_000=## _001=## Data Recovery Manager (DRM) Configuration File _002=## pkicreate.pki_instance_root=[PKI_INSTANCE_ROOT] pkicreate.pki_instance_name=[PKI_INSTANCE_ID] pkicreate.subsystem_type=[PKI_SUBSYSTEM_TYPE] pkicreate.agent_secure_port=[PKI_AGENT_SECURE_PORT] pkicreate.ee_secure_port=[PKI_EE_SECURE_PORT] pkicreate.admin_secure_port=[PKI_ADMIN_SECURE_PORT] pkicreate.secure_port=[PKI_SECURE_PORT] pkicreate.unsecure_port=[PKI_UNSECURE_PORT] pkicreate.tomcat_server_port=[TOMCAT_SERVER_PORT] pkicreate.user=[PKI_USER] pkicreate.group=[PKI_GROUP] pkicreate.systemd.servicename=[PKI_SYSTEMD_SERVICENAME] pkiremove.cert.subsystem.nickname=subsystemCert cert-[PKI_INSTANCE_ID] installDate=[INSTALL_TIME] preop.wizard.name=DRM Setup Wizard preop.product.name=CS preop.product.version=@APPLICATION_VERSION@ preop.system.name=DRM preop.system.fullname=Data Recovery Manager proxy.securePort=[PKI_PROXY_SECURE_PORT] proxy.unsecurePort=[PKI_PROXY_UNSECURE_PORT] cs.state=0 cs.type=KRA admin.interface.uri=kra/admin/console/config/wizard agent.interface.uri=kra/agent/kra authType=pwd preop.securitydomain.admin_url=https://[PKI_MACHINE_NAME]:9445 instanceRoot=[PKI_INSTANCE_PATH] configurationRoot=/[PKI_SUBSYSTEM_DIR]conf/ machineName=[PKI_MACHINE_NAME] instanceId=[PKI_INSTANCE_ID] pidDir=[PKI_PIDDIR] service.machineName=[PKI_MACHINE_NAME] service.instanceDir=[PKI_INSTANCE_ROOT] service.securePort=[PKI_AGENT_SECURE_PORT] service.non_clientauth_securePort=[PKI_EE_SECURE_PORT] service.unsecurePort=[PKI_UNSECURE_PORT] service.instanceID=[PKI_INSTANCE_ID] preop.admin.name=Data Recovery Manager Administrator preop.admin.group=Data Recovery Manager Agents preop.admincert.profile=caAdminCert preop.pin=[PKI_RANDOM_NUMBER] kra.cert.list=transport,storage,sslserver,subsystem,audit_signing kra.cert.transport.certusage=SSLClient kra.cert.storage.certusage=SSLClient kra.cert.sslserver.certusage=SSLServer kra.cert.subsystem.certusage=SSLClient kra.cert.audit_signing.certusage=ObjectSigner preop.cert.list=transport,storage,sslserver,subsystem,audit_signing preop.cert.rsalist=transport,storage,audit_signing preop.cert.transport.enable=true preop.cert.storage.enable=true preop.cert.sslserver.enable=true preop.cert.subsystem.enable=true preop.cert.audit_signing.enable=true preop.cert.audit_signing.defaultSigningAlgorithm=SHA256withRSA preop.cert.audit_signing.dn=CN=DRM Audit Signing Certificate preop.cert.audit_signing.keysize.custom_size=2048 preop.cert.audit_signing.keysize.size=2048 preop.cert.audit_signing.nickname=auditSigningCert cert-[PKI_INSTANCE_ID] preop.cert.audit_signing.profile=caInternalAuthAuditSigningCert preop.cert.audit_signing.signing.required=false preop.cert.audit_signing.subsystem=kra preop.cert.audit_signing.type=remote preop.cert.audit_signing.userfriendlyname=DRM Audit Signing Certificate preop.cert.audit_signing.cncomponent.override=true preop.cert.storage.defaultSigningAlgorithm=SHA256withRSA preop.cert.storage.dn=CN=DRM Storage Certificate preop.cert.storage.keysize.custom_size=2048 preop.cert.storage.keysize.size=2048 preop.cert.storage.nickname=storageCert cert-[PKI_INSTANCE_ID] preop.cert.storage.profile=caInternalAuthDRMstorageCert preop.cert.storage.signing.required=false preop.cert.storage.subsystem=kra preop.cert.storage.type=remote preop.cert.storage.userfriendlyname=Storage Certificate preop.cert.storage.cncomponent.override=true preop.cert.transport.defaultSigningAlgorithm=SHA256withRSA preop.cert.transport.dn=CN=DRM Transport Certificate preop.cert.transport.keysize.custom_size=2048 preop.cert.transport.keysize.size=2048 preop.cert.transport.nickname=transportCert cert-[PKI_INSTANCE_ID] preop.cert.transport.profile=caInternalAuthTransportCert preop.cert.transport.signing.required=true preop.cert.transport.subsystem=kra preop.cert.transport.type=remote preop.cert.transport.userfriendlyname=Transport Certificate preop.cert.transport.cncomponent.override=true preop.cert.sslserver.defaultSigningAlgorithm=SHA256withRSA preop.cert.sslserver.dn=CN=[PKI_MACHINE_NAME] preop.cert.sslserver.keysize.custom_size=2048 preop.cert.sslserver.keysize.size=2048 preop.cert.sslserver.nickname=Server-Cert cert-[PKI_INSTANCE_ID] preop.cert.sslserver.profile=caInternalAuthServerCert preop.cert.sslserver.signing.required=false preop.cert.sslserver.subsystem=kra preop.cert.sslserver.type=remote preop.cert.sslserver.userfriendlyname=SSL Server Certificate preop.cert.sslserver.cncomponent.override=false preop.cert.subsystem.defaultSigningAlgorithm=SHA256withRSA preop.cert.subsystem.dn=CN=DRM Subsystem Certificate preop.cert.subsystem.keysize.custom_size=2048 preop.cert.subsystem.keysize.size=2048 preop.cert.subsystem.nickname=subsystemCert cert-[PKI_INSTANCE_ID] preop.cert.subsystem.profile=caInternalAuthSubsystemCert preop.cert.subsystem.signing.required=false preop.cert.subsystem.subsystem=kra preop.cert.subsystem.type=remote preop.cert.subsystem.userfriendlyname=Subsystem Certificate preop.cert.subsystem.cncomponent.override=true preop.hierarchy.profile=caCert.profile preop.configModules.module0.userFriendlyName=NSS Internal PKCS #11 Module preop.configModules.module0.commonName=NSS Internal PKCS #11 Module preop.configModules.module0.imagePath=/pki/images/clearpixel.gif preop.configModules.module1.userFriendlyName=nCipher's nFast Token Hardware Module preop.configModules.module1.commonName=nfast preop.configModules.module1.imagePath=/pki/images/clearpixel.gif preop.configModules.module2.userFriendlyName=SafeNet's LunaSA Token Hardware Module preop.configModules.module2.commonName=lunasa preop.configModules.module2.imagePath=/pki/images/clearpixel.gif preop.configModules.count=3 preop.module.token=Internal Key Storage Token passwordFile=[PKI_INSTANCE_PATH]/conf/password.conf passwordClass=com.netscape.cmsutil.password.PlainPasswordFile multiroles=true multiroles.false.groupEnforceList=Administrators,Auditors,Trusted Managers,Certificate Manager Agents,Registration Manager Agents,Data Recovery Manager Agents,Online Certificate Status Manager Agents,Token Key Service Manager Agents,Enterprise CA Administrators,Enterprise KRA Adminstrators,Enterprise OCSP Administrators,Enterprise RA Administrators,Enterprise TKS Administrators,Enterprise TPS Administrators,Security Domain Administrators,Subsystem Group CrossCertPair._000=## CrossCertPair._001=## CrossCertPair Import CrossCertPair._002=## CrossCertPair.ldap=internaldb accessEvaluator.impl.group.class=com.netscape.cms.evaluators.GroupAccessEvaluator accessEvaluator.impl.ipaddress.class=com.netscape.cms.evaluators.IPAddressAccessEvaluator accessEvaluator.impl.user.class=com.netscape.cms.evaluators.UserAccessEvaluator auths._000=## auths._001=## new authentication auths._002=## auths.impl._000=## auths.impl._001=## authentication manager implementations auths.impl._002=## auths.impl.AgentCertAuth.class=com.netscape.cms.authentication.AgentCertAuthentication auths.impl.CMCAuth.class=com.netscape.cms.authentication.CMCAuth auths.impl.NISAuth.class=com.netscape.cms.authentication.NISAuth auths.impl.PortalEnroll.class=com.netscape.cms.authentication.PortalEnroll auths.impl.TokenAuth.class=com.netscape.cms.authentication.TokenAuthentication auths.impl.UdnPwdDirAuth.class=com.netscape.cms.authentication.UdnPwdDirAuthentication auths.impl.UidPwdDirAuth.class=com.netscape.cms.authentication.UidPwdDirAuthentication auths.impl.UidPwdPinDirAuth.class=com.netscape.cms.authentication.UidPwdPinDirAuthentication auths.instance.AgentCertAuth.agentGroup=Certificate Manager Agents auths.instance.AgentCertAuth.pluginName=AgentCertAuth auths.instance.TokenAuth.pluginName=TokenAuth auths.revocationChecking.bufferSize=50 auths.revocationChecking.enabled=false auths.revocationChecking.kra=kra authz._000=## authz._001=## new authorizatioin authz._002=## authz.evaluateOrder=deny,allow authz.sourceType=ldap authz.impl._000=## authz.impl._001=## authorization manager implementations authz.impl._002=## authz.impl.BasicAclAuthz.class=com.netscape.cms.authorization.BasicAclAuthz authz.impl.DirAclAuthz.class=com.netscape.cms.authorization.DirAclAuthz authz.instance.BasicAclAuthz.pluginName=BasicAclAuthz authz.instance.DirAclAuthz.ldap=internaldb authz.instance.DirAclAuthz.pluginName=DirAclAuthz authz.instance.DirAclAuthz.ldap._000=## authz.instance.DirAclAuthz.ldap._001=## Internal Database authz.instance.DirAclAuthz.ldap._002=## cmc.cert.confirmRequired=false cmc.lraPopWitness.verify.allow=true cmc.revokeCert.verify=true cmc.revokeCert.sharedSecret.class=com.netscape.cms.authentication.SharedSecret cmc.sharedSecret.class=com.netscape.cms.authentication.SharedSecret cms.version=@APPLICATION_VERSION_MAJOR@.@APPLICATION_VERSION_MINOR@ dbs.enableSerialManagement=false dbs.beginRequestNumber=1 dbs.endRequestNumber=10000000 dbs.requestIncrement=10000000 dbs.requestLowWaterMark=2000000 dbs.requestCloneTransferNumber=10000 dbs.requestDN=ou=kra, ou=requests dbs.requestRangeDN=ou=requests, ou=ranges dbs.beginSerialNumber=1 dbs.endSerialNumber=10000000 dbs.serialIncrement=10000000 dbs.serialLowWaterMark=2000000 dbs.serialCloneTransferNumber=10000 dbs.serialDN=ou=keyRepository, ou=kra dbs.serialRangeDN=ou=keyRepository, ou=ranges dbs.beginReplicaNumber=1 dbs.endReplicaNumber=100 dbs.replicaIncrement=100 dbs.replicaLowWaterMark=20 dbs.replicaCloneTransferNumber=5 dbs.replicaDN=ou=replica dbs.replicaRangeDN=ou=replica, ou=ranges dbs.ldap=internaldb dbs.newSchemaEntryAdded=true debug.append=true debug.enabled=true debug.filename=[PKI_INSTANCE_PATH]/logs/[PKI_SUBSYSTEM_DIR]debug debug.hashkeytypes= debug.level=0 debug.showcaller=false keys.ecc.curve.list=nistp256,nistp384,nistp521,sect163k1,nistk163,sect163r1,sect163r2,nistb163,sect193r1,sect193r2,sect233k1,nistk233,sect233r1,nistb233,sect239k1,sect283k1,nistk283,sect283r1,nistb283,sect409k1,nistk409,sect409r1,nistb409,sect571k1,nistk571,sect571r1,nistb571,secp160k1,secp160r1,secp160r2,secp192k1,secp192r1,nistp192,secp224k1,secp224r1,nistp224,secp256k1,secp256r1,secp384r1,secp521r1,prime192v1,prime192v2,prime192v3,prime239v1,prime239v2,prime239v3,c2pnb163v1,c2pnb163v2,c2pnb163v3,c2pnb176v1,c2tnb191v1,c2tnb191v2,c2tnb191v3,c2pnb208w1,c2tnb239v1,c2tnb239v2,c2tnb239v3,c2pnb272w1,c2pnb304w1,c2tnb359w1,c2pnb368w1,c2tnb431r1,secp112r1,secp112r2,secp128r1,secp128r2,sect113r1,sect113r2,sect131r1,sect131r2 keys.ecc.curve.display.list=nistp256 (secp256r1),nistp384 (secp384r1),nistp521 (secp521r1),nistk163 (sect163k1),sect163r1,nistb163 (sect163r2),sect193r1,sect193r2,nistk233 (sect233k1),nistb233 (sect233r1),sect239k1,nistk283 (sect283k1),nistb283 (sect283r1),nistk409 (sect409k1),nistb409 (sect409r1),nistk571 (sect571k1),nistb571 (sect571r1),secp160k1,secp160r1,secp160r2,secp192k1,nistp192 (secp192r1, prime192v1),secp224k1,nistp224 (secp224r1),secp256k1,prime192v2,prime192v3,prime239v1,prime239v2,prime239v3,c2pnb163v1,c2pnb163v2,c2pnb163v3,c2pnb176v1,c2tnb191v1,c2tnb191v2,c2tnb191v3,c2pnb208w1,c2tnb239v1,c2tnb239v2,c2tnb239v3,c2pnb272w1,c2pnb304w1,c2tnb359w1,c2pnb368w1,c2tnb431r1,secp112r1,secp112r2,secp128r1,secp128r2,sect113r1,sect113r2,sect131r1,sect131r2 keys.ecc.curve.default=nistp256 keys.rsa.keysize.default=2048 internaldb._000=## internaldb._001=## Internal Database internaldb._002=## internaldb.maxConns=15 internaldb.minConns=3 internaldb.ldapauth.authtype=BasicAuth internaldb.ldapauth.bindDN=cn=Directory Manager internaldb.ldapauth.bindPWPrompt=Internal LDAP Database internaldb.ldapauth.clientCertNickname= internaldb.ldapconn.host= internaldb.ldapconn.port= internaldb.ldapconn.secureConn=false preop.internaldb.schema.ldif=/usr/share/pki/kra/conf/schema.ldif preop.internaldb.ldif=/usr/share/pki/kra/conf/database.ldif preop.internaldb.data_ldif=/usr/share/pki/kra/conf/db.ldif,/usr/share/pki/kra/conf/acl.ldif preop.internaldb.index_ldif=/usr/share/pki/kra/conf/index.ldif preop.internaldb.manager_ldif=/usr/share/pki/ca/conf/manager.ldif preop.internaldb.post_ldif=/usr/share/pki/kra/conf/vlv.ldif,/usr/share/pki/kra/conf/vlvtasks.ldif preop.internaldb.wait_dn=cn=index1160527115, cn=index, cn=tasks, cn=config internaldb.multipleSuffix.enable=false jobsScheduler._000=## jobsScheduler._001=## jobScheduler jobsScheduler._002=## jobsScheduler.enabled=false jobsScheduler.interval=1 jss._000=## jss._001=## JSS jss._002=## jss.configDir=[PKI_INSTANCE_PATH]/alias/ jss.enable=true jss.secmodName=secmod.db jss.ocspcheck.enable=false jss.ssl.cipherfortezza=true jss.ssl.cipherpref= jss.ssl.cipherversion=cipherdomestic kra.Policy._000=## kra.Policy._001=## Certificate Policy Framework (deprecated) kra.Policy._002=## kra.Policy._003=## Set 'kra.Policy.enable=true' to allow the following: kra.Policy._004=## kra.Policy._005=## SERVLET-NAME URL-PATTERN kra.Policy._006=## ==================================================== kra.Policy._007=## krapolicy kra/krapolicy kra.Policy._008=## kra.Policy.enable=false kra.keySplitting=false kra.noOfRequiredRecoveryAgents=1 kra.recoveryAgentGroup=Data Recovery Manager Agents kra.reqdbInc=20 kra.entropy.bitsperkeypair=0 kra.entropy.blockwarnms=0 kra.storageUnit.nickName=storageCert cert-[PKI_INSTANCE_ID] kra.transportUnit.nickName=transportCert cert-[PKI_INSTANCE_ID] log._000=## log._001=## Logging log._002=## log.impl.file.class=com.netscape.cms.logging.RollingLogFile log.instance.SignedAudit._000=## log.instance.SignedAudit._001=## Signed Audit Logging log.instance.SignedAudit._002=## log.instance.SignedAudit._003=## log.instance.SignedAudit._004=## Available Audit events: log.instance.SignedAudit._005=## AUDIT_LOG_STARTUP,AUDIT_LOG_SHUTDOWN,ROLE_ASSUME,CONFIG_CERT_POLICY,CONFIG_CERT_PROFILE,CONFIG_CRL_PROFILE,CONFIG_OCSP_PROFILE,CONFIG_AUTH,CONFIG_ROLE,CONFIG_ACL,CONFIG_SIGNED_AUDIT,CONFIG_ENCRYPTION,CONFIG_TRUSTED_PUBLIC_KEY,CONFIG_DRM,SELFTESTS_EXECUTION,AUDIT_LOG_DELETE,LOG_PATH_CHANGE,LOG_EXPIRATION_CHANGE,PRIVATE_KEY_ARCHIVE_REQUEST,PRIVATE_KEY_ARCHIVE_REQUEST_PROCESSED,PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS,PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE,KEY_RECOVERY_REQUEST,KEY_RECOVERY_REQUEST_ASYNC,KEY_RECOVERY_AGENT_LOGIN,KEY_RECOVERY_REQUEST_PROCESSED,KEY_RECOVERY_REQUEST_PROCESSED_ASYNC,KEY_GEN_ASYMMETRIC,NON_PROFILE_CERT_REQUEST,PROFILE_CERT_REQUEST,CERT_REQUEST_PROCESSED,CERT_STATUS_CHANGE_REQUEST,CERT_STATUS_CHANGE_REQUEST_PROCESSED,AUTHZ_SUCCESS,AUTHZ_FAIL,INTER_BOUNDARY,AUTH_FAIL,AUTH_SUCCESS,CERT_PROFILE_APPROVAL,PROOF_OF_POSSESSION,CRL_RETRIEVAL,CRL_VALIDATION,CMC_SIGNED_REQUEST_SIG_VERIFY,SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_FAILURE,SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_SUCCESS,SERVER_SIDE_KEYGEN_REQUEST,COMPUTE_SESSION_KEY_REQUEST,COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS, COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE,DIVERSIFY_KEY_REQUEST,DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS, DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE,ENCRYPT_DATA_REQUEST,ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS,ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE,OCSP_ADD_CA_REQUEST,OCSP_ADD_CA_REQUEST_PROCESSED,OCSP_REMOVE_CA_REQUEST,OCSP_REMOVE_CA_REQUEST_PROCESSED_SUCCESS,OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE,COMPUTE_RANDOM_DATA_REQUEST,COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_SUCCESS,COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_FAILURE,CIMC_CERT_VERIFICATION,CONFIG_SERIAL_NUMBER log.instance.SignedAudit._006=## log.instance.SignedAudit.bufferSize=512 log.instance.SignedAudit.enable=true log.instance.SignedAudit.events=AUDIT_LOG_STARTUP,AUDIT_LOG_SHUTDOWN,ROLE_ASSUME,CONFIG_CERT_POLICY,CONFIG_CERT_PROFILE,CONFIG_CRL_PROFILE,CONFIG_OCSP_PROFILE,CONFIG_AUTH,CONFIG_ROLE,CONFIG_ACL,CONFIG_SIGNED_AUDIT,CONFIG_ENCRYPTION,CONFIG_TRUSTED_PUBLIC_KEY,CONFIG_DRM,SELFTESTS_EXECUTION,AUDIT_LOG_DELETE,LOG_PATH_CHANGE,PRIVATE_KEY_ARCHIVE_REQUEST,PRIVATE_KEY_ARCHIVE_REQUEST_PROCESSED,PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS,PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE,KEY_RECOVERY_REQUEST,KEY_RECOVERY_REQUEST_ASYNC,KEY_RECOVERY_AGENT_LOGIN,KEY_RECOVERY_REQUEST_PROCESSED,KEY_RECOVERY_REQUEST_PROCESSED_ASYNC,KEY_GEN_ASYMMETRIC,NON_PROFILE_CERT_REQUEST,PROFILE_CERT_REQUEST,CERT_REQUEST_PROCESSED,CERT_STATUS_CHANGE_REQUEST,CERT_STATUS_CHANGE_REQUEST_PROCESSED,AUTHZ_SUCCESS,AUTHZ_FAIL,INTER_BOUNDARY,AUTH_FAIL,AUTH_SUCCESS,CERT_PROFILE_APPROVAL,PROOF_OF_POSSESSION,CRL_RETRIEVAL,CRL_VALIDATION,CMC_SIGNED_REQUEST_SIG_VERIFY,SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_FAILURE,SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_SUCCESS,SERVER_SIDE_KEYGEN_REQUEST,COMPUTE_SESSION_KEY_REQUEST,COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS, COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE,DIVERSIFY_KEY_REQUEST,DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS, DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE,ENCRYPT_DATA_REQUEST,ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS,ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE,OCSP_ADD_CA_REQUEST,OCSP_ADD_CA_REQUEST_PROCESSED,OCSP_REMOVE_CA_REQUEST,OCSP_REMOVE_CA_REQUEST_PROCESSED_SUCCESS,OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE,COMPUTE_RANDOM_DATA_REQUEST,COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_SUCCESS,COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_FAILURE,CIMC_CERT_VERIFICATION,CONFIG_SERIAL_NUMBER log.instance.SignedAudit.expirationTime=0 log.instance.SignedAudit.fileName=[PKI_INSTANCE_PATH]/logs/[PKI_SUBSYSTEM_DIR]signedAudit/kra_cert-kra_audit log.instance.SignedAudit.flushInterval=5 log.instance.SignedAudit.level=1 log.instance.SignedAudit.logSigning=false log.instance.SignedAudit.maxFileSize=2000 log.instance.SignedAudit.pluginName=file log.instance.SignedAudit.rolloverInterval=2592000 log.instance.SignedAudit.signedAudit:_000=## log.instance.SignedAudit.signedAudit:_001=## Fill in the nickname of a trusted signing certificate to allow KRA audit logs to be signed log.instance.SignedAudit.signedAudit:_002=## log.instance.SignedAudit.signedAuditCertNickname=auditSigningCert cert-[PKI_INSTANCE_ID] log.instance.SignedAudit.type=signedAudit log.instance.System._000=## log.instance.System._001=## System Logging log.instance.System._002=## log.instance.System.bufferSize=512 log.instance.System.enable=true log.instance.System.expirationTime=0 log.instance.System.fileName=[PKI_INSTANCE_PATH]/logs/[PKI_SUBSYSTEM_DIR]system log.instance.System.flushInterval=5 log.instance.System.level=3 log.instance.System.maxFileSize=2000 log.instance.System.pluginName=file log.instance.System.rolloverInterval=2592000 log.instance.System.type=system log.instance.Transactions._000=## log.instance.Transactions._001=## Transaction Logging log.instance.Transactions._002=## log.instance.Transactions.bufferSize=512 log.instance.Transactions.enable=true log.instance.Transactions.expirationTime=0 log.instance.Transactions.fileName=[PKI_INSTANCE_PATH]/logs/[PKI_SUBSYSTEM_DIR]transactions log.instance.Transactions.flushInterval=5 log.instance.Transactions.level=1 log.instance.Transactions.maxFileSize=2000 log.instance.Transactions.pluginName=file log.instance.Transactions.rolloverInterval=2592000 log.instance.Transactions.type=transaction logAudit.fileName=[PKI_INSTANCE_PATH]/logs/[PKI_SUBSYSTEM_DIR]access logError.fileName=[PKI_INSTANCE_PATH]/logs/[PKI_SUBSYSTEM_DIR]error oidmap.auth_info_access.class=netscape.security.extensions.AuthInfoAccessExtension oidmap.auth_info_access.oid=1.3.6.1.5.5.7.1.1 oidmap.challenge_password.class=com.netscape.cms.servlet.cert.scep.ChallengePassword oidmap.challenge_password.oid=1.2.840.113549.1.9.7 oidmap.extended_key_usage.class=netscape.security.extensions.ExtendedKeyUsageExtension oidmap.extended_key_usage.oid=2.5.29.37 oidmap.extensions_requested_pkcs9.class=com.netscape.cms.servlet.cert.scep.ExtensionsRequested oidmap.extensions_requested_pkcs9.oid=1.2.840.113549.1.9.14 oidmap.extensions_requested_vsgn.class=com.netscape.cms.servlet.cert.scep.ExtensionsRequested oidmap.extensions_requested_vsgn.oid=2.16.840.1.113733.1.9.8 oidmap.netscape_comment.class=netscape.security.x509.NSCCommentExtension oidmap.netscape_comment.oid=2.16.840.1.113730.1.13 oidmap.ocsp_no_check.class=netscape.security.extensions.OCSPNoCheckExtension oidmap.ocsp_no_check.oid=1.3.6.1.5.5.7.48.1.5 oidmap.pse.class=netscape.security.extensions.PresenceServerExtension oidmap.pse.oid=2.16.840.1.113730.1.18 oidmap.subject_info_access.class=netscape.security.extensions.SubjectInfoAccessExtension oidmap.subject_info_access.oid=1.3.6.1.5.5.7.1.11 os.serverName=cert-[PKI_INSTANCE_ID] os.userid=nobody registry.file=[PKI_INSTANCE_PATH]/conf/registry.cfg selftests._000=## selftests._001=## Self Tests selftests._002=## selftests._003=## The Self-Test plugin SystemCertsVerification uses the selftests._004=## following parameters (where certusage is optional): selftests._005=## kra.cert.list = selftests._006=## kra.cert..nickname selftests._007=## kra.cert..certusage selftests._008=## selftests.container.instance.KRAPresence=com.netscape.cms.selftests.kra.KRAPresence selftests.container.instance.SystemCertsVerification=com.netscape.cms.selftests.common.SystemCertsVerification selftests.container.logger.bufferSize=512 selftests.container.logger.class=com.netscape.cms.logging.RollingLogFile selftests.container.logger.enable=true selftests.container.logger.expirationTime=0 selftests.container.logger.fileName=[PKI_INSTANCE_PATH]/logs/[PKI_SUBSYSTEM_DIR]selftests.log selftests.container.logger.flushInterval=5 selftests.container.logger.level=1 selftests.container.logger.maxFileSize=2000 selftests.container.logger.register=false selftests.container.logger.rolloverInterval=2592000 selftests.container.logger.type=transaction selftests.container.order.onDemand=KRAPresence:critical selftests.container.order.startup=SystemCertsVerification:critical selftests.plugin.KRAPresence.SubId=kra selftests.plugin.SystemCertsVerification.SubId=kra smtp.host=localhost smtp.port=25 subsystem.0.class=com.netscape.kra.KeyRecoveryAuthority subsystem.0.id=kra subsystem.1.class=com.netscape.cmscore.selftests.SelfTestSubsystem subsystem.1.id=selftests subsystem.2.class=com.netscape.cmscore.util.StatsSubsystem subsystem.2.id=stats usrgrp._000=## usrgrp._001=## User/Group usrgrp._002=## usrgrp.ldap=internaldb multiroles._000=## multiroles._001=## multiroles multiroles._002=## multiroles.enable=true multiroles.false.groupEnforceList=Administrators,Auditors,Trusted Managers,Certificate Manager Agents,Registration Manager Agents,Data Recovery Manager Agents,Online Certificate Status Manager Agents,Token Key Service Manager Agents,Enterprise CA Administrators,Enterprise KRA Administrators,Enterprise OCSP Administrators,Enterprise RA Administrators,Enterprise TKS Administrators,Enterprise TPS Administrators,Security Domain Administrators,Subsystem Group,ClonedSubsystems