summaryrefslogtreecommitdiffstats
path: root/base/ocsp/shared/conf/CS.cfg.in
blob: 3a1e6c6606bca6ed92eb18bc387eee531f97ac75 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
_000=##
_001=## Online Certificate Status Protocol (OCSP) Responder Configuration File
_002=##
pidDir=[PKI_PIDDIR]
pkicreate.pki_instance_root=[PKI_INSTANCE_ROOT]
pkicreate.pki_instance_name=[PKI_INSTANCE_ID]
pkicreate.subsystem_type=[PKI_SUBSYSTEM_TYPE]
pkicreate.agent_secure_port=[PKI_AGENT_SECURE_PORT]
pkicreate.ee_secure_port=[PKI_EE_SECURE_PORT]
pkicreate.admin_secure_port=[PKI_ADMIN_SECURE_PORT]
pkicreate.secure_port=[PKI_SECURE_PORT]
pkicreate.unsecure_port=[PKI_UNSECURE_PORT]
pkicreate.tomcat_server_port=[TOMCAT_SERVER_PORT]
pkicreate.user=[PKI_USER]
pkicreate.group=[PKI_GROUP]
pkicreate.systemd.servicename=[PKI_SYSTEMD_SERVICENAME]
pkiremove.cert.subsystem.nickname=subsystemCert cert-[PKI_INSTANCE_ID]
installDate=[INSTALL_TIME]
cs.type=OCSP
admin.interface.uri=ocsp/admin/console/config/wizard
agent.interface.uri=ocsp/agent/ocsp
preop.admin.name=Online Certificate Status Manager Administrator
preop.admin.group=Online Certificate Status Manager Agents
preop.admincert.profile=caAdminCert
preop.securitydomain.admin_url=https://[PKI_MACHINE_NAME]:9445
preop.wizard.name=OCSP Setup Wizard
preop.product.name=CS
preop.product.version=@APPLICATION_VERSION@
preop.system.name=OCSP
preop.system.fullname=OCSP Responder
proxy.securePort=[PKI_PROXY_SECURE_PORT]
proxy.unsecurePort=[PKI_PROXY_UNSECURE_PORT]
preop.configModules.module0.userFriendlyName=NSS Internal PKCS #11 Module
preop.configModules.module0.commonName=NSS Internal PKCS #11 Module
preop.configModules.module0.imagePath=/pki/images/clearpixel.gif
preop.configModules.module1.userFriendlyName=nCipher's nFast Token Hardware Module
preop.configModules.module1.commonName=nfast
preop.configModules.module1.imagePath=/pki/images/clearpixel.gif
preop.configModules.module2.userFriendlyName=SafeNet's LunaSA Token Hardware Module
preop.configModules.module2.commonName=lunasa
preop.configModules.module2.imagePath=/pki/images/clearpixel.gif
preop.configModules.count=3
preop.module.token=Internal Key Storage Token
ocsp.cert.list=signing,sslserver,subsystem,audit_signing
preop.cert.list=signing,sslserver,subsystem,audit_signing
preop.cert.rsalist=audit_signing
ocsp.cert.signing.certusage=StatusResponder
ocsp.cert.sslserver.certusage=SSLServer
ocsp.cert.subsystem.certusage=SSLClient
ocsp.cert.audit_signing.certusage=ObjectSigner
preop.cert.ocsp_signing.enable=true
preop.cert.sslserver.enable=true
preop.cert.subsystem.enable=true
preop.cert.audit_signing.enable=true
preop.cert.audit_signing.defaultSigningAlgorithm=SHA256withRSA
preop.cert.audit_signing.dn=CN=OCSP Audit Signing Certificate
preop.cert.audit_signing.keysize.custom_size=2048
preop.cert.audit_signing.keysize.size=2048
preop.cert.audit_signing.nickname=auditSigningCert cert-[PKI_INSTANCE_ID]
preop.cert.audit_signing.profile=caInternalAuthAuditSigningCert
preop.cert.audit_signing.signing.required=false
preop.cert.audit_signing.subsystem=ocsp
preop.cert.audit_signing.type=remote
preop.cert.audit_signing.userfriendlyname=OCSP Audit Signing Certificate
preop.cert.audit_signing.cncomponent.override=true
preop.cert.signing.defaultSigningAlgorithm=SHA256withRSA
preop.cert.signing.dn=CN=OCSP Signing Certificate
preop.cert.signing.keysize.custom_size=2048
preop.cert.signing.keysize.size=2048
preop.cert.signing.nickname=ocspSigningCert cert-[PKI_INSTANCE_ID]
preop.cert.signing.profile=caInternalAuthOCSPCert
preop.cert.signing.signing.required=true
preop.cert.signing.subsystem=ocsp
preop.cert.signing.type=remote
preop.cert.signing.userfriendlyname=OCSP Signing Certificate
preop.cert.signing.cncomponent.override=true
preop.cert.sslserver.defaultSigningAlgorithm=SHA256withRSA
preop.cert.sslserver.dn=CN=[PKI_MACHINE_NAME]
preop.cert.sslserver.keysize.custom_size=2048
preop.cert.sslserver.keysize.size=2048
preop.cert.sslserver.nickname=Server-Cert cert-[PKI_INSTANCE_ID]
preop.cert.sslserver.profile=caInternalAuthServerCert
preop.cert.sslserver.signing.required=false
preop.cert.sslserver.subsystem=ocsp
preop.cert.sslserver.type=remote
preop.cert.sslserver.userfriendlyname=SSL Server Certificate
preop.cert.sslserver.cncomponent.override=false
preop.cert.subsystem.defaultSigningAlgorithm=SHA256withRSA
preop.cert.subsystem.dn=CN=OCSP Subsystem Certificate
preop.cert.subsystem.keysize.custom_size=2048
preop.cert.subsystem.keysize.size=2048
preop.cert.subsystem.nickname=subsystemCert cert-[PKI_INSTANCE_ID]
preop.cert.subsystem.profile=caInternalAuthSubsystemCert
preop.cert.subsystem.signing.required=false
preop.cert.subsystem.subsystem=ocsp
preop.cert.subsystem.type=remote
preop.cert.subsystem.userfriendlyname=Subsystem Certificate
preop.cert.subsystem.cncomponent.override=true
cs.state=0
authType=pwd
instanceRoot=[PKI_INSTANCE_PATH]
configurationRoot=/[PKI_SUBSYSTEM_DIR]conf/
machineName=[PKI_MACHINE_NAME]
instanceId=[PKI_INSTANCE_ID]
service.machineName=[PKI_MACHINE_NAME]
service.instanceDir=[PKI_INSTANCE_ROOT]
service.securePort=[PKI_AGENT_SECURE_PORT]
service.non_clientauth_securePort=[PKI_EE_SECURE_PORT]
service.unsecurePort=[PKI_UNSECURE_PORT]
service.instanceID=[PKI_INSTANCE_ID]
preop.pin=[PKI_RANDOM_NUMBER]
passwordFile=[PKI_INSTANCE_PATH]/conf/password.conf
passwordClass=com.netscape.cmsutil.password.PlainPasswordFile
multiroles=true
multiroles.false.groupEnforceList=Administrators,Auditors,Trusted Managers,Certificate Manager Agents,Registration Manager Agents,Data Recovery Manager Agents,Online Certificate Status Manager Agents,Token Key Service Manager Agents,Enterprise CA Administrators,Enterprise KRA Adminstrators,Enterprise OCSP Administrators,Enterprise RA Administrators,Enterprise TKS Administrators,Enterprise TPS Administrators,Security Domain Administrators,Subsystem Group
CrossCertPair._000=##
CrossCertPair._001=## CrossCertPair Import
CrossCertPair._002=##
CrossCertPair.ldap=internaldb
accessEvaluator.impl.group.class=com.netscape.cms.evaluators.GroupAccessEvaluator
accessEvaluator.impl.ipaddress.class=com.netscape.cms.evaluators.IPAddressAccessEvaluator
accessEvaluator.impl.user.class=com.netscape.cms.evaluators.UserAccessEvaluator
auths._000=##
auths._001=## new authentication
auths._002=##
auths.impl._000=##
auths.impl._001=## authentication manager implementations
auths.impl._002=##
auths.impl.AgentCertAuth.class=com.netscape.cms.authentication.AgentCertAuthentication
auths.impl.CMCAuth.class=com.netscape.cms.authentication.CMCAuth
auths.impl.NISAuth.class=com.netscape.cms.authentication.NISAuth
auths.impl.PortalEnroll.class=com.netscape.cms.authentication.PortalEnroll
auths.impl.TokenAuth.class=com.netscape.cms.authentication.TokenAuthentication
auths.impl.UdnPwdDirAuth.class=com.netscape.cms.authentication.UdnPwdDirAuthentication
auths.impl.UidPwdDirAuth.class=com.netscape.cms.authentication.UidPwdDirAuthentication
auths.impl.UidPwdPinDirAuth.class=com.netscape.cms.authentication.UidPwdPinDirAuthentication
auths.instance.AgentCertAuth.agentGroup=Certificate Manager Agents
auths.instance.AgentCertAuth.pluginName=AgentCertAuth
auths.instance.TokenAuth.pluginName=TokenAuth
auths.revocationChecking.bufferSize=50
authz._000=##
authz._001=## new authorizatioin
authz._002=##
authz.evaluateOrder=deny,allow
authz.sourceType=ldap
authz.impl._000=##
authz.impl._001=## authorization manager implementations
authz.impl._002=##
authz.impl.BasicAclAuthz.class=com.netscape.cms.authorization.BasicAclAuthz
authz.impl.DirAclAuthz.class=com.netscape.cms.authorization.DirAclAuthz
authz.instance.BasicAclAuthz.pluginName=BasicAclAuthz
authz.instance.DirAclAuthz.ldap=internaldb
authz.instance.DirAclAuthz.pluginName=DirAclAuthz
authz.instance.DirAclAuthz.ldap._000=##
authz.instance.DirAclAuthz.ldap._001=## Internal Database
authz.instance.DirAclAuthz.ldap._002=##
cmc.cert.confirmRequired=false
cmc.lraPopWitness.verify.allow=true
cmc.revokeCert.verify=true
cmc.revokeCert.sharedSecret.class=com.netscape.cms.authentication.SharedSecret
cmc.sharedSecret.class=com.netscape.cms.authentication.SharedSecret
cms.version=@APPLICATION_VERSION_MAJOR@.@APPLICATION_VERSION_MINOR@
dbs.ldap=internaldb
dbs.newSchemaEntryAdded=true
debug.append=true
debug.enabled=true
debug.filename=[PKI_INSTANCE_PATH]/logs/[PKI_SUBSYSTEM_DIR]debug
debug.hashkeytypes=
debug.level=0
debug.showcaller=false
keys.ecc.curve.list=nistp256,nistp384,nistp521,sect163k1,nistk163,sect163r1,sect163r2,nistb163,sect193r1,sect193r2,sect233k1,nistk233,sect233r1,nistb233,sect239k1,sect283k1,nistk283,sect283r1,nistb283,sect409k1,nistk409,sect409r1,nistb409,sect571k1,nistk571,sect571r1,nistb571,secp160k1,secp160r1,secp160r2,secp192k1,secp192r1,nistp192,secp224k1,secp224r1,nistp224,secp256k1,secp256r1,secp384r1,secp521r1,prime192v1,prime192v2,prime192v3,prime239v1,prime239v2,prime239v3,c2pnb163v1,c2pnb163v2,c2pnb163v3,c2pnb176v1,c2tnb191v1,c2tnb191v2,c2tnb191v3,c2pnb208w1,c2tnb239v1,c2tnb239v2,c2tnb239v3,c2pnb272w1,c2pnb304w1,c2tnb359w1,c2pnb368w1,c2tnb431r1,secp112r1,secp112r2,secp128r1,secp128r2,sect113r1,sect113r2,sect131r1,sect131r2
keys.ecc.curve.display.list=nistp256 (secp256r1),nistp384 (secp384r1),nistp521 (secp521r1),nistk163 (sect163k1),sect163r1,nistb163 (sect163r2),sect193r1,sect193r2,nistk233 (sect233k1),nistb233 (sect233r1),sect239k1,nistk283 (sect283k1),nistb283 (sect283r1),nistk409 (sect409k1),nistb409 (sect409r1),nistk571 (sect571k1),nistb571 (sect571r1),secp160k1,secp160r1,secp160r2,secp192k1,nistp192 (secp192r1, prime192v1),secp224k1,nistp224 (secp224r1),secp256k1,prime192v2,prime192v3,prime239v1,prime239v2,prime239v3,c2pnb163v1,c2pnb163v2,c2pnb163v3,c2pnb176v1,c2tnb191v1,c2tnb191v2,c2tnb191v3,c2pnb208w1,c2tnb239v1,c2tnb239v2,c2tnb239v3,c2pnb272w1,c2pnb304w1,c2tnb359w1,c2pnb368w1,c2tnb431r1,secp112r1,secp112r2,secp128r1,secp128r2,sect113r1,sect113r2,sect131r1,sect131r2
keys.ecc.curve.default=nistp256
keys.rsa.keysize.default=2048
internaldb._000=##
internaldb._001=## Internal Database
internaldb._002=##
internaldb.maxConns=15
internaldb.minConns=3
internaldb.ldapauth.authtype=BasicAuth
internaldb.ldapauth.bindDN=cn=Directory Manager
internaldb.ldapauth.bindPWPrompt=Internal LDAP Database
internaldb.ldapauth.clientCertNickname=
internaldb.ldapconn.host=
internaldb.ldapconn.port=
internaldb.ldapconn.secureConn=false
preop.internaldb.schema.ldif=/usr/share/pki/ocsp/conf/schema.ldif
preop.internaldb.ldif=/usr/share/pki/ocsp/conf/database.ldif
preop.internaldb.data_ldif=/usr/share/pki/ocsp/conf/db.ldif,/usr/share/pki/ocsp/conf/acl.ldif
preop.internaldb.index_ldif=/usr/share/pki/ocsp/conf/index.ldif
preop.internaldb.manager_ldif=/usr/share/pki/ca/conf/manager.ldif
preop.internaldb.post_ldif=
preop.internaldb.wait_dn=
internaldb.multipleSuffix.enable=false
jss._000=##
jss._001=## JSS
jss._002=##
jss.configDir=[PKI_INSTANCE_PATH]/alias/
jss.enable=true
jss.secmodName=secmod.db
jss.ocspcheck.enable=false
jss.ssl.cipherfortezza=true
jss.ssl.cipherpref=
jss.ssl.cipherversion=cipherdomestic
log._000=##
log._001=## Logging
log._002=##
log.impl.file.class=com.netscape.cms.logging.RollingLogFile
log.instance.SignedAudit._000=##
log.instance.SignedAudit._001=## Signed Audit Logging
log.instance.SignedAudit._002=##
log.instance.SignedAudit._003=##
log.instance.SignedAudit._004=## Available Audit events:
log.instance.SignedAudit._005=## AUDIT_LOG_STARTUP,AUDIT_LOG_SHUTDOWN,ROLE_ASSUME,CONFIG_CERT_POLICY,CONFIG_CERT_PROFILE,CONFIG_CRL_PROFILE,CONFIG_OCSP_PROFILE,CONFIG_AUTH,CONFIG_ROLE,CONFIG_ACL,CONFIG_SIGNED_AUDIT,CONFIG_ENCRYPTION,CONFIG_TRUSTED_PUBLIC_KEY,CONFIG_DRM,SELFTESTS_EXECUTION,AUDIT_LOG_DELETE,LOG_PATH_CHANGE,LOG_EXPIRATION_CHANGE,PRIVATE_KEY_ARCHIVE_REQUEST,PRIVATE_KEY_ARCHIVE_REQUEST_PROCESSED,PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS,PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE,KEY_RECOVERY_REQUEST,KEY_RECOVERY_REQUEST_ASYNC,KEY_RECOVERY_AGENT_LOGIN,KEY_RECOVERY_REQUEST_PROCESSED,KEY_RECOVERY_REQUEST_PROCESSED_ASYNC,KEY_GEN_ASYMMETRIC,NON_PROFILE_CERT_REQUEST,PROFILE_CERT_REQUEST,CERT_REQUEST_PROCESSED,CERT_STATUS_CHANGE_REQUEST,CERT_STATUS_CHANGE_REQUEST_PROCESSED,AUTHZ_SUCCESS,AUTHZ_FAIL,INTER_BOUNDARY,AUTH_FAIL,AUTH_SUCCESS,CERT_PROFILE_APPROVAL,PROOF_OF_POSSESSION,CRL_RETRIEVAL,CRL_VALIDATION,CMC_SIGNED_REQUEST_SIG_VERIFY,SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_FAILURE,SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_SUCCESS,SERVER_SIDE_KEYGEN_REQUEST,COMPUTE_SESSION_KEY_REQUEST,COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS, COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE,DIVERSIFY_KEY_REQUEST,DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS, DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE,ENCRYPT_DATA_REQUEST,ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS,ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE,OCSP_ADD_CA_REQUEST,OCSP_ADD_CA_REQUEST_PROCESSED,OCSP_REMOVE_CA_REQUEST,OCSP_REMOVE_CA_REQUEST_PROCESSED_SUCCESS,OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE,COMPUTE_RANDOM_DATA_REQUEST,COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_SUCCESS,COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_FAILURE,CIMC_CERT_VERIFICATION
log.instance.SignedAudit._006=##
log.instance.SignedAudit.bufferSize=512
log.instance.SignedAudit.enable=true
log.instance.SignedAudit.events=AUDIT_LOG_STARTUP,AUDIT_LOG_SHUTDOWN,ROLE_ASSUME,CONFIG_CERT_POLICY,CONFIG_CERT_PROFILE,CONFIG_CRL_PROFILE,CONFIG_OCSP_PROFILE,CONFIG_AUTH,CONFIG_ROLE,CONFIG_ACL,CONFIG_SIGNED_AUDIT,CONFIG_ENCRYPTION,CONFIG_TRUSTED_PUBLIC_KEY,CONFIG_DRM,SELFTESTS_EXECUTION,AUDIT_LOG_DELETE,LOG_PATH_CHANGE,PRIVATE_KEY_ARCHIVE_REQUEST,PRIVATE_KEY_ARCHIVE_REQUEST_PROCESSED,PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS,PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE,KEY_RECOVERY_REQUEST,KEY_RECOVERY_REQUEST_ASYNC,KEY_RECOVERY_AGENT_LOGIN,KEY_RECOVERY_REQUEST_PROCESSED,KEY_RECOVERY_REQUEST_PROCESSED_ASYNC,KEY_GEN_ASYMMETRIC,NON_PROFILE_CERT_REQUEST,PROFILE_CERT_REQUEST,CERT_REQUEST_PROCESSED,CERT_STATUS_CHANGE_REQUEST,CERT_STATUS_CHANGE_REQUEST_PROCESSED,AUTHZ_SUCCESS,AUTHZ_FAIL,INTER_BOUNDARY,AUTH_FAIL,AUTH_SUCCESS,CERT_PROFILE_APPROVAL,PROOF_OF_POSSESSION,CRL_RETRIEVAL,CRL_VALIDATION,CMC_SIGNED_REQUEST_SIG_VERIFY,SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_FAILURE,SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_SUCCESS,SERVER_SIDE_KEYGEN_REQUEST,,COMPUTE_SESSION_KEY_REQUEST,COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS, COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE,DIVERSIFY_KEY_REQUEST,DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS, DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE,ENCRYPT_DATA_REQUEST,ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS,ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE,OCSP_ADD_CA_REQUEST,OCSP_ADD_CA_REQUEST_PROCESSED,OCSP_REMOVE_CA_REQUEST,OCSP_REMOVE_CA_REQUEST_PROCESSED_SUCCESS,OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE,COMPUTE_RANDOM_DATA_REQUEST,COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_SUCCESS,COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_FAILURE,CIMC_CERT_VERIFICATION
log.instance.SignedAudit.expirationTime=0
log.instance.SignedAudit.fileName=[PKI_INSTANCE_PATH]/logs/[PKI_SUBSYSTEM_DIR]signedAudit/ocsp_cert-ocsp_audit
log.instance.SignedAudit.flushInterval=5
log.instance.SignedAudit.level=1
log.instance.SignedAudit.logSigning=false
log.instance.SignedAudit.maxFileSize=2000
log.instance.SignedAudit.pluginName=file
log.instance.SignedAudit.rolloverInterval=2592000
log.instance.SignedAudit.signedAudit:_000=##
log.instance.SignedAudit.signedAudit:_001=## Fill in the nickname of a trusted signing certificate to allow OCSP audit logs to be signed
log.instance.SignedAudit.signedAudit:_002=##
log.instance.SignedAudit.signedAuditCertNickname=auditSigningCert cert-[PKI_INSTANCE_ID]
log.instance.SignedAudit.type=signedAudit
log.instance.System._000=##
log.instance.System._001=## System Logging
log.instance.System._002=##
log.instance.System.bufferSize=512
log.instance.System.enable=true
log.instance.System.expirationTime=0
log.instance.System.fileName=[PKI_INSTANCE_PATH]/logs/[PKI_SUBSYSTEM_DIR]system
log.instance.System.flushInterval=5
log.instance.System.level=3
log.instance.System.maxFileSize=2000
log.instance.System.pluginName=file
log.instance.System.rolloverInterval=2592000
log.instance.System.type=system
log.instance.Transactions._000=##
log.instance.Transactions._001=## Transaction Logging
log.instance.Transactions._002=##
log.instance.Transactions.bufferSize=512
log.instance.Transactions.enable=true
log.instance.Transactions.expirationTime=0
log.instance.Transactions.fileName=[PKI_INSTANCE_PATH]/logs/[PKI_SUBSYSTEM_DIR]transactions
log.instance.Transactions.flushInterval=5
log.instance.Transactions.level=1
log.instance.Transactions.maxFileSize=2000
log.instance.Transactions.pluginName=file
log.instance.Transactions.rolloverInterval=2592000
log.instance.Transactions.type=transaction
logAudit.fileName=[PKI_INSTANCE_PATH]/logs/[PKI_SUBSYSTEM_DIR]access
logError.fileName=[PKI_INSTANCE_PATH]/logs/[PKI_SUBSYSTEM_DIR]error
ocsp.certNickname=
ocsp.storeId=defStore
ocsp.signing.certnickname=
ocsp.signing.defaultSigningAlgorithm=SHA256withRSA
ocsp.signing.tokenname=internal
ocsp.store.defStore.class=com.netscape.cms.ocsp.DefStore
ocsp.store.defStore.includeNextUpdate=false
ocsp.store.defStore.notFoundAsGood=true
ocsp.store.ldapStore.class=com.netscape.cms.ocsp.LDAPStore
oidmap.auth_info_access.class=netscape.security.extensions.AuthInfoAccessExtension
oidmap.auth_info_access.oid=1.3.6.1.5.5.7.1.1
oidmap.challenge_password.class=com.netscape.cms.servlet.cert.scep.ChallengePassword
oidmap.challenge_password.oid=1.2.840.113549.1.9.7
oidmap.extended_key_usage.class=netscape.security.extensions.ExtendedKeyUsageExtension
oidmap.extended_key_usage.oid=2.5.29.37
oidmap.extensions_requested_pkcs9.class=com.netscape.cms.servlet.cert.scep.ExtensionsRequested
oidmap.extensions_requested_pkcs9.oid=1.2.840.113549.1.9.14
oidmap.extensions_requested_vsgn.class=com.netscape.cms.servlet.cert.scep.ExtensionsRequested
oidmap.extensions_requested_vsgn.oid=2.16.840.1.113733.1.9.8
oidmap.netscape_comment.class=netscape.security.x509.NSCCommentExtension
oidmap.netscape_comment.oid=2.16.840.1.113730.1.13
oidmap.ocsp_no_check.class=netscape.security.extensions.OCSPNoCheckExtension
oidmap.ocsp_no_check.oid=1.3.6.1.5.5.7.48.1.5
oidmap.pse.class=netscape.security.extensions.PresenceServerExtension
oidmap.pse.oid=2.16.840.1.113730.1.18
oidmap.subject_info_access.class=netscape.security.extensions.SubjectInfoAccessExtension
oidmap.subject_info_access.oid=1.3.6.1.5.5.7.1.11
os.serverName=cert-[PKI_INSTANCE_ID]
os.userid=nobody
registry.file=[PKI_INSTANCE_PATH]/conf/registry.cfg
selftests._000=##
selftests._001=## Self Tests
selftests._002=##
selftests._003=## The Self-Test plugin SystemCertsVerification uses the
selftests._004=## following parameters (where certusage is optional):
selftests._005=## ocsp.cert.list = <list of cert tag names deliminated by ",">
selftests._006=## ocsp.cert.<cert tag name>.nickname
selftests._007=## ocsp.cert.<cert tag name>.certusage
selftests._008=##
selftests.container.instance.OCSPPresence=com.netscape.cms.selftests.ocsp.OCSPPresence
selftests.container.instance.OCSPValidity=com.netscape.cms.selftests.ocsp.OCSPValidity
selftests.container.instance.SystemCertsVerification=com.netscape.cms.selftests.common.SystemCertsVerification
selftests.container.logger.bufferSize=512
selftests.container.logger.class=com.netscape.cms.logging.RollingLogFile
selftests.container.logger.enable=true
selftests.container.logger.expirationTime=0
selftests.container.logger.fileName=[PKI_INSTANCE_PATH]/logs/[PKI_SUBSYSTEM_DIR]selftests.log
selftests.container.logger.flushInterval=5
selftests.container.logger.level=1
selftests.container.logger.maxFileSize=2000
selftests.container.logger.register=false
selftests.container.logger.rolloverInterval=2592000
selftests.container.logger.type=transaction
selftests.container.order.onDemand=OCSPPresence:critical, SystemCertsVerification:critical, OCSPValidity:critical
selftests.container.order.startup=OCSPPresence:critical, SystemCertsVerification:critical
selftests.plugin.OCSPPresence.OcspSubId=ocsp
selftests.plugin.OCSPValidity.OcspSubId=ocsp
selftests.plugin.SystemCertsVerification.SubId=ocsp
smtp.host=localhost
smtp.port=25
subsystem.0.class=com.netscape.ocsp.OCSPAuthority
subsystem.0.id=ocsp
subsystem.1.class=com.netscape.cmscore.selftests.SelfTestSubsystem
subsystem.1.id=selftests
subsystem.2.class=com.netscape.cmscore.util.StatsSubsystem
subsystem.2.id=stats
usrgrp._000=##
usrgrp._001=## User/Group
usrgrp._002=##
usrgrp.ldap=internaldb
multiroles._000=##
multiroles._001=## multiroles
multiroles._002=##
multiroles.enable=true
multiroles.false.groupEnforceList=Administrators,Auditors,Trusted Managers,Certificate Manager Agents,Registration Manager Agents,Data Recovery Manager Agents,Online Certificate Status Manager Agents,Token Key Service Manager Agents,Enterprise CA Administrators,Enterprise KRA Administrators,Enterprise OCSP Administrators,Enterprise RA Administrators,Enterprise TKS Administrators,Enterprise TPS Administrators,Security Domain Administrators,Subsystem Group,ClonedSubsystems