# --- BEGIN COPYRIGHT BLOCK --- # Copyright (C) 2006 Red Hat, Inc. # All rights reserved. # --- END COPYRIGHT BLOCK --- # _000=## _001=## File Created On : Mon Oct 10 15:57:03 PDT 2005 _002=## installDate=[INSTALL_TIME] cs.type=TKS admin.interface.uri=tks/admin/console/config/wizard preop.admin.name=Token Key Service Manager Administrator preop.admin.group=Token Key Service Manager Agents preop.admincert.profile=caAdminCert preop.securitydomain.url=https://[PKI_MACHINE_NAME]:9443 preop.wizard.name=TKS Setup Wizard preop.system.name=TKS preop.product.name=CS preop.product.version= preop.system.fullname=Token Key Service preop.cert.list=sslserver,subsystem preop.cert.sslserver.enable=true preop.cert.subsystem.enable=true preop.cert.sslserver.defaultSigningAlgorithm=SHA1withRSA preop.cert.sslserver.dn=CN=[PKI_MACHINE_NAME] preop.cert.sslserver.keysize.custom_size=2048 preop.cert.sslserver.keysize.size=2048 preop.cert.sslserver.nickname=Server-Cert cert-[PKI_INSTANCE_ID] preop.cert.sslserver.profile=caInternalAuthServerCert preop.cert.sslserver.subsystem=tks preop.cert.sslserver.type=remote preop.cert.sslserver.userfriendlyname=SSL Server Certificate preop.cert.sslserver.cncomponent.override=false preop.cert.subsystem.defaultSigningAlgorithm=SHA1withRSA preop.cert.subsystem.dn=CN=TKS Subsystem Certificate preop.cert.subsystem.keysize.custom_size=2048 preop.cert.subsystem.keysize.size=2048 preop.cert.subsystem.nickname=subsystemCert cert-[PKI_INSTANCE_ID] preop.cert.subsystem.profile=caInternalAuthSubsystemCert preop.cert.subsystem.subsystem=tks preop.cert.subsystem.type=remote preop.cert.subsystem.userfriendlyname=Subsystem Certificate preop.cert.subsystem.cncomponent.override=true preop.cert.admin.defaultSigningAlgorithm=SHA1withRSA preop.cert.admin.dn=uid=admin,cn=admin preop.cert.admin.keysize.custom_size=2048 preop.cert.admin.keysize.size=2048 preop.cert.admin.profile=adminCert.profile preop.hierarchy.profile=caCert.profile preop.configModules.module0.userFriendlyName=NSS Internal PKCS #11 Module preop.configModules.module0.commonName=NSS Internal PKCS #11 Module preop.configModules.module0.imagePath=../img/clearpixel.gif preop.configModules.module1.userFriendlyName=nCipher's nFast Token Hardware Module preop.configModules.module1.commonName=nfast preop.configModules.module1.imagePath=../img/clearpixel.gif preop.configModules.module2.userFriendlyName=SafeNet's LunaSA Token Hardware Module preop.configModules.module2.commonName=lunasa preop.configModules.module2.imagePath=../img/clearpixel.gif preop.configModules.count=3 preop.module.token=Internal Key Storage Token cs.state=0 authType=pwd instanceRoot=[PKI_INSTANCE_PATH] machineName=[PKI_MACHINE_NAME] instanceId=[PKI_INSTANCE_ID] preop.pin=[PKI_RANDOM_NUMBER] service.securePort=[PKI_SECURE_PORT] passwordFile=[PKI_INSTANCE_PATH]/conf/password.conf passwordClass=com.netscape.cmsutil.password.PlainPasswordFile multiroles=true CrossCertPair._000=## CrossCertPair._001=## CrossCertPair Import CrossCertPair._002=## CrossCertPair.ldap=internaldb accessEvaluator.impl.group.class=com.netscape.cms.evaluators.GroupAccessEvaluator accessEvaluator.impl.ipaddress.class=com.netscape.cms.evaluators.IPAddressAccessEvaluator accessEvaluator.impl.user.class=com.netscape.cms.evaluators.UserAccessEvaluator auths._000=## auths._001=## new authentication auths._002=## auths.impl._000=## auths.impl._001=## authentication manager implementations auths.impl._002=## auths.impl.AgentCertAuth.class=com.netscape.cms.authentication.AgentCertAuthentication auths.impl.CMCAuth.class=com.netscape.cms.authentication.CMCAuth auths.impl.NISAuth.class=com.netscape.cms.authentication.NISAuth auths.impl.PortalEnroll.class=com.netscape.cms.authentication.PortalEnroll auths.impl.TokenAuth.class=com.netscape.cms.authentication.TokenAuthentication auths.impl.UdnPwdDirAuth.class=com.netscape.cms.authentication.UdnPwdDirAuthentication auths.impl.UidPwdDirAuth.class=com.netscape.cms.authentication.UidPwdDirAuthentication auths.impl.UidPwdPinDirAuth.class=com.netscape.cms.authentication.UidPwdPinDirAuthentication auths.instance.AgentCertAuth.agentGroup=Certificate Manager Agents auths.instance.AgentCertAuth.pluginName=AgentCertAuth auths.instance.TokenAuth.pluginName=TokenAuth auths.revocationChecking.bufferSize=50 authz._000=## authz._001=## new authorizatioin authz._002=## authz.evaluateOrder=deny,allow authz.sourceType=ldap authz.impl._000=## authz.impl._001=## authorization manager implementations authz.impl._002=## authz.impl.BasicAclAuthz.class=com.netscape.cms.authorization.BasicAclAuthz authz.impl.DirAclAuthz.class=com.netscape.cms.authorization.DirAclAuthz authz.instance.BasicAclAuthz.pluginName=BasicAclAuthz authz.instance.DirAclAuthz.ldap=internaldb authz.instance.DirAclAuthz.pluginName=DirAclAuthz authz.instance.DirAclAuthz.ldap._000=## authz.instance.DirAclAuthz.ldap._001=## Internal Database authz.instance.DirAclAuthz.ldap._002=## cardcryptogram.validate.enable=true cmc.cert.confirmRequired=false cmc.lraPopWitness.verify.allow=true cmc.revokeCert.verify=true cmc.revokeCert.sharedSecret.class=com.netscape.cms.authentication.SharedSecret cmc.sharedSecret.class=com.netscape.cms.authentication.SharedSecret cms.version= dbs.ldap=internaldb dbs.newSchemaEntryAdded=true debug.append=true debug.enabled=true debug.filename=[PKI_INSTANCE_PATH]/logs/debug debug.hashkeytypes= debug.level=0 debug.showcaller=false internaldb._000=## internaldb._001=## Internal Database internaldb._002=## internaldb.maxConns=15 internaldb.minConns=3 internaldb.ldapauth.authtype=BasicAuth internaldb.ldapauth.bindDN=cn=Directory Manager internaldb.ldapauth.bindPWPrompt=Internal LDAP Database internaldb.ldapauth.clientCertNickname= internaldb.ldapconn.host= internaldb.ldapconn.port= internaldb.ldapconn.secureConn=false preop.internaldb.ldif=/usr/share/[PKI_FLAVOR]/tks/conf/schema.ldif,/usr/share/[PKI_FLAVOR]/tks/conf/database.ldif preop.internaldb.data_ldif=/usr/share/[PKI_FLAVOR]/tks/conf/db.ldif,/usr/share/[PKI_FLAVOR]/tks/conf/acl.ldif preop.internaldb.index_ldif=/usr/share/[PKI_FLAVOR]/tks/conf/index.ldif preop.internaldb.post_ldif= preop.internaldb.wait_dn= internaldb.multipleSuffix.enable=false jss._000=## jss._001=## JSS jss._002=## jss.configDir=[PKI_INSTANCE_PATH]/alias/ jss.enable=true jss.secmodName=secmod.db jss.ocspcheck.enable=false jss.ssl.cipherfortezza=true jss.ssl.cipherpref= jss.ssl.cipherversion=cipherdomestic log._000=## log._001=## Logging log._002=## log.impl.file.class=com.netscape.cms.logging.RollingLogFile log.instance.SignedAudit._000=## log.instance.SignedAudit._001=## Signed Audit Logging log.instance.SignedAudit._002=## log.instance.SignedAudit.bufferSize=512 log.instance.SignedAudit.enable=true log.instance.SignedAudit.events=AUDIT_LOG_STARTUP,AUDIT_LOG_SHUTDOWN,ROLE_ASSUME,CONFIG_CERT_POLICY,CONFIG_CERT_PROFILE,CONFIG_CRL_PROFILE,CONFIG_OCSP_PROFILE,CONFIG_AUTH,CONFIG_ROLE,CONFIG_ACL,CONFIG_SIGNED_AUDIT,CONFIG_ENCRYPTION,CONFIG_TRUSTED_PUBLIC_KEY,CONFIG_DRM,SELFTESTS_EXECUTION,AUDIT_LOG_DELETE,LOG_PATH_CHANGE,LOG_EXPIRATION_CHANGE,PRIVATE_KEY_ARCHIVE,PRIVATE_KEY_ARCHIVE_PROCESSED,KEY_RECOVERY_REQUEST,KEY_RECOVERY_AGENT_LOGIN,KEY_RECOVERY_PROCESSED,KEY_GEN_ASYMMETRIC,NON_PROFILE_CERT_REQUEST,PROFILE_CERT_REQUEST,CERT_REQUEST_PROCESSED,CERT_STATUS_CHANGE_REQUEST,CERT_STATUS_CHANGE_REQUEST_PROCESSED,AUTHZ_SUCCESS,AUTHZ_FAIL,INTER_BOUNDARY,AUTH_FAIL,AUTH_SUCCESS,CERT_PROFILE_APPROVAL,PROOF_OF_POSSESSION,CRL_RETRIEVAL,CRL_VALIDATION,CMC_SIGNED_REQUEST_SIG_VERIFY,SERVER_SIDE_KEYGEN_PROCESSED,SERVER_SIDE_KEYGEN_REQUEST log.instance.SignedAudit.expirationTime=0 log.instance.SignedAudit.fileName=[PKI_INSTANCE_PATH]/logs/signedAudit/tks_cert-tks_audit log.instance.SignedAudit.flushInterval=5 log.instance.SignedAudit.level=1 log.instance.SignedAudit.logSigning=false log.instance.SignedAudit.maxFileSize=2000 log.instance.SignedAudit.pluginName=file log.instance.SignedAudit.rolloverInterval=2592000 log.instance.SignedAudit.signedAudit:_000=## log.instance.SignedAudit.signedAudit:_001=## Fill in the nickname of a trusted signing certificate to allow TKS audit logs to be signed log.instance.SignedAudit.signedAudit:_002=## log.instance.SignedAudit.signedAuditCertNickname= log.instance.SignedAudit.type=signedAudit log.instance.System._000=## log.instance.System._001=## System Logging log.instance.System._002=## log.instance.System.bufferSize=512 log.instance.System.enable=true log.instance.System.expirationTime=0 log.instance.System.fileName=[PKI_INSTANCE_PATH]/logs/system log.instance.System.flushInterval=5 log.instance.System.level=3 log.instance.System.maxFileSize=2000 log.instance.System.pluginName=file log.instance.System.rolloverInterval=2592000 log.instance.System.type=system log.instance.Transactions._000=## log.instance.Transactions._001=## Transaction Logging log.instance.Transactions._002=## log.instance.Transactions.bufferSize=512 log.instance.Transactions.enable=true log.instance.Transactions.expirationTime=0 log.instance.Transactions.fileName=[PKI_INSTANCE_PATH]/logs/transactions log.instance.Transactions.flushInterval=5 log.instance.Transactions.level=1 log.instance.Transactions.maxFileSize=2000 log.instance.Transactions.pluginName=file log.instance.Transactions.rolloverInterval=2592000 log.instance.Transactions.type=transaction logAudit.fileName=[PKI_INSTANCE_PATH]/logs/access logError.fileName=[PKI_INSTANCE_PATH]/logs/error oidmap.auth_info_access.class=netscape.security.extensions.AuthInfoAccessExtension oidmap.auth_info_access.oid=1.3.6.1.5.5.7.1.1 oidmap.challenge_password.class=com.netscape.cms.servlet.cert.scep.ChallengePassword oidmap.challenge_password.oid=1.2.840.113549.1.9.7 oidmap.extended_key_usage.class=netscape.security.extensions.ExtendedKeyUsageExtension oidmap.extended_key_usage.oid=2.5.29.37 oidmap.extensions_requested_pkcs9.class=com.netscape.cms.servlet.cert.scep.ExtensionsRequested oidmap.extensions_requested_pkcs9.oid=1.2.840.113549.1.9.14 oidmap.extensions_requested_vsgn.class=com.netscape.cms.servlet.cert.scep.ExtensionsRequested oidmap.extensions_requested_vsgn.oid=2.16.840.1.113733.1.9.8 oidmap.netscape_comment.class=netscape.security.x509.NSCCommentExtension oidmap.netscape_comment.oid=2.16.840.1.113730.1.13 oidmap.ocsp_no_check.class=netscape.security.extensions.OCSPNoCheckExtension oidmap.ocsp_no_check.oid=1.3.6.1.5.5.7.48.1.5 oidmap.pse.class=netscape.security.extensions.PresenceServerExtension oidmap.pse.oid=2.16.840.1.113730.1.18 oidmap.subject_info_access.class=netscape.security.extensions.SubjectInfoAccessExtension oidmap.subject_info_access.oid=1.3.6.1.5.5.7.1.11 os.serverName=cert-[PKI_INSTANCE_ID] os.userid=nobody registry.file=[PKI_INSTANCE_PATH]/conf/registry.cfg smtp.host=localhost smtp.port=25 subsystem.0.class=com.netscape.tks.TKSAuthority subsystem.0.id=tks subsystem.1.class=com.netscape.cmscore.selftests.SelfTestSubsystem subsystem.1.id=selftests subsystem.2.class=com.netscape.cmscore.util.StatsSubsystem subsystem.2.id=stats tks._000=## tks._001=## TKS tks._002=## tks._003=## tks.debug=false tks.defaultSlot=Internal Key Storage Token tks.drm_transport_cert_nickname= tks.master_key_prefix= tks.useDefaultSlot=true usrgrp._000=## usrgrp._001=## User/Group usrgrp._002=## usrgrp.ldap=internaldb tks.defKeySet._000=## tks.defKeySet._001=## Axalto default key set: tks.defKeySet._002=## tks.defKeySet._003=## tks.defKeySet.mk_mappings.#02#01=: tks.defKeySet._004=## tks.defKeySet.auth_key=#40#41#42#43#44#45#46#47#48#49#4a#4b#4c#4d#4e#4f tks.defKeySet.mac_key=#40#41#42#43#44#45#46#47#48#49#4a#4b#4c#4d#4e#4f tks.defKeySet.kek_key=#40#41#42#43#44#45#46#47#48#49#4a#4b#4c#4d#4e#4f tks.jForte._000=## tks.jForte._001=## SAFLink's jForte default key set: tks.jForte._002=## tks.jForte._003=## tks.jForte.mk_mappings.#02#01=: tks.jForte._004=## tks.jForte.auth_key=#30#31#32#33#34#35#36#37#38#39#3a#3b#3c#3d#3e#3f tks.jForte.mac_key=#40#41#42#43#44#45#46#47#48#49#4a#4b#4c#4d#4e#4f tks.jForte.kek_key=#50#51#52#53#54#55#56#57#58#59#5a#5b#5c#5d#5e#5f