summaryrefslogtreecommitdiffstats
path: root/base/tks/shared/conf/CS.cfg.in
blob: 7f11c4b18829c2f5f8360b705a7018c82e0fce26 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
_000=##
_001=## Token Key Service (TKS) Configuration File
_002=##
pidDir=[PKI_PIDDIR]
pkicreate.pki_instance_root=[PKI_INSTANCE_ROOT]
pkicreate.pki_instance_name=[PKI_INSTANCE_ID]
pkicreate.subsystem_type=[PKI_SUBSYSTEM_TYPE]
pkicreate.agent_secure_port=[PKI_AGENT_SECURE_PORT]
pkicreate.ee_secure_port=[PKI_EE_SECURE_PORT]
pkicreate.admin_secure_port=[PKI_ADMIN_SECURE_PORT]
pkicreate.secure_port=[PKI_SECURE_PORT]
pkicreate.unsecure_port=[PKI_UNSECURE_PORT]
pkicreate.tomcat_server_port=[TOMCAT_SERVER_PORT]
pkicreate.user=[PKI_USER]
pkicreate.group=[PKI_GROUP]
pkicreate.systemd.servicename=[PKI_SYSTEMD_SERVICENAME]
pkiremove.cert.subsystem.nickname=subsystemCert cert-[PKI_INSTANCE_ID]
installDate=[INSTALL_TIME]
cs.type=TKS
admin.interface.uri=tks/admin/console/config/wizard
preop.admin.name=Token Key Service Manager Administrator
preop.admin.group=Token Key Service Manager Agents
preop.admincert.profile=caAdminCert
preop.securitydomain.admin_url=https://[PKI_MACHINE_NAME]:9445
preop.wizard.name=TKS Setup Wizard
preop.system.name=TKS
preop.product.name=CS
preop.product.version=@APPLICATION_VERSION@
preop.system.fullname=Token Key Service
proxy.securePort=[PKI_PROXY_SECURE_PORT]
proxy.unsecurePort=[PKI_PROXY_UNSECURE_PORT]
tks.cert.list=sslserver,subsystem,audit_signing
tks.cert.sslserver.certusage=SSLServer
tks.cert.subsystem.certusage=SSLClient
tks.cert.audit_signing.certusage=ObjectSigner
preop.cert.list=sslserver,subsystem,audit_signing
preop.cert.rsalist=audit_signing
preop.cert.sslserver.enable=true
preop.cert.subsystem.enable=true
preop.cert.audit_signing.enable=true
preop.cert.audit_signing.defaultSigningAlgorithm=SHA256withRSA
preop.cert.audit_signing.dn=CN=TKS Audit Signing Certificate
preop.cert.audit_signing.keysize.custom_size=2048
preop.cert.audit_signing.keysize.size=2048
preop.cert.audit_signing.nickname=auditSigningCert cert-[PKI_INSTANCE_ID]
preop.cert.audit_signing.profile=caInternalAuthAuditSigningCert
preop.cert.audit_signing.signing.required=false
preop.cert.audit_signing.subsystem=tks
preop.cert.audit_signing.type=remote
preop.cert.audit_signing.userfriendlyname=TKS Audit Signing Certificate
preop.cert.audit_signing.cncomponent.override=true
preop.cert.sslserver.defaultSigningAlgorithm=SHA256withRSA
preop.cert.sslserver.dn=CN=[PKI_MACHINE_NAME]
preop.cert.sslserver.keysize.custom_size=2048
preop.cert.sslserver.keysize.size=2048
preop.cert.sslserver.nickname=Server-Cert cert-[PKI_INSTANCE_ID]
preop.cert.sslserver.profile=caInternalAuthServerCert
preop.cert.sslserver.signing.required=false
preop.cert.sslserver.subsystem=tks
preop.cert.sslserver.type=remote
preop.cert.sslserver.userfriendlyname=SSL Server Certificate
preop.cert.sslserver.cncomponent.override=false
preop.cert.subsystem.defaultSigningAlgorithm=SHA256withRSA
preop.cert.subsystem.dn=CN=TKS Subsystem Certificate
preop.cert.subsystem.keysize.custom_size=2048
preop.cert.subsystem.keysize.size=2048
preop.cert.subsystem.nickname=subsystemCert cert-[PKI_INSTANCE_ID]
preop.cert.subsystem.profile=caInternalAuthSubsystemCert
preop.cert.subsystem.signing.required=false
preop.cert.subsystem.subsystem=tks
preop.cert.subsystem.type=remote
preop.cert.subsystem.userfriendlyname=Subsystem Certificate
preop.cert.subsystem.cncomponent.override=true
preop.cert.admin.defaultSigningAlgorithm=SHA256withRSA
preop.cert.admin.dn=uid=admin,cn=admin
preop.cert.admin.keysize.custom_size=2048
preop.cert.admin.keysize.size=2048
preop.cert.admin.profile=adminCert.profile
preop.hierarchy.profile=caCert.profile
preop.configModules.module0.userFriendlyName=NSS Internal PKCS #11 Module
preop.configModules.module0.commonName=NSS Internal PKCS #11 Module
preop.configModules.module0.imagePath=../img/clearpixel.gif
preop.configModules.module1.userFriendlyName=nCipher's nFast Token Hardware Module
preop.configModules.module1.commonName=nfast
preop.configModules.module1.imagePath=../img/clearpixel.gif
preop.configModules.module2.userFriendlyName=SafeNet's LunaSA Token Hardware Module
preop.configModules.module2.commonName=lunasa
preop.configModules.module2.imagePath=../img/clearpixel.gif
preop.configModules.count=3
preop.module.token=Internal Key Storage Token
cs.state=0
authType=pwd
instanceRoot=[PKI_INSTANCE_PATH]
configurationRoot=/[PKI_SUBSYSTEM_DIR]conf/
machineName=[PKI_MACHINE_NAME]
instanceId=[PKI_INSTANCE_ID]
preop.pin=[PKI_RANDOM_NUMBER]
service.machineName=[PKI_MACHINE_NAME]
service.instanceDir=[PKI_INSTANCE_ROOT]
service.securePort=[PKI_AGENT_SECURE_PORT]
service.non_clientauth_securePort=[PKI_EE_SECURE_PORT]
service.unsecurePort=[PKI_UNSECURE_PORT]
service.instanceID=[PKI_INSTANCE_ID]
passwordFile=[PKI_INSTANCE_PATH]/conf/password.conf
passwordClass=com.netscape.cmsutil.password.PlainPasswordFile
multiroles=true
multiroles.false.groupEnforceList=Administrators,Auditors,Trusted Managers,Certificate Manager Agents,Registration Manager Agents,Data Recovery Manager Agents,Online Certificate Status Manager Agents,Token Key Service Manager Agents,Enterprise CA Administrators,Enterprise KRA Adminstrators,Enterprise OCSP Administrators,Enterprise RA Administrators,Enterprise TKS Administrators,Enterprise TPS Administrators,Security Domain Administrators,Subsystem Group
CrossCertPair._000=##
CrossCertPair._001=## CrossCertPair Import
CrossCertPair._002=##
CrossCertPair.ldap=internaldb
accessEvaluator.impl.group.class=com.netscape.cms.evaluators.GroupAccessEvaluator
accessEvaluator.impl.ipaddress.class=com.netscape.cms.evaluators.IPAddressAccessEvaluator
accessEvaluator.impl.user.class=com.netscape.cms.evaluators.UserAccessEvaluator
auths._000=##
auths._001=## new authentication
auths._002=##
auths.impl._000=##
auths.impl._001=## authentication manager implementations
auths.impl._002=##
auths.impl.AgentCertAuth.class=com.netscape.cms.authentication.AgentCertAuthentication
auths.impl.CMCAuth.class=com.netscape.cms.authentication.CMCAuth
auths.impl.NISAuth.class=com.netscape.cms.authentication.NISAuth
auths.impl.PortalEnroll.class=com.netscape.cms.authentication.PortalEnroll
auths.impl.TokenAuth.class=com.netscape.cms.authentication.TokenAuthentication
auths.impl.UdnPwdDirAuth.class=com.netscape.cms.authentication.UdnPwdDirAuthentication
auths.impl.UidPwdDirAuth.class=com.netscape.cms.authentication.UidPwdDirAuthentication
auths.impl.UidPwdPinDirAuth.class=com.netscape.cms.authentication.UidPwdPinDirAuthentication
auths.instance.AgentCertAuth.agentGroup=Certificate Manager Agents
auths.instance.AgentCertAuth.pluginName=AgentCertAuth
auths.instance.TokenAuth.pluginName=TokenAuth
auths.revocationChecking.bufferSize=50
authz._000=##
authz._001=## new authorizatioin
authz._002=##
authz.evaluateOrder=deny,allow
authz.sourceType=ldap
authz.impl._000=##
authz.impl._001=## authorization manager implementations
authz.impl._002=##
authz.impl.BasicAclAuthz.class=com.netscape.cms.authorization.BasicAclAuthz
authz.impl.DirAclAuthz.class=com.netscape.cms.authorization.DirAclAuthz
authz.instance.BasicAclAuthz.pluginName=BasicAclAuthz
authz.instance.DirAclAuthz.ldap=internaldb
authz.instance.DirAclAuthz.pluginName=DirAclAuthz
authz.instance.DirAclAuthz.ldap._000=##
authz.instance.DirAclAuthz.ldap._001=## Internal Database
authz.instance.DirAclAuthz.ldap._002=##
cardcryptogram.validate.enable=true
cmc.cert.confirmRequired=false
cmc.lraPopWitness.verify.allow=true
cmc.revokeCert.verify=true
cmc.revokeCert.sharedSecret.class=com.netscape.cms.authentication.SharedSecret
cmc.sharedSecret.class=com.netscape.cms.authentication.SharedSecret
cms.version=@APPLICATION_VERSION_MAJOR@.@APPLICATION_VERSION_MINOR@
dbs.ldap=internaldb
dbs.newSchemaEntryAdded=true
debug.append=true
debug.enabled=true
debug.filename=[PKI_INSTANCE_PATH]/logs/[PKI_SUBSYSTEM_DIR]debug
debug.hashkeytypes=
debug.level=0
debug.showcaller=false
keys.ecc.curve.list=nistp256,nistp384,nistp521,sect163k1,nistk163,sect163r1,sect163r2,nistb163,sect193r1,sect193r2,sect233k1,nistk233,sect233r1,nistb233,sect239k1,sect283k1,nistk283,sect283r1,nistb283,sect409k1,nistk409,sect409r1,nistb409,sect571k1,nistk571,sect571r1,nistb571,secp160k1,secp160r1,secp160r2,secp192k1,secp192r1,nistp192,secp224k1,secp224r1,nistp224,secp256k1,secp256r1,secp384r1,secp521r1,prime192v1,prime192v2,prime192v3,prime239v1,prime239v2,prime239v3,c2pnb163v1,c2pnb163v2,c2pnb163v3,c2pnb176v1,c2tnb191v1,c2tnb191v2,c2tnb191v3,c2pnb208w1,c2tnb239v1,c2tnb239v2,c2tnb239v3,c2pnb272w1,c2pnb304w1,c2tnb359w1,c2pnb368w1,c2tnb431r1,secp112r1,secp112r2,secp128r1,secp128r2,sect113r1,sect113r2,sect131r1,sect131r2
keys.ecc.curve.display.list=nistp256 (secp256r1),nistp384 (secp384r1),nistp521 (secp521r1),nistk163 (sect163k1),sect163r1,nistb163 (sect163r2),sect193r1,sect193r2,nistk233 (sect233k1),nistb233 (sect233r1),sect239k1,nistk283 (sect283k1),nistb283 (sect283r1),nistk409 (sect409k1),nistb409 (sect409r1),nistk571 (sect571k1),nistb571 (sect571r1),secp160k1,secp160r1,secp160r2,secp192k1,nistp192 (secp192r1, prime192v1),secp224k1,nistp224 (secp224r1),secp256k1,prime192v2,prime192v3,prime239v1,prime239v2,prime239v3,c2pnb163v1,c2pnb163v2,c2pnb163v3,c2pnb176v1,c2tnb191v1,c2tnb191v2,c2tnb191v3,c2pnb208w1,c2tnb239v1,c2tnb239v2,c2tnb239v3,c2pnb272w1,c2pnb304w1,c2tnb359w1,c2pnb368w1,c2tnb431r1,secp112r1,secp112r2,secp128r1,secp128r2,sect113r1,sect113r2,sect131r1,sect131r2
keys.ecc.curve.default=nistp256
keys.rsa.keysize.default=2048
internaldb._000=##
internaldb._001=## Internal Database
internaldb._002=##
internaldb.maxConns=15
internaldb.minConns=3
internaldb.ldapauth.authtype=BasicAuth
internaldb.ldapauth.bindDN=cn=Directory Manager
internaldb.ldapauth.bindPWPrompt=Internal LDAP Database
internaldb.ldapauth.clientCertNickname=
internaldb.ldapconn.host=
internaldb.ldapconn.port=
internaldb.ldapconn.secureConn=false
preop.internaldb.schema.ldif=/usr/share/pki/tks/conf/schema.ldif
preop.internaldb.ldif=/usr/share/pki/tks/conf/database.ldif
preop.internaldb.data_ldif=/usr/share/pki/tks/conf/db.ldif,/usr/share/pki/tks/conf/acl.ldif
preop.internaldb.index_ldif=/usr/share/pki/tks/conf/index.ldif
preop.internaldb.manager_ldif=/usr/share/pki/ca/conf/manager.ldif
preop.internaldb.post_ldif=
preop.internaldb.wait_dn=
internaldb.multipleSuffix.enable=false
jss._000=##
jss._001=## JSS
jss._002=##
jss.configDir=[PKI_INSTANCE_PATH]/alias/
jss.enable=true
jss.secmodName=secmod.db
jss.ocspcheck.enable=false
jss.ssl.cipherfortezza=true
jss.ssl.cipherpref=
jss.ssl.cipherversion=cipherdomestic
log._000=##
log._001=## Logging
log._002=##
log.impl.file.class=com.netscape.cms.logging.RollingLogFile
log.instance.SignedAudit._000=##
log.instance.SignedAudit._001=## Signed Audit Logging
log.instance.SignedAudit._002=##
log.instance.SignedAudit._003=##
log.instance.SignedAudit._004=## Available Audit events:
log.instance.SignedAudit._005=## AUDIT_LOG_STARTUP,AUDIT_LOG_SHUTDOWN,ROLE_ASSUME,CONFIG_CERT_POLICY,CONFIG_CERT_PROFILE,CONFIG_CRL_PROFILE,CONFIG_OCSP_PROFILE,CONFIG_AUTH,CONFIG_ROLE,CONFIG_ACL,CONFIG_SIGNED_AUDIT,CONFIG_ENCRYPTION,CONFIG_TRUSTED_PUBLIC_KEY,CONFIG_DRM,SELFTESTS_EXECUTION,AUDIT_LOG_DELETE,LOG_PATH_CHANGE,LOG_EXPIRATION_CHANGE,PRIVATE_KEY_ARCHIVE_REQUEST,PRIVATE_KEY_ARCHIVE_REQUEST_PROCESSED,PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS,PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE,KEY_RECOVERY_REQUEST,KEY_RECOVERY_REQUEST_ASYNC,KEY_RECOVERY_AGENT_LOGIN,KEY_RECOVERY_REQUEST_PROCESSED,KEY_RECOVERY_REQUEST_PROCESSED_ASYNC,KEY_GEN_ASYMMETRIC,NON_PROFILE_CERT_REQUEST,PROFILE_CERT_REQUEST,CERT_REQUEST_PROCESSED,CERT_STATUS_CHANGE_REQUEST,CERT_STATUS_CHANGE_REQUEST_PROCESSED,AUTHZ_SUCCESS,AUTHZ_FAIL,INTER_BOUNDARY,AUTH_FAIL,AUTH_SUCCESS,CERT_PROFILE_APPROVAL,PROOF_OF_POSSESSION,CRL_RETRIEVAL,CRL_VALIDATION,CMC_SIGNED_REQUEST_SIG_VERIFY,SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_FAILURE,SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_SUCCESS,SERVER_SIDE_KEYGEN_REQUEST,COMPUTE_SESSION_KEY_REQUEST,COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS, COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE,DIVERSIFY_KEY_REQUEST,DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS, DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE,ENCRYPT_DATA_REQUEST,ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS,ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE,OCSP_ADD_CA_REQUEST,OCSP_ADD_CA_REQUEST_PROCESSED,OCSP_REMOVE_CA_REQUEST,OCSP_REMOVE_CA_REQUEST_PROCESSED_SUCCESS,OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE,COMPUTE_RANDOM_DATA_REQUEST,COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_SUCCESS,COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_FAILURE,CIMC_CERT_VERIFICATION
log.instance.SignedAudit._006=##
log.instance.SignedAudit.bufferSize=512
log.instance.SignedAudit.enable=true
log.instance.SignedAudit.events=AUDIT_LOG_STARTUP,AUDIT_LOG_SHUTDOWN,ROLE_ASSUME,CONFIG_CERT_POLICY,CONFIG_CERT_PROFILE,CONFIG_CRL_PROFILE,CONFIG_OCSP_PROFILE,CONFIG_AUTH,CONFIG_ROLE,CONFIG_ACL,CONFIG_SIGNED_AUDIT,CONFIG_ENCRYPTION,CONFIG_TRUSTED_PUBLIC_KEY,CONFIG_DRM,SELFTESTS_EXECUTION,AUDIT_LOG_DELETE,LOG_PATH_CHANGE,PRIVATE_KEY_ARCHIVE_REQUEST,PRIVATE_KEY_ARCHIVE_REQUEST_PROCESSED,PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS,PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE,KEY_RECOVERY_REQUEST,KEY_RECOVERY_REQUEST_ASYNC,KEY_RECOVERY_AGENT_LOGIN,KEY_RECOVERY_REQUEST_PROCESSED,KEY_RECOVERY_REQUEST_PROCESSED_ASYNC,KEY_GEN_ASYMMETRIC,NON_PROFILE_CERT_REQUEST,PROFILE_CERT_REQUEST,CERT_REQUEST_PROCESSED,CERT_STATUS_CHANGE_REQUEST,CERT_STATUS_CHANGE_REQUEST_PROCESSED,AUTHZ_SUCCESS,AUTHZ_FAIL,INTER_BOUNDARY,AUTH_FAIL,AUTH_SUCCESS,CERT_PROFILE_APPROVAL,PROOF_OF_POSSESSION,CRL_RETRIEVAL,CRL_VALIDATION,CMC_SIGNED_REQUEST_SIG_VERIFY,SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_FAILURE,SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_SUCCESS,SERVER_SIDE_KEYGEN_REQUEST,COMPUTE_SESSION_KEY_REQUEST,COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS, COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE,DIVERSIFY_KEY_REQUEST,DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS, DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE,ENCRYPT_DATA_REQUEST,ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS,ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE,OCSP_ADD_CA_REQUEST,OCSP_ADD_CA_REQUEST_PROCESSED,OCSP_REMOVE_CA_REQUEST,OCSP_REMOVE_CA_REQUEST_PROCESSED_SUCCESS,OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE,COMPUTE_RANDOM_DATA_REQUEST,COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_SUCCESS,COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_FAILURE,CIMC_CERT_VERIFICATION
log.instance.SignedAudit.expirationTime=0
log.instance.SignedAudit.fileName=[PKI_INSTANCE_PATH]/logs/[PKI_SUBSYSTEM_DIR]signedAudit/tks_cert-tks_audit
log.instance.SignedAudit.flushInterval=5
log.instance.SignedAudit.level=1
log.instance.SignedAudit.logSigning=false
log.instance.SignedAudit.maxFileSize=2000
log.instance.SignedAudit.pluginName=file
log.instance.SignedAudit.rolloverInterval=2592000
log.instance.SignedAudit.signedAudit:_000=##
log.instance.SignedAudit.signedAudit:_001=## Fill in the nickname of a trusted signing certificate to allow TKS audit logs to be signed
log.instance.SignedAudit.signedAudit:_002=##
log.instance.SignedAudit.signedAuditCertNickname=auditSigningCert cert-[PKI_INSTANCE_ID]
log.instance.SignedAudit.type=signedAudit
log.instance.System._000=##
log.instance.System._001=## System Logging
log.instance.System._002=##
log.instance.System.bufferSize=512
log.instance.System.enable=true
log.instance.System.expirationTime=0
log.instance.System.fileName=[PKI_INSTANCE_PATH]/logs/[PKI_SUBSYSTEM_DIR]system
log.instance.System.flushInterval=5
log.instance.System.level=3
log.instance.System.maxFileSize=2000
log.instance.System.pluginName=file
log.instance.System.rolloverInterval=2592000
log.instance.System.type=system
log.instance.Transactions._000=##
log.instance.Transactions._001=## Transaction Logging
log.instance.Transactions._002=##
log.instance.Transactions.bufferSize=512
log.instance.Transactions.enable=true
log.instance.Transactions.expirationTime=0
log.instance.Transactions.fileName=[PKI_INSTANCE_PATH]/logs/[PKI_SUBSYSTEM_DIR]transactions
log.instance.Transactions.flushInterval=5
log.instance.Transactions.level=1
log.instance.Transactions.maxFileSize=2000
log.instance.Transactions.pluginName=file
log.instance.Transactions.rolloverInterval=2592000
log.instance.Transactions.type=transaction
logAudit.fileName=[PKI_INSTANCE_PATH]/logs/[PKI_SUBSYSTEM_DIR]access
logError.fileName=[PKI_INSTANCE_PATH]/logs/[PKI_SUBSYSTEM_DIR]error
oidmap.auth_info_access.class=netscape.security.extensions.AuthInfoAccessExtension
oidmap.auth_info_access.oid=1.3.6.1.5.5.7.1.1
oidmap.challenge_password.class=com.netscape.cms.servlet.cert.scep.ChallengePassword
oidmap.challenge_password.oid=1.2.840.113549.1.9.7
oidmap.extended_key_usage.class=netscape.security.extensions.ExtendedKeyUsageExtension
oidmap.extended_key_usage.oid=2.5.29.37
oidmap.extensions_requested_pkcs9.class=com.netscape.cms.servlet.cert.scep.ExtensionsRequested
oidmap.extensions_requested_pkcs9.oid=1.2.840.113549.1.9.14
oidmap.extensions_requested_vsgn.class=com.netscape.cms.servlet.cert.scep.ExtensionsRequested
oidmap.extensions_requested_vsgn.oid=2.16.840.1.113733.1.9.8
oidmap.netscape_comment.class=netscape.security.x509.NSCCommentExtension
oidmap.netscape_comment.oid=2.16.840.1.113730.1.13
oidmap.ocsp_no_check.class=netscape.security.extensions.OCSPNoCheckExtension
oidmap.ocsp_no_check.oid=1.3.6.1.5.5.7.48.1.5
oidmap.pse.class=netscape.security.extensions.PresenceServerExtension
oidmap.pse.oid=2.16.840.1.113730.1.18
oidmap.subject_info_access.class=netscape.security.extensions.SubjectInfoAccessExtension
oidmap.subject_info_access.oid=1.3.6.1.5.5.7.1.11
os.serverName=cert-[PKI_INSTANCE_ID]
os.userid=nobody
registry.file=[PKI_INSTANCE_PATH]/conf/registry.cfg
selftests._000=##
selftests._001=## Self Tests
selftests._002=##
selftests._003=## The Self-Test plugin SystemCertsVerification uses the
selftests._004=## following parameters (where certusage is optional):
selftests._005=## tks.cert.list = <list of cert tag names deliminated by ",">
selftests._006=## tks.cert.<cert tag name>.nickname
selftests._007=## tks.cert.<cert tag name>.certusage
selftests._008=##
selftests.container.instance.TKSKnownSessionKey=com.netscape.cms.selftests.tks.TKSKnownSessionKey
selftests.container.instance.SystemCertsVerification=com.netscape.cms.selftests.common.SystemCertsVerification
selftests.container.logger.bufferSize=512
selftests.container.logger.class=com.netscape.cms.logging.RollingLogFile
selftests.container.logger.enable=true
selftests.container.logger.expirationTime=0
selftests.container.logger.fileName=[PKI_INSTANCE_PATH]/logs/[PKI_SUBSYSTEM_DIR]selftests.log
selftests.container.logger.flushInterval=5
selftests.container.logger.level=1
selftests.container.logger.maxFileSize=2000
selftests.container.logger.register=false
selftests.container.logger.rolloverInterval=2592000
selftests.container.logger.type=transaction
selftests.container.order.onDemand=TKSKnownSessionKey:critical, SystemCertsVerification:critical
selftests.container.order.startup=TKSKnownSessionKey:critical, SystemCertsVerification:critical
selftests.plugin.TKSKnownSessionKey.CUID=#a0#01#92#03#04#05#06#07#08#c9
selftests.plugin.TKSKnownSessionKey.TksSubId=tks
selftests.plugin.TKSKnownSessionKey.cardChallenge=#bd#6d#19#85#6e#54#0f#cd
selftests.plugin.TKSKnownSessionKey.hostChallenge=#77#57#62#e4#5e#23#66#7d
selftests.plugin.TKSKnownSessionKey.keyName=#01#01
selftests.plugin.TKSKnownSessionKey.macKey=#40#41#42#43#44#45#46#47#48#49#4a#4b#4c#4d#4e#4f
selftests.plugin.TKSKnownSessionKey.sessionKey=#d1#be#b8#26#dc#56#20#25#8c#93#e7#de#f0#ab#4f#5b
selftests.plugin.TKSKnownSessionKey.token=Internal Key Storage Token
selftests.plugin.TKSKnownSessionKey.useSoftToken=true
selftests.plugin.SystemCertsVerification.SubId=tks
smtp.host=localhost
smtp.port=25
subsystem.0.class=com.netscape.tks.TKSAuthority
subsystem.0.id=tks
subsystem.1.class=com.netscape.cmscore.selftests.SelfTestSubsystem
subsystem.1.id=selftests
subsystem.2.class=com.netscape.cmscore.util.StatsSubsystem
subsystem.2.id=stats
tks._000=##
tks._001=## TKS
tks._002=##
tks._003=##
tks._004=##
tks.debug=false
tks.defaultSlot=Internal Key Storage Token
tks.drm_transport_cert_nickname=
tks.master_key_prefix=
tks.tksSharedSymKeyName=sharedSecret
tks.useDefaultSlot=true
usrgrp._000=##
usrgrp._001=## User/Group
usrgrp._002=##
usrgrp.ldap=internaldb
tks.defKeySet._000=##
tks.defKeySet._001=## Axalto default key set:
tks.defKeySet._002=##
tks.defKeySet._003=## tks.defKeySet.mk_mappings.#02#01=<tokenname>:<nickname>
tks.defKeySet._004=##
tks.defKeySet.auth_key=#40#41#42#43#44#45#46#47#48#49#4a#4b#4c#4d#4e#4f
tks.defKeySet.mac_key=#40#41#42#43#44#45#46#47#48#49#4a#4b#4c#4d#4e#4f
tks.defKeySet.kek_key=#40#41#42#43#44#45#46#47#48#49#4a#4b#4c#4d#4e#4f
tks.jForte._000=##
tks.jForte._001=## SAFLink's jForte default key set:
tks.jForte._002=##
tks.jForte._003=## tks.jForte.mk_mappings.#02#01=<tokenname>:<nickname>
tks.jForte._004=##
tks.jForte.auth_key=#30#31#32#33#34#35#36#37#38#39#3a#3b#3c#3d#3e#3f
tks.jForte.mac_key=#40#41#42#43#44#45#46#47#48#49#4a#4b#4c#4d#4e#4f
tks.jForte.kek_key=#50#51#52#53#54#55#56#57#58#59#5a#5b#5c#5d#5e#5f
multiroles._000=##
multiroles._001=## multiroles
multiroles._002=##
multiroles.enable=true
multiroles.false.groupEnforceList=Administrators,Auditors,Trusted Managers,Certificate Manager Agents,Registration Manager Agents,Data Recovery Manager Agents,Online Certificate Status Manager Agents,Token Key Service Manager Agents,Enterprise CA Administrators,Enterprise KRA Administrators,Enterprise OCSP Administrators,Enterprise RA Administrators,Enterprise TKS Administrators,Enterprise TPS Administrators,Security Domain Administrators,Subsystem Group,ClonedSubsystems