_000=##
_001=## Token Processing System (TPS) Configuration File
_002=##
accessEvaluator.impl.group.class=com.netscape.cms.evaluators.GroupAccessEvaluator
accessEvaluator.impl.ipaddress.class=com.netscape.cms.evaluators.IPAddressAccessEvaluator
accessEvaluator.impl.user.class=com.netscape.cms.evaluators.UserAccessEvaluator
archive.configuration_file=true
applet._000=#########################################
applet._001=# applet information
applet._002=# SAF Key:
applet._003=# applet.aid.cardmgr_instance=A0000001510000
applet._004=# Stock RSA,KeyRecover applet : 1.4.58768072.ijc 
applet._005=# RSA/KeyRecovery/GP211/SCP02, SCP03 applet : 1.5.558cdcff.ijc
applet._006=# Use GP211 applet only with SCP02 card
applet._007=#########################################
applet.aid.cardmgr_instance=A0000000030000
applet.aid.netkey_file=627601FF0000
applet.aid.netkey_instance=627601FF000000
applet.aid.netkey_old_file=A000000001
applet.aid.netkey_old_instance=A00000000101
applet.delete_old=true
applet.so_pin=000000000000
auths._000=##
auths._001=## new authentication
auths._002=##
auths.impl._000=##
auths.impl._001=## authentication manager implementations
auths.impl._002=##
auths.impl.AgentCertAuth.class=com.netscape.cms.authentication.AgentCertAuthentication
auths.impl.CMCAuth.class=com.netscape.cms.authentication.CMCAuth
auths.impl.PortalEnroll.class=com.netscape.cms.authentication.PortalEnroll
auths.impl.SSLclientCertAuth.class=com.netscape.cms.authentication.SSLclientCertAuthentication
auths.impl.TokenAuth.class=com.netscape.cms.authentication.TokenAuthentication
auths.impl.UidPwdDirAuth.class=com.netscape.cms.authentication.UidPwdDirAuthentication
auths.impl.UidPwdPinDirAuth.class=com.netscape.cms.authentication.UidPwdPinDirAuthentication
auths.instance.AgentCertAuth.agentGroup=Certificate Manager Agents
auths.instance.AgentCertAuth.pluginName=AgentCertAuth
auths.instance.TokenAuth.pluginName=TokenAuth
auths.instance.ldap1.authCredName=uid
auths.instance.ldap1.ui.retries=3
auths.instance.ldap1.ui.title.en=LDAP Authentication
auths.instance.ldap1.ui.description.en=This authenticates user against the LDAP directory.
auths.instance.ldap1.ui.id.UID.description.en=LDAP User ID
auths.instance.ldap1.ui.id.UID.name.en=LDAP User ID
auths.instance.ldap1.ui.id.UID.credMap.authCred=uid
auths.instance.ldap1.ui.id.UID.credMap.msgCred.extlogin=UID
auths.instance.ldap1.ui.id.UID.credMap.msgCred.login=screen_name
auths.instance.ldap1.ui.id.PASSWORD.description.en=LDAP Password
auths.instance.ldap1.ui.id.PASSWORD.name.en=LDAP Password
auths.instance.ldap1.ui.id.PASSWORD.credMap.authCred=pwd
auths.instance.ldap1.ui.id.PASSWORD.credMap.msgCred.extlogin=PASSWORD
auths.instance.ldap1.ui.id.PASSWORD.credMap.msgCred.login=password
auths.instance.ldap1.dnpattern=
auths.instance.ldap1.ldapByteAttributes=
auths.instance.ldap1.ldapStringAttributes._000=#################################
auths.instance.ldap1.ldapStringAttributes._001=# For isExternalReg
auths.instance.ldap1.ldapStringAttributes._002=#   attributes will be available as
auths.instance.ldap1.ldapStringAttributes._003=#       $<attribute>$
auths.instance.ldap1.ldapStringAttributes._004=#   attributes example:
auths.instance.ldap1.ldapStringAttributes._005=#mail,cn,uid,edipi,pcc,firstname,lastname,exec-edipi,exec-pcc,exec-mail,certsToAdd,tokenCUID,tokenType
auths.instance.ldap1.ldapStringAttributes._006=#################################
auths.instance.ldap1.ldapStringAttributes=mail,cn,uid
auths.instance.ldap1.ldap.basedn=[LDAP_ROOT]
auths.instance.ldap1.externalReg.certs.recoverAttributeName=certsToAdd
auths.instance.ldap1.externalReg.cuidAttributeName=tokenCUID
auths.instance.ldap1.externalReg.tokenTypeAttributeName=tokenType
auths.instance.ldap1.ldap.maxConns=15
auths.instance.ldap1.ldap.minConns=3
auths.instance.ldap1.ldap.ldapauth.authtype=BasicAuth
auths.instance.ldap1.ldap.ldapauth.bindDN=
auths.instance.ldap1.ldap.ldapauth.bindPWPrompt=ldap1
auths.instance.ldap1.ldap.ldapauth.clientCertNickname=subsystemCert cert-[PKI_INSTANCE_NAME]
auths.instance.ldap1.ldap.ldapconn.host=localhost
auths.instance.ldap1.ldap.ldapconn.port=389
auths.instance.ldap1.ldap.ldapconn.secureConn=false
auths.instance.ldap1.ldap.ldapconn.version=3
auths.instance.ldap1.pluginName=UidPwdDirAuth
auths.instance.SSLclientCertAuth.pluginName=SSLclientCertAuth
auths.revocationChecking.bufferSize=50
authType=pwd
authz._000=##
authz._001=## new authorization
authz._002=##
authz.evaluateOrder=deny,allow
authz.impl._000=##
authz.impl._001=## authorization manager implementations
authz.impl._002=##
authz.impl.BasicAclAuthz.class=com.netscape.cms.authorization.BasicAclAuthz
authz.impl.DirAclAuthz.class=com.netscape.cms.authorization.DirAclAuthz
authz.instance.BasicAclAuthz.pluginName=BasicAclAuthz
authz.instance.DirAclAuthz.ldap._000=##
authz.instance.DirAclAuthz.ldap._001=## Internal Database
authz.instance.DirAclAuthz.ldap._002=##
authz.instance.DirAclAuthz.ldap=internaldb
authz.instance.DirAclAuthz.pluginName=DirAclAuthz
authz.sourceType=ldap
channel._000=#########################################
channel._001=# channel.encryption:
channel._002=#
channel._003=#   - enable encryption for all operation commands to token
channel._004=#   - default is true
channel._005=#  channel.blocksize=224
channel._006=#  channel.defKeyVersion=0
channel._007=#  channel.defKeyIndex=0
channel._008=#
channel._009=#  Config the size of memory managed memory in the applet
channel._010=#  Default is 5000, try not go get close to the instanceSize
channel._011=#  which defaults to 18000:
channel._012=#
channel._013=#  * channel.instanceSize=18000
channel._014=#  * channel.appletMemorySize=5000
channel._015=#########################################
channel.encryption=true
channel.blocksize=224
channel.defKeyVersion=0
channel.defKeyIndex=0
cms.product.version=@APPLICATION_VERSION@
cms.version=@APPLICATION_VERSION_MAJOR@.@APPLICATION_VERSION_MINOR@
cms.passwordlist=internaldb
config.Generals.General.state=Enabled
config.Generals.General.timestamp=1280283607424406
configurationRoot=/[PKI_SUBSYSTEM_TYPE]/conf/
cs.state=0
cs.type=TPS
dbs.ldap=internaldb
dbs.newSchemaEntryAdded=true
debug.append=true
debug.enabled=true
debug.filename=[PKI_INSTANCE_PATH]/logs/[PKI_SUBSYSTEM_TYPE]/debug
debug.hashkeytypes=
debug.level=0
debug.showcaller=false
externalReg._000=#########################################
externalReg._001=#External Registration
externalReg._002=#    Design: http://pki.fedoraproject.org/wiki/TPS_-_New_Recovery_Option:_External_Registration_DS
externalReg._003=#
externalReg._004=# allowRecoverInvalidCert.enable - defalut is allowed
externalReg._005=#         to recover invalid (revoked, expired, not-yet-valid certs)
externalReg._006=# enable - is user external registration DB enabled?
externalReg._007=# authId - auth id of the user external registration DB
externalReg._008=# delegation.enable - is delegation enabled?
externalReg._009=#
externalReg._010=# default.tokenType - when set, defaults to it if not specified in user
externalReg._011=#         record
externalReg._012=#
externalReg._013=# format.loginRequest.enable - login required for format?
externalReg._014=#         1. requires no login to format
externalReg._015=#            or
externalReg._016=#         2. user record does not contain tokenType
externalReg._017=#
externalReg._018=# mappingResolver - when exists, tells whcih mappingResolver to use
externalReg._019=#         to map to the right keySet
externalReg._020=#
externalReg._021=# recover.byKeyID - (by default, recover by cert)
externalReg._022=#    Recover either by keyID or by cert
externalReg._023=#     When recovering by keyid: externalReg.recover.byKeyID=true
externalReg._024=#       - keyid in record indicates actual recovery;
externalReg._025=#         e.g. (certstoadd: 36,ca1,5,kra1)
externalReg._026=#       - missing of which means retention;
externalReg._027=#         e.g. (certstoadd: 36,ca1)
externalReg._028=#     When recovering by cert: externalReg.recover.byKeyID=false
externalReg._029=#       - keyid field needs to be present
externalReg._030=#         but the value is not relevant and will be ignored
externalReg._031=#         (a "0" would be fine)
externalReg._032=#         e.g. (certstoadd: 36,ca1,0,kra1)
externalReg._033=#       - missing of keyid still means retention;
externalReg._034=#         e.g. (certstoadd: 36,ca1)
externalReg._035=#########################################
externalReg.authId=ldap1
externalReg.allowRecoverInvalidCert.enable=true
externalReg.default.tokenType=externalRegAddToToken
externalReg.delegation.enable=false
externalReg.enable=false
externalReg.format.loginRequest.enable=true
externalReg.mappingResolver=keySetMappingResolver
externalReg.recover.byKeyID=false
failover.pod.enable=false
general.applet_ext=ijc
general.pwlength.min=16
general.search.sizelimit.default=100
general.search.sizelimit.max=2000
general.search.timelimit.default=10
general.search.timelimit.max=10
general.verifyProof=1
installDate=[INSTALL_TIME]
instanceId=[PKI_INSTANCE_NAME]
instanceRoot=[PKI_INSTANCE_PATH]
internaldb._000=##
internaldb._001=## Internal Database
internaldb._002=##
internaldb.ldapauth.authtype=BasicAuth
internaldb.ldapauth.bindDN=cn=Directory Manager
internaldb.ldapauth.bindPWPrompt=internaldb
internaldb.ldapauth.clientCertNickname=
internaldb.ldapconn.host=
internaldb.ldapconn.port=
internaldb.ldapconn.secureConn=[PKI_DS_SECURE_CONNECTION]
internaldb.maxConns=15
internaldb.minConns=3
internaldb.multipleSuffix.enable=false
jss._000=##
jss._001=## JSS
jss._002=##
jss.configDir=[PKI_INSTANCE_PATH]/alias/
jss.enable=true
jss.ocspcheck.enable=false
jss.secmodName=secmod.db
jss.ssl.cipherfortezza=true
jss.ssl.cipherpref=
jss.ssl.cipherversion=cipherdomestic
keys.ecc.curve.default=nistp256
keys.ecc.curve.display.list=nistp256 (secp256r1),nistp384 (secp384r1),nistp521 (secp521r1),nistk163 (sect163k1),sect163r1,nistb163 (sect163r2),sect193r1,sect193r2,nistk233 (sect233k1),nistb233 (sect233r1),sect239k1,nistk283 (sect283k1),nistb283 (sect283r1),nistk409 (sect409k1),nistb409 (sect409r1),nistk571 (sect571k1),nistb571 (sect571r1),secp160k1,secp160r1,secp160r2,secp192k1,nistp192 (secp192r1, prime192v1),secp224k1,nistp224 (secp224r1),secp256k1,prime192v2,prime192v3,prime239v1,prime239v2,prime239v3,c2pnb163v1,c2pnb163v2,c2pnb163v3,c2pnb176v1,c2tnb191v1,c2tnb191v2,c2tnb191v3,c2pnb208w1,c2tnb239v1,c2tnb239v2,c2tnb239v3,c2pnb272w1,c2pnb304w1,c2tnb359w1,c2pnb368w1,c2tnb431r1,secp112r1,secp112r2,secp128r1,secp128r2,sect113r1,sect113r2,sect131r1,sect131r2
keys.ecc.curve.list=nistp256,nistp384,nistp521,sect163k1,nistk163,sect163r1,sect163r2,nistb163,sect193r1,sect193r2,sect233k1,nistk233,sect233r1,nistb233,sect239k1,sect283k1,nistk283,sect283r1,nistb283,sect409k1,nistk409,sect409r1,nistb409,sect571k1,nistk571,sect571r1,nistb571,secp160k1,secp160r1,secp160r2,secp192k1,secp192r1,nistp192,secp224k1,secp224r1,nistp224,secp256k1,secp256r1,secp384r1,secp521r1,prime192v1,prime192v2,prime192v3,prime239v1,prime239v2,prime239v3,c2pnb163v1,c2pnb163v2,c2pnb163v3,c2pnb176v1,c2tnb191v1,c2tnb191v2,c2tnb191v3,c2pnb208w1,c2tnb239v1,c2tnb239v2,c2tnb239v3,c2pnb272w1,c2pnb304w1,c2tnb359w1,c2pnb368w1,c2tnb431r1,secp112r1,secp112r2,secp128r1,secp128r2,sect113r1,sect113r2,sect131r1,sect131r2
keys.rsa.keysize.default=2048
log._000=##
log._001=## Logging
log._002=##
logAudit.fileName=[PKI_INSTANCE_PATH]/logs/[PKI_SUBSYSTEM_TYPE]/access
logError.fileName=[PKI_INSTANCE_PATH]/logs/[PKI_SUBSYSTEM_TYPE]/error
log.impl.file.class=com.netscape.cms.logging.RollingLogFile
log.instance.SignedAudit._000=##
log.instance.SignedAudit._001=## Signed Audit Logging
log.instance.SignedAudit._002=##
log.instance.SignedAudit._003=##
log.instance.SignedAudit._004=## Available Audit events:
log.instance.SignedAudit._005=## AUDIT_LOG_STARTUP,AUDIT_LOG_SHUTDOWN,ROLE_ASSUME,CONFIG_CERT_POLICY,CONFIG_CERT_PROFILE,CONFIG_CRL_PROFILE,CONFIG_OCSP_PROFILE,CONFIG_AUTH,CONFIG_ROLE,CONFIG_ACL,CONFIG_SIGNED_AUDIT,CONFIG_ENCRYPTION,CONFIG_TRUSTED_PUBLIC_KEY,CONFIG_DRM,SELFTESTS_EXECUTION,AUDIT_LOG_DELETE,LOG_PATH_CHANGE,LOG_EXPIRATION_CHANGE,PRIVATE_KEY_ARCHIVE_REQUEST,PRIVATE_KEY_ARCHIVE_REQUEST_PROCESSED,PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS,PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE,KEY_RECOVERY_REQUEST,KEY_RECOVERY_REQUEST_ASYNC,KEY_RECOVERY_AGENT_LOGIN,KEY_RECOVERY_REQUEST_PROCESSED,KEY_RECOVERY_REQUEST_PROCESSED_ASYNC,KEY_GEN_ASYMMETRIC,NON_PROFILE_CERT_REQUEST,PROFILE_CERT_REQUEST,CERT_REQUEST_PROCESSED,CERT_STATUS_CHANGE_REQUEST,CERT_STATUS_CHANGE_REQUEST_PROCESSED,AUTHZ_SUCCESS,AUTHZ_FAIL,INTER_BOUNDARY,AUTH_FAIL,AUTH_SUCCESS,CERT_PROFILE_APPROVAL,PROOF_OF_POSSESSION,CRL_RETRIEVAL,CRL_VALIDATION,CMC_SIGNED_REQUEST_SIG_VERIFY,SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_FAILURE,SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_SUCCESS,SERVER_SIDE_KEYGEN_REQUEST,COMPUTE_SESSION_KEY_REQUEST,COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS, COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE,DIVERSIFY_KEY_REQUEST,DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS, DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE,ENCRYPT_DATA_REQUEST,ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS,ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE,OCSP_ADD_CA_REQUEST,OCSP_ADD_CA_REQUEST_PROCESSED,OCSP_REMOVE_CA_REQUEST,OCSP_REMOVE_CA_REQUEST_PROCESSED_SUCCESS,OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE,COMPUTE_RANDOM_DATA_REQUEST,COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_SUCCESS,COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_FAILURE,CIMC_CERT_VERIFICATION,SECURITY_DOMAIN_UPDATE,CONFIG_SERIAL_NUMBER,TOKEN_CERT_ENROLLMENT,TOKEN_CERT_RENEWAL,TOKEN_PIN_RESET_SUCCESS,TOKEN_PIN_RESET_FAILURE,TOKEN_OP_REQUEST,TOKEN_FORMAT_SUCCESS,TOKEN_FORMAT_FAILURE,TOKEN_APPLET_UPGRADE_SUCCESS,TOKEN_APPLET_UPGRADE_FAILURE,TOKEN_KEY_CHANGEOVER_REQUIREDTOKEN_KEY_CHANGEOVER_FAILURE,CONFIG_TOKEN_PROFILE,CONFIG_TOKEN_MAPPING_RESOLVER,CONFIG_TOKEN_GENERAL,CONFIG_TOKEN_CONNECTOR,CONFIG_TOKEN_RECORD,CONFIG_TOKEN_AUTHENTICATOR,TOKEN_STATE_CHANGE,TOKEN_CERT_RETRIEVAL,TOKEN_KEY_RECOVERY,TOKEN_AUTH_SUCCESS,TOKEN_AUTH_FAILURE,ACCESS_SESSION_ESTABLISH_FAILURE,ACCESS_SESSION_ESTABLISH_SUCCESS,ACCESS_SESSION_TERMINATED
log.instance.SignedAudit._006=##
log.instance.SignedAudit.bufferSize=512
log.instance.SignedAudit.enable=true
log.instance.SignedAudit.events=SELFTESTS_EXECUTION,AUTHZ_SUCCESS,AUTHZ_FAIL,AUTH_FAIL,AUTH_SUCCESS,AUTH_FAIL,ROLE_ASSUME,AUTHZ_SUCCESS,AUTHZ_FAIL,CIMC_CERT_VERIFICATION,CONFIG_SIGNED_AUDIT,CONFIG_ROLE,CONFIG_AUTH,TOKEN_CERT_ENROLLMENT,TOKEN_CERT_RENEWAL,TOKEN_PIN_RESET_SUCCESS,TOKEN_PIN_RESET_FAILURE,TOKEN_OP_REQUEST,TOKEN_FORMAT_SUCCESS,TOKEN_FORMAT_FAILURE,TOKEN_APPLET_UPGRADE_SUCCESS,TOKEN_APPLET_UPGRADE_FAILURE,TOKEN_KEY_CHANGEOVER_REQUIRED,TOKEN_KEY_CHANGEOVER_SUCCESS,TOKEN_KEY_CHANGEOVER_FAILURE,CONFIG_TOKEN_PROFILE,CONFIG_TOKEN_MAPPING_RESOLVER,CONFIG_TOKEN_GENERAL,CONFIG_TOKEN_CONNECTOR,CONFIG_TOKEN_RECORD,CONFIG_TOKEN_AUTHENTICATOR,TOKEN_STATE_CHANGE,TOKEN_CERT_RETRIEVAL,TOKEN_KEY_RECOVERY,TOKEN_AUTH_SUCCESS,TOKEN_AUTH_FAILURE,ACCESS_SESSION_ESTABLISH_FAILURE,ACCESS_SESSION_ESTABLISH_SUCCESS,ACCESS_SESSION_TERMINATED
log.instance.SignedAudit.unselected.events=
log.instance.SignedAudit.mandatory.events=AUDIT_LOG_STARTUP,AUDIT_LOG_SHUTDOWN,LOGGING_SIGNED_AUDIT_SIGNING
log.instance.SignedAudit.expirationTime=0
log.instance.SignedAudit.fileName=[PKI_INSTANCE_PATH]/logs/[PKI_SUBSYSTEM_TYPE]/signedAudit/tps_cert-tps_audit
log.instance.SignedAudit.flushInterval=5
log.instance.SignedAudit.level=1
log.instance.SignedAudit.logSigning=false
log.instance.SignedAudit.maxFileSize=2000
log.instance.SignedAudit.pluginName=file
log.instance.SignedAudit.rolloverInterval=2592000
log.instance.SignedAudit.signedAudit:_000=##
log.instance.SignedAudit.signedAudit:_001=## Fill in the nickname of a trusted signing certificate to allow TPS audit logs to be signed
log.instance.SignedAudit.signedAudit:_002=##
log.instance.SignedAudit.signedAuditCertNickname=auditSigningCert cert-[PKI_INSTANCE_NAME]
log.instance.SignedAudit.type=signedAudit
log.instance.System._000=##
log.instance.System._001=## System Logging
log.instance.System._002=##
log.instance.System.bufferSize=512
log.instance.System.enable=true
log.instance.System.expirationTime=0
log.instance.System.fileName=[PKI_INSTANCE_PATH]/logs/[PKI_SUBSYSTEM_TYPE]/system
log.instance.System.flushInterval=5
log.instance.System.level=3
log.instance.System.maxFileSize=2000
log.instance.System.pluginName=file
log.instance.System.rolloverInterval=2592000
log.instance.System.type=system
log.instance.Transactions._000=##
log.instance.Transactions._001=## Transaction Logging
log.instance.Transactions._002=##
log.instance.Transactions.bufferSize=512
log.instance.Transactions.enable=true
log.instance.Transactions.expirationTime=0
log.instance.Transactions.fileName=[PKI_INSTANCE_PATH]/logs/[PKI_SUBSYSTEM_TYPE]/transactions
log.instance.Transactions.flushInterval=5
log.instance.Transactions.level=1
log.instance.Transactions.maxFileSize=2000
log.instance.Transactions.pluginName=file
log.instance.Transactions.rolloverInterval=2592000
log.instance.Transactions.type=transaction
machineName=[PKI_HOSTNAME]
multiroles._000=##
multiroles._001=## multiroles
multiroles._002=##
multiroles.enable=true
multiroles.false.groupEnforceList=Administrators,Auditors,Trusted Managers,Certificate Manager Agents,Registration Manager Agents,Data Recovery Manager Agents,Online Certificate Status Manager Agents,Token Key Service Manager Agents,Enterprise CA Administrators,Enterprise KRA Administrators,Enterprise OCSP Administrators,Enterprise RA Administrators,Enterprise TKS Administrators,Enterprise TPS Administrators,Security Domain Administrators,Subsystem Group,ClonedSubsystems
multiroles.false.groupEnforceList=Administrators,Auditors,Trusted Managers,Certificate Manager Agents,Registration Manager Agents,Data Recovery Manager Agents,Online Certificate Status Manager Agents,Token Key Service Manager Agents,Enterprise CA Administrators,Enterprise KRA Adminstrators,Enterprise OCSP Administrators,Enterprise RA Administrators,Enterprise TKS Administrators,Enterprise TPS Administrators,Security Domain Administrators,Subsystem Group
multiroles=true
op.enroll._000=#########################################
op.enroll._001=# TPS Profiles
op.enroll._002=#  - Operations
op.enroll._003=#   <op> - operation; enroll,pinReset,format
op.enroll._004=#
op.enroll._005=# Revocation Reasons (revokeCert.reason) according to RFC 5280
op.enroll._006=#     unspecified (0)
op.enroll._007=#     keyCompromise (1)
op.enroll._008=#     CACompromise (2)
op.enroll._009=#     affiliationChanged (3)
op.enroll._010=#     superseded (4)
op.enroll._011=#     cessationOfOperation (5)
op.enroll._012=#     certificateHold (6)
op.enroll._013=#     removeFromCRL (8)
op.enroll._014=#     privilegeWithdrawn (9)
op.enroll._015=#     AACompromise (10)
op.enroll._016=#
op.enroll._017=#########################################
op.enroll.delegateIEtoken._000=#########################################
op.enroll.delegateIEtoken._001=# Enrollment for externalReg 
op.enroll.delegateIEtoken._002=#     ID, Encryption
op.enroll.delegateIEtoken._003=#    where Encryption cert/keys are "recovered"
op.enroll.delegateIEtoken._004=#    is controlled by registration user record
op.enroll.delegateIEtoken._005=#########################################
op.enroll.delegateIEtoken.auth.enable=true
op.enroll.delegateIEtoken.cuidMustMatchKDD=false
op.enroll.delegateIEtoken.enableBoundedGPKeyVersion=true
op.enroll.delegateIEtoken.minimumGPKeyVersion=01
op.enroll.delegateIEtoken.maximumGPKeyVersion=FF
op.enroll.delegateIEtoken.rollbackKeyVersionOnPutKeyFailure=false
op.enroll.delegateIEtoken.validateCardKeyInfoAgainstTokenDB=true
op.enroll.delegateIEtoken.auth.id=ldap1
op.enroll.delegateIEtoken.cardmgr_instance=A0000000030000
op.enroll.delegateIEtoken.issuerinfo.enable=true
op.enroll.delegateIEtoken.issuerinfo.value=http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/tps/phoneHome
op.enroll.delegateIEtoken.keyGen.authentication.SANpattern=$auth.exec-edipi$.$auth.exec-pcc$@EXAMPLE.com
op.enroll.delegateIEtoken.keyGen.authentication.ca.conn=ca1
op.enroll.delegateIEtoken.keyGen.authentication.ca.profileId=caTokenUserDelegateAuthKeyEnrollment
op.enroll.delegateIEtoken.keyGen.authentication.certAttrId=c3
op.enroll.delegateIEtoken.keyGen.authentication.certId=C3
op.enroll.delegateIEtoken.keyGen.authentication.cuid_label=$cuid$
op.enroll.delegateIEtoken.keyGen.authentication.dnpattern=cn=$auth.firstname$.$auth.lastname$.$auth.edipi$,e=$auth.mail$,o=TMS Org
op.enroll.delegateIEtoken.keyGen.authentication.keySize=1024
op.enroll.delegateIEtoken.keyGen.authentication.keyUsage=0
op.enroll.delegateIEtoken.keyGen.authentication.keyUser=0
op.enroll.delegateIEtoken.keyGen.authentication.label=authentication key for $userid$
op.enroll.delegateIEtoken.keyGen.authentication.overwrite=true
op.enroll.delegateIEtoken.keyGen.authentication.private.keyCapabilities.decrypt=false
op.enroll.delegateIEtoken.keyGen.authentication.private.keyCapabilities.derive=false
op.enroll.delegateIEtoken.keyGen.authentication.private.keyCapabilities.encrypt=false
op.enroll.delegateIEtoken.keyGen.authentication.private.keyCapabilities.private=true
op.enroll.delegateIEtoken.keyGen.authentication.private.keyCapabilities.sensitive=true
op.enroll.delegateIEtoken.keyGen.authentication.private.keyCapabilities.sign=true
op.enroll.delegateIEtoken.keyGen.authentication.private.keyCapabilities.signRecover=true
op.enroll.delegateIEtoken.keyGen.authentication.private.keyCapabilities.token=true
op.enroll.delegateIEtoken.keyGen.authentication.private.keyCapabilities.unwrap=false
op.enroll.delegateIEtoken.keyGen.authentication.private.keyCapabilities.verify=false
op.enroll.delegateIEtoken.keyGen.authentication.private.keyCapabilities.verifyRecover=false
op.enroll.delegateIEtoken.keyGen.authentication.private.keyCapabilities.wrap=false
op.enroll.delegateIEtoken.keyGen.authentication.privateKeyAttrId=k6
op.enroll.delegateIEtoken.keyGen.authentication.privateKeyNumber=6
op.enroll.delegateIEtoken.keyGen.authentication.public.keyCapabilities.decrypt=false
op.enroll.delegateIEtoken.keyGen.authentication.public.keyCapabilities.derive=false
op.enroll.delegateIEtoken.keyGen.authentication.public.keyCapabilities.encrypt=false
op.enroll.delegateIEtoken.keyGen.authentication.public.keyCapabilities.private=false
op.enroll.delegateIEtoken.keyGen.authentication.public.keyCapabilities.sensitive=false
op.enroll.delegateIEtoken.keyGen.authentication.public.keyCapabilities.sign=false
op.enroll.delegateIEtoken.keyGen.authentication.public.keyCapabilities.signRecover=false
op.enroll.delegateIEtoken.keyGen.authentication.public.keyCapabilities.token=true
op.enroll.delegateIEtoken.keyGen.authentication.public.keyCapabilities.unwrap=false
op.enroll.delegateIEtoken.keyGen.authentication.public.keyCapabilities.verify=true
op.enroll.delegateIEtoken.keyGen.authentication.public.keyCapabilities.verifyRecover=true
op.enroll.delegateIEtoken.keyGen.authentication.public.keyCapabilities.wrap=false
op.enroll.delegateIEtoken.keyGen.authentication.publicKeyAttrId=k7
op.enroll.delegateIEtoken.keyGen.authentication.publicKeyNumber=7
op.enroll.delegateIEtoken.keyGen.authentication.recovery.destroyed.revokeCert=false
op.enroll.delegateIEtoken.keyGen.authentication.recovery.destroyed.revokeCert.reason=0
op.enroll.delegateIEtoken.keyGen.authentication.recovery.destroyed.scheme=GenerateNewKey
op.enroll.delegateIEtoken.keyGen.authentication.recovery.destroyed.holdRevocationUntilLastCredential=false
op.enroll.delegateIEtoken.keyGen.authentication.recovery.destroyed.revokeExpiredCerts=false
op.enroll.delegateIEtoken.keyGen.authentication.recovery.keyCompromise.revokeCert=false
op.enroll.delegateIEtoken.keyGen.authentication.recovery.keyCompromise.revokeCert.reason=1
op.enroll.delegateIEtoken.keyGen.authentication.recovery.keyCompromise.scheme=GenerateNewKey
op.enroll.delegateIEtoken.keyGen.authentication.recovery.keyCompromise.holdRevocationUntilLastCredential=false
op.enroll.delegateIEtoken.keyGen.authentication.recovery.keyCompromise.revokeExpiredCerts=false
op.enroll.delegateIEtoken.keyGen.authentication.recovery.terminated.revokeCert=true
op.enroll.delegateIEtoken.keyGen.authentication.recovery.terminated.revokeCert.reason=1
op.enroll.delegateIEtoken.keyGen.authentication.recovery.terminated.scheme=GenerateNewKey
op.enroll.delegateIEtoken.keyGen.authentication.recovery.terminated.holdRevocationUntilLastCredential=false
op.enroll.delegateIEtoken.keyGen.authentication.recovery.terminated.revokeExpiredCerts=false
op.enroll.delegateIEtoken.keyGen.authentication.recovery.onHold.revokeCert=false
op.enroll.delegateIEtoken.keyGen.authentication.recovery.onHold.revokeCert.reason=6
op.enroll.delegateIEtoken.keyGen.authentication.recovery.onHold.scheme=GenerateNewKey
op.enroll.delegateIEtoken.keyGen.authentication.recovery.onHold.holdRevocationUntilLastCredential=false
op.enroll.delegateIEtoken.keyGen.authentication.recovery.onHold.revokeExpiredCerts=false
op.enroll.delegateIEtoken.keyGen.authentication.serverKeygen.archive=false
op.enroll.delegateIEtoken.keyGen.authentication.serverKeygen.drm.conn=kra1
op.enroll.delegateIEtoken.keyGen.authentication.serverKeygen.enable=false
op.enroll.delegateIEtoken.keyGen.encryption.ca.conn=ca1
op.enroll.delegateIEtoken.keyGen.encryption.private.keyCapabilities.decrypt=true
op.enroll.delegateIEtoken.keyGen.encryption.private.keyCapabilities.derive=false
op.enroll.delegateIEtoken.keyGen.encryption.private.keyCapabilities.encrypt=false
op.enroll.delegateIEtoken.keyGen.encryption.private.keyCapabilities.private=true
op.enroll.delegateIEtoken.keyGen.encryption.private.keyCapabilities.sensitive=true
op.enroll.delegateIEtoken.keyGen.encryption.private.keyCapabilities.sign=false
op.enroll.delegateIEtoken.keyGen.encryption.private.keyCapabilities.signRecover=false
op.enroll.delegateIEtoken.keyGen.encryption.private.keyCapabilities.token=true
op.enroll.delegateIEtoken.keyGen.encryption.private.keyCapabilities.unwrap=true
op.enroll.delegateIEtoken.keyGen.encryption.private.keyCapabilities.verify=false
op.enroll.delegateIEtoken.keyGen.encryption.private.keyCapabilities.verifyRecover=false
op.enroll.delegateIEtoken.keyGen.encryption.private.keyCapabilities.wrap=false
op.enroll.delegateIEtoken.keyGen.encryption.public.keyCapabilities.decrypt=false
op.enroll.delegateIEtoken.keyGen.encryption.public.keyCapabilities.derive=false
op.enroll.delegateIEtoken.keyGen.encryption.public.keyCapabilities.encrypt=true
op.enroll.delegateIEtoken.keyGen.encryption.public.keyCapabilities.private=false
op.enroll.delegateIEtoken.keyGen.encryption.public.keyCapabilities.sensitive=false
op.enroll.delegateIEtoken.keyGen.encryption.public.keyCapabilities.sign=false
op.enroll.delegateIEtoken.keyGen.encryption.public.keyCapabilities.signRecover=false
op.enroll.delegateIEtoken.keyGen.encryption.public.keyCapabilities.token=true
op.enroll.delegateIEtoken.keyGen.encryption.public.keyCapabilities.unwrap=false
op.enroll.delegateIEtoken.keyGen.encryption.public.keyCapabilities.verify=false
op.enroll.delegateIEtoken.keyGen.encryption.public.keyCapabilities.verifyRecover=false
op.enroll.delegateIEtoken.keyGen.encryption.public.keyCapabilities.wrap=true
op.enroll.delegateIEtoken.keyGen.encryption.serverKeygen.archive=true
op.enroll.delegateIEtoken.keyGen.encryption.serverKeygen.drm.conn=kra1
op.enroll.delegateIEtoken.keyGen.encryption.serverKeygen.enable=[SERVER_KEYGEN]
op.enroll.delegateIEtoken.keyGen.keyType.num=1
op.enroll.delegateIEtoken.keyGen.keyType.value.0=authentication
op.enroll.delegateIEtoken.keyGen.recovery.destroyed.keyType.num=1
op.enroll.delegateIEtoken.keyGen.recovery.destroyed.keyType.value.0=authentication
op.enroll.delegateIEtoken.keyGen.recovery.keyCompromise.keyType.num=1
op.enroll.delegateIEtoken.keyGen.recovery.keyCompromise.keyType.value.0=authentication
op.enroll.delegateIEtoken.keyGen.recovery.onHold.keyType.num=1
op.enroll.delegateIEtoken.keyGen.recovery.onHold.keyType.value.0=authentication
op.enroll.delegateIEtoken.keyGen.tokenName=$auth.cn$
op.enroll.delegateIEtoken.loginRequest.enable=true
op.enroll.delegateIEtoken.pinReset.enable=true
op.enroll.delegateIEtoken.pinReset.pin.maxLen=10
op.enroll.delegateIEtoken.pinReset.pin.maxRetries=127
op.enroll.delegateIEtoken.pinReset.pin.minLen=4
op.enroll.delegateIEtoken.pkcs11obj.compress.enable=true
op.enroll.delegateIEtoken.pkcs11obj.enable=true
op.enroll.delegateIEtoken.renewal._000=#########################################
op.enroll.delegateIEtoken.renewal._001=# Token Renewal.
op.enroll.delegateIEtoken.renewal._002=#
op.enroll.delegateIEtoken.renewal._003=# For each token in TPS UI, set the
op.enroll.delegateIEtoken.renewal._004=# following to trigger renewal
op.enroll.delegateIEtoken.renewal._005=# operations:
op.enroll.delegateIEtoken.renewal._006=#
op.enroll.delegateIEtoken.renewal._007=#     RENEW=YES
op.enroll.delegateIEtoken.renewal._008=#
op.enroll.delegateIEtoken.renewal._009=# Optional grace period enforcement
op.enroll.delegateIEtoken.renewal._010=# must coincide exactly with what
op.enroll.delegateIEtoken.renewal._011=# the CA enforces.
op.enroll.delegateIEtoken.renewal._012=#
op.enroll.delegateIEtoken.renewal._013=# In case of renewal, encryption certId
op.enroll.delegateIEtoken.renewal._014=# values are for completeness only, server
op.enroll.delegateIEtoken.renewal._015=# code calculates actual values used.
op.enroll.delegateIEtoken.renewal._016=#
op.enroll.delegateIEtoken.renewal._017=#########################################
op.enroll.delegateIEtoken.renewal.authentication.ca.conn=ca1
op.enroll.delegateIEtoken.renewal.authentication.ca.profileId=caTokenUserAuthKeyRenewal
op.enroll.delegateIEtoken.renewal.authentication.certAttrId=c3
op.enroll.delegateIEtoken.renewal.authentication.certId=C3
op.enroll.delegateIEtoken.renewal.authentication.enable=true
op.enroll.delegateIEtoken.renewal.authentication.gracePeriod.after=30
op.enroll.delegateIEtoken.renewal.authentication.gracePeriod.before=30
op.enroll.delegateIEtoken.renewal.authentication.gracePeriod.enable=false
op.enroll.delegateIEtoken.renewal.keyType.num=1
op.enroll.delegateIEtoken.renewal.keyType.value.0=authentication
op.enroll.delegateIEtoken.temporaryToken.tokenType=delegateIEtokenTemporary
op.enroll.delegateIEtoken.tks.conn=tks1
op.enroll.delegateIEtoken.update.applet.directory=/usr/share/pki/tps/applets
op.enroll.delegateIEtoken.update.applet.emptyToken.enable=true
op.enroll.delegateIEtoken.update.applet.enable=true
op.enroll.delegateIEtoken.update.applet.encryption=true
op.enroll.delegateIEtoken.update.applet.requiredVersion=1.4.58768072
op.enroll.delegateIEtoken.update.symmetricKeys.enable=false
op.enroll.delegateIEtoken.update.symmetricKeys.requiredVersion=1
op.format.delegateIEtoken.auth.enable=true
op.format.delegateIEtoken.cuidMustMatchKDD=false
op.format.delegateIEtoken.enableBoundedGPKeyVersion=true
op.format.delegateIEtoken.minimumGPKeyVersion=01
op.format.delegateIEtoken.maximumGPKeyVersion=FF
op.format.delegateIEtoken.rollbackKeyVersionOnPutKeyFailure=false
op.format.delegateIEtoken.validateCardKeyInfoAgainstTokenDB=true
op.format.delegateIEtoken.auth.id=ldap1
op.format.delegateIEtoken.ca.conn=ca1
op.format.delegateIEtoken.cardmgr_instance=A0000000030000
op.format.delegateIEtoken.issuerinfo.enable=true
op.format.delegateIEtoken.issuerinfo.value=http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/tps/phoneHome
op.format.delegateIEtoken.loginRequest.enable=true
op.format.delegateIEtoken.revokeCert=false
op.format.delegateIEtoken.revokeCert.reason=0
op.format.delegateIEtoken.tks.conn=tks1
op.format.delegateIEtoken.update.applet.directory=/usr/share/pki/tps/applets
op.format.delegateIEtoken.update.applet.emptyToken.enable=true
op.format.delegateIEtoken.update.applet.encryption=true
op.format.delegateIEtoken.update.applet.requiredVersion=1.4.58768072
op.format.delegateIEtoken.update.symmetricKeys.enable=false
op.format.delegateIEtoken.update.symmetricKeys.requiredVersion=1
op.enroll.delegateISEtoken._000=#########################################
op.enroll.delegateISEtoken._001=# Enrollment for externalReg 
op.enroll.delegateISEtoken._002=#     ID, Signing, Encryption
op.enroll.delegateISEtoken._003=#    where Encryption cert/keys is "recovered" 
op.enroll.delegateISEtoken._004=#    is controlled by registration user record
op.enroll.delegateISEtoken._005=#########################################
op.enroll.delegateISEtoken.auth.enable=true
op.enroll.delegateISEtoken.cuidMustMatchKDD=false
op.enroll.delegateISEtoken.enableBoundedGPKeyVersion=true
op.enroll.delegateISEtoken.minimumGPKeyVersion=01
op.enroll.delegateISEtoken.maximumGPKeyVersion=FF
op.enroll.delegateISEtoken.rollbackKeyVersionOnPutKeyFailure=false
op.enroll.delegateISEtoken.validateCardKeyInfoAgainstTokenDB=true
op.enroll.delegateISEtoken.auth.id=ldap1
op.enroll.delegateISEtoken.cardmgr_instance=A0000000030000
op.enroll.delegateISEtoken.issuerinfo.enable=true
op.enroll.delegateISEtoken.issuerinfo.value=http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/tps/phoneHome
op.enroll.delegateISEtoken.keyGen.authentication.SANpattern=$auth.exec-edipi$.$auth.exec-pcc$@EXAMPLE.com
op.enroll.delegateISEtoken.keyGen.authentication.ca.conn=ca1
op.enroll.delegateISEtoken.keyGen.authentication.ca.profileId=caTokenUserDelegateAuthKeyEnrollment
op.enroll.delegateISEtoken.keyGen.authentication.certAttrId=c3
op.enroll.delegateISEtoken.keyGen.authentication.certId=C3
op.enroll.delegateISEtoken.keyGen.authentication.cuid_label=$cuid$
op.enroll.delegateISEtoken.keyGen.authentication.dnpattern=cn=$auth.firstname$.$auth.lastname$.$auth.edipi$,e=$auth.mail$,o=TMS Org
op.enroll.delegateISEtoken.keyGen.authentication.keySize=1024
op.enroll.delegateISEtoken.keyGen.authentication.keyUsage=0
op.enroll.delegateISEtoken.keyGen.authentication.keyUser=0
op.enroll.delegateISEtoken.keyGen.authentication.label=authentication key for $userid$
op.enroll.delegateISEtoken.keyGen.authentication.overwrite=true
op.enroll.delegateISEtoken.keyGen.authentication.private.keyCapabilities.decrypt=false
op.enroll.delegateISEtoken.keyGen.authentication.private.keyCapabilities.derive=false
op.enroll.delegateISEtoken.keyGen.authentication.private.keyCapabilities.encrypt=false
op.enroll.delegateISEtoken.keyGen.authentication.private.keyCapabilities.private=true
op.enroll.delegateISEtoken.keyGen.authentication.private.keyCapabilities.sensitive=true
op.enroll.delegateISEtoken.keyGen.authentication.private.keyCapabilities.sign=true
op.enroll.delegateISEtoken.keyGen.authentication.private.keyCapabilities.signRecover=true
op.enroll.delegateISEtoken.keyGen.authentication.private.keyCapabilities.token=true
op.enroll.delegateISEtoken.keyGen.authentication.private.keyCapabilities.unwrap=false
op.enroll.delegateISEtoken.keyGen.authentication.private.keyCapabilities.verify=false
op.enroll.delegateISEtoken.keyGen.authentication.private.keyCapabilities.verifyRecover=false
op.enroll.delegateISEtoken.keyGen.authentication.private.keyCapabilities.wrap=false
op.enroll.delegateISEtoken.keyGen.authentication.privateKeyAttrId=k6
op.enroll.delegateISEtoken.keyGen.authentication.privateKeyNumber=6
op.enroll.delegateISEtoken.keyGen.authentication.public.keyCapabilities.decrypt=false
op.enroll.delegateISEtoken.keyGen.authentication.public.keyCapabilities.derive=false
op.enroll.delegateISEtoken.keyGen.authentication.public.keyCapabilities.encrypt=false
op.enroll.delegateISEtoken.keyGen.authentication.public.keyCapabilities.private=false
op.enroll.delegateISEtoken.keyGen.authentication.public.keyCapabilities.sensitive=false
op.enroll.delegateISEtoken.keyGen.authentication.public.keyCapabilities.sign=false
op.enroll.delegateISEtoken.keyGen.authentication.public.keyCapabilities.signRecover=false
op.enroll.delegateISEtoken.keyGen.authentication.public.keyCapabilities.token=true
op.enroll.delegateISEtoken.keyGen.authentication.public.keyCapabilities.unwrap=false
op.enroll.delegateISEtoken.keyGen.authentication.public.keyCapabilities.verify=true
op.enroll.delegateISEtoken.keyGen.authentication.public.keyCapabilities.verifyRecover=true
op.enroll.delegateISEtoken.keyGen.authentication.public.keyCapabilities.wrap=false
op.enroll.delegateISEtoken.keyGen.authentication.publicKeyAttrId=k7
op.enroll.delegateISEtoken.keyGen.authentication.publicKeyNumber=7
op.enroll.delegateISEtoken.keyGen.authentication.recovery.destroyed.revokeCert=false
op.enroll.delegateISEtoken.keyGen.authentication.recovery.destroyed.revokeCert.reason=0
op.enroll.delegateISEtoken.keyGen.authentication.recovery.destroyed.scheme=GenerateNewKey
op.enroll.delegateISEtoken.keyGen.authentication.recovery.destroyed.holdRevocationUntilLastCredential=false
op.enroll.delegateISEtoken.keyGen.authentication.recovery.destroyed.revokeExpiredCerts=false
op.enroll.delegateISEtoken.keyGen.authentication.recovery.keyCompromise.revokeCert=false
op.enroll.delegateISEtoken.keyGen.authentication.recovery.keyCompromise.revokeCert.reason=1
op.enroll.delegateISEtoken.keyGen.authentication.recovery.keyCompromise.scheme=GenerateNewKey
op.enroll.delegateISEtoken.keyGen.authentication.recovery.keyCompromise.holdRevocationUntilLastCredential=false
op.enroll.delegateISEtoken.keyGen.authentication.recovery.keyCompromise.revokeExpiredCerts=false
op.enroll.delegateISEtoken.keyGen.authentication.recovery.terminated.revokeCert=true
op.enroll.delegateISEtoken.keyGen.authentication.recovery.terminated.revokeCert.reason=1
op.enroll.delegateISEtoken.keyGen.authentication.recovery.terminated.scheme=GenerateNewKey
op.enroll.delegateISEtoken.keyGen.authentication.recovery.terminated.holdRevocationUntilLastCredential=false
op.enroll.delegateISEtoken.keyGen.authentication.recovery.terminated.revokeExpiredCerts=false
op.enroll.delegateISEtoken.keyGen.authentication.recovery.onHold.revokeCert=false
op.enroll.delegateISEtoken.keyGen.authentication.recovery.onHold.revokeCert.reason=6
op.enroll.delegateISEtoken.keyGen.authentication.recovery.onHold.scheme=GenerateNewKey
op.enroll.delegateISEtoken.keyGen.authentication.recovery.onHold.holdRevocationUntilLastCredential=false
op.enroll.delegateISEtoken.keyGen.authentication.recovery.onHold.revokeExpiredCerts=false
op.enroll.delegateISEtoken.keyGen.authentication.serverKeygen.archive=false
op.enroll.delegateISEtoken.keyGen.authentication.serverKeygen.drm.conn=kra1
op.enroll.delegateISEtoken.keyGen.authentication.serverKeygen.enable=false
op.enroll.delegateISEtoken.keyGen.encryption.SANpattern=$auth.mail$,$auth.exec-edipi$.$auth.exec-pcc$@EXAMPLE.com
op.enroll.delegateISEtoken.keyGen.encryption._000=#########################################
op.enroll.delegateISEtoken.keyGen.encryption._001=# encryption cert/keys are "recovered" for this profile
op.enroll.delegateISEtoken.keyGen.encryption._002=# controlled from User Registartion db
op.enroll.delegateISEtoken.keyGen.encryption._003=#########################################
op.enroll.delegateISEtoken.keyGen.encryption.ca.conn=ca1
op.enroll.delegateISEtoken.keyGen.encryption.ca.profileId=caTokenUserAuthenticationKeyEnrollment
op.enroll.delegateISEtoken.keyGen.encryption.certAttrId=c2
op.enroll.delegateISEtoken.keyGen.encryption.certId=C2
op.enroll.delegateISEtoken.keyGen.encryption.cuid_label=$cuid$
op.enroll.delegateISEtoken.keyGen.encryption.dnpattern=cn=$auth.firstname$.$auth.lastname$.$auth.exec-edipi$,e=$auth.mail$,o=TMS Org
op.enroll.delegateISEtoken.keyGen.encryption.keySize=1024
op.enroll.delegateISEtoken.keyGen.encryption.keyUsage=0
op.enroll.delegateISEtoken.keyGen.encryption.keyUser=0
op.enroll.delegateISEtoken.keyGen.encryption.label=encryption key for $userid$
op.enroll.delegateISEtoken.keyGen.encryption.overwrite=true
op.enroll.delegateISEtoken.keyGen.encryption.private.keyCapabilities.decrypt=true
op.enroll.delegateISEtoken.keyGen.encryption.private.keyCapabilities.derive=false
op.enroll.delegateISEtoken.keyGen.encryption.private.keyCapabilities.encrypt=false
op.enroll.delegateISEtoken.keyGen.encryption.private.keyCapabilities.private=true
op.enroll.delegateISEtoken.keyGen.encryption.private.keyCapabilities.sensitive=true
op.enroll.delegateISEtoken.keyGen.encryption.private.keyCapabilities.sign=false
op.enroll.delegateISEtoken.keyGen.encryption.private.keyCapabilities.signRecover=false
op.enroll.delegateISEtoken.keyGen.encryption.private.keyCapabilities.token=true
op.enroll.delegateISEtoken.keyGen.encryption.private.keyCapabilities.unwrap=true
op.enroll.delegateISEtoken.keyGen.encryption.private.keyCapabilities.verify=false
op.enroll.delegateISEtoken.keyGen.encryption.private.keyCapabilities.verifyRecover=false
op.enroll.delegateISEtoken.keyGen.encryption.private.keyCapabilities.wrap=false
op.enroll.delegateISEtoken.keyGen.encryption.privateKeyAttrId=k4
op.enroll.delegateISEtoken.keyGen.encryption.privateKeyNumber=4
op.enroll.delegateISEtoken.keyGen.encryption.public.keyCapabilities.decrypt=false
op.enroll.delegateISEtoken.keyGen.encryption.public.keyCapabilities.derive=false
op.enroll.delegateISEtoken.keyGen.encryption.public.keyCapabilities.encrypt=true
op.enroll.delegateISEtoken.keyGen.encryption.public.keyCapabilities.private=false
op.enroll.delegateISEtoken.keyGen.encryption.public.keyCapabilities.sensitive=false
op.enroll.delegateISEtoken.keyGen.encryption.public.keyCapabilities.sign=false
op.enroll.delegateISEtoken.keyGen.encryption.public.keyCapabilities.signRecover=false
op.enroll.delegateISEtoken.keyGen.encryption.public.keyCapabilities.token=true
op.enroll.delegateISEtoken.keyGen.encryption.public.keyCapabilities.unwrap=false
op.enroll.delegateISEtoken.keyGen.encryption.public.keyCapabilities.verify=false
op.enroll.delegateISEtoken.keyGen.encryption.public.keyCapabilities.verifyRecover=false
op.enroll.delegateISEtoken.keyGen.encryption.public.keyCapabilities.wrap=true
op.enroll.delegateISEtoken.keyGen.encryption.publicKeyAttrId=k5
op.enroll.delegateISEtoken.keyGen.encryption.publicKeyNumber=5
op.enroll.delegateISEtoken.keyGen.encryption.recovery.destroyed.revokeCert=false
op.enroll.delegateISEtoken.keyGen.encryption.recovery.destroyed.revokeCert.reason=0
op.enroll.delegateISEtoken.keyGen.encryption.recovery.destroyed.scheme=RecoverLast
op.enroll.delegateISEtoken.keyGen.encryption.recovery.destroyed.holdRevocationUntilLastCredential=false
op.enroll.delegateISEtoken.keyGen.encryption.recovery.destroyed.revokeExpiredCerts=false
op.enroll.delegateISEtoken.keyGen.encryption.recovery.keyCompromise.revokeCert=false
op.enroll.delegateISEtoken.keyGen.encryption.recovery.keyCompromise.revokeCert.reason=1
op.enroll.delegateISEtoken.keyGen.encryption.recovery.keyCompromise.scheme=GenerateNewKey
op.enroll.delegateISEtoken.keyGen.encryption.recovery.keyCompromise.holdRevocationUntilLastCredential=false
op.enroll.delegateISEtoken.keyGen.encryption.recovery.keyCompromise.revokeExpiredCerts=false
op.enroll.delegateISEtoken.keyGen.encryption.recovery.terminated.revokeCert=true
op.enroll.delegateISEtoken.keyGen.encryption.recovery.terminated.revokeCert.reason=1
op.enroll.delegateISEtoken.keyGen.encryption.recovery.terminated.scheme=GenerateNewKey
op.enroll.delegateISEtoken.keyGen.encryption.recovery.terminated.holdRevocationUntilLastCredential=false
op.enroll.delegateISEtoken.keyGen.encryption.recovery.terminated.revokeExpiredCerts=false
op.enroll.delegateISEtoken.keyGen.encryption.recovery.onHold.revokeCert=false
op.enroll.delegateISEtoken.keyGen.encryption.recovery.onHold.revokeCert.reason=6
op.enroll.delegateISEtoken.keyGen.encryption.recovery.onHold.scheme=GenerateNewKey
op.enroll.delegateISEtoken.keyGen.encryption.recovery.onHold.holdRevocationUntilLastCredential=false
op.enroll.delegateISEtoken.keyGen.encryption.recovery.onHold.revokeExpiredCerts=false
op.enroll.delegateISEtoken.keyGen.encryption.serverKeygen.archive=true
op.enroll.delegateISEtoken.keyGen.encryption.serverKeygen.drm.conn=kra1
op.enroll.delegateISEtoken.keyGen.encryption.serverKeygen.enable=[SERVER_KEYGEN]
op.enroll.delegateISEtoken.keyGen.keyType.num=2
op.enroll.delegateISEtoken.keyGen.keyType.value.0=signing
op.enroll.delegateISEtoken.keyGen.keyType.value.1=authentication
op.enroll.delegateISEtoken.keyGen.recovery.destroyed.keyType.num=2
op.enroll.delegateISEtoken.keyGen.recovery.destroyed.keyType.value.0=signing
op.enroll.delegateISEtoken.keyGen.recovery.destroyed.keyType.value.1=authentication
op.enroll.delegateISEtoken.keyGen.recovery.keyCompromise.keyType.num=2
op.enroll.delegateISEtoken.keyGen.recovery.keyCompromise.keyType.value.0=signing
op.enroll.delegateISEtoken.keyGen.recovery.keyCompromise.keyType.value.1=authentication
op.enroll.delegateISEtoken.keyGen.recovery.onHold.keyType.num=2
op.enroll.delegateISEtoken.keyGen.recovery.onHold.keyType.value.0=signing
op.enroll.delegateISEtoken.keyGen.recovery.onHold.keyType.value.1=authentication
op.enroll.delegateISEtoken.keyGen.signing.SANpattern=$auth.exec-mail$
op.enroll.delegateISEtoken.keyGen.signing.ca.conn=ca1
op.enroll.delegateISEtoken.keyGen.signing.ca.profileId=caTokenUserDelegateSigningKeyEnrollment
op.enroll.delegateISEtoken.keyGen.signing.certAttrId=c1
op.enroll.delegateISEtoken.keyGen.signing.certId=C1
op.enroll.delegateISEtoken.keyGen.signing.cuid_label=$cuid$
op.enroll.delegateISEtoken.keyGen.signing.dnpattern=cn=$auth.firstname$.$auth.lastname$.$auth.exec-edipi$,e=$auth.mail$,o=TMS Org
op.enroll.delegateISEtoken.keyGen.signing.keySize=1024
op.enroll.delegateISEtoken.keyGen.signing.keyUsage=0
op.enroll.delegateISEtoken.keyGen.signing.keyUser=0
op.enroll.delegateISEtoken.keyGen.signing.label=signing key for $userid$
op.enroll.delegateISEtoken.keyGen.signing.overwrite=true
op.enroll.delegateISEtoken.keyGen.signing.private.keyCapabilities.decrypt=false
op.enroll.delegateISEtoken.keyGen.signing.private.keyCapabilities.derive=false
op.enroll.delegateISEtoken.keyGen.signing.private.keyCapabilities.encrypt=false
op.enroll.delegateISEtoken.keyGen.signing.private.keyCapabilities.private=true
op.enroll.delegateISEtoken.keyGen.signing.private.keyCapabilities.sensitive=true
op.enroll.delegateISEtoken.keyGen.signing.private.keyCapabilities.sign=true
op.enroll.delegateISEtoken.keyGen.signing.private.keyCapabilities.signRecover=true
op.enroll.delegateISEtoken.keyGen.signing.private.keyCapabilities.token=true
op.enroll.delegateISEtoken.keyGen.signing.private.keyCapabilities.unwrap=false
op.enroll.delegateISEtoken.keyGen.signing.private.keyCapabilities.verify=false
op.enroll.delegateISEtoken.keyGen.signing.private.keyCapabilities.verifyRecover=false
op.enroll.delegateISEtoken.keyGen.signing.private.keyCapabilities.wrap=false
op.enroll.delegateISEtoken.keyGen.signing.privateKeyAttrId=k2
op.enroll.delegateISEtoken.keyGen.signing.privateKeyNumber=2
op.enroll.delegateISEtoken.keyGen.signing.public.keyCapabilities.decrypt=false
op.enroll.delegateISEtoken.keyGen.signing.public.keyCapabilities.derive=false
op.enroll.delegateISEtoken.keyGen.signing.public.keyCapabilities.encrypt=false
op.enroll.delegateISEtoken.keyGen.signing.public.keyCapabilities.private=false
op.enroll.delegateISEtoken.keyGen.signing.public.keyCapabilities.sensitive=false
op.enroll.delegateISEtoken.keyGen.signing.public.keyCapabilities.sign=false
op.enroll.delegateISEtoken.keyGen.signing.public.keyCapabilities.signRecover=false
op.enroll.delegateISEtoken.keyGen.signing.public.keyCapabilities.token=true
op.enroll.delegateISEtoken.keyGen.signing.public.keyCapabilities.unwrap=false
op.enroll.delegateISEtoken.keyGen.signing.public.keyCapabilities.verify=true
op.enroll.delegateISEtoken.keyGen.signing.public.keyCapabilities.verifyRecover=true
op.enroll.delegateISEtoken.keyGen.signing.public.keyCapabilities.wrap=false
op.enroll.delegateISEtoken.keyGen.signing.publicKeyAttrId=k3
op.enroll.delegateISEtoken.keyGen.signing.publicKeyNumber=3
op.enroll.delegateISEtoken.keyGen.signing.recovery.destroyed.revokeCert=false
op.enroll.delegateISEtoken.keyGen.signing.recovery.destroyed.revokeCert.reason=0
op.enroll.delegateISEtoken.keyGen.signing.recovery.destroyed.scheme=GenerateNewKey
op.enroll.delegateISEtoken.keyGen.signing.recovery.destroyed.holdRevocationUntilLastCredential=false
op.enroll.delegateISEtoken.keyGen.signing.recovery.destroyed.revokeExpiredCerts=false
op.enroll.delegateISEtoken.keyGen.signing.recovery.keyCompromise.revokeCert=false
op.enroll.delegateISEtoken.keyGen.signing.recovery.keyCompromise.revokeCert.reason=1
op.enroll.delegateISEtoken.keyGen.signing.recovery.keyCompromise.scheme=GenerateNewKey
op.enroll.delegateISEtoken.keyGen.signing.recovery.keyCompromise.holdRevocationUntilLastCredential=false
op.enroll.delegateISEtoken.keyGen.signing.recovery.keyCompromise.revokeExpiredCerts=false
op.enroll.delegateISEtoken.keyGen.signing.recovery.terminated.revokeCert=true
op.enroll.delegateISEtoken.keyGen.signing.recovery.terminated.revokeCert.reason=1
op.enroll.delegateISEtoken.keyGen.signing.recovery.terminated.scheme=GenerateNewKey
op.enroll.delegateISEtoken.keyGen.signing.recovery.terminated.holdRevocationUntilLastCredential=false
op.enroll.delegateISEtoken.keyGen.signing.recovery.terminated.revokeExpiredCerts=false
op.enroll.delegateISEtoken.keyGen.signing.recovery.onHold.revokeCert=false
op.enroll.delegateISEtoken.keyGen.signing.recovery.onHold.revokeCert.reason=6
op.enroll.delegateISEtoken.keyGen.signing.recovery.onHold.scheme=GenerateNewKey
op.enroll.delegateISEtoken.keyGen.signing.recovery.onHold.holdRevocationUntilLastCredential=false
op.enroll.delegateISEtoken.keyGen.signing.recovery.onHold.revokeExpiredCerts=false
op.enroll.delegateISEtoken.keyGen.signing.serverKeygen.archive=false
op.enroll.delegateISEtoken.keyGen.signing.serverKeygen.drm.conn=kra1
op.enroll.delegateISEtoken.keyGen.signing.serverKeygen.enable=false
op.enroll.delegateISEtoken.keyGen.tokenName=$auth.cn$
op.enroll.delegateISEtoken.loginRequest.enable=true
op.enroll.delegateISEtoken.pinReset.enable=true
op.enroll.delegateISEtoken.pinReset.pin.maxLen=10
op.enroll.delegateISEtoken.pinReset.pin.maxRetries=127
op.enroll.delegateISEtoken.pinReset.pin.minLen=4
op.enroll.delegateISEtoken.pkcs11obj.compress.enable=true
op.enroll.delegateISEtoken.pkcs11obj.enable=true
op.enroll.delegateISEtoken.renewal._000=#########################################
op.enroll.delegateISEtoken.renewal._001=# Token Renewal.
op.enroll.delegateISEtoken.renewal._002=#
op.enroll.delegateISEtoken.renewal._003=# For each token in TPS UI, set the
op.enroll.delegateISEtoken.renewal._004=# following to trigger renewal
op.enroll.delegateISEtoken.renewal._005=# operations:
op.enroll.delegateISEtoken.renewal._006=#
op.enroll.delegateISEtoken.renewal._007=#     RENEW=YES
op.enroll.delegateISEtoken.renewal._008=#
op.enroll.delegateISEtoken.renewal._009=# Optional grace period enforcement
op.enroll.delegateISEtoken.renewal._010=# must coincide exactly with what
op.enroll.delegateISEtoken.renewal._011=# the CA enforces.
op.enroll.delegateISEtoken.renewal._012=#
op.enroll.delegateISEtoken.renewal._013=# In case of renewal, encryption certId
op.enroll.delegateISEtoken.renewal._014=# values are for completeness only, server
op.enroll.delegateISEtoken.renewal._015=# code calculates actual values used.
op.enroll.delegateISEtoken.renewal._016=#
op.enroll.delegateISEtoken.renewal._017=#########################################
op.enroll.delegateISEtoken.renewal.authentication.ca.conn=ca1
op.enroll.delegateISEtoken.renewal.authentication.ca.profileId=caTokenUserDelegateAuthKeyRenewal
op.enroll.delegateISEtoken.renewal.authentication.certAttrId=c3
op.enroll.delegateISEtoken.renewal.authentication.certId=C3
op.enroll.delegateISEtoken.renewal.authentication.enable=true
op.enroll.delegateISEtoken.renewal.authentication.gracePeriod.after=30
op.enroll.delegateISEtoken.renewal.authentication.gracePeriod.before=30
op.enroll.delegateISEtoken.renewal.authentication.gracePeriod.enable=false
op.enroll.delegateISEtoken.renewal.keyType.num=2
op.enroll.delegateISEtoken.renewal.keyType.value.0=signing
op.enroll.delegateISEtoken.renewal.keyType.value.1=authentication
op.enroll.delegateISEtoken.renewal.signing.ca.conn=ca1
op.enroll.delegateISEtoken.renewal.signing.ca.profileId=caTokenUserSigningKeyRenewal
op.enroll.delegateISEtoken.renewal.signing.certAttrId=c1
op.enroll.delegateISEtoken.renewal.signing.certId=C1
op.enroll.delegateISEtoken.renewal.signing.enable=true
op.enroll.delegateISEtoken.renewal.signing.gracePeriod.after=30
op.enroll.delegateISEtoken.renewal.signing.gracePeriod.before=30
op.enroll.delegateISEtoken.renewal.signing.gracePeriod.enable=false
op.enroll.delegateISEtoken.temporaryToken.tokenType=delegateISEtokenTemporary
op.enroll.delegateISEtoken.tks.conn=tks1
op.enroll.delegateISEtoken.update.applet.directory=/usr/share/pki/tps/applets
op.enroll.delegateISEtoken.update.applet.emptyToken.enable=true
op.enroll.delegateISEtoken.update.applet.enable=true
op.enroll.delegateISEtoken.update.applet.encryption=true
op.enroll.delegateISEtoken.update.applet.requiredVersion=1.4.58768072
op.enroll.delegateISEtoken.update.symmetricKeys.enable=false
op.enroll.delegateISEtoken.update.symmetricKeys.requiredVersion=1
op.format.delegateISEtoken.auth.enable=true
op.format.delegateISEtoken.cuidMustMatchKDD=false
op.format.delegateISEtoken.enableBoundedGPKeyVersion=true
op.format.delegateISEtoken.minimumGPKeyVersion=01
op.format.delegateISEtoken.maximumGPKeyVersion=FF
op.format.delegateISEtoken.rollbackKeyVersionOnPutKeyFailure=false
op.format.delegateISEtoken.validateCardKeyInfoAgainstTokenDB=true
op.format.delegateISEtoken.auth.id=ldap1
op.format.delegateISEtoken.ca.conn=ca1
op.format.delegateISEtoken.cardmgr_instance=A0000000030000
op.format.delegateISEtoken.issuerinfo.enable=true
op.format.delegateISEtoken.issuerinfo.value=http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/tps/phoneHome
op.format.delegateISEtoken.loginRequest.enable=true
op.format.delegateISEtoken.revokeCert=false
op.format.delegateISEtoken.revokeCert.reason=0
op.format.delegateISEtoken.tks.conn=tks1
op.format.delegateISEtoken.update.applet.directory=/usr/share/pki/tps/applets
op.format.delegateISEtoken.update.applet.emptyToken.enable=true
op.format.delegateISEtoken.update.applet.encryption=true
op.format.delegateISEtoken.update.applet.requiredVersion=1.4.58768072
op.format.delegateISEtoken.update.symmetricKeys.enable=false
op.format.delegateISEtoken.update.symmetricKeys.requiredVersion=1
op.enroll.externalRegAddToToken._000=#########################################
op.enroll.externalRegAddToToken._001=# for externalReg recovering certs/keys only
op.enroll.externalRegAddToToken._002=#########################################
op.enroll.externalRegAddToToken.auth.enable=true
op.enroll.externalRegAddToToken.cuidMustMatchKDD=false
op.enroll.externalRegAddToToken.enableBoundedGPKeyVersion=true
op.enroll.externalRegAddToToken.minimumGPKeyVersion=01
op.enroll.externalRegAddToToken.maximumGPKeyVersion=FF
op.enroll.externalRegAddToToken.rollbackKeyVersionOnPutKeyFailure=false
op.enroll.externalRegAddToToken.validateCardKeyInfoAgainstTokenDB=true
op.enroll.externalRegAddToToken.auth.id=ldap1
op.enroll.externalRegAddToToken.cardmgr_instance=A0000000030000
op.enroll.externalRegAddToToken.issuerinfo.enable=true
op.enroll.externalRegAddToToken.issuerinfo.value=http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/tps/phoneHome
op.enroll.externalRegAddToToken.keyGen.encryption.ca.conn=ca1
op.enroll.externalRegAddToToken.keyGen.encryption.private.keyCapabilities.decrypt=true
op.enroll.externalRegAddToToken.keyGen.encryption.private.keyCapabilities.derive=false
op.enroll.externalRegAddToToken.keyGen.encryption.private.keyCapabilities.encrypt=false
op.enroll.externalRegAddToToken.keyGen.encryption.private.keyCapabilities.private=true
op.enroll.externalRegAddToToken.keyGen.encryption.private.keyCapabilities.sensitive=true
op.enroll.externalRegAddToToken.keyGen.encryption.private.keyCapabilities.sign=false
op.enroll.externalRegAddToToken.keyGen.encryption.private.keyCapabilities.signRecover=false
op.enroll.externalRegAddToToken.keyGen.encryption.private.keyCapabilities.token=true
op.enroll.externalRegAddToToken.keyGen.encryption.private.keyCapabilities.unwrap=true
op.enroll.externalRegAddToToken.keyGen.encryption.private.keyCapabilities.verify=false
op.enroll.externalRegAddToToken.keyGen.encryption.private.keyCapabilities.verifyRecover=false
op.enroll.externalRegAddToToken.keyGen.encryption.private.keyCapabilities.wrap=false
op.enroll.externalRegAddToToken.keyGen.encryption.public.keyCapabilities.decrypt=false
op.enroll.externalRegAddToToken.keyGen.encryption.public.keyCapabilities.derive=false
op.enroll.externalRegAddToToken.keyGen.encryption.public.keyCapabilities.encrypt=true
op.enroll.externalRegAddToToken.keyGen.encryption.public.keyCapabilities.private=false
op.enroll.externalRegAddToToken.keyGen.encryption.public.keyCapabilities.sensitive=false
op.enroll.externalRegAddToToken.keyGen.encryption.public.keyCapabilities.sign=false
op.enroll.externalRegAddToToken.keyGen.encryption.public.keyCapabilities.signRecover=false
op.enroll.externalRegAddToToken.keyGen.encryption.public.keyCapabilities.token=true
op.enroll.externalRegAddToToken.keyGen.encryption.public.keyCapabilities.unwrap=false
op.enroll.externalRegAddToToken.keyGen.encryption.public.keyCapabilities.verify=false
op.enroll.externalRegAddToToken.keyGen.encryption.public.keyCapabilities.verifyRecover=false
op.enroll.externalRegAddToToken.keyGen.encryption.public.keyCapabilities.wrap=true
op.enroll.externalRegAddToToken.keyGen.encryption.recovery.destroyed.revokeCert=false
op.enroll.externalRegAddToToken.keyGen.encryption.recovery.destroyed.revokeCert.reason=0
op.enroll.externalRegAddToToken.keyGen.encryption.recovery.destroyed.scheme=GenerateNewKey
op.enroll.externalRegAddToToken.keyGen.encryption.recovery.destroyed.holdRevocationUntilLastCredential=false
op.enroll.externalRegAddToToken.keyGen.encryption.recovery.destroyed.revokeExpiredCerts=false
op.enroll.externalRegAddToToken.keyGen.encryption.recovery.keyCompromise.revokeCert=false
op.enroll.externalRegAddToToken.keyGen.encryption.recovery.keyCompromise.revokeCert.reason=1
op.enroll.externalRegAddToToken.keyGen.encryption.recovery.keyCompromise.scheme=GenerateNewKey
op.enroll.externalRegAddToToken.keyGen.encryption.recovery.keyCompromise.holdRevocationUntilLastCredential=false
op.enroll.externalRegAddToToken.keyGen.encryption.recovery.keyCompromise.revokeExpiredCerts=false
op.enroll.externalRegAddToToken.keyGen.encryption.recovery.terminated.revokeCert=true
op.enroll.externalRegAddToToken.keyGen.encryption.recovery.terminated.revokeCert.reason=1
op.enroll.externalRegAddToToken.keyGen.encryption.recovery.terminated.scheme=GenerateNewKey
op.enroll.externalRegAddToToken.keyGen.encryption.recovery.terminated.holdRevocationUntilLastCredential=false
op.enroll.externalRegAddToToken.keyGen.encryption.recovery.terminated.revokeExpiredCerts=false
op.enroll.externalRegAddToToken.keyGen.encryption.recovery.onHold.revokeCert=false
op.enroll.externalRegAddToToken.keyGen.encryption.recovery.onHold.revokeCert.reason=6
op.enroll.externalRegAddToToken.keyGen.encryption.recovery.onHold.scheme=GenerateNewKey
op.enroll.externalRegAddToToken.keyGen.encryption.recovery.onHold.holdRevocationUntilLastCredential=false
op.enroll.externalRegAddToToken.keyGen.encryption.recovery.onHold.revokeExpiredCerts=false
op.enroll.externalRegAddToToken.keyGen.encryption.serverKeygen.archive=true
op.enroll.externalRegAddToToken.keyGen.encryption.serverKeygen.drm.conn=kra1
op.enroll.externalRegAddToToken.keyGen.encryption.serverKeygen.enable=[SERVER_KEYGEN]
op.enroll.externalRegAddToToken.keyGen.tokenName=$auth.cn$
op.enroll.externalRegAddToToken.loginRequest.enable=true
op.enroll.externalRegAddToToken.pkcs11obj.compress.enable=true
op.enroll.externalRegAddToToken.pkcs11obj.enable=true
op.enroll.externalRegAddToToken.tks.conn=tks1
op.enroll.externalRegAddToToken.update.applet.directory=/usr/share/pki/tps/applets
op.enroll.externalRegAddToToken.update.applet.emptyToken.enable=true
op.enroll.externalRegAddToToken.update.applet.enable=false
op.enroll.externalRegAddToToken.update.applet.encryption=true
op.enroll.externalRegAddToToken.update.applet.requiredVersion=1.4.58768072
op.enroll.externalRegAddToToken.update.symmetricKeys.enable=false
op.enroll.externalRegAddToToken.update.symmetricKeys.requiredVersion=1
op.format.externalRegAddToToken.auth.enable=true
op.format.externalRegAddToToken.cuidMustMatchKDD=false
op.format.externalRegAddToToken.enableBoundedGPKeyVersion=true
op.format.externalRegAddToToken.minimumGPKeyVersion=01
op.format.externalRegAddToToken.maximumGPKeyVersion=FF
op.format.externalRegAddToToken.rollbackKeyVersionOnPutKeyFailure=false
op.format.externalRegAddToToken.validateCardKeyInfoAgainstTokenDB=true
op.format.externalRegAddToToken.auth.id=ldap1
op.format.externalRegAddToToken.ca.conn=ca1
op.format.externalRegAddToToken.cardmgr_instance=A0000000030000
op.format.externalRegAddToToken.issuerinfo.enable=true
op.format.externalRegAddToToken.issuerinfo.value=http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/tps/phoneHome
op.format.externalRegAddToToken.loginRequest.enable=true
op.format.externalRegAddToToken.revokeCert=false
op.format.externalRegAddToToken.revokeCert.reason=0
op.format.externalRegAddToToken.tks.conn=tks1
op.format.externalRegAddToToken.update.applet.directory=/usr/share/pki/tps/applets
op.format.externalRegAddToToken.update.applet.emptyToken.enable=true
op.format.externalRegAddToToken.update.applet.encryption=true
op.format.externalRegAddToToken.update.applet.requiredVersion=1.4.58768072
op.format.externalRegAddToToken.update.symmetricKeys.enable=false
op.format.externalRegAddToToken.update.symmetricKeys.requiredVersion=1
op.enroll.allowUnknownToken=true
op.enroll.mappingResolver=enrollProfileMappingResolver
op.enroll.soKey.cuidMustMatchKDD=false
op.enroll.soKey.enableBoundedGPKeyVersion=true
op.enroll.soKey.minimumGPKeyVersion=01
op.enroll.soKey.maximumGPKeyVersion=FF
op.enroll.soKey.rollbackKeyVersionOnPutKeyFailure=false
op.enroll.soKey.validateCardKeyInfoAgainstTokenDB=true
op.enroll.soKey.auth.enable=true
op.enroll.soKey.auth.id=ldap1
op.enroll.soKey.cardmgr_instance=A0000000030000
op.enroll.soKey.issuerinfo.enable=true
op.enroll.soKey.issuerinfo.value=http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/tps/phoneHome
op.enroll.soKey.keyGen.encryption.ca.conn=ca1
op.enroll.soKey.keyGen.encryption.ca.profileId=caTokenUserEncryptionKeyEnrollment
op.enroll.soKey.keyGen.encryption.certAttrId=c2
op.enroll.soKey.keyGen.encryption.certId=C2
op.enroll.soKey.keyGen.encryption.cuid_label=$cuid$
op.enroll.soKey.keyGen.encryption.keySize=1024
op.enroll.soKey.keyGen.encryption.keyUsage=0
op.enroll.soKey.keyGen.encryption.keyUser=0
op.enroll.soKey.keyGen.encryption.label=encryption key for $userid$
op.enroll.soKey.keyGen.encryption.overwrite=true
op.enroll.soKey.keyGen.encryption.privateKeyAttrId=k4
op.enroll.soKey.keyGen.encryption.private.keyCapabilities.decrypt=true
op.enroll.soKey.keyGen.encryption.private.keyCapabilities.derive=false
op.enroll.soKey.keyGen.encryption.private.keyCapabilities.encrypt=false
op.enroll.soKey.keyGen.encryption.private.keyCapabilities.private=true
op.enroll.soKey.keyGen.encryption.private.keyCapabilities.sensitive=true
op.enroll.soKey.keyGen.encryption.private.keyCapabilities.sign=false
op.enroll.soKey.keyGen.encryption.private.keyCapabilities.signRecover=false
op.enroll.soKey.keyGen.encryption.private.keyCapabilities.token=true
op.enroll.soKey.keyGen.encryption.private.keyCapabilities.unwrap=true
op.enroll.soKey.keyGen.encryption.private.keyCapabilities.verify=false
op.enroll.soKey.keyGen.encryption.private.keyCapabilities.verifyRecover=false
op.enroll.soKey.keyGen.encryption.private.keyCapabilities.wrap=false
op.enroll.soKey.keyGen.encryption.privateKeyNumber=4
op.enroll.soKey.keyGen.encryption.publicKeyAttrId=k5
op.enroll.soKey.keyGen.encryption.public.keyCapabilities.decrypt=false
op.enroll.soKey.keyGen.encryption.public.keyCapabilities.derive=false
op.enroll.soKey.keyGen.encryption.public.keyCapabilities.encrypt=true
op.enroll.soKey.keyGen.encryption.public.keyCapabilities.private=false
op.enroll.soKey.keyGen.encryption.public.keyCapabilities.sensitive=false
op.enroll.soKey.keyGen.encryption.public.keyCapabilities.sign=false
op.enroll.soKey.keyGen.encryption.public.keyCapabilities.signRecover=false
op.enroll.soKey.keyGen.encryption.public.keyCapabilities.token=true
op.enroll.soKey.keyGen.encryption.public.keyCapabilities.unwrap=false
op.enroll.soKey.keyGen.encryption.public.keyCapabilities.verify=false
op.enroll.soKey.keyGen.encryption.public.keyCapabilities.verifyRecover=false
op.enroll.soKey.keyGen.encryption.public.keyCapabilities.wrap=true
op.enroll.soKey.keyGen.encryption.publicKeyNumber=5
op.enroll.soKey.keyGen.encryption.recovery.destroyed.revokeCert=false
op.enroll.soKey.keyGen.encryption.recovery.destroyed.revokeCert.reason=0
op.enroll.soKey.keyGen.encryption.recovery.destroyed.scheme=RecoverLast
op.enroll.soKey.keyGen.encryption.recovery.destroyed.holdRevocationUntilLastCredential=false
op.enroll.soKey.keyGen.encryption.recovery.destroyed.revokeExpiredCerts=false
op.enroll.soKey.keyGen.encryption.recovery.keyCompromise.revokeCert.reason=1
op.enroll.soKey.keyGen.encryption.recovery.keyCompromise.revokeCert=true
op.enroll.soKey.keyGen.encryption.recovery.keyCompromise.scheme=GenerateNewKey
op.enroll.soKey.keyGen.encryption.recovery.keyCompromise.holdRevocationUntilLastCredential=false
op.enroll.soKey.keyGen.encryption.recovery.keyCompromise.revokeExpiredCerts=false
op.enroll.soKey.keyGen.encryption.recovery.terminated.revokeCert.reason=1
op.enroll.soKey.keyGen.encryption.recovery.terminated.revokeCert=true
op.enroll.soKey.keyGen.encryption.recovery.terminated.scheme=GenerateNewKey
op.enroll.soKey.keyGen.encryption.recovery.terminated.holdRevocationUntilLastCredential=false
op.enroll.soKey.keyGen.encryption.recovery.terminated.revokeExpiredCerts=false
op.enroll.soKey.keyGen.encryption.recovery.onHold.revokeCert.reason=6
op.enroll.soKey.keyGen.encryption.recovery.onHold.revokeCert=true
op.enroll.soKey.keyGen.encryption.recovery.onHold.scheme=GenerateNewKey
op.enroll.soKey.keyGen.encryption.recovery.onHold.holdRevocationUntilLastCredential=false
op.enroll.soKey.keyGen.encryption.recovery.onHold.revokeExpiredCerts=false
op.enroll.soKey.keyGen.encryption.serverKeygen.archive=true
op.enroll.soKey.keyGen.encryption.serverKeygen.drm.conn=kra1
op.enroll.soKey.keyGen.encryption.serverKeygen.enable=[SERVER_KEYGEN]
op.enroll.soKey.keyGen.keyType.num=2
op.enroll.soKey.keyGen.keyType.value.0=signing
op.enroll.soKey.keyGen.keyType.value.1=encryption
op.enroll.soKey.keyGen.recovery.destroyed.keyType.num=2
op.enroll.soKey.keyGen.recovery.destroyed.keyType.value.0=signing
op.enroll.soKey.keyGen.recovery.destroyed.keyType.value.1=encryption
op.enroll.soKey.keyGen.recovery.keyCompromise.keyType.num=2
op.enroll.soKey.keyGen.recovery.keyCompromise.keyType.value.0=signing
op.enroll.soKey.keyGen.recovery.keyCompromise.keyType.value.1=encryption
op.enroll.soKey.keyGen.recovery.onHold.keyType.num=2
op.enroll.soKey.keyGen.recovery.onHold.keyType.value.0=signing
op.enroll.soKey.keyGen.recovery.onHold.keyType.value.1=encryption
op.enroll.soKey.keyGen.signing.ca.conn=ca1
op.enroll.soKey.keyGen.signing.ca.profileId=caTokenUserSigningKeyEnrollment
op.enroll.soKey.keyGen.signing.certAttrId=c1
op.enroll.soKey.keyGen.signing.certId=C1
op.enroll.soKey.keyGen.signing.cuid_label=$cuid$
op.enroll.soKey.keyGen.signing.keySize=1024
op.enroll.soKey.keyGen.signing.keyUsage=0
op.enroll.soKey.keyGen.signing.keyUser=0
op.enroll.soKey.keyGen.signing.label=signing key for $userid$
op.enroll.soKey.keyGen.signing.overwrite=true
op.enroll.soKey.keyGen.signing.privateKeyAttrId=k2
op.enroll.soKey.keyGen.signing.private.keyCapabilities.decrypt=false
op.enroll.soKey.keyGen.signing.private.keyCapabilities.derive=false
op.enroll.soKey.keyGen.signing.private.keyCapabilities.encrypt=false
op.enroll.soKey.keyGen.signing.private.keyCapabilities.private=true
op.enroll.soKey.keyGen.signing.private.keyCapabilities.sensitive=true
op.enroll.soKey.keyGen.signing.private.keyCapabilities.signRecover=true
op.enroll.soKey.keyGen.signing.private.keyCapabilities.sign=true
op.enroll.soKey.keyGen.signing.private.keyCapabilities.token=true
op.enroll.soKey.keyGen.signing.private.keyCapabilities.unwrap=false
op.enroll.soKey.keyGen.signing.private.keyCapabilities.verify=false
op.enroll.soKey.keyGen.signing.private.keyCapabilities.verifyRecover=false
op.enroll.soKey.keyGen.signing.private.keyCapabilities.wrap=false
op.enroll.soKey.keyGen.signing.privateKeyNumber=2
op.enroll.soKey.keyGen.signing.publicKeyAttrId=k3
op.enroll.soKey.keyGen.signing.public.keyCapabilities.decrypt=false
op.enroll.soKey.keyGen.signing.public.keyCapabilities.derive=false
op.enroll.soKey.keyGen.signing.public.keyCapabilities.encrypt=false
op.enroll.soKey.keyGen.signing.public.keyCapabilities.private=false
op.enroll.soKey.keyGen.signing.public.keyCapabilities.sensitive=false
op.enroll.soKey.keyGen.signing.public.keyCapabilities.sign=false
op.enroll.soKey.keyGen.signing.public.keyCapabilities.signRecover=false
op.enroll.soKey.keyGen.signing.public.keyCapabilities.token=true
op.enroll.soKey.keyGen.signing.public.keyCapabilities.unwrap=false
op.enroll.soKey.keyGen.signing.public.keyCapabilities.verifyRecover=true
op.enroll.soKey.keyGen.signing.public.keyCapabilities.verify=true
op.enroll.soKey.keyGen.signing.public.keyCapabilities.wrap=false
op.enroll.soKey.keyGen.signing.publicKeyNumber=3
op.enroll.soKey.keyGen.signing.recovery.destroyed.revokeCert.reason=0
op.enroll.soKey.keyGen.signing.recovery.destroyed.revokeCert=true
op.enroll.soKey.keyGen.signing.recovery.destroyed.scheme=GenerateNewKey
op.enroll.soKey.keyGen.signing.recovery.destroyed.holdRevocationUntilLastCredential=false
op.enroll.soKey.keyGen.signing.recovery.destroyed.revokeExpiredCerts=false
op.enroll.soKey.keyGen.signing.recovery.keyCompromise.revokeCert.reason=1
op.enroll.soKey.keyGen.signing.recovery.keyCompromise.revokeCert=true
op.enroll.soKey.keyGen.signing.recovery.keyCompromise.scheme=GenerateNewKey
op.enroll.soKey.keyGen.signing.recovery.keyCompromise.holdRevocationUntilLastCredential=false
op.enroll.soKey.keyGen.signing.recovery.keyCompromise.revokeExpiredCerts=false
op.enroll.soKey.keyGen.signing.recovery.terminated.revokeCert.reason=1
op.enroll.soKey.keyGen.signing.recovery.terminated.revokeCert=true
op.enroll.soKey.keyGen.signing.recovery.terminated.scheme=GenerateNewKey
op.enroll.soKey.keyGen.signing.recovery.terminated.holdRevocationUntilLastCredential=false
op.enroll.soKey.keyGen.signing.recovery.terminated.revokeExpiredCerts=false
op.enroll.soKey.keyGen.signing.recovery.onHold.revokeCert.reason=6
op.enroll.soKey.keyGen.signing.recovery.onHold.revokeCert=true
op.enroll.soKey.keyGen.signing.recovery.onHold.scheme=GenerateNewKey
op.enroll.soKey.keyGen.signing.recovery.onHold.holdRevocationUntilLastCredential=false
op.enroll.soKey.keyGen.signing.recovery.onHold.revokeExpiredCerts=false
op.enroll.soKey.keyGen.signing.serverKeygen.archive=false
op.enroll.soKey.keyGen.signing.serverKeygen.drm.conn=kra1
op.enroll.soKey.keyGen.signing.serverKeygen.enable=false
op.enroll.soKey.keyGen.tokenName=$auth.cn$
op.enroll.soKey.loginRequest.enable=true
op.enroll.soKey.pinReset.enable=true
op.enroll.soKey.pinReset.pin.maxLen=10
op.enroll.soKey.pinReset.pin.maxRetries=127
op.enroll.soKey.pinReset.pin.minLen=4
op.enroll.soKey.pkcs11obj.compress.enable=true
op.enroll.soKey.pkcs11obj.enable=true
op.enroll.soKeyTemporary.cuidMustMatchKDD=false
op.enroll.soKeyTemporary.enableBoundedGPKeyVersion=true
op.enroll.soKeyTemporary.minimumGPKeyVersion=01
op.enroll.soKeyTemporary.maximumGPKeyVersion=FF
op.enroll.soKeyTemporary.rollbackKeyVersionOnPutKeyFailure=false
op.enroll.soKeyTemporary.validateCardKeyInfoAgainstTokenDB=true
op.enroll.soKeyTemporary.auth.enable=true
op.enroll.soKeyTemporary.auth.id=ldap1
op.enroll.soKeyTemporary.cardmgr_instance=A0000000030000
op.enroll.soKeyTemporary.keyGen.auth.ca.conn=ca1
op.enroll.soKeyTemporary.keyGen.auth.ca.profileId=caTempTokenDeviceKeyEnrollment
op.enroll.soKeyTemporary.keyGen.auth.certAttrId=c0
op.enroll.soKeyTemporary.keyGen.auth.certId=C0
op.enroll.soKeyTemporary.keyGen.auth.cuid_label=$cuid$
op.enroll.soKeyTemporary.keyGen.auth.keySize=1024
op.enroll.soKeyTemporary.keyGen.auth.keyUsage=0
op.enroll.soKeyTemporary.keyGen.auth.keyUser=15
op.enroll.soKeyTemporary.keyGen.auth.label=Temporary Key for $userid$
op.enroll.soKeyTemporary.keyGen.auth.overwrite=false
op.enroll.soKeyTemporary.keyGen.auth.privateKeyAttrId=k0
op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.decrypt=false
op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.derive=false
op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.encrypt=false
op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.private=false
op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.sensitive=true
op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.signRecover=true
op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.sign=true
op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.token=true
op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.unwrap=false
op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.verifyRecover=true
op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.verify=true
op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.wrap=false
op.enroll.soKeyTemporary.keyGen.auth.privateKeyNumber=0
op.enroll.soKeyTemporary.keyGen.auth.publicKeyAttrId=k1
op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.decrypt=false
op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.derive=false
op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.encrypt=false
op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.private=false
op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.sensitive=true
op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.signRecover=true
op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.sign=true
op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.token=true
op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.unwrap=false
op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.verifyRecover=true
op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.verify=true
op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.wrap=false
op.enroll.soKeyTemporary.keyGen.auth.serverKeygen.archive=false
op.enroll.soKeyTemporary.keyGen.auth.serverKeygen.drm.conn=kra1
op.enroll.soKeyTemporary.keyGen.auth.serverKeygen.enable=false
op.enroll.soKeyTemporary.keyGen.auth.publicKeyNumber=1
op.enroll.soKeyTemporary.keyGen.encryption.ca.conn=ca1
op.enroll.soKeyTemporary.keyGen.encryption.ca.profileId=caTempTokenUserEncryptionKeyEnrollment
op.enroll.soKeyTemporary.keyGen.encryption.certAttrId=c2
op.enroll.soKeyTemporary.keyGen.encryption.certId=C2
op.enroll.soKeyTemporary.keyGen.encryption.cuid_label=$cuid$
op.enroll.soKeyTemporary.keyGen.encryption.keySize=1024
op.enroll.soKeyTemporary.keyGen.encryption.keyUsage=0
op.enroll.soKeyTemporary.keyGen.encryption.keyUser=0
op.enroll.soKeyTemporary.keyGen.encryption.label=encryption key for $userid$
op.enroll.soKeyTemporary.keyGen.encryption.overwrite=true
op.enroll.soKeyTemporary.keyGen.encryption.privateKeyAttrId=k4
op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.decrypt=true
op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.derive=false
op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.encrypt=false
op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.private=true
op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.sensitive=true
op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.sign=false
op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.signRecover=false
op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.token=true
op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.unwrap=true
op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.verify=false
op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.verifyRecover=false
op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.wrap=false
op.enroll.soKeyTemporary.keyGen.encryption.privateKeyNumber=4
op.enroll.soKeyTemporary.keyGen.encryption.publicKeyAttrId=k5
op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.decrypt=false
op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.derive=false
op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.encrypt=true
op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.private=false
op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.sensitive=false
op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.sign=false
op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.signRecover=false
op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.token=true
op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.unwrap=false
op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.verify=false
op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.verifyRecover=false
op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.wrap=true
op.enroll.soKeyTemporary.keyGen.encryption.publicKeyNumber=5
op.enroll.soKeyTemporary.keyGen.encryption.recovery.onHold.revokeCert.reason=0
op.enroll.soKeyTemporary.keyGen.encryption.recovery.onHold.revokeCert=true
op.enroll.soKeyTemporary.keyGen.encryption.recovery.onHold.scheme=RecoverLast
op.enroll.soKeyTemporary.keyGen.encryption.serverKeygen.archive=true
op.enroll.soKeyTemporary.keyGen.encryption.serverKeygen.drm.conn=kra1
op.enroll.soKeyTemporary.keyGen.encryption.serverKeygen.enable=[SERVER_KEYGEN]
op.enroll.soKeyTemporary.keyGen.keyType.num=3
op.enroll.soKeyTemporary.keyGen.keyType.value.0=auth
op.enroll.soKeyTemporary.keyGen.keyType.value.1=signing
op.enroll.soKeyTemporary.keyGen.keyType.value.2=encryption
op.enroll.soKeyTemporary.keyGen.recovery.onHold.keyType.num=2
op.enroll.soKeyTemporary.keyGen.recovery.onHold.keyType.value.0=signing
op.enroll.soKeyTemporary.keyGen.recovery.onHold.keyType.value.1=encryption
op.enroll.soKeyTemporary.keyGen.signing.ca.conn=ca1
op.enroll.soKeyTemporary.keyGen.signing.ca.profileId=caTempTokenUserSigningKeyEnrollment
op.enroll.soKeyTemporary.keyGen.signing.certAttrId=c1
op.enroll.soKeyTemporary.keyGen.signing.certId=C1
op.enroll.soKeyTemporary.keyGen.signing.cuid_label=$cuid$
op.enroll.soKeyTemporary.keyGen.signing.keySize=1024
op.enroll.soKeyTemporary.keyGen.signing.keyUsage=0
op.enroll.soKeyTemporary.keyGen.signing.keyUser=0
op.enroll.soKeyTemporary.keyGen.signing.label=signing key for $userid$
op.enroll.soKeyTemporary.keyGen.signing.overwrite=true
op.enroll.soKeyTemporary.keyGen.signing.privateKeyAttrId=k2
op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.decrypt=false
op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.derive=false
op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.encrypt=false
op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.private=true
op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.sensitive=true
op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.signRecover=true
op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.sign=true
op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.token=true
op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.unwrap=false
op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.verify=false
op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.verifyRecover=false
op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.wrap=false
op.enroll.soKeyTemporary.keyGen.signing.privateKeyNumber=2
op.enroll.soKeyTemporary.keyGen.signing.publicKeyAttrId=k3
op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.decrypt=false
op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.derive=false
op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.encrypt=false
op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.private=false
op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.sensitive=false
op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.sign=false
op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.signRecover=false
op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.token=true
op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.unwrap=false
op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.verifyRecover=true
op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.verify=true
op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.wrap=false
op.enroll.soKeyTemporary.keyGen.signing.publicKeyNumber=3
op.enroll.soKeyTemporary.keyGen.signing.recovery.onHold.revokeCert.reason=0
op.enroll.soKeyTemporary.keyGen.signing.recovery.onHold.revokeCert=true
op.enroll.soKeyTemporary.keyGen.signing.recovery.onHold.scheme=GenerateNewKey
op.enroll.soKeyTemporary.keyGen.signing.serverKeygen.archive=false
op.enroll.soKeyTemporary.keyGen.signing.serverKeygen.drm.conn=kra1
op.enroll.soKeyTemporary.keyGen.signing.serverKeygen.enable=false
op.enroll.soKeyTemporary.keyGen.tokenName=$auth.cn$ (Temporary)
op.enroll.soKeyTemporary.loginRequest.enable=true
op.enroll.soKeyTemporary.pinReset.enable=true
op.enroll.soKeyTemporary.pinReset.pin.maxLen=10
op.enroll.soKeyTemporary.pinReset.pin.maxRetries=127
op.enroll.soKeyTemporary.pinReset.pin.minLen=4
op.enroll.soKeyTemporary.pkcs11obj.compress.enable=true
op.enroll.soKeyTemporary.pkcs11obj.enable=true
op.enroll.soKeyTemporary.tks.conn=tks1
op.enroll.soKeyTemporary.tks.keySet=defKeySet
op.enroll.soKey.temporaryToken.tokenType=soKeyTemporary
op.enroll.soKeyTemporary.update.applet.directory=[TPS_DIR]/applets
op.enroll.soKeyTemporary.update.applet.emptyToken.enable=true
op.enroll.soKeyTemporary.update.applet.enable=true
op.enroll.soKeyTemporary.update.applet.encryption=true
op.enroll.soKeyTemporary.update.applet.requiredVersion=1.4.58768072
op.enroll.soKeyTemporary.update.symmetricKeys.enable=false
op.enroll.soKeyTemporary.update.symmetricKeys.requiredVersion=1
op.enroll.soKey.tks.conn=tks1
op.enroll.soKey.update.applet.directory=[TPS_DIR]/applets
op.enroll.soKey.update.applet.emptyToken.enable=true
op.enroll.soKey.update.applet.enable=true
op.enroll.soKey.update.applet.encryption=true
op.enroll.soKey.update.applet.requiredVersion=1.4.58768072
op.enroll.soKey.update.symmetricKeys.enable=false
op.enroll.soKey.update.symmetricKeys.requiredVersion=1
op.enroll.userKey.cuidMustMatchKDD=false
op.enroll.userKey.enableBoundedGPKeyVersion=true
op.enroll.userKey.minimumGPKeyVersion=01
op.enroll.userKey.maximumGPKeyVersion=FF
op.enroll.userKey.rollbackKeyVersionOnPutKeyFailure=false
op.enroll.userKey.validateCardKeyInfoAgainstTokenDB=true
op.enroll.userKey.auth.enable=true
op.enroll.userKey.auth.id=ldap1
op.enroll.userKey.cardmgr_instance=A0000000030000
op.enroll.userKey.issuerinfo.enable=true
op.enroll.userKey.issuerinfo.value=http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/tps/phoneHome
op.enroll.userKey.keyGen.encryption.ca.conn=ca1
op.enroll.userKey.keyGen.encryption.ca.profileId=caTokenUserEncryptionKeyEnrollment
op.enroll.userKey.keyGen.encryption.certAttrId=c2
op.enroll.userKey.keyGen.encryption.certId=C2
op.enroll.userKey.keyGen.encryption.cuid_label=$cuid$
op.enroll.userKey.keyGen.encryption.keySize=1024
op.enroll.userKey.keyGen.encryption.keyUsage=0
op.enroll.userKey.keyGen.encryption.keyUser=0
op.enroll.userKey.keyGen.encryption.label=encryption key for $userid$
op.enroll.userKey.keyGen.encryption.overwrite=true
op.enroll.userKey.keyGen.encryption.privateKeyAttrId=k4
op.enroll.userKey.keyGen.encryption.private.keyCapabilities.decrypt=true
op.enroll.userKey.keyGen.encryption.private.keyCapabilities.derive=false
op.enroll.userKey.keyGen.encryption.private.keyCapabilities.encrypt=false
op.enroll.userKey.keyGen.encryption.private.keyCapabilities.private=true
op.enroll.userKey.keyGen.encryption.private.keyCapabilities.sensitive=true
op.enroll.userKey.keyGen.encryption.private.keyCapabilities.sign=false
op.enroll.userKey.keyGen.encryption.private.keyCapabilities.signRecover=false
op.enroll.userKey.keyGen.encryption.private.keyCapabilities.token=true
op.enroll.userKey.keyGen.encryption.private.keyCapabilities.unwrap=true
op.enroll.userKey.keyGen.encryption.private.keyCapabilities.verify=false
op.enroll.userKey.keyGen.encryption.private.keyCapabilities.verifyRecover=false
op.enroll.userKey.keyGen.encryption.private.keyCapabilities.wrap=false
op.enroll.userKey.keyGen.encryption.privateKeyNumber=4
op.enroll.userKey.keyGen.encryption.publicKeyAttrId=k5
op.enroll.userKey.keyGen.encryption.public.keyCapabilities.decrypt=false
op.enroll.userKey.keyGen.encryption.public.keyCapabilities.derive=false
op.enroll.userKey.keyGen.encryption.public.keyCapabilities.encrypt=true
op.enroll.userKey.keyGen.encryption.public.keyCapabilities.private=false
op.enroll.userKey.keyGen.encryption.public.keyCapabilities.sensitive=false
op.enroll.userKey.keyGen.encryption.public.keyCapabilities.sign=false
op.enroll.userKey.keyGen.encryption.public.keyCapabilities.signRecover=false
op.enroll.userKey.keyGen.encryption.public.keyCapabilities.token=true
op.enroll.userKey.keyGen.encryption.public.keyCapabilities.unwrap=false
op.enroll.userKey.keyGen.encryption.public.keyCapabilities.verify=false
op.enroll.userKey.keyGen.encryption.public.keyCapabilities.verifyRecover=false
op.enroll.userKey.keyGen.encryption.public.keyCapabilities.wrap=true
op.enroll.userKey.keyGen.encryption.publicKeyNumber=5
op.enroll.userKey.keyGen.encryption.recovery.destroyed.revokeCert=false
op.enroll.userKey.keyGen.encryption.recovery.destroyed.revokeCert.reason=0
op.enroll.userKey.keyGen.encryption.recovery.destroyed.scheme=RecoverLast
op.enroll.userKey.keyGen.encryption.recovery.destroyed.holdRevocationUntilLastCredential=false
op.enroll.userKey.keyGen.encryption.recovery.destroyed.revokeExpiredCerts=false
op.enroll.userKey.keyGen.encryption.recovery.keyCompromise.revokeCert.reason=1
op.enroll.userKey.keyGen.encryption.recovery.keyCompromise.revokeCert=true
op.enroll.userKey.keyGen.encryption.recovery.keyCompromise.scheme=GenerateNewKey
op.enroll.userKey.keyGen.encryption.recovery.keyCompromise.holdRevocationUntilLastCredential=false
op.enroll.userKey.keyGen.encryption.recovery.keyCompromise.revokeExpiredCerts=false
op.enroll.userKey.keyGen.encryption.recovery.terminated.revokeCert.reason=1
op.enroll.userKey.keyGen.encryption.recovery.terminated.revokeCert=true
op.enroll.userKey.keyGen.encryption.recovery.terminated.scheme=GenerateNewKey
op.enroll.userKey.keyGen.encryption.recovery.terminated.holdRevocationUntilLastCredential=false
op.enroll.userKey.keyGen.encryption.recovery.terminated.revokeExpiredCerts=false
op.enroll.userKey.keyGen.encryption.recovery.onHold.revokeCert.reason=6
op.enroll.userKey.keyGen.encryption.recovery.onHold.revokeCert=true
op.enroll.userKey.keyGen.encryption.recovery.onHold.scheme=GenerateNewKey
op.enroll.userKey.keyGen.encryption.recovery.onHold.holdRevocationUntilLastCredential=false
op.enroll.userKey.keyGen.encryption.recovery.onHold.revokeExpiredCerts=false
op.enroll.userKey.keyGen.encryption.serverKeygen.archive=true
op.enroll.userKey.keyGen.encryption.serverKeygen.drm.conn=kra1
op.enroll.userKey.keyGen.encryption.serverKeygen.enable=[SERVER_KEYGEN]
op.enroll.userKey.keyGen.keyType.num=2
op.enroll.userKey.keyGen.keyType.value.0=signing
op.enroll.userKey.keyGen.keyType.value.1=encryption
op.enroll.userKey.keyGen.recovery.destroyed.keyType.num=2
op.enroll.userKey.keyGen.recovery.destroyed.keyType.value.0=signing
op.enroll.userKey.keyGen.recovery.destroyed.keyType.value.1=encryption
op.enroll.userKey.keyGen.recovery.keyCompromise.keyType.num=2
op.enroll.userKey.keyGen.recovery.keyCompromise.keyType.value.0=signing
op.enroll.userKey.keyGen.recovery.keyCompromise.keyType.value.1=encryption
op.enroll.userKey.keyGen.recovery.onHold.keyType.num=2
op.enroll.userKey.keyGen.recovery.onHold.keyType.value.0=signing
op.enroll.userKey.keyGen.recovery.onHold.keyType.value.1=encryption
op.enroll.userKey.keyGen.signing.ca.conn=ca1
op.enroll.userKey.keyGen.signing.ca.profileId=caTokenUserSigningKeyEnrollment
op.enroll.userKey.keyGen.signing.certAttrId=c1
op.enroll.userKey.keyGen.signing.certId=C1
op.enroll.userKey.keyGen.signing.cuid_label=$cuid$
op.enroll.userKey.keyGen.signing.keySize=1024
op.enroll.userKey.keyGen.signing.keyUsage=0
op.enroll.userKey.keyGen.signing.keyUser=0
op.enroll.userKey.keyGen.signing.label=signing key for $userid$
op.enroll.userKey.keyGen.signing.overwrite=true
op.enroll.userKey.keyGen.signing.privateKeyAttrId=k2
op.enroll.userKey.keyGen.signing.private.keyCapabilities.decrypt=false
op.enroll.userKey.keyGen.signing.private.keyCapabilities.derive=false
op.enroll.userKey.keyGen.signing.private.keyCapabilities.encrypt=false
op.enroll.userKey.keyGen.signing.private.keyCapabilities.private=true
op.enroll.userKey.keyGen.signing.private.keyCapabilities.sensitive=true
op.enroll.userKey.keyGen.signing.private.keyCapabilities.signRecover=true
op.enroll.userKey.keyGen.signing.private.keyCapabilities.sign=true
op.enroll.userKey.keyGen.signing.private.keyCapabilities.token=true
op.enroll.userKey.keyGen.signing.private.keyCapabilities.unwrap=false
op.enroll.userKey.keyGen.signing.private.keyCapabilities.verify=false
op.enroll.userKey.keyGen.signing.private.keyCapabilities.verifyRecover=false
op.enroll.userKey.keyGen.signing.private.keyCapabilities.wrap=false
op.enroll.userKey.keyGen.signing.privateKeyNumber=2
op.enroll.userKey.keyGen.signing.publicKeyAttrId=k3
op.enroll.userKey.keyGen.signing.public.keyCapabilities.decrypt=false
op.enroll.userKey.keyGen.signing.public.keyCapabilities.derive=false
op.enroll.userKey.keyGen.signing.public.keyCapabilities.encrypt=false
op.enroll.userKey.keyGen.signing.public.keyCapabilities.private=false
op.enroll.userKey.keyGen.signing.public.keyCapabilities.sensitive=false
op.enroll.userKey.keyGen.signing.public.keyCapabilities.sign=false
op.enroll.userKey.keyGen.signing.public.keyCapabilities.signRecover=false
op.enroll.userKey.keyGen.signing.public.keyCapabilities.token=true
op.enroll.userKey.keyGen.signing.public.keyCapabilities.unwrap=false
op.enroll.userKey.keyGen.signing.public.keyCapabilities.verifyRecover=true
op.enroll.userKey.keyGen.signing.public.keyCapabilities.verify=true
op.enroll.userKey.keyGen.signing.public.keyCapabilities.wrap=false
op.enroll.userKey.keyGen.signing.publicKeyNumber=3
op.enroll.userKey.keyGen.signing.recovery.destroyed.revokeCert.reason=0
op.enroll.userKey.keyGen.signing.recovery.destroyed.revokeCert=true
op.enroll.userKey.keyGen.signing.recovery.destroyed.scheme=GenerateNewKey
op.enroll.userKey.keyGen.signing.recovery.destroyed.holdRevocationUntilLastCredential=false
op.enroll.userKey.keyGen.signing.recovery.destroyed.revokeExpiredCerts=false
op.enroll.userKey.keyGen.signing.recovery.keyCompromise.revokeCert.reason=1
op.enroll.userKey.keyGen.signing.recovery.keyCompromise.revokeCert=true
op.enroll.userKey.keyGen.signing.recovery.keyCompromise.scheme=GenerateNewKey
op.enroll.userKey.keyGen.signing.recovery.keyCompromise.holdRevocationUntilLastCredential=false
op.enroll.userKey.keyGen.signing.recovery.keyCompromise.revokeExpiredCerts=false
op.enroll.userKey.keyGen.signing.recovery.terminated.revokeCert.reason=1
op.enroll.userKey.keyGen.signing.recovery.terminated.revokeCert=true
op.enroll.userKey.keyGen.signing.recovery.terminated.scheme=GenerateNewKey
op.enroll.userKey.keyGen.signing.recovery.terminated.holdRevocationUntilLastCredential=false
op.enroll.userKey.keyGen.signing.recovery.terminated.revokeExpiredCerts=false
op.enroll.userKey.keyGen.signing.recovery.onHold.revokeCert.reason=6
op.enroll.userKey.keyGen.signing.recovery.onHold.revokeCert=true
op.enroll.userKey.keyGen.signing.recovery.onHold.scheme=GenerateNewKey
op.enroll.userKey.keyGen.signing.recovery.onHold.holdRevocationUntilLastCredential=false
op.enroll.userKey.keyGen.signing.recovery.onHold.revokeExpiredCerts=false
op.enroll.userKey.keyGen.signing.serverKeygen.archive=false
op.enroll.userKey.keyGen.signing.serverKeygen.drm.conn=kra1
op.enroll.userKey.keyGen.signing.serverKeygen.enable=false
op.enroll.userKey.keyGen.tokenName=$auth.cn$
op.enroll.userKey.loginRequest.enable=true
op.enroll.userKey.pinReset.enable=true
op.enroll.userKey.pinReset.pin.maxLen=10
op.enroll.userKey.pinReset.pin.maxRetries=127
op.enroll.userKey.pinReset.pin.minLen=4
op.enroll.userKey.pkcs11obj.compress.enable=true
op.enroll.userKey.pkcs11obj.enable=true
op.enroll.userKey.renewal.encryption.ca.conn=ca1
op.enroll.userKey.renewal.encryption.ca.profileId=caTokenUserEncryptionKeyRenewal
op.enroll.userKey.renewal.encryption.certAttrId=c2
op.enroll.userKey.renewal.encryption.certId=C2
op.enroll.userKey.renewal.encryption.enable=true
op.enroll.userKey.renewal.encryption.gracePeriod.after=30
op.enroll.userKey.renewal.encryption.gracePeriod.before=30
op.enroll.userKey.renewal.encryption.gracePeriod.enable=false
op.enroll.userKey.renewal.keyType.num=2
op.enroll.userKey.renewal.keyType.value.0=signing
op.enroll.userKey.renewal.keyType.value.1=encryption
op.enroll.userKey.renewal.signing.ca.conn=ca1
op.enroll.userKey.renewal.signing.ca.profileId=caTokenUserSigningKeyRenewal
op.enroll.userKey.renewal.signing.certAttrId=c1
op.enroll.userKey.renewal.signing.certId=C1
op.enroll.userKey.renewal.signing.enable=true
op.enroll.userKey.renewal.signing.gracePeriod.after=30
op.enroll.userKey.renewal.signing.gracePeriod.before=30
op.enroll.userKey.renewal.signing.gracePeriod.enable=false
op.enroll.userKeyTemporary.auth.enable=true
op.enroll.userKeyTemporary.auth.id=ldap1
op.enroll.userKeyTemporary.cardmgr_instance=A0000000030000
op.enroll.userKeyTemporary.keyGen.auth.ca.conn=ca1
op.enroll.userKeyTemporary.keyGen.auth.ca.profileId=caTempTokenDeviceKeyEnrollment
op.enroll.userKeyTemporary.keyGen.auth.certAttrId=c0
op.enroll.userKeyTemporary.keyGen.auth.certId=C0
op.enroll.userKeyTemporary.keyGen.auth.cuid_label=$cuid$
op.enroll.userKeyTemporary.keyGen.auth.keySize=1024
op.enroll.userKeyTemporary.keyGen.auth.keyUsage=0
op.enroll.userKeyTemporary.keyGen.auth.keyUser=15
op.enroll.userKeyTemporary.keyGen.auth.label=Temporary Key for $userid$
op.enroll.userKeyTemporary.keyGen.auth.overwrite=false
op.enroll.userKeyTemporary.keyGen.auth.privateKeyAttrId=k0
op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.decrypt=false
op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.derive=false
op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.encrypt=false
op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.private=false
op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.sensitive=true
op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.signRecover=true
op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.sign=true
op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.token=true
op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.unwrap=false
op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.verifyRecover=true
op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.verify=true
op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.wrap=false
op.enroll.userKeyTemporary.keyGen.auth.privateKeyNumber=0
op.enroll.userKeyTemporary.keyGen.auth.publicKeyAttrId=k1
op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.decrypt=false
op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.derive=false
op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.encrypt=false
op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.private=false
op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.sensitive=true
op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.signRecover=true
op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.sign=true
op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.token=true
op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.unwrap=false
op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.verifyRecover=true
op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.verify=true
op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.wrap=false
op.enroll.userKeyTemporary.keyGen.auth.publicKeyNumber=1
op.enroll.userKeyTemporary.keyGen.auth.serverKeygen.archive=false
op.enroll.userKeyTemporary.keyGen.auth.serverKeygen.drm.conn=kra1
op.enroll.userKeyTemporary.keyGen.auth.serverKeygen.enable=false
op.enroll.userKeyTemporary.keyGen.encryption.ca.conn=ca1
op.enroll.userKeyTemporary.keyGen.encryption.ca.profileId=caTempTokenUserEncryptionKeyEnrollment
op.enroll.userKeyTemporary.keyGen.encryption.certAttrId=c2
op.enroll.userKeyTemporary.keyGen.encryption.certId=C2
op.enroll.userKeyTemporary.keyGen.encryption.cuid_label=$cuid$
op.enroll.userKeyTemporary.keyGen.encryption.keySize=1024
op.enroll.userKeyTemporary.keyGen.encryption.keyUsage=0
op.enroll.userKeyTemporary.keyGen.encryption.keyUser=0
op.enroll.userKeyTemporary.keyGen.encryption.label=encryption key for $userid$
op.enroll.userKeyTemporary.keyGen.encryption.overwrite=true
op.enroll.userKeyTemporary.keyGen.encryption.privateKeyAttrId=k4
op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.decrypt=true
op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.derive=false
op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.encrypt=false
op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.private=true
op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.sensitive=true
op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.sign=false
op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.signRecover=false
op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.token=true
op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.unwrap=true
op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.verify=false
op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.verifyRecover=false
op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.wrap=false
op.enroll.userKeyTemporary.keyGen.encryption.privateKeyNumber=4
op.enroll.userKeyTemporary.keyGen.encryption.publicKeyAttrId=k5
op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.decrypt=false
op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.derive=false
op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.encrypt=true
op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.private=false
op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.sensitive=false
op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.sign=false
op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.signRecover=false
op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.token=true
op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.unwrap=false
op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.verify=false
op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.verifyRecover=false
op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.wrap=true
op.enroll.userKeyTemporary.keyGen.encryption.publicKeyNumber=5
op.enroll.userKeyTemporary.keyGen.encryption.recovery.onHold.revokeCert.reason=0
op.enroll.userKeyTemporary.keyGen.encryption.recovery.onHold.revokeCert=true
op.enroll.userKeyTemporary.keyGen.encryption.recovery.onHold.scheme=RecoverLast
op.enroll.userKeyTemporary.keyGen.encryption.serverKeygen.archive=true
op.enroll.userKeyTemporary.keyGen.encryption.serverKeygen.drm.conn=kra1
op.enroll.userKeyTemporary.keyGen.encryption.serverKeygen.enable=[SERVER_KEYGEN]
op.enroll.userKeyTemporary.keyGen.keyType.num=3
op.enroll.userKeyTemporary.keyGen.keyType.value.0=auth
op.enroll.userKeyTemporary.keyGen.keyType.value.1=signing
op.enroll.userKeyTemporary.keyGen.keyType.value.2=encryption
op.enroll.userKeyTemporary.keyGen.recovery.onHold.keyType.num=2
op.enroll.userKeyTemporary.keyGen.recovery.onHold.keyType.value.0=signing
op.enroll.userKeyTemporary.keyGen.recovery.onHold.keyType.value.1=encryption
op.enroll.userKeyTemporary.keyGen.signing.ca.conn=ca1
op.enroll.userKeyTemporary.keyGen.signing.ca.profileId=caTempTokenUserSigningKeyEnrollment
op.enroll.userKeyTemporary.keyGen.signing.certAttrId=c1
op.enroll.userKeyTemporary.keyGen.signing.certId=C1
op.enroll.userKeyTemporary.keyGen.signing.cuid_label=$cuid$
op.enroll.userKeyTemporary.keyGen.signing.keySize=1024
op.enroll.userKeyTemporary.keyGen.signing.keyUsage=0
op.enroll.userKeyTemporary.keyGen.signing.keyUser=0
op.enroll.userKeyTemporary.keyGen.signing.label=signing key for $userid$
op.enroll.userKeyTemporary.keyGen.signing.overwrite=true
op.enroll.userKeyTemporary.keyGen.signing.privateKeyAttrId=k2
op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.decrypt=false
op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.derive=false
op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.encrypt=false
op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.private=true
op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.sensitive=true
op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.signRecover=true
op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.sign=true
op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.token=true
op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.unwrap=false
op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.verify=false
op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.verifyRecover=false
op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.wrap=false
op.enroll.userKeyTemporary.keyGen.signing.privateKeyNumber=2
op.enroll.userKeyTemporary.keyGen.signing.publicKeyAttrId=k3
op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.decrypt=false
op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.derive=false
op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.encrypt=false
op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.private=false
op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.sensitive=false
op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.sign=false
op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.signRecover=false
op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.token=true
op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.unwrap=false
op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.verifyRecover=true
op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.verify=true
op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.wrap=false
op.enroll.userKeyTemporary.keyGen.signing.publicKeyNumber=3
op.enroll.userKeyTemporary.keyGen.signing.recovery.onHold.revokeCert.reason=0
op.enroll.userKeyTemporary.keyGen.signing.recovery.onHold.revokeCert=true
op.enroll.userKeyTemporary.keyGen.signing.recovery.onHold.scheme=GenerateNewKey
op.enroll.userKeyTemporary.keyGen.signing.serverKeygen.archive=false
op.enroll.userKeyTemporary.keyGen.signing.serverKeygen.drm.conn=kra1
op.enroll.userKeyTemporary.keyGen.signing.serverKeygen.enable=false
op.enroll.userKeyTemporary.keyGen.tokenName=$auth.cn$ (Temporary)
op.enroll.userKeyTemporary.loginRequest.enable=true
op.enroll.userKeyTemporary.pinReset.enable=true
op.enroll.userKeyTemporary.pinReset.pin.maxLen=10
op.enroll.userKeyTemporary.pinReset.pin.maxRetries=127
op.enroll.userKeyTemporary.pinReset.pin.minLen=4
op.enroll.userKeyTemporary.pkcs11obj.compress.enable=true
op.enroll.userKeyTemporary.pkcs11obj.enable=true
op.enroll.userKeyTemporary.tks.conn=tks1
op.enroll.userKeyTemporary.cuidMustMatchKDD=false
op.enroll.userKeyTemporary.enableBoundedGPKeyVersion=true
op.enroll.userKeyTemporary.minimumGPKeyVersion=01
op.enroll.userKeyTemporary.maximumGPKeyVersion=FF
op.enroll.userKeyTemporary.rollbackKeyVersionOnPutKeyFailure=false
op.enroll.userKeyTemporary.validateCardKeyInfoAgainstTokenDB=true
op.enroll.userKey.temporaryToken.tokenType=userKeyTemporary
op.enroll.userKeyTemporary.update.applet.directory=[TPS_DIR]/applets
op.enroll.userKeyTemporary.update.applet.emptyToken.enable=true
op.enroll.userKeyTemporary.update.applet.enable=true
op.enroll.userKeyTemporary.update.applet.encryption=true
op.enroll.userKeyTemporary.update.applet.requiredVersion=1.4.58768072
op.enroll.userKeyTemporary.update.symmetricKeys.enable=false
op.enroll.userKeyTemporary.update.symmetricKeys.requiredVersion=1
op.enroll.userKey.tks.conn=tks1
op.enroll.userKey.update.applet.directory=[TPS_DIR]/applets
op.enroll.userKey.update.applet.emptyToken.enable=true
op.enroll.userKey.update.applet.enable=true
op.enroll.userKey.update.applet.encryption=true
op.enroll.userKey.update.applet.requiredVersion=1.4.58768072
op.enroll.userKey.update.symmetricKeys.enable=false
op.enroll.userKey.update.symmetricKeys.requiredVersion=1
op.format.allowUnknownToken=true
op.format.mappingResolver=formatProfileMappingResolver
op.format.cleanToken.cuidMustMatchKDD=false
op.format.cleanToken.enableBoundedGPKeyVersion=true
op.format.cleanToken.minimumGPKeyVersion=01
op.format.cleanToken.maximumGPKeyVersion=FF
op.format.cleanToken.rollbackKeyVersionOnPutKeyFailure=false
op.format.cleanToken.validateCardKeyInfoAgainstTokenDB=true
op.format.cleanToken.auth.enable=false
op.format.cleanToken.auth.id=ldap1
op.format.cleanToken.ca.conn=ca1
op.format.cleanToken.cardmgr_instance=A0000000030000
op.format.cleanToken.issuerinfo.enable=true
op.format.cleanToken.issuerinfo.value=
op.format.cleanToken.loginRequest.enable=true
op.format.cleanToken.revokeCert=true
op.format.cleanToken.revokeCert.reason=0
op.format.cleanToken.tks.conn=tks1
op.format.cleanToken.update.applet.directory=[TPS_DIR]/applets
op.format.cleanToken.update.applet.emptyToken.enable=true
op.format.cleanToken.update.applet.encryption=true
op.format.cleanToken.update.applet.requiredVersion=1.4.58768072
op.format.cleanToken.update.symmetricKeys.enable=false
op.format.cleanToken.update.symmetricKeys.requiredVersion=1
op.format.soCleanSOToken.cuidMustMatchKDD=false
op.format.soCleanSOToken.enableBoundedGPKeyVersion=true
op.format.soCleanSOToken.minimumGPKeyVersion=01
op.format.soCleanSOToken.maximumGPKeyVersion=FF
op.format.soCleanSOToken.rollbackKeyVersionOnPutKeyFailure=false
op.format.soCleanSOToken.validateCardKeyInfoAgainstTokenDB=true
op.format.soCleanSOToken.auth.enable=false
op.format.soCleanSOToken.auth.id=ldap1
op.format.soCleanSOToken.ca.conn=ca1
op.format.soCleanSOToken.cardmgr_instance=A0000000030000
op.format.soCleanSOToken.issuerinfo.enable=true
op.format.soCleanSOToken.issuerinfo.value=
op.format.soCleanSOToken.loginRequest.enable=false
op.format.soCleanSOToken.revokeCert=true
op.format.soCleanSOToken.revokeCert.reason=0
op.format.soCleanSOToken.tks.conn=tks1
op.format.soCleanSOToken.update.applet.directory=[TPS_DIR]/applets
op.format.soCleanSOToken.update.applet.emptyToken.enable=true
op.format.soCleanSOToken.update.applet.encryption=true
op.format.soCleanSOToken.update.applet.requiredVersion=1.4.58768072
op.format.soCleanSOToken.update.symmetricKeys.enable=false
op.format.soCleanSOToken.update.symmetricKeys.requiredVersion=1
op.format.soCleanUserToken.cuidMustMatchKDD=false
op.format.soCleanUserToken.enableBoundedGPKeyVersion=true
op.format.soCleanUserToken.minimumGPKeyVersion=01
op.format.soCleanUserToken.maximumGPKeyVersion=FF
op.format.soCleanUserToken.rollbackKeyVersionOnPutKeyFailure=false
op.format.soCleanUserToken.validateCardKeyInfoAgainstTokenDB=true
op.format.soCleanUserToken.auth.enable=false
op.format.soCleanUserToken.auth.id=ldap1
op.format.soCleanUserToken.ca.conn=ca1
op.format.soCleanUserToken.cardmgr_instance=A0000000030000
op.format.soCleanUserToken.issuerinfo.enable=true
op.format.soCleanUserToken.issuerinfo.value=
op.format.soCleanUserToken.loginRequest.enable=false
op.format.soCleanUserToken.revokeCert=true
op.format.soCleanUserToken.revokeCert.reason=0
op.format.soCleanUserToken.tks.conn=tks1
op.format.soCleanUserToken.update.applet.directory=[TPS_DIR]/applets
op.format.soCleanUserToken.update.applet.emptyToken.enable=true
op.format.soCleanUserToken.update.applet.encryption=true
op.format.soCleanUserToken.update.applet.requiredVersion=1.4.58768072
op.format.soCleanUserToken.update.symmetricKeys.enable=false
op.format.soCleanUserToken.update.symmetricKeys.requiredVersion=1
op.format.soKey.cuidMustMatchKDD=false
op.format.soKey.enableBoundedGPKeyVersion=true
op.format.soKey.minimumGPKeyVersion=01
op.format.soKey.maximumGPKeyVersion=FF
op.format.soKey.rollbackKeyVersionOnPutKeyFailure=false
op.format.soKey.validateCardKeyInfoAgainstTokenDB=true
op.format.soKey.auth.enable=true
op.format.soKey.auth.id=ldap1
op.format.soKey.ca.conn=ca1
op.format.soKey.cardmgr_instance=A0000000030000
op.format.soKey.issuerinfo.enable=true
op.format.soKey.issuerinfo.value=http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/tps/phoneHome
op.format.soKey.loginRequest.enable=true
op.format.soKey.revokeCert=true
op.format.soKey.revokeCert.reason=0
op.format.soKey.tks.conn=tks1
op.format.soKey.update.applet.directory=[TPS_DIR]/applets
op.format.soKey.update.applet.emptyToken.enable=true
op.format.soKey.update.applet.encryption=true
op.format.soKey.update.applet.requiredVersion=1.4.58768072
op.format.soKey.update.symmetricKeys.enable=false
op.format.soKey.update.symmetricKeys.requiredVersion=1
op.format.soUserKey.cuidMustMatchKDD=false
op.format.soUserKey.enableBoundedGPKeyVersion=true
op.format.soUserKey.minimumGPKeyVersion=01
op.format.soUserKey.maximumGPKeyVersion=FF
op.format.soUserKey.rollbackKeyVersionOnPutKeyFailure=false
op.format.soUserKey.validateCardKeyInfoAgainstTokenDB=true
op.format.soUserKey.auth.enable=false
op.format.soUserKey.auth.id=ldap1
op.format.soUserKey.ca.conn=ca1
op.format.soUserKey.cardmgr_instance=A0000000030000
op.format.soUserKey.issuerinfo.enable=true
op.format.soUserKey.issuerinfo.value=http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/tps/phoneHome
op.format.soUserKey.loginRequest.enable=false
op.format.soUserKey.revokeCert=true
op.format.soUserKey.revokeCert.reason=0
op.format.soUserKey.tks.conn=tks1
op.format.soUserKey.update.applet.directory=[TPS_DIR]/applets
op.format.soUserKey.update.applet.emptyToken.enable=true
op.format.soUserKey.update.applet.encryption=true
op.format.soUserKey.update.applet.requiredVersion=1.4.58768072
op.format.soUserKey.update.symmetricKeys.enable=false
op.format.soUserKey.update.symmetricKeys.requiredVersion=1
op.format.tokenKey.cuidMustMatchKDD=false
op.format.tokenKey.enableBoundedGPKeyVersion=true
op.format.tokenKey.minimumGPKeyVersion=01
op.format.tokenKey.maximumGPKeyVersion=FF
op.format.tokenKey.rollbackKeyVersionOnPutKeyFailure=false
op.format.tokenKey.validateCardKeyInfoAgainstTokenDB=true
op.format.tokenKey.auth.enable=true
op.format.tokenKey.auth.id=ldap1
op.format.tokenKey.ca.conn=ca1
op.format.tokenKey.cardmgr_instance=A0000000030000
op.format.tokenKey.issuerinfo.enable=true
op.format.tokenKey.issuerinfo.value=http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/tps/phoneHome
op.format.tokenKey.loginRequest.enable=true
op.format.tokenKey.revokeCert=true
op.format.tokenKey.revokeCert.reason=0
op.format.tokenKey.tks.conn=tks1
op.format.tokenKey.update.applet.directory=[TPS_DIR]/applets
op.format.tokenKey.update.applet.emptyToken.enable=true
op.format.tokenKey.update.applet.encryption=true
op.format.tokenKey.update.applet.requiredVersion=1.4.58768072
op.format.tokenKey.update.symmetricKeys.enable=false
op.format.tokenKey.update.symmetricKeys.requiredVersion=1
op.format.userKey.cuidMustMatchKDD=false
op.format.userKey.enableBoundedGPKeyVersion=true
op.format.userKey.minimumGPKeyVersion=01
op.format.userKey.maximumGPKeyVersion=FF
op.format.userKey.rollbackKeyVersionOnPutKeyFailure=false
op.format.userKey.validateCardKeyInfoAgainstTokenDB=true
op.format.userKey.auth.enable=true
op.format.userKey.auth.id=ldap1
op.format.userKey.ca.conn=ca1
op.format.userKey.cardmgr_instance=A0000000030000
op.format.userKey.issuerinfo.enable=true
op.format.userKey.issuerinfo.value=http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/tps/phoneHome
op.format.userKey.loginRequest.enable=true
op.format.userKey.revokeCert=true
op.format.userKey.revokeCert.reason=0
op.format.userKey.tks.conn=tks1
op.format.userKey.update.applet.directory=[TPS_DIR]/applets
op.format.userKey.update.applet.emptyToken.enable=true
op.format.userKey.update.applet.encryption=true
op.format.userKey.update.applet.requiredVersion=1.4.58768072
op.format.userKey.update.symmetricKeys.enable=false
op.format.userKey.update.symmetricKeys.requiredVersion=1
op.pinReset.mappingResolver=pinResetProfileMappingResolver
op.pinReset.userKey.cuidMustMatchKDD=false
op.pinReset.userKey.enableBoundedGPKeyVersion=true
op.pinReset.userKey.minimumGPKeyVersion=01
op.pinReset.userKey.maximumGPKeyVersion=FF
op.pinReset.userKey.rollbackKeyVersionOnPutKeyFailure=false
op.pinReset.userKey.validateCardKeyInfoAgainstTokenDB=true
op.pinReset.userKey.auth.enable=true
op.pinReset.userKey.auth.id=ldap1
op.pinReset.userKey.cardmgr_instance=A0000000030000
op.pinReset.userKey.loginRequest.enable=true
op.pinReset.userKey.pinReset.pin.maxLen=10
op.pinReset.userKey.pinReset.pin.minLen=4
op.pinReset.userKey.tks.conn=tks1
op.pinReset.userKey.update.applet.directory=[TPS_DIR]/applets
op.pinReset.userKey.update.applet.emptyToken.enable=true
op.pinReset.userKey.update.applet.enable=false
op.pinReset.userKey.update.applet.encryption=true
op.pinReset.userKey.update.applet.requiredVersion=1.4.58768072
op.pinReset.userKey.update.symmetricKeys.enable=false
op.pinReset.userKey.update.symmetricKeys.requiredVersion=1
os.serverName=cert-[PKI_INSTANCE_NAME]
os.userid=nobody
passwordClass=com.netscape.cmsutil.password.PlainPasswordFile
passwordFile=[PKI_INSTANCE_PATH]/conf/password.conf
pidDir=[PKI_PIDDIR]
pkicreate.admin_secure_port=[PKI_ADMIN_SECURE_PORT]
pkicreate.agent_secure_port=[PKI_AGENT_SECURE_PORT]
pkicreate.ee_secure_port=[PKI_EE_SECURE_PORT]
pkicreate.group=[PKI_GROUP]
pkicreate.pki_instance_name=[PKI_INSTANCE_NAME]
pkicreate.pki_instance_root=[PKI_INSTANCE_ROOT]
pkicreate.secure_port=[PKI_SECURE_PORT]
pkicreate.subsystem_type=[PKI_SUBSYSTEM_TYPE]
pkicreate.systemd.servicename=[PKI_SYSTEMD_SERVICENAME]
pkicreate.tomcat_server_port=[TOMCAT_SERVER_PORT]
pkicreate.unsecure_port=[PKI_UNSECURE_PORT]
pkicreate.user=[PKI_USER]
pkiremove.cert.subsystem.nickname=subsystemCert cert-[PKI_INSTANCE_NAME]
preop.admincert.profile=caAdminCert
preop.admin.group=TPS Agents,TPS Operators,Administrators
preop.admin.name=Token Processing Service Manager Administrator
preop.cert.admin.defaultSigningAlgorithm=SHA256withRSA
preop.cert.admin.dn=uid=admin,cn=admin
preop.cert.admin.keysize.custom_size=2048
preop.cert.admin.keysize.size=2048
preop.cert.admin.profile=adminCert.profile
preop.cert.audit_signing.cncomponent.override=true
preop.cert.audit_signing.defaultSigningAlgorithm=SHA256withRSA
preop.cert.audit_signing.dn=CN=TPS Audit Signing Certificate
preop.cert.audit_signing.enable=true
preop.cert.audit_signing.keysize.custom_size=2048
preop.cert.audit_signing.keysize.size=2048
preop.cert.audit_signing.nickname=auditSigningCert cert-[PKI_INSTANCE_NAME]
preop.cert.audit_signing.profile=caInternalAuthAuditSigningCert
preop.cert.audit_signing.signing.required=false
preop.cert.audit_signing.subsystem=tps
preop.cert.audit_signing.type=remote
preop.cert.audit_signing.userfriendlyname=TPS Audit Signing Certificate
preop.cert.list=sslserver,subsystem,audit_signing
preop.cert.rsalist=audit_signing
preop.cert.sslserver.cncomponent.override=false
preop.cert.sslserver.defaultSigningAlgorithm=SHA256withRSA
preop.cert.sslserver.dn=CN=[PKI_HOSTNAME]
preop.cert.sslserver.enable=true
preop.cert.sslserver.keysize.custom_size=2048
preop.cert.sslserver.keysize.size=2048
preop.cert.sslserver.nickname=[PKI_SSL_SERVER_NICKNAME]
preop.cert.sslserver.profile=caInternalAuthServerCert
preop.cert.sslserver.signing.required=false
preop.cert.sslserver.subsystem=tps
preop.cert.sslserver.type=remote
preop.cert.sslserver.userfriendlyname=SSL Server Certificate
preop.cert.subsystem.cncomponent.override=true
preop.cert.subsystem.defaultSigningAlgorithm=SHA256withRSA
preop.cert.subsystem.dn=CN=TPS Subsystem Certificate
preop.cert.subsystem.enable=true
preop.cert.subsystem.keysize.custom_size=2048
preop.cert.subsystem.keysize.size=2048
preop.cert.subsystem.nickname=subsystemCert cert-[PKI_INSTANCE_NAME]
preop.cert.subsystem.profile=caInternalAuthSubsystemCert
preop.cert.subsystem.signing.required=false
preop.cert.subsystem.subsystem=tps
preop.cert.subsystem.type=remote
preop.cert.subsystem.userfriendlyname=Subsystem Certificate
preop.configModules.count=3
preop.configModules.module0.commonName=NSS Internal PKCS #11 Module
preop.configModules.module0.imagePath=/pki/images/clearpixel.gif
preop.configModules.module0.userFriendlyName=NSS Internal PKCS #11 Module
preop.configModules.module1.commonName=nfast
preop.configModules.module1.imagePath=/pki/images/clearpixel.gif
preop.configModules.module1.userFriendlyName=nCipher's nFast Token Hardware Module
preop.configModules.module2.commonName=lunasa
preop.configModules.module2.imagePath=/pki/images/clearpixel.gif
preop.configModules.module2.userFriendlyName=SafeNet's LunaSA Token Hardware Module
preop.hierarchy.profile=caCert.profile
preop.internaldb.data_ldif=/usr/share/pki/tps/conf/db.ldif,/usr/share/pki/tps/conf/acl.ldif
preop.internaldb.index_ldif=/usr/share/pki/tps/conf/index.ldif
preop.internaldb.ldif=/usr/share/pki/server/conf/database.ldif
preop.internaldb.manager_ldif=/usr/share/pki/server/conf/manager.ldif
preop.internaldb.post_ldif=/usr/share/pki/tps/conf/vlv.ldif,/usr/share/pki/tps/conf/vlvtasks.ldif
preop.internaldb.schema.ldif=/usr/share/pki/server/conf/schema.ldif
preop.internaldb.wait_dn=cn=index1160528734, cn=index, cn=tasks, cn=config
preop.internaldb.index_task_ldif=/usr/share/pki/tps/conf/indextasks.ldif
preop.internaldb.index_wait_dn=cn=index1160589774,cn=index,cn=tasks,cn=config
preop.internaldb.usn.ldif=/usr/share/pki/server/conf/usn.ldif
preop.module.token=Internal Key Storage Token
preop.pin=[PKI_RANDOM_NUMBER]
preop.product.name=CS
preop.securitydomain.admin_url=https://[PKI_HOSTNAME]:8443
preop.system.fullname=Token Processing Service
preop.system.name=TPS
preop.wizard.name=TPS Setup Wizard
proxy.securePort=[PKI_PROXY_SECURE_PORT]
proxy.unsecurePort=[PKI_PROXY_UNSECURE_PORT]
mappingResolver._000=#########################################
mappingResolver._001=# Mapping Resolver
mappingResolver._002=#   provides a plugin framework for mappingResolver plugins.
mappingResolver._003=#   By default, the FilterMappingResolver is provided by the
mappingResolver._004=#   system, where if passes through the specified filters then
mappingResolver._005=#   the "target" value is assigned as the result
mappingResolver._006=#
mappingResolver._007=# mappingResolver.<instance>.mapping.order=<n>,<n>,<n>
mappingResolver._008=#    - contains at least one value or a series
mappingResolver._009=#      of comma-separated mapping values which
mappingResolver._010=#
mappingResolver._011=# mappingResolver.<instance>.mapping.<n>.filter.appletMajorVersion=1
mappingResolver._012=#    - can be either empty or applet major version
mappingResolver._013=#      specified by the client
mappingResolver._014=#
mappingResolver._015=# mappingResolver.<instance>.mapping.<n>.filter.appletMinorVersion=
mappingResolver._016=#    - can be either empty or applet minor version
mappingResolver._017=#      specified by the client
mappingResolver._019=#    - if major and minor versions are both zero, this
mappingResolver._020=#      indicate there is no applet on the token.
mappingResolver._021=#
mappingResolver._022=# mappingResolver.<instance>.mapping.<n>.filter.tokenCUID.start
mappingResolver._023=# mappingResolver.<instance>.mapping.<n>.filter.tokenCUID.end
mappingResolver._024=#    - start and end sets the range of cuid the token should
mappingResolver._025=#      fall within to pass this filter
mappingResolver._026=#
mappingResolver._027=# mappingResolver.<instance>.mapping.<n>.filter.tokenATR=
mappingResolver._028=#    - can be either empty or token ATR
mappingResolver._029=#      specified by the client
mappingResolver._030=#
mappingResolver._031=# mappingResolver.<instance>.mapping.<n>.filter.tokenType=
mappingResolver._032=#    - tokenType can be set as an extension in the client request.
mappingResolver._033=#      It can be empty.
mappingResolver._034=#      When such extension is set, it must match the value
mappingResolver._035=#      in the filter if it is specified
mappingResolver._036=#
mappingResolver._037=# mappingResolver.<instance>.mapping.<n>.filter.keySet=
mappingResolver._038=#    - keySet can be set as an extension in the client request.
mappingResolver._039=#      It can be empty.
mappingResolver._040=#      When such extension is set, it must match the value
mappingResolver._041=#      in the filter if it is specified
mappingResolver._042=#
mappingResolver._043=# mappingResolver.<instance>.mapping.<n>.target.tokenType=userKey
mappingResolver._044=#    - if tokenType, tokenATR, appletMajorVersion,
mappingResolver._045=#      and appletMinorVersion are matched, value in
mappingResolver._046=#      targetTokenType will be used to locate
mappingResolver._047=#      the corresponding token profile to
mappingResolver._048=#      process the request.
mappingResolver._049=#
mappingResolver._050=# where
mappingResolver._051=#  <instance> - mapping resolver instance
mappingResolver._052=#  <n>  - mapping ID; order is specifiable
mappingResolver._053=#
mappingResolver._054=# Token ATR:
mappingResolver._055=#   Web Store  - 3B759400006202020201
mappingResolver._056=#########################################
mappingResolver.list=formatProfileMappingResolver,enrollProfileMappingResolver,pinResetProfileMappingResolver,keySetMappingResolver
mappingResolver.enrollProfileMappingResolver.class_id=filterMappingResolverImpl
mappingResolver.enrollProfileMappingResolver.mapping.0.filter.appletMajorVersion=1
mappingResolver.enrollProfileMappingResolver.mapping.0.filter.appletMinorVersion=
mappingResolver.enrollProfileMappingResolver.mapping.0.filter.tokenATR=
mappingResolver.enrollProfileMappingResolver.mapping.0.filter.tokenCUID.end=
mappingResolver.enrollProfileMappingResolver.mapping.0.filter.tokenCUID.start=
mappingResolver.enrollProfileMappingResolver.mapping.0.filter.tokenType=userKey
mappingResolver.enrollProfileMappingResolver.mapping.0.target.tokenType=userKey
mappingResolver.enrollProfileMappingResolver.mapping.1.filter.appletMajorVersion=
mappingResolver.enrollProfileMappingResolver.mapping.1.filter.appletMinorVersion=
mappingResolver.enrollProfileMappingResolver.mapping.1.filter.tokenATR=
mappingResolver.enrollProfileMappingResolver.mapping.1.filter.tokenCUID.end=
mappingResolver.enrollProfileMappingResolver.mapping.1.filter.tokenCUID.start=
mappingResolver.enrollProfileMappingResolver.mapping.1.filter.tokenType=soKey
mappingResolver.enrollProfileMappingResolver.mapping.1.target.tokenType=soKey
mappingResolver.enrollProfileMappingResolver.mapping.2.filter.appletMajorVersion=
mappingResolver.enrollProfileMappingResolver.mapping.2.filter.appletMinorVersion=
mappingResolver.enrollProfileMappingResolver.mapping.2.filter.tokenATR=
mappingResolver.enrollProfileMappingResolver.mapping.2.filter.tokenCUID.end=
mappingResolver.enrollProfileMappingResolver.mapping.2.filter.tokenCUID.start=
mappingResolver.enrollProfileMappingResolver.mapping.2.filter.tokenType=
mappingResolver.enrollProfileMappingResolver.mapping.2.target.tokenType=userKey
mappingResolver.enrollProfileMappingResolver.mapping.order=0,1,2
mappingResolver.formatProfileMappingResolver.class_id=filterMappingResolverImpl
mappingResolver.formatProfileMappingResolver.mapping.0.filter.appletMajorVersion=
mappingResolver.formatProfileMappingResolver.mapping.0.filter.appletMinorVersion=
mappingResolver.formatProfileMappingResolver.mapping.0.filter.tokenATR=
mappingResolver.formatProfileMappingResolver.mapping.0.filter.tokenCUID.end=
mappingResolver.formatProfileMappingResolver.mapping.0.filter.tokenCUID.start=
mappingResolver.formatProfileMappingResolver.mapping.0.filter.tokenType=soCleanUserToken
mappingResolver.formatProfileMappingResolver.mapping.0.target.tokenType=soCleanUserToken
mappingResolver.formatProfileMappingResolver.mapping.1.filter.appletMajorVersion=
mappingResolver.formatProfileMappingResolver.mapping.1.filter.appletMinorVersion=
mappingResolver.formatProfileMappingResolver.mapping.1.filter.tokenATR=
mappingResolver.formatProfileMappingResolver.mapping.1.filter.tokenCUID.end=
mappingResolver.formatProfileMappingResolver.mapping.1.filter.tokenCUID.start=
mappingResolver.formatProfileMappingResolver.mapping.1.filter.tokenType=soUserKey
mappingResolver.formatProfileMappingResolver.mapping.1.target.tokenType=soUserKey
mappingResolver.formatProfileMappingResolver.mapping.2.filter.appletMajorVersion=
mappingResolver.formatProfileMappingResolver.mapping.2.filter.appletMinorVersion=
mappingResolver.formatProfileMappingResolver.mapping.2.filter.tokenATR=
mappingResolver.formatProfileMappingResolver.mapping.2.filter.tokenCUID.end=
mappingResolver.formatProfileMappingResolver.mapping.2.filter.tokenCUID.start=
mappingResolver.formatProfileMappingResolver.mapping.2.filter.tokenType=soKey
mappingResolver.formatProfileMappingResolver.mapping.2.target.tokenType=soKey
mappingResolver.formatProfileMappingResolver.mapping.3.filter.appletMajorVersion=
mappingResolver.formatProfileMappingResolver.mapping.3.filter.appletMinorVersion=
mappingResolver.formatProfileMappingResolver.mapping.3.filter.tokenATR=
mappingResolver.formatProfileMappingResolver.mapping.3.filter.tokenCUID.end=
mappingResolver.formatProfileMappingResolver.mapping.3.filter.tokenCUID.start=
mappingResolver.formatProfileMappingResolver.mapping.3.filter.tokenType=userKey
mappingResolver.formatProfileMappingResolver.mapping.3.target.tokenType=userKey
mappingResolver.formatProfileMappingResolver.mapping.4.filter.appletMajorVersion=
mappingResolver.formatProfileMappingResolver.mapping.4.filter.appletMinorVersion=
mappingResolver.formatProfileMappingResolver.mapping.4.filter.tokenATR=
mappingResolver.formatProfileMappingResolver.mapping.4.filter.tokenCUID.end=
mappingResolver.formatProfileMappingResolver.mapping.4.filter.tokenCUID.start=
mappingResolver.formatProfileMappingResolver.mapping.4.filter.tokenType=soCleanSOToken
mappingResolver.formatProfileMappingResolver.mapping.4.target.tokenType=soCleanSOToken
mappingResolver.formatProfileMappingResolver.mapping.5.filter.appletMajorVersion=
mappingResolver.formatProfileMappingResolver.mapping.5.filter.appletMinorVersion=
mappingResolver.formatProfileMappingResolver.mapping.5.filter.tokenATR=
mappingResolver.formatProfileMappingResolver.mapping.5.filter.tokenCUID.end=
mappingResolver.formatProfileMappingResolver.mapping.5.filter.tokenCUID.start=
mappingResolver.formatProfileMappingResolver.mapping.5.filter.tokenType=cleanToken
mappingResolver.formatProfileMappingResolver.mapping.5.target.tokenType=cleanToken
mappingResolver.formatProfileMappingResolver.mapping.6.filter.appletMajorVersion=
mappingResolver.formatProfileMappingResolver.mapping.6.filter.appletMinorVersion=
mappingResolver.formatProfileMappingResolver.mapping.6.filter.tokenATR=
mappingResolver.formatProfileMappingResolver.mapping.6.filter.tokenCUID.end=
mappingResolver.formatProfileMappingResolver.mapping.6.filter.tokenCUID.start=
mappingResolver.formatProfileMappingResolver.mapping.6.target.tokenType=userKey
mappingResolver.formatProfileMappingResolver.mapping.order=0,1,2,3,4,5,6
mappingResolver.pinResetProfileMappingResolver.class_id=filterMappingResolverImpl
mappingResolver.pinResetProfileMappingResolver.mapping.0.filter.appletMajorVersion=
mappingResolver.pinResetProfileMappingResolver.mapping.0.filter.appletMinorVersion=
mappingResolver.pinResetProfileMappingResolver.mapping.0.filter.tokenATR=
mappingResolver.pinResetProfileMappingResolver.mapping.0.filter.tokenCUID.end=
mappingResolver.pinResetProfileMappingResolver.mapping.0.filter.tokenCUID.start=
mappingResolver.pinResetProfileMappingResolver.mapping.0.filter.tokenType=
mappingResolver.pinResetProfileMappingResolver.mapping.0.target.tokenType=userKey
mappingResolver.pinResetProfileMappingResolver.mapping.order=0
mappingResolver.keySetMappingResolver._000=#########################################
mappingResolver.keySetMappingResolver._001=# Below is just an example for keySet mapping;
mappingResolver.keySetMappingResolver._002=# keySet mapping allows support for multiple
mappingResolver.keySetMappingResolver._003=# keySets for different cards
mappingResolver.keySetMappingResolver._004=#########################################
mappingResolver.keySetMappingResolver.class_id=filterMappingResolverImpl
mappingResolver.keySetMappingResolver.mapping.0.filter.appletMajorVersion=0
mappingResolver.keySetMappingResolver.mapping.0.filter.appletMinorVersion=0
mappingResolver.keySetMappingResolver.mapping.0.filter.tokenATR=
mappingResolver.keySetMappingResolver.mapping.0.filter.tokenCUID.end=
mappingResolver.keySetMappingResolver.mapping.0.filter.tokenCUID.start=
mappingResolver.keySetMappingResolver.mapping.0.filter.keySet=
mappingResolver.keySetMappingResolver.mapping.0.target.keySet=defKeySet
mappingResolver.keySetMappingResolver.mapping.1.filter.appletMajorVersion=1
mappingResolver.keySetMappingResolver.mapping.1.filter.appletMinorVersion=1
mappingResolver.keySetMappingResolver.mapping.1.filter.tokenATR=
mappingResolver.keySetMappingResolver.mapping.1.filter.tokenCUID.end=
mappingResolver.keySetMappingResolver.mapping.1.filter.tokenCUID.start=
mappingResolver.keySetMappingResolver.mapping.1.filter.keySet=
mappingResolver.keySetMappingResolver.mapping.1.target.keySet=defKeySet
mappingResolver.keySetMappingResolver.mapping.2.filter.appletMajorVersion=
mappingResolver.keySetMappingResolver.mapping.2.filter.appletMinorVersion=
mappingResolver.keySetMappingResolver.mapping.2.filter.tokenATR=
mappingResolver.keySetMappingResolver.mapping.2.filter.tokenCUID.end=
mappingResolver.keySetMappingResolver.mapping.2.filter.tokenCUID.start=
mappingResolver.keySetMappingResolver.mapping.2.filter.keySet=
mappingResolver.keySetMappingResolver.mapping.2.target.keySet=jForte
mappingResolver.keySetMappingResolver.mapping.order=0,1,2
registry.file=[PKI_INSTANCE_PATH]/conf/tps/registry.cfg
selftests._000=##
selftests._001=## Self Tests
selftests._002=##
selftests._003=## The Self-Test plugin TPSSystemCertsVerification uses the
selftests._004=## following parameters (where certusage is optional):
selftests._005=## tps.cert.list = <list of cert tag names deliminated by ",">
selftests._006=## tps.cert.<cert tag name>.nickname
selftests._007=## tps.cert.<cert tag name>.certusage
selftests._008=##
selftests.container.instance.TPSPresence=org.dogtagpki.server.tps.selftests.TPSPresence
selftests.container.instance.TPSValidity=org.dogtagpki.server.tps.selftests.TPSValidity
selftests.container.instance.SystemCertsVerification=com.netscape.cms.selftests.common.SystemCertsVerification
selftests.container.logger.bufferSize=512
selftests.container.logger.class=com.netscape.cms.logging.RollingLogFile
selftests.container.logger.enable=true
selftests.container.logger.expirationTime=0
selftests.container.logger.fileName=[PKI_INSTANCE_PATH]/logs/[PKI_SUBSYSTEM_TYPE]/selftests.log
selftests.container.logger.flushInterval=5
selftests.container.logger.level=1
selftests.container.logger.maxFileSize=2000
selftests.container.logger.register=false
selftests.container.logger.rolloverInterval=2592000
selftests.container.logger.type=transaction
selftests.container.order.onDemand=TPSPresence:critical, SystemCertsVerification:critical, TPSValidity:critical
selftests.container.order.startup=TPSPresence:critical, SystemCertsVerification:critical
selftests.plugin.TPSPresence.TpsSubId=tps
selftests.plugin.TPSValidity.TpsSubId=tps
selftests.plugin.SystemCertsVerification.SubId=tps
service.instanceDir=[PKI_INSTANCE_ROOT]
service.instanceID=[PKI_INSTANCE_NAME]
service.machineName=[PKI_HOSTNAME]
service.non_clientauth_securePort=[PKI_EE_SECURE_PORT]
service.securePort=[PKI_AGENT_SECURE_PORT]
service.unsecurePort=[PKI_UNSECURE_PORT]
smtp.host=localhost
smtp.port=25
subsystem.0.class=org.dogtagpki.server.tps.TPSSubsystem
subsystem.0.id=tps
subsystem.1.class=com.netscape.cmscore.selftests.SelfTestSubsystem
subsystem.1.id=selftests
subsystem.2.class=com.netscape.cmscore.util.StatsSubsystem
subsystem.2.id=stats
target._000=#########################################
target._001=# entries to enable configuration of parameter sets through the TPS UI agent and admin tabs
target._002=#
target._003=# target.configure.list = comma separated lists of all parameter sets that can be configured by the admin.
target._004=#    Each entry will show up (with underscore replaced by space) under Advanced Configuration on the admin tab.
target._005=#
target._006=# target.agent_approve.list = comma separated subset of above list.  Parameter sets in this list
target._007=#    will show up in the agent tab (under advanced configuration) and will require agent involvement
target._008=#   (enable/ disable) to be edited.
target._009=#
target._010=# For the wording to display correctly, the values in the above list should be plurals.
target._011=#
target._012=# Each parameter set in the lists above requires three parameters:
target._013=#    target.<type name>.list : list of choices of this parameter set type (will display in the drop down box)
target._014=#    target.<type name>.pattern : the regular expression to select parameters in CS.cfg for this parameter set.
target._015=#    target.<type_name>.displayname: used in the UI display text.  This should be the singular form of <type_name>.
target._016=#
target._017=# The exception is the parameter set Generals, which has only a pattern and displayname defined.
target._018=#
target._019=########################################
target.agent_approve.list=Profiles
target.Authentication_Sources.displayname=Authentication Source
target.Authentication_Sources.list=ldap1
target.Authentication_Sources.pattern=auths\.instance\.$name\..*
target.configure.list=Profiles,Subsystem_Connections,Profile_Mappings,Authentication_Sources
target.Generals.displayname=General
target.Generals.pattern=^applet\..*\|^general\..*\|^failover.pod.enable\|^channel\..*
target.Profile_Mappings.displayname=Token Profile Mapping Resolvers
target.Profile_Mappings.list=enrollProfileMappingResolver,formatProfileMappingResolver,pinResetProfileMappingResolver
target.Profile_Mappings.pattern=mappingResolver\.$name\.mapping\..*
target.Profiles.displayname=Token Profile
target.Profiles.list=userKey,soKey,soCleanUserToken,soUserKey,cleanToken,soCleanSoToken,tokenKey
target.Profiles.pattern=op\..*\.$name\..*
target.Subsystem_Connections.displayname=Subsystem Connection
target.Subsystem_Connections.list=
target.Subsystem_Connections.pattern=tps.connector\.$name\..*
tokendb._000=#########################################
tokendb._001=# tokendb.auditLog:
tokendb._002=#   - audit log path
tokendb._003=# tokendb.host:
tokendb._004=#   - tokendb host name
tokendb._005=# tokendb.port:
tokendb._006=#   - tokendb port number
tokendb._007=# tokendb.bindDN:
tokendb._008=#   - tokendb administration DN (i.e. cn=Directory Manager)
tokendb._009=# tokendb.bindPassPath:
tokendb._010=#   - tokendb administration password file path
tokendb._011=# tokendb.templateDir
tokendb._012=#   - directory where all the tokendb templates are located
tokendb._013=# tokendb.userBaseDN:
tokendb._014=#   - directory base DN for users and groups
tokendb._015=# tokendb.baseDN:
tokendb._016=#   - directory base DN for tokens
tokendb._017=# tokendb.activityBaseDN:
tokendb._018=#   - directory base DN for activities
tokendb._019=# tokendb.indexTemplate=index.template
tokendb._020=#   - index template
tokendb._021=# tokendb.newTemplate=new.template
tokendb._022=#   - add template
tokendb._023=# tokendb.showTemplate=show.template
tokendb._024=#   - show template
tokendb._025=# tokendb.errorTemplate=error.template
tokendb._026=#   - error template
tokendb._027=# tokendb.searchTemplate=search.template
tokendb._028=#   - search template
tokendb._029=# tokendb.searchResultTemplate=searchResults.template
tokendb._030=#   - search result template
tokendb._031=# tokendb.editTemplate=edit.template
tokendb._032=#   - edit template
tokendb._033=# tokendb.editResultTemplate=editResults.template
tokendb._034=#   - edit result template
tokendb._035=# tokendb.addResultTemplate=addResults.template
tokendb._036=#   - add result template
tokendb._037=# tokendb.deleteResultTemplate=deleteResults.template
tokendb._038=#   - delete result template
tokendb._039=# tokendb.searchActivityTemplate=searchActivity.template
tokendb._040=#   - search activity template
tokendb._041=# tokendb.searchActivityResultTemplate=searchActivityResults.template
tokendb._042=#   - search activity result template
tokendb._043=# tokendb.showAdminTemplate=showAdmin.template
tokendb._044=#   - show admin template
tokendb._045=# tokendb.editAdminTemplate=editAdmin.template
tokendb._046=#   - edit admin template
tokendb._047=# tokendb.editAdminResultTemplate=editAdminResults.template
tokendb._048=#   - edit admin result template
tokendb._049=# tokendb.searchAdminTemplate=searchAdmin.template
tokendb._050=#   - search admin template
tokendb._051=# tokendb.searchAdminResultTemplate=searchAdminResults.template
tokendb._052=#   - search admin result template
tokendb._053=# tokendb.defaultPolicy:
tokendb._054=# Supported Policy (Separated by ; [Semicolon]):
tokendb._055=# For example, PIN_RESET=YES|NO;RE_ENROLL=YES|NO
tokendb._056=#   PIN_RESET=YES|NO
tokendb._057=#   - If not present, pin reset by user is allowed.
tokendb._058=#   - If present and agent change PIN_RESET from NO
tokendb._059=#     to YES, user is allowed to do pin reset. This
tokendb._060=#     policy will be changed back to NO after pin reset.
tokendb._061=#   RE_ENROLL=YES|NO
tokendb._062=#   - If not present, re-enrollment is allowed.
tokendb._063=#   - If present, re-enrollment is allowed when RE_ENROLL
tokendb._064=#     is set to YES. Otherwise, re-enrollment is not
tokendb._065=#     allowed.
tokendb._066=# tokendb.allowedTransitions:
tokendb._067=#   - has transitions between the following states
tokendb._068=#     FORMATTED = 0,
tokendb._069=#     DAMAGED = 1,
tokendb._070=#     PERM_LOST = 2,
tokendb._071=#     SUSPENDED = 3,
tokendb._072=#     ACTIVE = 4,
tokendb._073=#     TERMINATED = 6,
tokendb._074=#     UNFORMATTED = 7
tokendb._075=# Note: Transitions can be removed from the list if necessary.
tokendb._076=# Do not add new transitions unless they were originally in the list.
tokendb._077=# See the original transition list in /usr/share/pki/tps/conf/CS.cfg.
tokendb._078=#########################################
tokendb.activityBaseDN=ou=Activities,[TOKENDB_ROOT]
tokendb.addConfigTemplate=addConfig.template
tokendb.addResultTemplate=addResults.template
tokendb.agentSelectConfigTemplate=agentSelectConfig.template
tokendb.agentViewConfigTemplate=agentViewConfig.template
tokendb.allowedTransitions=0:1,0:2,0:3,0:6,3:2,3:6,4:1,4:2,4:3,4:6,6:7
tokendb.auditAdminTemplate=auditAdmin.template
tokendb.auditLog=[PKI_INSTANCE_PATH]/logs/tokendb-audit.log
tokendb.baseDN=ou=Tokens,[TOKENDB_ROOT]
tokendb.bindDN=cn=Directory Manager
tokendb.bindPassPath=[PKI_INSTANCE_PATH]/conf/password.conf
tokendb.certBaseDN=ou=Certificates,[TOKENDB_ROOT]
tokendb.confirmConfigChangesTemplate=confirmConfigChanges.template
tokendb.confirmDeleteConfigTemplate=confirmDeleteConfig.template
tokendb.defaultPolicy=RE_ENROLL=YES;RENEW=NO;FORCE_FORMAT=NO;PIN_RESET=NO;RESET_PIN_RESET_TO_NO=NO
tokendb.deleteResultTemplate=deleteResults.template
tokendb.deleteTemplate=delete.template
tokendb.doTokenConfirmTemplate=doTokenConfirm.template
tokendb.doTokenTemplate=doToken.template
tokendb.editConfigTemplate=editConfig.template
tokendb.editResultTemplate=editResults.template
tokendb.editTemplate=edit.template
tokendb.editUserTemplate=editUser.template
tokendb.errorTemplate=error.template
tokendb.hostport=[TOKENDB_HOST]:[TOKENDB_PORT]
tokendb.indexAdminTemplate=indexAdmin.template
tokendb.indexOperatorTemplate=indexOperator.template
tokendb.indexTemplate=index.template
tokendb.newTemplate=new.template
tokendb.newUserTemplate=newUser.template
tokendb.revokeTemplate=revoke.template
tokendb.searchActivityAdminResultTemplate=searchActivityAdminResults.template
tokendb.searchActivityAdminTemplate=searchActivityAdmin.template
tokendb.searchActivityResultTemplate=searchActivityResults.template
tokendb.searchActivityTemplate=searchActivity.template
tokendb.searchAdminResultTemplate=searchAdminResults.template
tokendb.searchAdminTemplate=searchAdmin.template
tokendb.searchCertificateResultTemplate=searchCertificateResults.template
tokendb.searchCertificateTemplate=searchCertificate.template
tokendb.searchResultTemplate=searchResults.template
tokendb.searchTemplate=search.template
tokendb.searchUserResultTemplate=searchUserResults.template
tokendb.searchUserTemplate=searchUser.template
tokendb.selectConfigTemplate=selectConfig.template
tokendb.selfTestResultsTemplate=selfTestResults.template
tokendb.selfTestTemplate=selfTest.template
tokendb.showAdminTemplate=showAdmin.template
tokendb.showCertTemplate=showCert.template
tokendb.showTemplate=show.template
tokendb.ssl=false
tokendb.templateDir=[PKI_INSTANCE_PATH]/docroot/tus
tokendb.userBaseDN=[TOKENDB_ROOT]
tokendb.userDeleteTemplate=userDelete.template
tokendb.nonExternalReg.allowMultiActiveTokensUser=false
tokendb.externalReg.allowMultiActiveTokensUser=false

tps._000=########################################
tps._001=# For verifying system certificates
tps._002=# tps.cert.list=sslserver,subsystem,audit_signing
tps._003=# tps.cert.sslserver.nickname=xxx
tps._005=# tps.cert.subsystem.nickname=xxx
tps._007=# tps.cert.audit_signing.nickname=xxx
tps._008=# tps.operations.allowedTransitions:
tps._009=#   - token operations, like formatting and enrollment have transitions between the following states
tps._010=#     FORMATTED = 0,
tps._011=#     ACTIVE = 4,
tps._012=#     UNFORMATTED = 7
tps._013=# Note: Transitions can be removed from the list if necessary.
tps._014=# Do not add new transitions unless they were originally in the list.
tps._015=# See the original transition list in /usr/share/pki/tps/conf/CS.cfg.
tps._016=########################################
tps.cert.audit_signing.certusage=ObjectSigner
tps.cert.audit_signing.nickname=[HSM_LABEL][NICKNAME]
tps.cert.list=sslserver,subsystem,audit_signing
tps.cert.sslserver.certusage=SSLServer
tps.cert.subsystem.certusage=SSLClient
tps.operations.allowedTransitions=0:0,0:4,4:4,4:0,7:0
usrgrp._000=##
usrgrp._001=## User/Group
usrgrp._002=##
usrgrp.ldap=internaldb