAKeyConstraints ca.Policy.rule.DSAKeyRule.maxSize=1024 ca.Policy.rule.DSAKeyRule.minSize=512 ca.Policy.rule.DSAKeyRule.predicate= ca.Policy.rule.DefaultRenewalValidityRule.enable=true ca.Policy.rule.DefaultRenewalValidityRule.implName=RenewalValidityConstraints ca.Policy.rule.DefaultRenewalValidityRule.maxValidity=365 ca.Policy.rule.DefaultRenewalValidityRule.minValidity=30 ca.Policy.rule.DefaultRenewalValidityRule.predicate= ca.Policy.rule.DefaultRenewalValidityRule.renewalInterval=15 ca.Policy.rule.DefaultValidityRule.enable=true ca.Policy.rule.DefaultValidityRule.implName=ValidityConstraints ca.Policy.rule.DefaultValidityRule.maxValidity=365 ca.Policy.rule.DefaultValidityRule.minValidity=1 ca.Policy.rule.DefaultValidityRule.predicate= ca.Policy.rule.GenericASN1Ext.critical=false ca.Policy.rule.GenericASN1Ext.enable=false ca.Policy.rule.GenericASN1Ext.implName=GenericASN1Ext ca.Policy.rule.GenericASN1Ext.name= ca.Policy.rule.GenericASN1Ext.oid= ca.Policy.rule.GenericASN1Ext.pattern= ca.Policy.rule.GenericASN1Ext.predicate= ca.Policy.rule.GenericASN1Ext.attribute.0.source= ca.Policy.rule.GenericASN1Ext.attribute.0.type= ca.Policy.rule.GenericASN1Ext.attribute.0.value= ca.Policy.rule.GenericASN1Ext.attribute.1.source= ca.Policy.rule.GenericASN1Ext.attribute.1.type= ca.Policy.rule.GenericASN1Ext.attribute.1.value= ca.Policy.rule.GenericASN1Ext.attribute.2.source= ca.Policy.rule.GenericASN1Ext.attribute.2.type= ca.Policy.rule.GenericASN1Ext.attribute.2.value= ca.Policy.rule.GenericASN1Ext.attribute.3.source= ca.Policy.rule.GenericASN1Ext.attribute.3.type= ca.Policy.rule.GenericASN1Ext.attribute.3.value= ca.Policy.rule.GenericASN1Ext.attribute.4.source= ca.Policy.rule.GenericASN1Ext.attribute.4.type= ca.Policy.rule.GenericASN1Ext.attribute.4.value= ca.Policy.rule.GenericASN1Ext.attribute.5.source= ca.Policy.rule.GenericASN1Ext.attribute.5.type= ca.Policy.rule.GenericASN1Ext.attribute.5.value= ca.Policy.rule.GenericASN1Ext.attribute.6.source= ca.Policy.rule.GenericASN1Ext.attribute.6.type= ca.Policy.rule.GenericASN1Ext.attribute.6.value= ca.Policy.rule.GenericASN1Ext.attribute.7.source= ca.Policy.rule.GenericASN1Ext.attribute.7.type= ca.Policy.rule.GenericASN1Ext.attribute.7.value= ca.Policy.rule.GenericASN1Ext.attribute.8.source= ca.Policy.rule.GenericASN1Ext.attribute.8.type= ca.Policy.rule.GenericASN1Ext.attribute.8.value= ca.Policy.rule.GenericASN1Ext.attribute.9.source= ca.Policy.rule.GenericASN1Ext.attribute.9.type= ca.Policy.rule.GenericASN1Ext.attribute.9.value= ca.Policy.rule.IssuerRule.enable=false ca.Policy.rule.IssuerRule.implName=IssuerConstraints ca.Policy.rule.IssuerRule.issuerDN= ca.Policy.rule.IssuerRule.predicate=HTTP_PARAMS.certType==client AND certauthEnroll==on ca.Policy.rule.KeyAlgRule.algorithms=RSA,DSA ca.Policy.rule.KeyAlgRule.enable=true ca.Policy.rule.KeyAlgRule.implName=KeyAlgorithmConstraints ca.Policy.rule.KeyAlgRule.predicate= ca.Policy.rule.NSCCommentExt.commentFile= ca.Policy.rule.NSCCommentExt.enable=false ca.Policy.rule.NSCCommentExt.implName=NSCCommentExt ca.Policy.rule.NSCCommentExt.inputType=Text ca.Policy.rule.NSCCommentExt.predicate= ca.Policy.rule.NSCertTypeExt.enable=true ca.Policy.rule.NSCertTypeExt.implName=NSCertTypeExt ca.Policy.rule.NSCertTypeExt.predicate=HTTP_PARAMS.certType!=CEP-Request ca.Policy.rule.NameConstraintsExt.critical=true ca.Policy.rule.NameConstraintsExt.enable=false ca.Policy.rule.NameConstraintsExt.implName=NameConstraintsExt ca.Policy.rule.NameConstraintsExt.numExcludedSubtrees=3 ca.Policy.rule.NameConstraintsExt.numPermittedSubtrees=3 ca.Policy.rule.NameConstraintsExt.predicate=HTTP_PARAMS.certType == ca ca.Policy.rule.NameConstraintsExt.excludedSubtrees0.max=-1 ca.Policy.rule.NameConstraintsExt.excludedSubtrees0.min=0 ca.Policy.rule.NameConstraintsExt.excludedSubtrees0.base.generalNameChoice= ca.Policy.rule.NameConstraintsExt.excludedSubtrees0.base.generalNameValue= ca.Policy.rule.NameConstraintsExt.excludedSubtrees1.max=-1 ca.Policy.rule.NameConstraintsExt.excludedSubtrees1.min=0 ca.Policy.rule.NameConstraintsExt.excludedSubtrees1.base.generalNameChoice= ca.Policy.rule.NameConstraintsExt.excludedSubtrees1.base.generalNameValue= ca.Policy.rule.NameConstraintsExt.excludedSubtrees2.max=-1 ca.Policy.rule.NameConstraintsExt.excludedSubtrees2.min=0 ca.Policy.rule.NameConstraintsExt.excludedSubtrees2.base.generalNameChoice= ca.Policy.rule.NameConstraintsExt.excludedSubtrees2.base.generalNameValue= ca.Policy.rule.NameConstraintsExt.permittedSubtrees0.max=-1 ca.Policy.rule.NameConstraintsExt.permittedSubtrees0.min=0 ca.Policy.rule.NameConstraintsExt.permittedSubtrees0.base.generalNameChoice= ca.Policy.rule.NameConstraintsExt.permittedSubtrees0.base.generalNameValue= ca.Policy.rule.NameConstraintsExt.permittedSubtrees1.max=-1 ca.Policy.rule.NameConstraintsExt.permittedSubtrees1.min=0 ca.Policy.rule.NameConstraintsExt.permittedSubtrees1.base.generalNameChoice= ca.Policy.rule.NameConstraintsExt.permittedSubtrees1.base.generalNameValue= ca.Policy.rule.NameConstraintsExt.permittedSubtrees2.max=-1 ca.Policy.rule.NameConstraintsExt.permittedSubtrees2.min=0 ca.Policy.rule.NameConstraintsExt.permittedSubtrees2.base.generalNameChoice= ca.Policy.rule.NameConstraintsExt.permittedSubtrees2.base.generalNameValue= ca.Policy.rule.OCSPNoCheckExt.critical=false ca.Policy.rule.OCSPNoCheckExt.enable=true ca.Policy.rule.OCSPNoCheckExt.implName=OCSPNoCheckExt ca.Policy.rule.OCSPNoCheckExt.predicate=HTTP_PARAMS.certType==ocspResponder ca.Policy.rule.OCSPSigningExt.critical=false ca.Policy.rule.OCSPSigningExt.enable=true ca.Policy.rule.OCSPSigningExt.id0=1.3.6.1.5.5.7.3.9 ca.Policy.rule.OCSPSigningExt.implName=ExtendedKeyUsageExt ca.Policy.rule.OCSPSigningExt.predicate=HTTP_PARAMS.certType==ocspResponder ca.Policy.rule.ObjSignCertKeyUsageExt.crlSign=false ca.Policy.rule.ObjSignCertKeyUsageExt.dataEncipherment=false ca.Policy.rule.ObjSignCertKeyUsageExt.decipherOnly=false ca.Policy.rule.ObjSignCertKeyUsageExt.digitalSignature=true ca.Policy.rule.ObjSignCertKeyUsageExt.enable=true ca.Policy.rule.ObjSignCertKeyUsageExt.encipherOnly=false ca.Policy.rule.ObjSignCertKeyUsageExt.implName=KeyUsageExt ca.Policy.rule.ObjSignCertKeyUsageExt.keyAgreement=false ca.Policy.rule.ObjSignCertKeyUsageExt.keyCertsign=true ca.Policy.rule.ObjSignCertKeyUsageExt.keyEncipherment=false ca.Policy.rule.ObjSignCertKeyUsageExt.nonRepudiation=false ca.Policy.rule.ObjSignCertKeyUsageExt.predicate=HTTP_PARAMS.certType==objSignClient ca.Policy.rule.PolicyConstraintsExt.critical=false ca.Policy.rule.PolicyConstraintsExt.enable=false ca.Policy.rule.PolicyConstraintsExt.implName=PolicyConstraintsExt ca.Policy.rule.PolicyConstraintsExt.inhibitPolicyMapping=0 ca.Policy.rule.PolicyConstraintsExt.predicate=HTTP_PARAMS.certType==ca ca.Policy.rule.PolicyConstraintsExt.reqExplicitPolicy=0 ca.Policy.rule.PolicyMappingsExt.critical=false ca.Policy.rule.PolicyMappingsExt.enable=false ca.Policy.rule.PolicyMappingsExt.implName=PolicyMappingsExt ca.Policy.rule.PolicyMappingsExt.numPolicyMappings=1 ca.Policy.rule.PolicyMappingsExt.predicate=HTTP_PARAMS.certType==ca ca.Policy.rule.PolicyMappingsExt.policyMap0.issuerDomainPolicy= ca.Policy.rule.PolicyMappingsExt.policyMap0.subjectDomainPolicy= ca.Policy.rule.RMCertKeyUsageExt.crlSign=false ca.Policy.rule.RMCertKeyUsageExt.dataEncipherment=false ca.Policy.rule.RMCertKeyUsageExt.decipherOnly=false ca.Policy.rule.RMCertKeyUsageExt.digitalSignature=true ca.Policy.rule.RMCertKeyUsageExt.enable=true ca.Policy.rule.RMCertKeyUsageExt.encipherOnly=false ca.Policy.rule.RMCertKeyUsageExt.implName=KeyUsageExt ca.Policy.rule.RMCertKeyUsageExt.keyAgreement=false ca.Policy.rule.RMCertKeyUsageExt.keyCertsign=false ca.Policy.rule.RMCertKeyUsageExt.keyEncipherment=false ca.Policy.rule.RMCertKeyUsageExt.nonRepudiation=true ca.Policy.rule.RMCertKeyUsageExt.predicate=HTTP_PARAMS.certType==ra ca.Policy.rule.RSAKeyRule.enable=false ca.Policy.rule.RSAKeyRule.exponents=3,7,17,65537 ca.Policy.rule.RSAKeyRule.implName=RSAKeyConstraints ca.Policy.rule.RSAKeyRule.maxSize=2048 ca.Policy.rule.RSAKeyRule.minSize=512 ca.Policy.rule.RSAKeyRule.predicate= ca.Policy.rule.RenewalConstraintsRule.enable=true ca.Policy.rule.RenewalConstraintsRule.implName=RenewalConstraints ca.Policy.rule.RenewalConstraintsRule.predicate= ca.Policy.rule.RevocationConstraintsRule.enable=true ca.Policy.rule.RevocationConstraintsRule.implName=RevocationConstraints ca.Policy.rule.RevocationConstraintsRule.predicate= ca.Policy.rule.ServerCertKeyUsageExt.crlSign=false ca.Policy.rule.ServerCertKeyUsageExt.dataEncipherment=true ca.Policy.rule.ServerCertKeyUsageExt.decipherOnly=false ca.Policy.rule.ServerCertKeyUsageExt.digitalSignature=true ca.Policy.rule.ServerCertKeyUsageExt.enable=true ca.Policy.rule.ServerCertKeyUsageExt.encipherOnly=false ca.Policy.rule.ServerCertKeyUsageExt.implName=KeyUsageExt ca.Policy.rule.ServerCertKeyUsageExt.keyAgreement=false ca.Policy.rule.ServerCertKeyUsageExt.keyCertsign=false ca.Policy.rule.ServerCertKeyUsageExt.keyEncipherment=true ca.Policy.rule.ServerCertKeyUsageExt.nonRepudiation=true ca.Policy.rule.ServerCertKeyUsageExt.predicate=HTTP_PARAMS.certType==server ca.Policy.rule.SigningAlgRule.algorithms=MD5withRSA,MD2withRSA,SHA1withRSA,SHA256withRSA,SHA512withRSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC ca.Policy.rule.SigningAlgRule.enable=true ca.Policy.rule.SigningAlgRule.implName=SigningAlgorithmConstraints ca.Policy.rule.SigningAlgRule.predicate= ca.Policy.rule.SubCANameConstraints.enable=true ca.Policy.rule.SubCANameConstraints.implName=SubCANameConstraints ca.Policy.rule.SubCANameConstraints.predicate=HTTP_PARAMS.certType == ca ca.Policy.rule.SubjectAltNameExt.enable=true ca.Policy.rule.SubjectAltNameExt.implName=SubjectAltNameExt ca.Policy.rule.SubjectAltNameExt.numGeneralNames=3 ca.Policy.rule.SubjectAltNameExt.predicate=HTTP_PARAMS.certType!=CEP-Request ca.Policy.rule.SubjectAltNameExt.generalName0.generalNameChoice=rfc822Name ca.Policy.rule.SubjectAltNameExt.generalName0.requestAttr=AUTH_TOKEN.mail ca.Policy.rule.SubjectAltNameExt.generalName1.generalNameChoice=rfc822Name ca.Policy.rule.SubjectAltNameExt.generalName1.requestAttr=AUTH_TOKEN.mailalternateaddress ca.Policy.rule.SubjectAltNameExt.generalName2.generalNameChoice=rfc822Name ca.Policy.rule.SubjectAltNameExt.generalName2.requestAttr=HTTP_PARAMS.csrRequestorEmail ca.Policy.rule.SubjectKeyIdentifierExt.enable=true ca.Policy.rule.SubjectKeyIdentifierExt.implName=SubjectKeyIdentifierExt ca.Policy.rule.SubjectKeyIdentifierExt.predicate=HTTP_PARAMS.certType==ca ca.Policy.rule.UniqueSubjectNameConstraints.enable=false ca.Policy.rule.UniqueSubjectNameConstraints.implName=UniqueSubjectNameConstraints ca.Policy.rule.UniqueSubjectNameConstraints.predicate= ca.crl._000=## ca.crl._001=## CA CRL ca.crl._002=## ca.crl.pageSize=100 ca.crl.MasterCRL.allowExtensions=true ca.crl.MasterCRL.alwaysUpdate=false ca.crl.MasterCRL.autoUpdateInterval=240 ca.crl.MasterCRL.caCertsOnly=false ca.crl.MasterCRL.cacheUpdateInterval=15 ca.crl.MasterCRL.class=com.netscape.ca.CRLIssuingPoint ca.crl.MasterCRL.dailyUpdates=1:00 ca.crl.MasterCRL.description=CA's complete Certificate Revocation List ca.crl.MasterCRL.enable=true ca.crl.MasterCRL.enableCRLCache=true ca.crl.MasterCRL.enableCRLUpdates=true ca.crl.MasterCRL.enableCacheTesting=false ca.crl.MasterCRL.enableCacheRecovery=true ca.crl.MasterCRL.enableDailyUpdates=true ca.crl.MasterCRL.enableUpdateInterval=true ca.crl.MasterCRL.extendedNextUpdate=true ca.crl.MasterCRL.includeExpiredCerts=false ca.crl.MasterCRL.minUpdateInterval=0 ca.crl.MasterCRL.nextUpdateGracePeriod=0 ca.crl.MasterCRL.publishOnStart=false ca.crl.MasterCRL.saveMemory=false ca.crl.MasterCRL.signingAlgorithm=SHA256withRSA ca.crl.MasterCRL.updateSchema=1 ca.crl.MasterCRL.extension.AuthorityInformationAccess.accessLocation0= ca.crl.MasterCRL.extension.AuthorityInformationAccess.accessLocationType0=URI ca.crl.MasterCRL.extension.AuthorityInformationAccess.accessMethod0=caIssuers ca.crl.MasterCRL.extension.AuthorityInformationAccess.class=com.netscape.cms.crl.CMSAuthInfoAccessExtension ca.crl.MasterCRL.extension.AuthorityInformationAccess.critical=false ca.crl.MasterCRL.extension.AuthorityInformationAccess.enable=false ca.crl.MasterCRL.extension.AuthorityInformationAccess.numberOfAccessDescriptions=1 ca.crl.MasterCRL.extension.AuthorityInformationAccess.type=CRLExtension ca.crl.MasterCRL.extension.AuthorityKeyIdentifier.class=com.netscape.cms.crl.CMSAuthorityKeyIdentifierExtension ca.crl.MasterCRL.extension.AuthorityKeyIdentifier.critical=false ca.crl.MasterCRL.extension.AuthorityKeyIdentifier.enable=false ca.crl.MasterCRL.extension.AuthorityKeyIdentifier.type=CRLExtension ca.crl.MasterCRL.extension.CRLNumber.class=com.netscape.cms.crl.CMSCRLNumberExtension ca.crl.MasterCRL.extension.CRLNumber.critical=false ca.crl.MasterCRL.extension.CRLNumber.enable=true ca.crl.MasterCRL.extension.CRLNumber.type=CRLExtension ca.crl.MasterCRL.extension.CRLReason.class=com.netscape.cms.crl.CMSCRLReasonExtension ca.crl.MasterCRL.extension.CRLReason.critical=false ca.crl.MasterCRL.extension.CRLReason.enable=true ca.crl.MasterCRL.extension.CRLReason.type=CRLEntryExtension ca.crl.MasterCRL.extension.DeltaCRLIndicator.class=com.netscape.cms.crl.CMSDeltaCRLIndicatorExtension ca.crl.MasterCRL.extension.DeltaCRLIndicator.critical=true ca.crl.MasterCRL.extension.DeltaCRLIndicator.enable=false ca.crl.MasterCRL.extension.DeltaCRLIndicator.type=CRLExtension ca.crl.MasterCRL.extension.FreshestCRL.class=com.netscape.cms.crl.CMSFreshestCRLExtension ca.crl.MasterCRL.extension.FreshestCRL.critical=false ca.crl.MasterCRL.extension.FreshestCRL.enable=false ca.crl.MasterCRL.extension.FreshestCRL.numPoints=0 ca.crl.MasterCRL.extension.FreshestCRL.pointName0= ca.crl.MasterCRL.extension.FreshestCRL.pointType0= ca.crl.MasterCRL.extension.FreshestCRL.type=CRLExtension ca.crl.MasterCRL.extension.InvalidityDate.class=com.netscape.cms.crl.CMSInvalidityDateExtension ca.crl.MasterCRL.extension.InvalidityDate.critical=false ca.crl.MasterCRL.extension.InvalidityDate.enable=true ca.crl.MasterCRL.extension.InvalidityDate.type=CRLEntryExtension ca.crl.MasterCRL.extension.IssuerAlternativeName.class=com.netscape.cms.crl.CMSIssuerAlternativeNameExtension ca.crl.MasterCRL.extension.IssuerAlternativeName.critical=false ca.crl.MasterCRL.extension.IssuerAlternativeName.enable=false ca.crl.MasterCRL.extension.IssuerAlternativeName.name0= ca.crl.MasterCRL.extension.IssuerAlternativeName.nameType0= ca.crl.MasterCRL.extension.IssuerAlternativeName.numNames=0 ca.crl.MasterCRL.extension.IssuerAlternativeName.type=CRLExtension ca.crl.MasterCRL.extension.IssuingDistributionPoint.class=com.netscape.cms.crl.CMSIssuingDistributionPointExtension ca.crl.MasterCRL.extension.IssuingDistributionPoint.critical=true ca.crl.MasterCRL.extension.IssuingDistributionPoint.enable=false ca.crl.MasterCRL.extension.IssuingDistributionPoint.indirectCRL=false ca.crl.MasterCRL.extension.IssuingDistributionPoint.onlyContainsCACerts=false ca.crl.MasterCRL.extension.IssuingDistributionPoint.onlyContainsUserCerts=false ca.crl.MasterCRL.extension.IssuingDistributionPoint.onlySomeReasons= ca.crl.MasterCRL.extension.IssuingDistributionPoint.pointName= ca.crl.MasterCRL.extension.IssuingDistributionPoint.pointType= ca.crl.MasterCRL.extension.IssuingDistributionPoint.type=CRLExtension ca.notification.certIssued.emailSubject=Your Certificate Request ca.notification.certIssued.emailTemplate=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_DIR]emails/certIssued_CA.html ca.notification.certIssued.enabled=false ca.notification.certIssued.senderEmail= ca.notification.certRevoked.emailSubject=Your Certificate Revoked ca.notification.certRevoked.emailTemplate=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_DIR]emails/certRevoked_CA.html ca.notification.certRevoked.enabled=false ca.notification.certRevoked.senderEmail= ca.notification.requestInQ.emailSubject=Certificate Request in Queue ca.notification.requestInQ.emailTemplate=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_DIR]emails/reqInQueue_CA.html ca.notification.requestInQ.enabled=false ca.notification.requestInQ.recipientEmail= ca.notification.requestInQ.senderEmail= ca.ocsp_signing.cacertnickname=ocspSigningCert cert-[PKI_INSTANCE_ID] ca.ocsp_signing.defaultSigningAlgorithm=SHA256withRSA ca.ocsp_signing.tokenname=internal ca.publish.createOwnDNEntry=false ca.publish.queue.enable=true ca.publish.queue.maxNumberOfThreads=3 ca.publish.queue.pageSize=40 ca.publish.queue.priorityLevel=0 ca.publish.queue.saveStatus=200 ca.publish.mapper.impl.LdapCaSimpleMap.class=com.netscape.cms.publish.mappers.LdapCaSimpleMap ca.publish.mapper.impl.LdapDNCompsMap.class=com.netscape.cms.publish.mappers.LdapCertCompsMap ca.publish.mapper.impl.LdapDNExactMap.class=com.netscape.cms.publish.mappers.LdapCertExactMap ca.publish.mapper.impl.LdapEnhancedMap.class=com.netscape.cms.publish.mappers.LdapEnhancedMap ca.publish.mapper.impl.LdapSimpleMap.class=com.netscape.cms.publish.mappers.LdapSimpleMap ca.publish.mapper.impl.LdapSubjAttrMap.class=com.netscape.cms.publish.mappers.LdapCertSubjMap ca.publish.mapper.impl.NoMap.class=com.netscape.cms.publish.mappers.NoMap ca.publish.mapper.instance.LdapCaCertMap.createCAEntry=true ca.publish.mapper.instance.LdapCaCertMap.dnPattern=UID=$subj.cn,OU=people,O=$subj.o ca.publish.mapper.instance.LdapCaCertMap.pluginName=LdapCaSimpleMap ca.publish.mapper.instance.LdapCrlMap.createCAEntry=true ca.publish.mapper.instance.LdapCrlMap.dnPattern=UID=$subj.cn,OU=people,O=$subj.o ca.publish.mapper.instance.LdapCrlMap.pluginName=LdapCaSimpleMap ca.publish.mapper.instance.LdapUserCertMap.dnPattern=UID=$subj.UID,OU=people,O=$subj.o ca.publish.mapper.instance.LdapUserCertMap.pluginName=LdapSimpleMap ca.publish.mapper.instance.NoMap.pluginName=NoMap ca.publish.publisher.impl.FileBasedPublisher.class=com.netscape.cms.publish.publishers.FileBasedPublisher ca.publish.publisher.impl.LdapCaCertPublisher.class=com.netscape.cms.publish.publishers.LdapCaCertPublisher ca.publish.publisher.impl.LdapCertificatePairPublisher.class=com.netscape.cms.publish.publishers.LdapCertificatePairPublisher ca.publish.publisher.impl.LdapCrlPublisher.class=com.netscape.cms.publish.publishers.LdapCrlPublisher ca.publish.publisher.impl.LdapDeltaCrlPublisher.class=com.netscape.cms.publish.publishers.LdapCrlPublisher ca.publish.publisher.impl.LdapUserCertPublisher.class=com.netscape.cms.publish.publishers.LdapUserCertPublisher ca.publish.publisher.impl.OCSPPublisher.class=com.netscape.cms.publish.publishers.OCSPPublisher ca.publish.publisher.instance.LdapCaCertPublisher.caCertAttr=caCertificate;binary ca.publish.publisher.instance.LdapCaCertPublisher.caObjectClass=pkiCA ca.publish.publisher.instance.LdapCaCertPublisher.pluginName=LdapCaCertPublisher ca.publish.publisher.instance.LdapCrlPublisher.crlAttr=certificateRevocationList;binary ca.publish.publisher.instance.LdapCrlPublisher.pluginName=LdapCrlPublisher ca.publish.publisher.instance.LdapCrlPublisher.crlObjectClass=pkiCA ca.publish.publisher.instance.LdapCrossCertPairPublisher.caObjectClass=pkiCA ca.publish.publisher.instance.LdapCrossCertPairPublisher.crossCertPairAttr=crossCertificatePair;binary ca.publish.publisher.instance.LdapCrossCertPairPublisher.pluginName=LdapCertificatePairPublisher ca.publish.publisher.instance.LdapDeltaCrlPublisher.crlAttr=deltaRevocationList;binary ca.publish.publisher.instance.LdapDeltaCrlPublisher.crlObjectClass=pkiCA,deltaCRL ca.publish.publisher.instance.LdapDeltaCrlPublisher.pluginName=LdapDeltaCrlPublisher ca.publish.publisher.instance.LdapUserCertPublisher.certAttr=userCertificate;binary ca.publish.publisher.instance.LdapUserCertPublisher.pluginName=LdapUserCertPublisher ca.publish.rule.impl.Rule.class=com.netscape.cmscore.ldap.LdapRule ca.publish.rule.instance.LdapCaCertRule.enable=false ca.publish.rule.instance.LdapCaCertRule.mapper=LdapCaCertMap ca.publish.rule.instance.LdapCaCertRule.pluginName=Rule ca.publish.rule.instance.LdapCaCertRule.predicate= ca.publish.rule.instance.LdapCaCertRule.publisher=LdapCaCertPublisher ca.publish.rule.instance.LdapCaCertRule.type=cacert ca.publish.rule.instance.LdapCrlRule.enable=false ca.publish.rule.instance.LdapCrlRule.mapper=LdapCrlMap ca.publish.rule.instance.LdapCrlRule.pluginName=Rule ca.publish.rule.instance.LdapCrlRule.predicate= ca.publish.rule.instance.LdapCrlRule.publisher=LdapCrlPublisher ca.publish.rule.instance.LdapCrlRule.type=crl ca.publish.rule.instance.LdapUserCertRule.enable=false ca.publish.rule.instance.LdapUserCertRule.mapper=LdapUserCertMap ca.publish.rule.instance.LdapUserCertRule.pluginName=Rule ca.publish.rule.instance.LdapUserCertRule.predicate= ca.publish.rule.instance.LdapUserCertRule.publisher=LdapUserCertPublisher ca.publish.rule.instance.LdapUserCertRule.type=certs ca.publish.rule.instance.LdapXCertRule.enable=false ca.publish.rule.instance.LdapXCertRule.mapper=LdapCaCertMap ca.publish.rule.instance.LdapXCertRule.pluginName=Rule ca.publish.rule.instance.LdapXCertRule.predicate= ca.publish.rule.instance.LdapXCertRule.publisher=LdapCrossCertPairPublisher ca.publish.rule.instance.LdapXCertRule.type=xcert cmc.cert.confirmRequired=false cmc.lraPopWitness.verify.allow=true cmc.revokeCert.verify=true cmc.revokeCert.sharedSecret.class=com.netscape.cms.authentication.SharedSecret cmc.sharedSecret.class=com.netscape.cms.authentication.SharedSecret cms.passwordlist=internaldb,replicationdb cms.password.ignore.publishing.failure=true cms.version=@APPLICATION_VERSION_MAJOR@.@APPLICATION_VERSION_MINOR@ cmsgateway._000=## cmsgateway._001=## In the event that all Admin Certificates have been lost cmsgateway._002=## for a given instance, perform the following steps to cmsgateway._003=## re-enroll for a new Admin Certificate: cmsgateway._004=## cmsgateway._005=## (1) Become 'root' cmsgateway._006=## (2) Type: 'service [PKI_INSTANCE_ID] stop' cmsgateway._007=## (3) Edit '[PKI_CFG_PATH_NAME]' cmsgateway._008=## and set the following name-value pairs (if necessary): cmsgateway._009=## cmsgateway._010=## ca.Policy.enable=true cmsgateway._011=## cmsgateway.enableAdminEnroll=true cmsgateway._012=## cmsgateway._013=## (4) Type: 'service [PKI_INSTANCE_ID] start' cmsgateway._014=## (5) Launch a browser and re-enroll for cmsgateway._015=## a new Admin Certificate by typing: cmsgateway._016=## cmsgateway._017=## https://[PKI_MACHINE_NAME]:[PKI_ADMIN_SECURE_PORT]/ca/admin/ca/adminEnroll.html cmsgateway._018=## cmsgateway._019=## (6) Verify that the browser contains the new cmsgateway._020=## Admin Certificate by successfully navigating to: cmsgateway._021=## cmsgateway._022=## https://[PKI_MACHINE_NAME]:[PKI_AGENT_SECURE_PORT]/ca/agent/ca/ cmsgateway._023=## cmsgateway._024=## (7) Optionally, disable the Certificate Policies Framework cmsgateway._025=## by following steps (1) - (4), but ONLY resetting cmsgateway._026=## 'ca.Policy.enable=false', as cmsgateway._027=## 'cmsgateway.enableAdminEnroll=false' should have cmsgateway._028=## already been reset. cmsgateway._029=## cmsgateway.enableAdminEnroll=false https.port=8443 http.port=8080 dbs.enableSerialManagement=false dbs.beginRequestNumber=1 dbs.endRequestNumber=10000000 dbs.requestIncrement=10000000 dbs.requestLowWaterMark=2000000 dbs.requestCloneTransferNumber=10000 dbs.requestDN=ou=ca, ou=requests dbs.requestRangeDN=ou=requests, ou=ranges dbs.beginSerialNumber=1 dbs.endSerialNumber=10000000 dbs.serialIncrement=10000000 dbs.serialLowWaterMark=2000000 dbs.serialCloneTransferNumber=10000 dbs.serialDN=ou=certificateRepository, ou=ca dbs.serialRangeDN=ou=certificateRepository, ou=ranges dbs.beginReplicaNumber=1 dbs.endReplicaNumber=100 dbs.replicaIncrement=100 dbs.replicaLowWaterMark=20 dbs.replicaCloneTransferNumber=5 dbs.replicaDN=ou=replica dbs.replicaRangeDN=ou=replica, ou=ranges dbs.ldap=internaldb dbs.newSchemaEntryAdded=true debug.append=true debug.enabled=true debug.filename=[PKI_INSTANCE_PATH]/logs/[PKI_SUBSYSTEM_DIR]debug debug.hashkeytypes= debug.level=0 debug.showcaller=false keys.ecc.curve.list=nistp256,nistp384,nistp521,sect163k1,nistk163,sect163r1,sect163r2,nistb163,sect193r1,sect193r2,sect233k1,nistk233,sect233r1,nistb233,sect239k1,sect283k1,nistk283,sect283r1,nistb283,sect409k1,nistk409,sect409r1,nistb409,sect571k1,nistk571,sect571r1,nistb571,secp160k1,secp160r1,secp160r2,secp192k1,secp192r1,nistp192,secp224k1,secp224r1,nistp224,secp256k1,secp256r1,secp384r1,secp521r1,prime192v1,prime192v2,prime192v3,prime239v1,prime239v2,prime239v3,c2pnb163v1,c2pnb163v2,c2pnb163v3,c2pnb176v1,c2tnb191v1,c2tnb191v2,c2tnb191v3,c2pnb208w1,c2tnb239v1,c2tnb239v2,c2tnb239v3,c2pnb272w1,c2pnb304w1,c2tnb359w1,c2pnb368w1,c2tnb431r1,secp112r1,secp112r2,secp128r1,secp128r2,sect113r1,sect113r2,sect131r1,sect131r2 keys.ecc.curve.display.list=nistp256 (secp256r1),nistp384 (secp384r1),nistp521 (secp521r1),nistk163 (sect163k1),sect163r1,nistb163 (sect163r2),sect193r1,sect193r2,nistk233 (sect233k1),nistb233 (sect233r1),sect239k1,nistk283 (sect283k1),nistb283 (sect283r1),nistk409 (sect409k1),nistb409 (sect409r1),nistk571 (sect571k1),nistb571 (sect571r1),secp160k1,secp160r1,secp160r2,secp192k1,nistp192 (secp192r1, prime192v1),secp224k1,nistp224 (secp224r1),secp256k1,prime192v2,prime192v3,prime239v1,prime239v2,prime239v3,c2pnb163v1,c2pnb163v2,c2pnb163v3,c2pnb176v1,c2tnb191v1,c2tnb191v2,c2tnb191v3,c2pnb208w1,c2tnb239v1,c2tnb239v2,c2tnb239v3,c2pnb272w1,c2pnb304w1,c2tnb359w1,c2pnb368w1,c2tnb431r1,secp112r1,secp112r2,secp128r1,secp128r2,sect113r1,sect113r2,sect131r1,sect131r2 keys.ecc.curve.default=nistp256 keys.rsa.keysize.default=2048 internaldb._000=## internaldb._001=## Internal Database internaldb._002=## internaldb.basedn= internaldb.maxConns=15 internaldb.minConns=3 internaldb.ldapauth.authtype=BasicAuth internaldb.ldapauth.bindDN=cn=Directory Manager internaldb.ldapauth.bindPWPrompt=Internal LDAP Database internaldb.ldapauth.clientCertNickname= internaldb.ldapconn.host= internaldb.ldapconn.port= internaldb.ldapconn.secureConn=false preop.internaldb.schema.ldif=/usr/share/pki/ca/conf/schema.ldif preop.internaldb.ldif=/usr/share/pki/ca/conf/database.ldif preop.internaldb.data_ldif=/usr/share/pki/ca/conf/db.ldif,/usr/share/pki/ca/conf/acl.ldif preop.internaldb.index_ldif=/usr/share/pki/ca/conf/index.ldif preop.internaldb.manager_ldif=/usr/share/pki/ca/conf/manager.ldif preop.internaldb.post_ldif=/usr/share/pki/ca/conf/vlv.ldif,/usr/share/pki/ca/conf/vlvtasks.ldif preop.internaldb.wait_dn=cn=index1160589769, cn=index, cn=tasks, cn=config internaldb.multipleSuffix.enable=false jobsScheduler._000=## jobsScheduler._001=## jobScheduler jobsScheduler._002=## jobsScheduler.enabled=false jobsScheduler.interval=1 jobsScheduler.impl.PublishCertsJob.class=com.netscape.cms.jobs.PublishCertsJob jobsScheduler.impl.RenewalNotificationJob.class=com.netscape.cms.jobs.RenewalNotificationJob jobsScheduler.impl.RequestInQueueJob.class=com.netscape.cms.jobs.RequestInQueueJob jobsScheduler.impl.UnpublishExpiredJob.class=com.netscape.cms.jobs.UnpublishExpiredJob jobsScheduler.job.certRenewalNotifier.cron=0 3 * * 1-5 jobsScheduler.job.certRenewalNotifier.emailSubject=Certificate Renewal Notification jobsScheduler.job.certRenewalNotifier.emailTemplate=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_DIR]emails/rnJob1.txt jobsScheduler.job.certRenewalNotifier.enabled=false jobsScheduler.job.certRenewalNotifier.notifyEndOffset=30 jobsScheduler.job.certRenewalNotifier.notifyTriggerOffset=30 jobsScheduler.job.certRenewalNotifier.pluginName=RenewalNotificationJob jobsScheduler.job.certRenewalNotifier.senderEmail= jobsScheduler.job.certRenewalNotifier.summary.emailSubject=Certificate Renewal Notification Summary jobsScheduler.job.certRenewalNotifier.summary.emailTemplate=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_DIR]emails/rnJob1Summary.txt jobsScheduler.job.certRenewalNotifier.summary.enabled=true jobsScheduler.job.certRenewalNotifier.summary.itemTemplate=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_DIR]emails/rnJob1Item.txt jobsScheduler.job.certRenewalNotifier.summary.recipientEmail= jobsScheduler.job.certRenewalNotifier.summary.senderEmail= jobsScheduler.job.publishCerts.cron=0 0 * * 2 jobsScheduler.job.publishCerts.enabled=false jobsScheduler.job.publishCerts.pluginName=PublishCertsJob jobsScheduler.job.publishCerts.summary.emailSubject=Certs Publishing Summary jobsScheduler.job.publishCerts.summary.emailTemplate=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_DIR]emails/publishCerts.html jobsScheduler.job.publishCerts.summary.enabled=true jobsScheduler.job.publishCerts.summary.itemTemplate=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_DIR]emails/publishCertsItem.html jobsScheduler.job.publishCerts.summary.recipientEmail= jobsScheduler.job.publishCerts.summary.senderEmail= jobsScheduler.job.requestInQueueNotifier.cron=0 0 * * 0 jobsScheduler.job.requestInQueueNotifier.enabled=false jobsScheduler.job.requestInQueueNotifier.pluginName=RequestInQueueJob jobsScheduler.job.requestInQueueNotifier.subsystemId=ca jobsScheduler.job.requestInQueueNotifier.summary.emailSubject=Requests in Queue Summary Report jobsScheduler.job.requestInQueueNotifier.summary.emailTemplate=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_DIR]emails/riq1Summary.html jobsScheduler.job.requestInQueueNotifier.summary.enabled=true jobsScheduler.job.requestInQueueNotifier.summary.recipientEmail= jobsScheduler.job.requestInQueueNotifier.summary.senderEmail= jobsScheduler.job.unpublishExpiredCerts.cron=0 0 * * 6 jobsScheduler.job.unpublishExpiredCerts.enabled=false jobsScheduler.job.unpublishExpiredCerts.pluginName=UnpublishExpiredJob jobsScheduler.job.unpublishExpiredCerts.summary.emailSubject=Expired Certs Unpublished Summary jobsScheduler.job.unpublishExpiredCerts.summary.emailTemplate=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_DIR]emails/euJob1.html jobsScheduler.job.unpublishExpiredCerts.summary.enabled=true jobsScheduler.job.unpublishExpiredCerts.summary.itemTemplate=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_DIR]emails/euJob1Item.html jobsScheduler.job.unpublishExpiredCerts.summary.recipientEmail= jobsScheduler.job.unpublishExpiredCerts.summary.senderEmail= jss._000=## jss._001=## JSS jss._002=## jss.configDir=[PKI_INSTANCE_PATH]/alias/ jss.enable=true jss.secmodName=secmod.db jss.ocspcheck.enable=false jss.ssl.cipherfortezza=true jss.ssl.cipherpref= jss.ssl.cipherversion=cipherdomestic log._000=## log._001=## Logging log._002=## log.impl.file.class=com.netscape.cms.logging.RollingLogFile log.instance.SignedAudit._000=## log.instance.SignedAudit._001=## Signed Audit Logging log.instance.SignedAudit._002=## log.instance.SignedAudit._003=## log.instance.SignedAudit._004=## Available Audit events: log.instance.SignedAudit._005=## AUDIT_LOG_STARTUP,AUDIT_LOG_SHUTDOWN,ROLE_ASSUME,CONFIG_CERT_POLICY,CONFIG_CERT_PROFILE,CONFIG_CRL_PROFILE,CONFIG_OCSP_PROFILE,CONFIG_AUTH,CONFIG_ROLE,CONFIG_ACL,CONFIG_SIGNED_AUDIT,CONFIG_ENCRYPTION,CONFIG_TRUSTED_PUBLIC_KEY,CONFIG_DRM,SELFTESTS_EXECUTION,AUDIT_LOG_DELETE,LOG_PATH_CHANGE,LOG_EXPIRATION_CHANGE,PRIVATE_KEY_ARCHIVE_REQUEST,PRIVATE_KEY_ARCHIVE_REQUEST_PROCESSED,PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS,PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE,KEY_RECOVERY_REQUEST,KEY_RECOVERY_REQUEST_ASYNC,KEY_RECOVERY_AGENT_LOGIN,KEY_RECOVERY_REQUEST_PROCESSED,KEY_RECOVERY_REQUEST_PROCESSED_ASYNC,KEY_GEN_ASYMMETRIC,NON_PROFILE_CERT_REQUEST,PROFILE_CERT_REQUEST,CERT_REQUEST_PROCESSED,CERT_STATUS_CHANGE_REQUEST,CERT_STATUS_CHANGE_REQUEST_PROCESSED,AUTHZ_SUCCESS,AUTHZ_FAIL,INTER_BOUNDARY,AUTH_FAIL,AUTH_SUCCESS,CERT_PROFILE_APPROVAL,PROOF_OF_POSSESSION,CRL_RETRIEVAL,CRL_VALIDATION,CMC_SIGNED_REQUEST_SIG_VERIFY,SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_FAILURE,SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_SUCCESS,SERVER_SIDE_KEYGEN_REQUEST,COMPUTE_SESSION_KEY_REQUEST,COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS, COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE,DIVERSIFY_KEY_REQUEST,DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS, DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE,ENCRYPT_DATA_REQUEST,ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS,ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE,OCSP_ADD_CA_REQUEST,OCSP_ADD_CA_REQUEST_PROCESSED,OCSP_REMOVE_CA_REQUEST,OCSP_REMOVE_CA_REQUEST_PROCESSED_SUCCESS,OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE,COMPUTE_RANDOM_DATA_REQUEST,COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_SUCCESS,COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_FAILURE,CIMC_CERT_VERIFICATION,SECURITY_DOMAIN_UPDATE,CONFIG_SERIAL_NUMBER log.instance.SignedAudit._006=## log.instance.SignedAudit.bufferSize=512 log.instance.SignedAudit.enable=true log.instance.SignedAudit.events=AUDIT_LOG_STARTUP,AUDIT_LOG_SHUTDOWN,ROLE_ASSUME,CONFIG_CERT_POLICY,CONFIG_CERT_PROFILE,CONFIG_CRL_PROFILE,CONFIG_OCSP_PROFILE,CONFIG_AUTH,CONFIG_ROLE,CONFIG_ACL,CONFIG_SIGNED_AUDIT,CONFIG_ENCRYPTION,CONFIG_TRUSTED_PUBLIC_KEY,CONFIG_DRM,SELFTESTS_EXECUTION,AUDIT_LOG_DELETE,LOG_PATH_CHANGE,PRIVATE_KEY_ARCHIVE_REQUEST,PRIVATE_KEY_ARCHIVE_REQUEST_PROCESSED,PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS,PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE,KEY_RECOVERY_REQUEST,KEY_RECOVERY_REQUEST_ASYNC,KEY_RECOVERY_AGENT_LOGIN,KEY_RECOVERY_REQUEST_PROCESSED,KEY_RECOVERY_REQUEST_PROCESSED_ASYNC,KEY_GEN_ASYMMETRIC,NON_PROFILE_CERT_REQUEST,PROFILE_CERT_REQUEST,CERT_REQUEST_PROCESSED,CERT_STATUS_CHANGE_REQUEST,CERT_STATUS_CHANGE_REQUEST_PROCESSED,AUTHZ_SUCCESS,AUTHZ_FAIL,INTER_BOUNDARY,AUTH_FAIL,AUTH_SUCCESS,CERT_PROFILE_APPROVAL,PROOF_OF_POSSESSION,CRL_RETRIEVAL,CRL_VALIDATION,CMC_SIGNED_REQUEST_SIG_VERIFY,SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_FAILURE,SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_SUCCESS,SERVER_SIDE_KEYGEN_REQUEST,COMPUTE_SESSION_KEY_REQUEST,COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS, COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE,DIVERSIFY_KEY_REQUEST,DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS, DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE,ENCRYPT_DATA_REQUEST,ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS,ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE,OCSP_ADD_CA_REQUEST,OCSP_ADD_CA_REQUEST_PROCESSED,OCSP_REMOVE_CA_REQUEST,OCSP_REMOVE_CA_REQUEST_PROCESSED_SUCCESS,OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE,COMPUTE_RANDOM_DATA_REQUEST,COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_SUCCESS,COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_FAILURE,CIMC_CERT_VERIFICATION,SECURITY_DOMAIN_UPDATE,CONFIG_SERIAL_NUMBER log.instance.SignedAudit.expirationTime=0 log.instance.SignedAudit.fileName=[PKI_INSTANCE_PATH]/logs/[PKI_SUBSYSTEM_DIR]signedAudit/ca_audit log.instance.SignedAudit.flushInterval=5 log.instance.SignedAudit.level=1 log.instance.SignedAudit.logSigning=false log.instance.SignedAudit.maxFileSize=2000 log.instance.SignedAudit.pluginName=file log.instance.SignedAudit.rolloverInterval=2592000 log.instance.SignedAudit.signedAudit=_002=## log.instance.SignedAudit.signedAuditCertNickname=auditSigningCert cert-[PKI_INSTANCE_ID] log.instance.SignedAudit.type=signedAudit log.instance.System._000=## log.instance.System._001=## System Logging log.instance.System._002=## log.instance.System.bufferSize=512 log.instance.System.enable=true log.instance.System.expirationTime=0 log.instance.System.fileName=[PKI_INSTANCE_PATH]/logs/[PKI_SUBSYSTEM_DIR]system log.instance.System.flushInterval=5 log.instance.System.level=3 log.instance.System.maxFileSize=2000 log.instance.System.pluginName=file log.instance.System.rolloverInterval=2592000 log.instance.System.type=system log.instance.Transactions._000=## log.instance.Transactions._001=## Transaction Logging log.instance.Transactions._002=## log.instance.Transactions.bufferSize=512 log.instance.Transactions.enable=true log.instance.Transactions.expirationTime=0 log.instance.Transactions.fileName=[PKI_INSTANCE_PATH]/logs/[PKI_SUBSYSTEM_DIR]transactions log.instance.Transactions.flushInterval=5 log.instance.Transactions.level=1 log.instance.Transactions.maxFileSize=2000 log.instance.Transactions.pluginName=file log.instance.Transactions.rolloverInterval=2592000 log.instance.Transactions.type=transaction logAudit.fileName=[PKI_INSTANCE_PATH]/logs/[PKI_SUBSYSTEM_DIR]access logError.fileName=[PKI_INSTANCE_PATH]/logs/[PKI_SUBSYSTEM_DIR]error oidmap.auth_info_access.class=netscape.security.extensions.AuthInfoAccessExtension oidmap.auth_info_access.oid=1.3.6.1.5.5.7.1.1 oidmap.challenge_password.class=com.netscape.cms.servlet.cert.scep.ChallengePassword oidmap.challenge_password.oid=1.2.840.113549.1.9.7 oidmap.extended_key_usage.class=netscape.security.extensions.ExtendedKeyUsageExtension oidmap.extended_key_usage.oid=2.5.29.37 oidmap.extensions_requested_pkcs9.class=com.netscape.cms.servlet.cert.scep.ExtensionsRequested oidmap.extensions_requested_pkcs9.oid=1.2.840.113549.1.9.14 oidmap.extensions_requested_vsgn.class=com.netscape.cms.servlet.cert.scep.ExtensionsRequested oidmap.extensions_requested_vsgn.oid=2.16.840.1.113733.1.9.8 oidmap.netscape_comment.class=netscape.security.x509.NSCCommentExtension oidmap.netscape_comment.oid=2.16.840.1.113730.1.13 oidmap.ocsp_no_check.class=netscape.security.extensions.OCSPNoCheckExtension oidmap.ocsp_no_check.oid=1.3.6.1.5.5.7.48.1.5 oidmap.pse.class=netscape.security.extensions.PresenceServerExtension oidmap.pse.oid=2.16.840.1.113730.1.18 oidmap.subject_info_access.class=netscape.security.extensions.SubjectInfoAccessExtension oidmap.subject_info_access.oid=1.3.6.1.5.5.7.1.11 os.userid=nobody profile.list=caUserCert,caECUserCert,caUserSMIMEcapCert,caDualCert,caECDualCert,caSignedLogCert,caTPSCert,caRARouterCert,caRouterCert,caServerCert,caOtherCert,caCACert,caInstallCACert,caRACert,caOCSPCert,caTransportCert,caDirUserCert,caECDirUserCert,caAgentServerCert,caAgentFileSigning,caCMCUserCert,caFullCMCUserCert,caSimpleCMCUserCert,caTokenDeviceKeyEnrollment,caTokenUserEncryptionKeyEnrollment,caTokenUserSigningKeyEnrollment,caTempTokenDeviceKeyEnrollment,caTempTokenUserEncryptionKeyEnrollment,caTempTokenUserSigningKeyEnrollment,caAdminCert,caInternalAuthServerCert,caInternalAuthTransportCert,caInternalAuthDRMstorageCert,caInternalAuthSubsystemCert,caInternalAuthOCSPCert,caInternalAuthAuditSigningCert,DomainController,caDualRAuserCert,caRAagentCert,caRAserverCert,caUUIDdeviceCert,caSSLClientSelfRenewal,caDirUserRenewal,caManualRenewal,caTokenMSLoginEnrollment,caTokenUserSigningKeyRenewal,caTokenUserEncryptionKeyRenewal,caJarSigningCert,caIPAserviceCert,caEncUserCert,caEncECUserCert profile.caUUIDdeviceCert.class_id=caEnrollImpl profile.caUUIDdeviceCert.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_DIR]profiles/ca/caUUIDdeviceCert.cfg profile.caManualRenewal.class_id=caEnrollImpl profile.caManualRenewal.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_DIR]profiles/ca/caManualRenewal.cfg profile.caDirUserRenewal.class_id=caEnrollImpl profile.caDirUserRenewal.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_DIR]profiles/ca/caDirUserRenewal.cfg profile.caSSLClientSelfRenewal.class_id=caEnrollImpl profile.caSSLClientSelfRenewal.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_DIR]profiles/ca/caSSLClientSelfRenewal.cfg profile.DomainController.class_id=caEnrollImpl profile.DomainController.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_DIR]profiles/ca/DomainController.cfg profile.caAgentFileSigning.class_id=caEnrollImpl profile.caAgentFileSigning.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_DIR]profiles/ca/caAgentFileSigning.cfg profile.caAgentServerCert.class_id=caEnrollImpl profile.caAgentServerCert.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_DIR]profiles/ca/caAgentServerCert.cfg profile.caRAserverCert.class_id=caEnrollImpl profile.caRAserverCert.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_DIR]profiles/ca/caRAserverCert.cfg profile.caCACert.class_id=caEnrollImpl profile.caCACert.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_DIR]profiles/ca/caCACert.cfg profile.caInstallCACert.class_id=caEnrollImpl profile.caInstallCACert.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_DIR]profiles/ca/caInstallCACert.cfg profile.caCMCUserCert.class_id=caEnrollImpl profile.caCMCUserCert.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_DIR]profiles/ca/caCMCUserCert.cfg profile.caDirUserCert.class_id=caEnrollImpl profile.caDirUserCert.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_DIR]profiles/ca/caDirUserCert.cfg profile.caECDirUserCert.class_id=caEnrollImpl profile.caECDirUserCert.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_DIR]profiles/ca/caECDirUserCert.cfg profile.caDualCert.class_id=caEnrollImpl profile.caDualCert.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_DIR]profiles/ca/caDualCert.cfg profile.caECDualCert.class_id=caEnrollImpl profile.caECDualCert.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_DIR]profiles/ca/caECDualCert.cfg profile.caDualRAuserCert.class_id=caEnrollImpl profile.caDualRAuserCert.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_DIR]profiles/ca/caDualRAuserCert.cfg profile.caRAagentCert.class_id=caEnrollImpl profile.caRAagentCert.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_DIR]profiles/ca/caRAagentCert.cfg profile.caFullCMCUserCert.class_id=caEnrollImpl profile.caFullCMCUserCert.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_DIR]profiles/ca/caFullCMCUserCert.cfg profile.caInternalAuthOCSPCert.class_id=caEnrollImpl profile.caInternalAuthOCSPCert.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_DIR]profiles/ca/caInternalAuthOCSPCert.cfg profile.caInternalAuthAuditSigningCert.class_id=caEnrollImpl profile.caInternalAuthAuditSigningCert.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_DIR]profiles/ca/caInternalAuthAuditSigningCert.cfg profile.caInternalAuthServerCert.class_id=caEnrollImpl profile.caInternalAuthServerCert.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_DIR]profiles/ca/caInternalAuthServerCert.cfg profile.caInternalAuthSubsystemCert.class_id=caEnrollImpl profile.caInternalAuthSubsystemCert.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_DIR]profiles/ca/caInternalAuthSubsystemCert.cfg profile.caInternalAuthDRMstorageCert.class_id=caEnrollImpl profile.caInternalAuthDRMstorageCert.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_DIR]profiles/ca/caInternalAuthDRMstorageCert.cfg profile.caInternalAuthTransportCert.class_id=caEnrollImpl profile.caInternalAuthTransportCert.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_DIR]profiles/ca/caInternalAuthTransportCert.cfg profile.caOCSPCert.class_id=caEnrollImpl profile.caOCSPCert.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_DIR]profiles/ca/caOCSPCert.cfg profile.caOtherCert.class_id=caEnrollImpl profile.caOtherCert.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_DIR]profiles/ca/caOtherCert.cfg profile.caRACert.class_id=caEnrollImpl profile.caRACert.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_DIR]profiles/ca/caRACert.cfg profile.caRARouterCert.class_id=caEnrollImpl profile.caRARouterCert.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_DIR]profiles/ca/caRARouterCert.cfg profile.caRouterCert.class_id=caEnrollImpl profile.caRouterCert.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_DIR]profiles/ca/caRouterCert.cfg profile.caServerCert.class_id=caEnrollImpl profile.caServerCert.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_DIR]profiles/ca/caServerCert.cfg profile.caSignedLogCert.class_id=caEnrollImpl profile.caSignedLogCert.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_DIR]profiles/ca/caSignedLogCert.cfg profile.caSimpleCMCUserCert.class_id=caEnrollImpl profile.caSimpleCMCUserCert.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_DIR]profiles/ca/caSimpleCMCUserCert.cfg profile.caTPSCert.class_id=caEnrollImpl profile.caTPSCert.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_DIR]profiles/ca/caTPSCert.cfg profile.caAdminCert.class_id=caEnrollImpl profile.caAdminCert.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_DIR]profiles/ca/caAdminCert.cfg profile.caTempTokenDeviceKeyEnrollment.class_id=caUserCertEnrollImpl profile.caTempTokenDeviceKeyEnrollment.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_DIR]profiles/ca/caTempTokenDeviceKeyEnrollment.cfg profile.caTempTokenUserEncryptionKeyEnrollment.class_id=caUserCertEnrollImpl profile.caTempTokenUserEncryptionKeyEnrollment.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_DIR]profiles/ca/caTempTokenUserEncryptionKeyEnrollment.cfg profile.caTokenUserEncryptionKeyRenewal.class_id=caUserCertEnrollImpl profile.caTokenUserEncryptionKeyRenewal.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_DIR]profiles/ca/caTokenUserEncryptionKeyRenewal.cfg profile.caTempTokenUserSigningKeyEnrollment.class_id=caUserCertEnrollImpl profile.caTempTokenUserSigningKeyEnrollment.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_DIR]profiles/ca/caTempTokenUserSigningKeyEnrollment.cfg profile.caTokenUserSigningKeyRenewal.class_id=caUserCertEnrollImpl profile.caTokenUserSigningKeyRenewal.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_DIR]profiles/ca/caTokenUserSigningKeyRenewal.cfg profile.caTokenDeviceKeyEnrollment.class_id=caUserCertEnrollImpl profile.caTokenDeviceKeyEnrollment.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_DIR]profiles/ca/caTokenDeviceKeyEnrollment.cfg profile.caTokenUserEncryptionKeyEnrollment.class_id=caUserCertEnrollImpl profile.caTokenUserEncryptionKeyEnrollment.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_DIR]profiles/ca/caTokenUserEncryptionKeyEnrollment.cfg profile.caTokenUserSigningKeyEnrollment.class_id=caUserCertEnrollImpl profile.caTokenUserSigningKeyEnrollment.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_DIR]profiles/ca/caTokenUserSigningKeyEnrollment.cfg profile.caTokenMSLoginEnrollment.class_id=caUserCertEnrollImpl profile.caTokenMSLoginEnrollment.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_DIR]profiles/ca/caTokenMSLoginEnrollment.cfg profile.caTransportCert.class_id=caEnrollImpl profile.caTransportCert.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_DIR]profiles/ca/caTransportCert.cfg profile.caUserCert.class_id=caEnrollImpl profile.caUserCert.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_DIR]profiles/ca/caUserCert.cfg profile.caECUserCert.class_id=caEnrollImpl profile.caECUserCert.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_DIR]profiles/ca/caECUserCert.cfg profile.caUserSMIMEcapCert.class_id=caEnrollImpl profile.caUserSMIMEcapCert.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_DIR]profiles/ca/caUserSMIMEcapCert.cfg profile.caJarSigningCert.class_id=caEnrollImpl profile.caJarSigningCert.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_DIR]profiles/ca/caJarSigningCert.cfg profile.caIPAserviceCert.class_id=caEnrollImpl profile.caIPAserviceCert.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_DIR]profiles/ca/caIPAserviceCert.cfg profile.caEncUserCert.class_id=caEnrollImpl profile.caEncUserCert.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_DIR]profiles/ca/caEncUserCert.cfg profile.caEncECUserCert.class_id=caEnrollImpl profile.caEncECUserCert.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_DIR]profiles/ca/caEncECUserCert.cfg registry.file=[PKI_INSTANCE_PATH]/conf/[PKI_SUBSYSTEM_DIR]registry.cfg processor.caProfileProcess.getClientCert=true processor.caProfileProcess.authzMgr=BasicAclAuthz processor.caProfileProcess.authorityId=ca processor.caProfileProcess.authzResourceName=certServer.ca.request.profile processor.caProfileProcess.authMgr=certUserDBAuthMgr processor.caProfileSubmit.authorityId=ca processor.caProfileSubmit.authzMgr=BasicAclAuthz processor.caProfileSubmit.authzResourceName=certServer.ee.profile processor.caProfileSubmit.getClientCert=false processor.caDoRevoke.getClientCert=false processor.caDoRevoke.authzMgr=BasicAclAuthz processor.caDoRevoke.authorityId=ca processor.caDoRevoke.authzResourceName=certServer.ee.certificates processor.caDoRevoke-agent.getClientCert=true processor.caDoRevoke-agent.authzMgr=BasicAclAuthz processor.caDoRevoke-agent.authorityId=ca processor.caDoRevoke-agent.authzResourceName=certServer.ca.certificates processor.caDoRevoke-agent.authMgr=certUserDBAuthMgr processor.caDoUnrevoke.getClientCert=true processor.caDoUnrevoke.authzMgr=BasicAclAuthz processor.caDoUnrevoke.authorityId=ca processor.caDoUnrevoke.authzResourceName=certServer.ca.certificate processor.caDoUnrevoke.authMgr=certUserDBAuthMgr request.assignee.enable=true selftests._000=## selftests._001=## Self Tests selftests._002=## selftests._003=## The Self-Test plugin SystemCertsVerification uses the selftests._004=## following parameters (where certusage is optional): selftests._005=## ca.cert.list = selftests._006=## ca.cert..nickname selftests._007=## ca.cert..certusage selftests._008=## selftests.container.instance.CAPresence=com.netscape.cms.selftests.ca.CAPresence selftests.container.instance.CAValidity=com.netscape.cms.selftests.ca.CAValidity selftests.container.instance.SystemCertsVerification=com.netscape.cms.selftests.common.SystemCertsVerification selftests.container.logger.bufferSize=512 selftests.container.logger.class=com.netscape.cms.logging.RollingLogFile selftests.container.logger.enable=true selftests.container.logger.expirationTime=0 selftests.container.logger.fileName=[PKI_INSTANCE_PATH]/logs/[PKI_SUBSYSTEM_DIR]selftests.log selftests.container.logger.flushInterval=5 selftests.container.logger.level=1 selftests.container.logger.maxFileSize=2000 selftests.container.logger.register=false selftests.container.logger.rolloverInterval=2592000 selftests.container.logger.type=transaction selftests.container.order.onDemand=CAPresence:critical, SystemCertsVerification:critical, CAValidity:critical selftests.container.order.startup=CAPresence:critical, SystemCertsVerification:critical selftests.plugin.CAPresence.CaSubId=ca selftests.plugin.CAValidity.CaSubId=ca selftests.plugin.SystemCertsVerification.SubId=ca smtp.host=localhost smtp.port=25 subsystem.0.class=com.netscape.ca.CertificateAuthority subsystem.0.id=ca subsystem.1.class=com.netscape.cmscore.profile.ProfileSubsystem subsystem.1.id=profile subsystem.2.class=com.netscape.cmscore.selftests.SelfTestSubsystem subsystem.2.id=selftests subsystem.3.class=com.netscape.cmscore.cert.CrossCertPairSubsystem subsystem.3.id=CrossCertPair subsystem.4.class=com.netscape.cmscore.util.StatsSubsystem subsystem.4.id=stats usrgrp._000=## usrgrp._001=## User/Group usrgrp._002=## usrgrp.ldap=internaldb multiroles._000=## multiroles._001=## multiroles multiroles._002=## multiroles.enable=true multiroles.false.groupEnforceList=Administrators,Auditors,Trusted Managers,Certificate Manager Agents,Registration Manager Agents,Data Recovery Manager Agents,Online Certificate Status Manager Agents,Token Key Service Manager Agents,Enterprise CA Administrators,Enterprise KRA Administrators,Enterprise OCSP Administrators,Enterprise RA Administrators,Enterprise TKS Administrators,Enterprise TPS Administrators,Security Domain Administrators,Subsystem Group,ClonedSubsystems