############################################################################### ## Common Configuration: ## ## ## ## Values in this section are common to more than one PKI subsystem, and ## ## contain required information which MAY be overridden by users as ## ## necessary. ## ## ## ## There are also some meta-parameters that determine how the PKI ## ## configuratiion should work. ## ## ## ############################################################################### [DEFAULT] # The sensitive_parameters contains a list of parameters which may contain # sensitive information which must not be displayed to the console nor stored # in log files for security reasons. sensitive_parameters= pki_admin_password pki_backup_password pki_client_database_password pki_client_pin pki_client_pkcs12_password pki_clone_pkcs12_password pki_ds_password pki_one_time_pin pki_pin pki_security_domain_password pki_token_password # The spawn_scriplets contains a list of scriplets to be executed by pkispawn. spawn_scriplets= initialization infrastructure_layout instance_layout subsystem_layout selinux_setup webapp_deployment slot_substitution security_databases configuration finalization # The destroy_scriplets contains a list of scriplets to be executed by pkidestroy. destroy_scriplets= initialization configuration webapp_deployment subsystem_layout security_databases instance_layout selinux_setup infrastructure_layout finalization pki_admin_cert_request_type=crmf pki_admin_domain_name= pki_admin_dualkey=False pki_admin_email= pki_admin_keysize=2048 pki_admin_name= pki_admin_nickname= pki_admin_password= pki_admin_subject_dn= pki_admin_uid= pki_audit_group=pkiaudit pki_audit_signing_key_algorithm=SHA256withRSA pki_audit_signing_key_size=2048 pki_audit_signing_key_type=rsa pki_audit_signing_nickname= pki_audit_signing_signing_algorithm=SHA256withRSA pki_audit_signing_subject_dn= pki_audit_signing_token= pki_backup_keys=False pki_backup_password= pki_client_database_dir= pki_client_database_password= pki_client_database_purge=True pki_client_dir= pki_client_pkcs12_password= pki_ds_base_dn= pki_ds_bind_dn=cn=Directory Manager pki_ds_database=%(pki_instance_name)s-%(pki_subsystem)s pki_ds_hostname=%(hostname)s pki_ds_ldap_port=389 pki_ds_ldaps_port=636 pki_ds_password= pki_ds_remove_data=True pki_ds_secure_connection=False pki_group=pkiuser pki_http_port=%(default_http_port)s pki_https_port=%(default_https_port)s pki_instance_name=%(default_instance_name)s pki_issuing_ca= pki_restart_configured_instance=True pki_security_domain_hostname= pki_security_domain_https_port=8443 pki_security_domain_name= pki_security_domain_password= pki_security_domain_user= pki_skip_configuration=False pki_skip_installation=False pki_ssl_server_key_algorithm=SHA256withRSA pki_ssl_server_key_size=2048 pki_ssl_server_key_type=rsa pki_ssl_server_nickname= pki_ssl_server_subject_dn= pki_ssl_server_token= pki_subsystem=%(subsystem_type)s pki_subsystem_key_algorithm=SHA256withRSA pki_subsystem_key_size=2048 pki_subsystem_key_type=rsa pki_subsystem_name=%(pki_subsystem)s %(hostname)s %(pki_https_port)s pki_subsystem_nickname= pki_subsystem_subject_dn= pki_subsystem_token= pki_token_name=internal pki_token_password= pki_user=pkiuser ############################################################################### ## Apache Configuration: ## ## ## ## Values in this section are common to PKI subsystems that run ## ## as an instance of 'Apache' (RA and TPS subsystems), and contain ## ## required information which MAY be overridden by users as necessary. ## ############################################################################### [Apache] ############################################################################### ## Tomcat Configuration: ## ## ## ## Values in this section are common to PKI subsystems that run ## ## as an instance of 'Tomcat' (CA, KRA, OCSP, and TKS subsystems ## ## including 'Clones', 'Subordinate CAs', and 'External CAs'), and contain ## ## required information which MAY be overridden by users as necessary. ## ## ## ## PKI CLONES: To specify a 'CA Clone', a 'KRA Clone', an 'OCSP Clone', ## ## or a 'TKS Clone', change the value of 'pki_clone' ## ## from 'False' to 'True'. ## ## ## ## REMINDER: PKI CA Clones, Subordinate CAs, and External CAs ## ## are MUTUALLY EXCLUSIVE entities!!! ## ############################################################################### [Tomcat] pki_ajp_port=8009 pki_clone=False pki_clone_pkcs12_password= pki_clone_pkcs12_path= pki_clone_replicate_schema=True pki_clone_replication_master_port= pki_clone_replication_clone_port= pki_clone_replication_security=None pki_clone_uri= pki_enable_java_debugger=False pki_enable_proxy=False pki_proxy_http_port=80 pki_proxy_https_port=443 pki_security_manager=true pki_tomcat_server_port=8005 ############################################################################### ## CA Configuration: ## ## ## ## Values in this section are common to CA subsystems including 'PKI CAs', ## ## 'Cloned CAs', 'Subordinate CAs', and 'External CAs', and contain ## ## required information which MAY be overridden by users as necessary. ## ## ## ## EXTERNAL CAs: To specify an 'External CA', change the value ## ## of 'pki_external' from 'False' to 'True'. ## ## ## ## SUBORDINATE CAs: To specify a 'Subordinate CA', change the value ## ## of 'pki_subordinate' from 'False' to 'True'. ## ## ## ## REMINDER: PKI CA Clones, Subordinate CAs, and External CAs ## ## are MUTUALLY EXCLUSIVE entities!!! ## ############################################################################### [CA] pki_ca_signing_key_algorithm=SHA256withRSA pki_ca_signing_key_size=2048 pki_ca_signing_key_type=rsa pki_ca_signing_nickname= pki_ca_signing_signing_algorithm=SHA256withRSA pki_ca_signing_subject_dn= pki_ca_signing_token= pki_external=False pki_external_ca_cert_chain_path= pki_external_ca_cert_path= pki_external_csr_path= pki_external_step_two=False pki_import_admin_cert=False pki_ocsp_signing_key_algorithm=SHA256withRSA pki_ocsp_signing_key_size=2048 pki_ocsp_signing_key_type=rsa pki_ocsp_signing_nickname= pki_ocsp_signing_signing_algorithm=SHA256withRSA pki_ocsp_signing_subject_dn= pki_ocsp_signing_token= pki_subordinate=False ############################################################################### ## KRA Configuration: ## ## ## ## Values in this section are common to KRA subsystems ## ## including 'PKI KRAs' and 'Cloned KRAs', and contain ## ## required information which MAY be overridden by users as necessary. ## ############################################################################### [KRA] pki_import_admin_cert=True pki_storage_key_algorithm=SHA256withRSA pki_storage_key_size=2048 pki_storage_key_type=rsa pki_storage_nickname= pki_storage_signing_algorithm=SHA256withRSA pki_storage_subject_dn= pki_storage_token= pki_transport_key_algorithm=SHA256withRSA pki_transport_key_size=2048 pki_transport_key_type=rsa pki_transport_nickname= pki_transport_signing_algorithm=SHA256withRSA pki_transport_subject_dn= pki_transport_token= ############################################################################### ## OCSP Configuration: ## ## ## ## Values in this section are common to OCSP subsystems ## ## including 'PKI OCSPs' and 'Cloned OCSPs', and contain ## ## required information which MAY be overridden by users as necessary. ## ############################################################################### [OCSP] pki_import_admin_cert=True pki_ocsp_signing_key_algorithm=SHA256withRSA pki_ocsp_signing_key_size=2048 pki_ocsp_signing_key_type=rsa pki_ocsp_signing_nickname= pki_ocsp_signing_signing_algorithm=SHA256withRSA pki_ocsp_signing_subject_dn= pki_ocsp_signing_token= ############################################################################### ## RA Configuration: ## ## ## ## Values in this section are common to PKI RA subsystems, and contain ## ## required information which MAY be overridden by users as necessary. ## ############################################################################### [RA] ############################################################################### ## TKS Configuration: ## ## ## ## Values in this section are common to TKS subsystems ## ## including 'PKI TKSs' and 'Cloned TKSs', and contain ## ## required information which MAY be overridden by users as necessary. ## ############################################################################### [TKS] pki_import_admin_cert=True ############################################################################### ## TPS Configuration: ## ## ## ## Values in this section are common to PKI TPS subsystems, and contain ## ## required information which MAY be overridden by users as necessary. ## ############################################################################### [TPS]