summaryrefslogtreecommitdiffstats
path: root/base/ra/doc/CS.cfg.in
blob: 702dda90b18161c124f3ca912402bfa5dc0860dd (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
_000=##
_001=## Registration Authority (RA) Configuration File
_002=##
pidDir=[PKI_PIDDIR]
pkicreate.pki_instance_root=[PKI_INSTANCE_ROOT]
pkicreate.pki_instance_name=[PKI_INSTANCE_ID]
pkicreate.subsystem_type=[PKI_SUBSYSTEM_TYPE]
pkicreate.secure_port=[SECURE_PORT]
pkicreate.non_clientauth_secure_port=[NON_CLIENTAUTH_SECURE_PORT]
pkicreate.unsecure_port=[PORT]
pkicreate.user=[PKI_USER]
pkicreate.group=[PKI_GROUP]
pkiremove.cert.subsystem.nickname=subsystemCert cert-[PKI_INSTANCE_ID]
request._000=#########################################
request._001=# Request Queue Parameters
request._002=#########################################
agent.authorized_groups=administrators,agents
admin.authorized_groups=administrators
database.dbfile=[SERVER_ROOT]/conf/dbfile
database.lockfile=[SERVER_ROOT]/conf/dblock
request.renewal.approve_request.0.ca=ca1
request.renewal.approve_request.0.plugin=PKI::Request::Plugin::RequestToCA
request.renewal.approve_request.0.profileId=caDualRAuserCert
request.renewal.approve_request.0.reqType=crmf
request.renewal.approve_request.1.mailTo=$created_by
request.renewal.approve_request.1.plugin=PKI::Request::Plugin::EmailNotification
request.renewal.approve_request.1.templateDir=/usr/share/pki/ra/conf
request.renewal.approve_request.1.templateFile=mail_approve_request.vm
request.renewal.approve_request.num_plugins=2
request.renewal.reject_request.num_plugins=0
request.renewal.create_request.0.assignTo=agents
request.renewal.create_request.0.plugin=PKI::Request::Plugin::AutoAssign
request.renewal.create_request.1.mailTo=$created_by
request.renewal.create_request.1.plugin=PKI::Request::Plugin::EmailNotification
request.renewal.create_request.1.templateDir=/usr/share/pki/ra/conf
request.renewal.create_request.1.templateFile=mail_create_request.vm
request.renewal.create_request.num_plugins=2
request.scep.profileId=caRARouterCert
request.scep.reqType=pkcs10
request.scep.create_request.num_plugins=2
request.scep.create_request.0.plugin=PKI::Request::Plugin::AutoAssign
request.scep.create_request.0.assignTo=agents
request.scep.create_request.1.plugin=PKI::Request::Plugin::EmailNotification
request.scep.create_request.1.mailTo=
request.scep.create_request.1.templateDir=/usr/share/pki/ra/conf
request.scep.create_request.1.templateFile=mail_create_request.vm
request.scep.approve_request.num_plugins=1
request.scep.approve_request.0.plugin=PKI::Request::Plugin::CreatePin
request.scep.approve_request.0.pinFormat=$site_id
request.scep.reject_request.num_plugins=0
request.agent.profileId=caRAagentCert
request.agent.reqType=crmf
request.agent.create_request.num_plugins=2
request.agent.create_request.0.plugin=PKI::Request::Plugin::AutoAssign
request.agent.create_request.0.assignTo=agents
request.agent.create_request.1.plugin=PKI::Request::Plugin::EmailNotification
request.agent.create_request.1.mailTo=
request.agent.create_request.1.templateDir=/usr/share/pki/ra/conf
request.agent.create_request.1.templateFile=mail_create_request.vm
request.agent.approve_request.num_plugins=1
request.agent.approve_request.0.plugin=PKI::Request::Plugin::CreatePin
request.agent.approve_request.0.pinFormat=$uid
request.agent.reject_request.num_plugins=0
request.user.create_request.num_plugins=2
request.user.create_request.0.plugin=PKI::Request::Plugin::AutoAssign
request.user.create_request.0.assignTo=agents
request.user.create_request.1.plugin=PKI::Request::Plugin::EmailNotification
request.user.create_request.1.templateDir=/usr/share/pki/ra/conf
request.user.create_request.1.templateFile=mail_create_request.vm
request.user.create_request.1.mailTo=
request.user.approve_request.num_plugins=2
request.user.approve_request.0.plugin=PKI::Request::Plugin::RequestToCA
request.user.approve_request.0.ca=ca1
request.user.approve_request.0.profileId=caDualRAuserCert
request.user.approve_request.0.reqType=crmf
request.user.approve_request.1.plugin=PKI::Request::Plugin::EmailNotification
request.user.approve_request.1.mailTo=$created_by
request.user.approve_request.1.templateDir=/usr/share/pki/ra/conf
request.user.approve_request.1.templateFile=mail_approve_request.vm
request.user.reject_request.num_plugins=0
request.server.create_request.num_plugins=2
request.server.create_request.0.plugin=PKI::Request::Plugin::AutoAssign
request.server.create_request.0.assignTo=agents
request.server.create_request.1.plugin=PKI::Request::Plugin::EmailNotification
request.server.create_request.1.mailTo=
request.server.create_request.1.templateDir=/usr/share/pki/ra/conf
request.server.create_request.1.templateFile=mail_create_request.vm
request.server.approve_request.num_plugins=2
request.server.approve_request.0.plugin=PKI::Request::Plugin::RequestToCA
request.server.approve_request.0.ca=ca1
request.server.approve_request.0.profileId=caRAserverCert
request.server.approve_request.0.reqType=pkcs10
request.server.approve_request.1.plugin=PKI::Request::Plugin::EmailNotification
request.server.approve_request.1.mailTo=$created_by
request.server.approve_request.1.templateDir=/usr/share/pki/ra/conf
request.server.approve_request.1.templateFile=mail_approve_request.vm
request.server.reject_request.num_plugins=0
cs.type=RA
service.machineName=[SERVER_NAME]
service.instanceDir=[SERVER_ROOT]
service.securePort=[SECURE_PORT]
service.non_clientauth_securePort=[NON_CLIENTAUTH_SECURE_PORT]
service.unsecurePort=[PORT]
service.instanceID=[PKI_INSTANCE_ID]
logging._000=#########################################
logging._001=# RA configuration File
logging._002=#
logging._003=# All <...> must be replaced with
logging._004=# appropriate values.
logging._005=#########################################
logging._006=########################################
logging._007=# logging
logging._008=#
logging._009=# logging.debug.enable:
logging._010=# logging.audit.enable:
logging._011=# logging.error.enable:
logging._012=#   - enable or disable the corresponding logging
logging._013=# logging.debug.filename:
logging._014=# logging.audit.filename:
logging._015=# logging.error.filename:
logging._016=#   - name of the log file
logging._017=# logging.debug.level:
logging._018=# logging.audit.level:
logging._019=# logging.error.level:
logging._020=#   - level of logging. (0-10)
logging._021=#      0 - no logging,
logging._022=#      4 - LL_PER_SERVER       these messages will occur only once
logging._023=#                              during the entire invocation of the
logging._024=#                              server, e. g. at startup or shutdown
logging._025=#                              time., reading the conf parameters.
logging._026=#                              Perhaps other infrequent events
logging._027=#                              relating to failing over of CA, TKS,
logging._028=#                              too
logging._029=#      6 - LL_PER_CONNECTION   these messages happen once per
logging._030=#                              connection - most of the log events
logging._031=#                              will be at this level
logging._032=#      8 - LL_PER_PDU          these messages relate to PDU
logging._033=#                              processing. If you have something that
logging._034=#                              is done for every PDU, such as
logging._035=#                              applying the MAC, it should be logged
logging._036=#                              at this level
logging._037=#      9 - LL_ALL_DATA_IN_PDU  dump all the data in the PDU - a more
logging._038=#                              chatty version of the above
logging._039=#     10 - all logging
logging._040=#########################################
logging.debug.enable=true
logging.debug.filename=[SERVER_ROOT]/logs/ra-debug.log
logging.debug.level=7
logging.audit.enable=true
logging.audit.filename=[SERVER_ROOT]/logs/ra-audit.log
logging.audit.level=10
logging.error.enable=true
logging.error.filename=[SERVER_ROOT]/logs/ra-error.log
logging.error.level=10
conn.ca1._000=#########################################
conn.ca1._001=# CA connection
conn.ca1._002=#
conn.ca1._003=# conn.ca<n>.hostport:
conn.ca1._004=#   - host name and port number of your CA, format is host:port
conn.ca1._005=# conn.ca<n>.clientNickname:
conn.ca1._006=#   - nickname of the client certificate for
conn.ca1._007=#     authentication
conn.ca1._008=# conn.ca<n>.servlet.enrollment:
conn.ca1._009=#   - servlet to contact in CA
conn.ca1._010=#   - must be '/ca/ee/ca/profileSubmitSSLClient'
conn.ca1._008=# conn.ca<n>.servlet.addagent:
conn.ca1._009=#   - servlet to add ra agent on CA
conn.ca1._010=#   - must be '/ca/admin/ca/registerRaUser
conn.ca1._011=# conn.ca<n>.retryConnect:
conn.ca1._012=#   - number of reconnection attempts on failure
conn.ca1._013=# conn.ca<n>.timeout:
conn.ca1._014=#   - connection timeout
conn.ca1._015=# conn.ca<n>.SSLOn:
conn.ca1._016=#   - enable SSL or not
conn.ca1._017=# conn.ca<n>.keepAlive:
conn.ca1._018=#   - enable keep alive or not
conn.ca1._019=#
conn.ca1._020=# where
conn.ca1._021=#  <n>  - CA connection ID
conn.ca1._022=#########################################
failover.pod.enable=false
conn.ca1.hostport=[CA_HOST]:[CA_PORT]
conn.ca1.clientNickname=[HSM_LABEL][NICKNAME]
conn.ca1.servlet.enrollment=/ca/ee/ca/profileSubmitSSLClient
conn.ca1.servlet.addagent=/ca/admin/ca/registerRaUser
conn.ca1.servlet.revoke=/ca/subsystem/ca/doRevoke
conn.ca1.servlet.unrevoke=/ca/subsystem/ca/doUnrevoke
conn.ca1.retryConnect=3
conn.ca1.timeout=100
conn.ca1.SSLOn=true
conn.ca1.keepAlive=true
preop.pin=[PKI_RANDOM_NUMBER]
preop.product.version=@APPLICATION_VERSION@
preop.cert._000=#########################################
preop.cert._001=# Installation configuration "preop" certs parameters
preop.cert._002=#########################################
preop.cert.list=sslserver,subsystem
preop.cert.sslserver.enable=true
preop.cert.subsystem.enable=true
preop.cert.sslserver.defaultSigningAlgorithm=SHA256withRSA
preop.cert.sslserver.dn=CN=[SERVER_NAME], OU=[PKI_INSTANCE_ID]
preop.cert.sslserver.keysize.customsize=2048
preop.cert.sslserver.keysize.size=2048
preop.cert.sslserver.keysize.select=custom
preop.cert.sslserver.nickname=Server-Cert cert-[PKI_INSTANCE_ID]
preop.cert.sslserver.profile=caInternalAuthServerCert
preop.cert.sslserver.subsystem=ra
preop.cert._003=#preop.cert.sslserver.type=local
preop.cert.sslserver.userfriendlyname=SSL Server Certificate
preop.cert._004=#preop.cert.sslserver.cncomponent.override=false
preop.cert.subsystem.defaultSigningAlgorithm=SHA256withRSA
preop.cert.subsystem.dn=CN=RA Subsystem Certificate, OU=[PKI_INSTANCE_ID]
preop.cert.subsystem.keysize.customsize=2048
preop.cert.subsystem.keysize.size=2048
preop.cert.subsystem.keysize.select=custom
preop.cert.subsystem.nickname=subsystemCert cert-[PKI_INSTANCE_ID]
preop.cert.subsystem.profile=caInternalAuthSubsystemCert
preop.cert.subsystem.subsystem=ra
preop.cert._005=#preop.cert.subsystem.type=local
preop.cert.subsystem.userfriendlyname=Subsystem Certificate
preop.cert._006=#preop.cert.subsystem.cncomponent.override=true
preop.configModules._000=#########################################
preop.configModules._001=# Installation configuration "preop" module parameters
preop.configModules._002=#########################################
preop.configModules.count=3
preop.configModules.module0.commonName=NSS Internal PKCS #11 Module
preop.configModules.module0.imagePath=../img/clearpixel.gif
preop.configModules.module0.userFriendlyName=NSS Internal PKCS #11 Module
preop.configModules.module1.commonName=nfast
preop.configModules.module1.imagePath=../img/clearpixel.gif
preop.configModules.module1.userFriendlyName=nCipher's nFast Token Hardware Module
preop.configModules.module2.commonName=lunasa
preop.configModules.module2.imagePath=../img/clearpixel.gif
preop.configModules.module2.userFriendlyName=SafeNet's LunaSA Token Hardware Module
preop.module.token=NSS Certificate DB
preop.keysize._000=#########################################
preop.keysize._001=# Installation configuration "preop" keysize parameters
preop.keysize._002=#########################################
preop.keysize.customsize=2048
preop.keysize.select=default
preop.keysize.size=2048
preop.keysize.ecc.size=256