API tools faq
paste
Advertisement
Guest User

Untitled

a guest
May 10th, 2016
424
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 70.96 KB | None | 0 0
raw download clone embed print report
  1. sudo cat /etc/pki/pki-tomcat/ca/CS.cfg
  2. CrossCertPair._000=##
  3. CrossCertPair._001=## CrossCertPair Import
  4. CrossCertPair._002=##
  5. CrossCertPair.ldap=internaldb
  6. _000=##
  7. _001=## Certificate Authority (CA) Configuration File
  8. _002=##
  9. accessEvaluator.impl.group.class=com.netscape.cms.evaluators.GroupAccessEvaluator
  10. accessEvaluator.impl.ipaddress.class=com.netscape.cms.evaluators.IPAddressAccessEvaluator
  11. accessEvaluator.impl.user.class=com.netscape.cms.evaluators.UserAccessEvaluator
  12. accessEvaluator.impl.user_origreq.class=com.netscape.cms.evaluators.UserOrigReqAccessEvaluator
  13. admin.interface.uri=ca/admin/console/config/wizard
  14. agent.interface.uri=ca/agent/ca
  15. archive.configuration_file=true
  16. authType=pwd
  17. auths._000=##
  18. auths._001=## new authentication
  19. auths._002=##
  20. auths.impl.AgentCertAuth.class=com.netscape.cms.authentication.AgentCertAuthentication
  21. auths.impl.CMCAuth.class=com.netscape.cms.authentication.CMCAuth
  22. auths.impl.FlatFileAuth.class=com.netscape.cms.authentication.FlatFileAuth
  23. auths.impl.NISAuth.class=com.netscape.cms.authentication.NISAuth
  24. auths.impl.PortalEnroll.class=com.netscape.cms.authentication.PortalEnroll
  25. auths.impl.SSLclientCertAuth.class=com.netscape.cms.authentication.SSLclientCertAuthentication
  26. auths.impl.TokenAuth.class=com.netscape.cms.authentication.TokenAuthentication
  27. auths.impl.UdnPwdDirAuth.class=com.netscape.cms.authentication.UdnPwdDirAuthentication
  28. auths.impl.UidPwdDirAuth.class=com.netscape.cms.authentication.UidPwdDirAuthentication
  29. auths.impl.UidPwdGroupDirAuth.class=com.netscape.cms.authentication.UidPwdGroupDirAuthentication
  30. auths.impl.UidPwdPinDirAuth.class=com.netscape.cms.authentication.UidPwdPinDirAuthentication
  31. auths.impl.UserPwdDirAuth.class=com.netscape.cms.authentication.UserPwdDirAuthentication
  32. auths.impl._000=##
  33. auths.impl._001=## authentication manager implementations
  34. auths.impl._002=##
  35. auths.instance.AgentCertAuth.agentGroup=Certificate Manager Agents
  36. auths.instance.AgentCertAuth.pluginName=AgentCertAuth
  37. auths.instance.SSLclientCertAuth.pluginName=SSLclientCertAuth
  38. auths.instance.TokenAuth.pluginName=TokenAuth
  39. auths.instance.flatFileAuth.authAttributes=PWD
  40. auths.instance.flatFileAuth.deferOnFailure=true
  41. auths.instance.flatFileAuth.fileName=/var/lib/pki/pki-tomcat/conf/ca/flatfile.txt
  42. auths.instance.flatFileAuth.keyAttributes=UID
  43. auths.instance.flatFileAuth.pluginName=FlatFileAuth
  44. auths.instance.raCertAuth.agentGroup=Registration Manager Agents
  45. auths.instance.raCertAuth.pluginName=AgentCertAuth
  46. auths.revocationChecking.bufferSize=50
  47. auths.revocationChecking.ca=ca
  48. auths.revocationChecking.enabled=true
  49. auths.revocationChecking.unknownStateInterval=0
  50. auths.revocationChecking.validityInterval=120
  51. authz._000=##
  52. authz._001=## new authorizatioin
  53. authz._002=##
  54. authz.evaluateOrder=deny,allow
  55. authz.impl.BasicAclAuthz.class=com.netscape.cms.authorization.BasicAclAuthz
  56. authz.impl.DirAclAuthz.class=com.netscape.cms.authorization.DirAclAuthz
  57. authz.impl._000=##
  58. authz.impl._001=## authorization manager implementations
  59. authz.impl._002=##
  60. authz.instance.BasicAclAuthz.pluginName=BasicAclAuthz
  61. authz.instance.DirAclAuthz.ldap=internaldb
  62. authz.instance.DirAclAuthz.ldap._000=##
  63. authz.instance.DirAclAuthz.ldap._001=## Internal Database
  64. authz.instance.DirAclAuthz.ldap._002=##
  65. authz.instance.DirAclAuthz.ldap.ldapauth.authtype=SslClientAuth
  66. authz.instance.DirAclAuthz.ldap.ldapauth.bindDN=uid=pkidbuser,ou=people,o=ipaca
  67. authz.instance.DirAclAuthz.ldap.ldapauth.clientCertNickname=subsystemCert cert-pki-ca
  68. authz.instance.DirAclAuthz.ldap.ldapconn.port=636
  69. authz.instance.DirAclAuthz.ldap.ldapconn.secureConn=true
  70. authz.instance.DirAclAuthz.pluginName=DirAclAuthz
  71. authz.sourceType=ldap
  72. ca.Policy._000=##
  73. ca.Policy._001=## Certificate Policy Framework (deprecated)
  74. ca.Policy._002=##
  75. ca.Policy._003=## Set 'ca.Policy.enable=true' to allow the following:
  76. ca.Policy._004=##
  77. ca.Policy._005=## SERVLET-NAME URL-PATTERN
  78. ca.Policy._006=## ====================================================
  79. ca.Policy._007=## caadminEnroll ca/admin/ca/adminEnroll.html
  80. ca.Policy._008=## cabulkissuance ca/agent/ca/bulkissuance.html
  81. ca.Policy._009=## cacertbasedenrollment ca/certbasedenrollment.html
  82. ca.Policy._010=## caenrollment ca/enrollment.html
  83. ca.Policy._011=## capolicy ca/capolicy
  84. ca.Policy._012=##
  85. ca.Policy.enable=false
  86. ca.Policy.impl.AttributePresentConstraints.class=com.netscape.cms.policy.constraints.AttributePresentConstraints
  87. ca.Policy.impl.AuthInfoAccessExt.class=com.netscape.cms.policy.extensions.AuthInfoAccessExt
  88. ca.Policy.impl.AuthorityKeyIdentifierExt.class=com.netscape.cms.policy.extensions.AuthorityKeyIdentifierExt
  89. ca.Policy.impl.BasicConstraintsExt.class=com.netscape.cms.policy.extensions.BasicConstraintsExt
  90. ca.Policy.impl.CRLDistributionPointsExt.class=com.netscape.cms.policy.extensions.CRLDistributionPointsExt
  91. ca.Policy.impl.CertificatePoliciesExt.class=com.netscape.cms.policy.extensions.CertificatePoliciesExt
  92. ca.Policy.impl.CertificateRenewalWindowExt.class=com.netscape.cms.policy.extensions.CertificateRenewalWindowExt
  93. ca.Policy.impl.CertificateScopeOfUseExt.class=com.netscape.cms.policy.extensions.CertificateScopeOfUseExt
  94. ca.Policy.impl.DSAKeyConstraints.class=com.netscape.cms.policy.constraints.DSAKeyConstraints
  95. ca.Policy.impl.ExtendedKeyUsageExt.class=com.netscape.cms.policy.extensions.ExtendedKeyUsageExt
  96. ca.Policy.impl.GenericASN1Ext.class=com.netscape.cms.policy.extensions.GenericASN1Ext
  97. ca.Policy.impl.IssuerAltNameExt.class=com.netscape.cms.policy.extensions.IssuerAltNameExt
  98. ca.Policy.impl.IssuerConstraints.class=com.netscape.cms.policy.constraints.IssuerConstraints
  99. ca.Policy.impl.KeyAlgorithmConstraints.class=com.netscape.cms.policy.constraints.KeyAlgorithmConstraints
  100. ca.Policy.impl.KeyUsageExt.class=com.netscape.cms.policy.extensions.KeyUsageExt
  101. ca.Policy.impl.NSCCommentExt.class=com.netscape.cms.policy.extensions.NSCCommentExt
  102. ca.Policy.impl.NSCertTypeExt.class=com.netscape.cms.policy.extensions.NSCertTypeExt
  103. ca.Policy.impl.NameConstraintsExt.class=com.netscape.cms.policy.extensions.NameConstraintsExt
  104. ca.Policy.impl.OCSPNoCheckExt.class=com.netscape.cms.policy.extensions.OCSPNoCheckExt
  105. ca.Policy.impl.PolicyConstraintsExt.class=com.netscape.cms.policy.extensions.PolicyConstraintsExt
  106. ca.Policy.impl.PolicyMappingsExt.class=com.netscape.cms.policy.extensions.PolicyMappingsExt
  107. ca.Policy.impl.PrivateKeyUsagePeriodExt.class=com.netscape.cms.policy.extensions.PrivateKeyUsagePeriodExt
  108. ca.Policy.impl.RSAKeyConstraints.class=com.netscape.cms.policy.constraints.RSAKeyConstraints
  109. ca.Policy.impl.RemoveBasicConstraintsExt.class=com.netscape.cms.policy.extensions.RemoveBasicConstraintsExt
  110. ca.Policy.impl.RenewalConstraints.class=com.netscape.cms.policy.constraints.RenewalConstraints
  111. ca.Policy.impl.RenewalValidityConstraints.class=com.netscape.cms.policy.constraints.RenewalValidityConstraints
  112. ca.Policy.impl.RevocationConstraints.class=com.netscape.cms.policy.constraints.RevocationConstraints
  113. ca.Policy.impl.SigningAlgorithmConstraints.class=com.netscape.cms.policy.constraints.SigningAlgorithmConstraints
  114. ca.Policy.impl.SubCANameConstraints.class=com.netscape.cms.policy.constraints.SubCANameConstraints
  115. ca.Policy.impl.SubjectAltNameExt.class=com.netscape.cms.policy.extensions.SubjectAltNameExt
  116. ca.Policy.impl.SubjectDirectoryAttributesExt.class=com.netscape.cms.policy.extensions.SubjectDirectoryAttributesExt
  117. ca.Policy.impl.SubjectKeyIdentifierExt.class=com.netscape.cms.policy.extensions.SubjectKeyIdentifierExt
  118. ca.Policy.impl.UniqueSubjectNameConstraints.class=com.netscape.cms.policy.constraints.UniqueSubjectNameConstraints
  119. ca.Policy.impl.ValidityConstraints.class=com.netscape.cms.policy.constraints.ValidityConstraints
  120. ca.Policy.impl._000=##
  121. ca.Policy.impl._001=## Policy Implementations
  122. ca.Policy.impl._002=##
  123. ca.Policy.order=KeyAlgRule, RSAKeyRule, DefaultValidityRule, RenewalConstraintsRule, DefaultRenewalValidityRule, RevocationConstraintsRule, NSCertTypeExt, CMCertKeyUsageExt, RMCertKeyUsageExt, ClientCertKeyUsageExt, ServerCertKeyUsageExt, ObjSignCertKeyUsageExt, CRLSignCertKeyUsageExt, SubjectKeyIdentifierExt, CertificatePoliciesExt, NSCCommentExt, OCSPNoCheckExt, OCSPSigningExt, CODESigningExt, GenericASN1Ext, CRLDistributionPointsExt, SubjectAltNameExt, SigningAlgRule, AuthorityKeyIdentifierExt, AuthInfoAccessExt, BasicConstraintsExt, UniqueSubjectNameConstraints, NameConstraintsExt, PolicyConstraintsExt, SubCANameConstraints, PolicyMappingsExt, IssuerRule
  124. ca.Policy.processor=classic
  125. ca.Policy.rule.AuthInfoAccessExt.ad0_location=http://<ipa-csmaster-fqdn>:8080/ocsp
  126. ca.Policy.rule.AuthInfoAccessExt.ad0_location_type=URL
  127. ca.Policy.rule.AuthInfoAccessExt.ad0_method=ocsp
  128. ca.Policy.rule.AuthInfoAccessExt.enable=false
  129. ca.Policy.rule.AuthInfoAccessExt.implName=AuthInfoAccessExt
  130. ca.Policy.rule.AuthInfoAccessExt.numADs=1
  131. ca.Policy.rule.AuthInfoAccessExt.predicate=HTTP_PARAMS.certType==client
  132. ca.Policy.rule.AuthorityKeyIdentifierExt.enable=true
  133. ca.Policy.rule.AuthorityKeyIdentifierExt.implName=AuthorityKeyIdentifierExt
  134. ca.Policy.rule.AuthorityKeyIdentifierExt.predicate=
  135. ca.Policy.rule.BasicConstraintsExt.critical=true
  136. ca.Policy.rule.BasicConstraintsExt.enable=true
  137. ca.Policy.rule.BasicConstraintsExt.implName=BasicConstraintsExt
  138. ca.Policy.rule.BasicConstraintsExt.maxPathLen=
  139. ca.Policy.rule.BasicConstraintsExt.predicate=HTTP_PARAMS.certType == ca
  140. ca.Policy.rule.BasicConstraintsExt.removeBasicExt=true
  141. ca.Policy.rule.CMCertKeyUsageExt.crlSign=true
  142. ca.Policy.rule.CMCertKeyUsageExt.dataEncipherment=false
  143. ca.Policy.rule.CMCertKeyUsageExt.decipherOnly=false
  144. ca.Policy.rule.CMCertKeyUsageExt.digitalSignature=true
  145. ca.Policy.rule.CMCertKeyUsageExt.enable=true
  146. ca.Policy.rule.CMCertKeyUsageExt.encipherOnly=false
  147. ca.Policy.rule.CMCertKeyUsageExt.implName=KeyUsageExt
  148. ca.Policy.rule.CMCertKeyUsageExt.keyAgreement=false
  149. ca.Policy.rule.CMCertKeyUsageExt.keyCertsign=true
  150. ca.Policy.rule.CMCertKeyUsageExt.keyEncipherment=false
  151. ca.Policy.rule.CMCertKeyUsageExt.nonRepudiation=true
  152. ca.Policy.rule.CMCertKeyUsageExt.predicate=HTTP_PARAMS.certType==ca
  153. ca.Policy.rule.CODESigningExt.critical=false
  154. ca.Policy.rule.CODESigningExt.enable=true
  155. ca.Policy.rule.CODESigningExt.id0=1.3.6.1.5.5.7.3.3
  156. ca.Policy.rule.CODESigningExt.implName=ExtendedKeyUsageExt
  157. ca.Policy.rule.CODESigningExt.predicate=HTTP_PARAMS.certType==codeSignClient
  158. ca.Policy.rule.CRLDistributionPointsExt.enable=false
  159. ca.Policy.rule.CRLDistributionPointsExt.implName=CRLDistributionPointsExt
  160. ca.Policy.rule.CRLDistributionPointsExt.issuerName0=
  161. ca.Policy.rule.CRLDistributionPointsExt.issuerName1=
  162. ca.Policy.rule.CRLDistributionPointsExt.issuerName2=
  163. ca.Policy.rule.CRLDistributionPointsExt.issuerType0=
  164. ca.Policy.rule.CRLDistributionPointsExt.issuerType1=
  165. ca.Policy.rule.CRLDistributionPointsExt.issuerType2=
  166. ca.Policy.rule.CRLDistributionPointsExt.numPoints=0
  167. ca.Policy.rule.CRLDistributionPointsExt.pointName0=
  168. ca.Policy.rule.CRLDistributionPointsExt.pointName1=
  169. ca.Policy.rule.CRLDistributionPointsExt.pointName2=
  170. ca.Policy.rule.CRLDistributionPointsExt.pointType0=
  171. ca.Policy.rule.CRLDistributionPointsExt.pointType1=
  172. ca.Policy.rule.CRLDistributionPointsExt.pointType2=
  173. ca.Policy.rule.CRLDistributionPointsExt.predicate=
  174. ca.Policy.rule.CRLDistributionPointsExt.reasons0=
  175. ca.Policy.rule.CRLDistributionPointsExt.reasons1=
  176. ca.Policy.rule.CRLDistributionPointsExt.reasons2=
  177. ca.Policy.rule.CRLSignCertKeyUsageExt.crlSign=true
  178. ca.Policy.rule.CRLSignCertKeyUsageExt.dataEncipherment=false
  179. ca.Policy.rule.CRLSignCertKeyUsageExt.decipherOnly=false
  180. ca.Policy.rule.CRLSignCertKeyUsageExt.digitalSignature=false
  181. ca.Policy.rule.CRLSignCertKeyUsageExt.enable=true
  182. ca.Policy.rule.CRLSignCertKeyUsageExt.encipherOnly=false
  183. ca.Policy.rule.CRLSignCertKeyUsageExt.implName=KeyUsageExt
  184. ca.Policy.rule.CRLSignCertKeyUsageExt.keyAgreement=false
  185. ca.Policy.rule.CRLSignCertKeyUsageExt.keyCertsign=false
  186. ca.Policy.rule.CRLSignCertKeyUsageExt.keyEncipherment=false
  187. ca.Policy.rule.CRLSignCertKeyUsageExt.nonRepudiation=false
  188. ca.Policy.rule.CRLSignCertKeyUsageExt.predicate=HTTP_PARAMS.certType==caCrlSigning
  189. ca.Policy.rule.CertificatePoliciesExt.certPolicy0.cpsURI=
  190. ca.Policy.rule.CertificatePoliciesExt.certPolicy0.noticeRefNumbers=
  191. ca.Policy.rule.CertificatePoliciesExt.certPolicy0.noticeRefOrganization=
  192. ca.Policy.rule.CertificatePoliciesExt.certPolicy0.policyId=
  193. ca.Policy.rule.CertificatePoliciesExt.certPolicy0.userNoticeExplicitText=
  194. ca.Policy.rule.CertificatePoliciesExt.critical=false
  195. ca.Policy.rule.CertificatePoliciesExt.enable=false
  196. ca.Policy.rule.CertificatePoliciesExt.implName=CertificatePoliciesExt
  197. ca.Policy.rule.CertificatePoliciesExt.numCertPolicies=1
  198. ca.Policy.rule.CertificatePoliciesExt.predicate=
  199. ca.Policy.rule.ClientCertKeyUsageExt.crlSign=false
  200. ca.Policy.rule.ClientCertKeyUsageExt.dataEncipherment=false
  201. ca.Policy.rule.ClientCertKeyUsageExt.decipherOnly=false
  202. ca.Policy.rule.ClientCertKeyUsageExt.digitalSignature=true
  203. ca.Policy.rule.ClientCertKeyUsageExt.enable=true
  204. ca.Policy.rule.ClientCertKeyUsageExt.encipherOnly=false
  205. ca.Policy.rule.ClientCertKeyUsageExt.implName=KeyUsageExt
  206. ca.Policy.rule.ClientCertKeyUsageExt.keyAgreement=false
  207. ca.Policy.rule.ClientCertKeyUsageExt.keyCertsign=false
  208. ca.Policy.rule.ClientCertKeyUsageExt.keyEncipherment=true
  209. ca.Policy.rule.ClientCertKeyUsageExt.nonRepudiation=true
  210. ca.Policy.rule.ClientCertKeyUsageExt.predicate=HTTP_PARAMS.certType==client
  211. ca.Policy.rule.DSAKeyRule.enable=true
  212. ca.Policy.rule.DSAKeyRule.implName=DSAKeyConstraints
  213. ca.Policy.rule.DSAKeyRule.maxSize=1024
  214. ca.Policy.rule.DSAKeyRule.minSize=512
  215. ca.Policy.rule.DSAKeyRule.predicate=
  216. ca.Policy.rule.DefaultRenewalValidityRule.enable=true
  217. ca.Policy.rule.DefaultRenewalValidityRule.implName=RenewalValidityConstraints
  218. ca.Policy.rule.DefaultRenewalValidityRule.maxValidity=365
  219. ca.Policy.rule.DefaultRenewalValidityRule.minValidity=30
  220. ca.Policy.rule.DefaultRenewalValidityRule.predicate=
  221. ca.Policy.rule.DefaultRenewalValidityRule.renewalInterval=15
  222. ca.Policy.rule.DefaultValidityRule.enable=true
  223. ca.Policy.rule.DefaultValidityRule.implName=ValidityConstraints
  224. ca.Policy.rule.DefaultValidityRule.maxValidity=365
  225. ca.Policy.rule.DefaultValidityRule.minValidity=1
  226. ca.Policy.rule.DefaultValidityRule.predicate=
  227. ca.Policy.rule.GenericASN1Ext.attribute.0.source=
  228. ca.Policy.rule.GenericASN1Ext.attribute.0.type=
  229. ca.Policy.rule.GenericASN1Ext.attribute.0.value=
  230. ca.Policy.rule.GenericASN1Ext.attribute.1.source=
  231. ca.Policy.rule.GenericASN1Ext.attribute.1.type=
  232. ca.Policy.rule.GenericASN1Ext.attribute.1.value=
  233. ca.Policy.rule.GenericASN1Ext.attribute.2.source=
  234. ca.Policy.rule.GenericASN1Ext.attribute.2.type=
  235. ca.Policy.rule.GenericASN1Ext.attribute.2.value=
  236. ca.Policy.rule.GenericASN1Ext.attribute.3.source=
  237. ca.Policy.rule.GenericASN1Ext.attribute.3.type=
  238. ca.Policy.rule.GenericASN1Ext.attribute.3.value=
  239. ca.Policy.rule.GenericASN1Ext.attribute.4.source=
  240. ca.Policy.rule.GenericASN1Ext.attribute.4.type=
  241. ca.Policy.rule.GenericASN1Ext.attribute.4.value=
  242. ca.Policy.rule.GenericASN1Ext.attribute.5.source=
  243. ca.Policy.rule.GenericASN1Ext.attribute.5.type=
  244. ca.Policy.rule.GenericASN1Ext.attribute.5.value=
  245. ca.Policy.rule.GenericASN1Ext.attribute.6.source=
  246. ca.Policy.rule.GenericASN1Ext.attribute.6.type=
  247. ca.Policy.rule.GenericASN1Ext.attribute.6.value=
  248. ca.Policy.rule.GenericASN1Ext.attribute.7.source=
  249. ca.Policy.rule.GenericASN1Ext.attribute.7.type=
  250. ca.Policy.rule.GenericASN1Ext.attribute.7.value=
  251. ca.Policy.rule.GenericASN1Ext.attribute.8.source=
  252. ca.Policy.rule.GenericASN1Ext.attribute.8.type=
  253. ca.Policy.rule.GenericASN1Ext.attribute.8.value=
  254. ca.Policy.rule.GenericASN1Ext.attribute.9.source=
  255. ca.Policy.rule.GenericASN1Ext.attribute.9.type=
  256. ca.Policy.rule.GenericASN1Ext.attribute.9.value=
  257. ca.Policy.rule.GenericASN1Ext.critical=false
  258. ca.Policy.rule.GenericASN1Ext.enable=false
  259. ca.Policy.rule.GenericASN1Ext.implName=GenericASN1Ext
  260. ca.Policy.rule.GenericASN1Ext.name=
  261. ca.Policy.rule.GenericASN1Ext.oid=
  262. ca.Policy.rule.GenericASN1Ext.pattern=
  263. ca.Policy.rule.GenericASN1Ext.predicate=
  264. ca.Policy.rule.IssuerRule.enable=false
  265. ca.Policy.rule.IssuerRule.implName=IssuerConstraints
  266. ca.Policy.rule.IssuerRule.issuerDN=
  267. ca.Policy.rule.IssuerRule.predicate=HTTP_PARAMS.certType==client AND certauthEnroll==on
  268. ca.Policy.rule.KeyAlgRule.algorithms=RSA,DSA
  269. ca.Policy.rule.KeyAlgRule.enable=true
  270. ca.Policy.rule.KeyAlgRule.implName=KeyAlgorithmConstraints
  271. ca.Policy.rule.KeyAlgRule.predicate=
  272. ca.Policy.rule.NSCCommentExt.commentFile=
  273. ca.Policy.rule.NSCCommentExt.enable=false
  274. ca.Policy.rule.NSCCommentExt.implName=NSCCommentExt
  275. ca.Policy.rule.NSCCommentExt.inputType=Text
  276. ca.Policy.rule.NSCCommentExt.predicate=
  277. ca.Policy.rule.NSCertTypeExt.enable=true
  278. ca.Policy.rule.NSCertTypeExt.implName=NSCertTypeExt
  279. ca.Policy.rule.NSCertTypeExt.predicate=HTTP_PARAMS.certType!=CEP-Request
  280. ca.Policy.rule.NameConstraintsExt.critical=true
  281. ca.Policy.rule.NameConstraintsExt.enable=false
  282. ca.Policy.rule.NameConstraintsExt.excludedSubtrees0.base.generalNameChoice=
  283. ca.Policy.rule.NameConstraintsExt.excludedSubtrees0.base.generalNameValue=
  284. ca.Policy.rule.NameConstraintsExt.excludedSubtrees0.max=-1
  285. ca.Policy.rule.NameConstraintsExt.excludedSubtrees0.min=0
  286. ca.Policy.rule.NameConstraintsExt.excludedSubtrees1.base.generalNameChoice=
  287. ca.Policy.rule.NameConstraintsExt.excludedSubtrees1.base.generalNameValue=
  288. ca.Policy.rule.NameConstraintsExt.excludedSubtrees1.max=-1
  289. ca.Policy.rule.NameConstraintsExt.excludedSubtrees1.min=0
  290. ca.Policy.rule.NameConstraintsExt.excludedSubtrees2.base.generalNameChoice=
  291. ca.Policy.rule.NameConstraintsExt.excludedSubtrees2.base.generalNameValue=
  292. ca.Policy.rule.NameConstraintsExt.excludedSubtrees2.max=-1
  293. ca.Policy.rule.NameConstraintsExt.excludedSubtrees2.min=0
  294. ca.Policy.rule.NameConstraintsExt.implName=NameConstraintsExt
  295. ca.Policy.rule.NameConstraintsExt.numExcludedSubtrees=3
  296. ca.Policy.rule.NameConstraintsExt.numPermittedSubtrees=3
  297. ca.Policy.rule.NameConstraintsExt.permittedSubtrees0.base.generalNameChoice=
  298. ca.Policy.rule.NameConstraintsExt.permittedSubtrees0.base.generalNameValue=
  299. ca.Policy.rule.NameConstraintsExt.permittedSubtrees0.max=-1
  300. ca.Policy.rule.NameConstraintsExt.permittedSubtrees0.min=0
  301. ca.Policy.rule.NameConstraintsExt.permittedSubtrees1.base.generalNameChoice=
  302. ca.Policy.rule.NameConstraintsExt.permittedSubtrees1.base.generalNameValue=
  303. ca.Policy.rule.NameConstraintsExt.permittedSubtrees1.max=-1
  304. ca.Policy.rule.NameConstraintsExt.permittedSubtrees1.min=0
  305. ca.Policy.rule.NameConstraintsExt.permittedSubtrees2.base.generalNameChoice=
  306. ca.Policy.rule.NameConstraintsExt.permittedSubtrees2.base.generalNameValue=
  307. ca.Policy.rule.NameConstraintsExt.permittedSubtrees2.max=-1
  308. ca.Policy.rule.NameConstraintsExt.permittedSubtrees2.min=0
  309. ca.Policy.rule.NameConstraintsExt.predicate=HTTP_PARAMS.certType == ca
  310. ca.Policy.rule.OCSPNoCheckExt.critical=false
  311. ca.Policy.rule.OCSPNoCheckExt.enable=true
  312. ca.Policy.rule.OCSPNoCheckExt.implName=OCSPNoCheckExt
  313. ca.Policy.rule.OCSPNoCheckExt.predicate=HTTP_PARAMS.certType==ocspResponder
  314. ca.Policy.rule.OCSPSigningExt.critical=false
  315. ca.Policy.rule.OCSPSigningExt.enable=true
  316. ca.Policy.rule.OCSPSigningExt.id0=1.3.6.1.5.5.7.3.9
  317. ca.Policy.rule.OCSPSigningExt.implName=ExtendedKeyUsageExt
  318. ca.Policy.rule.OCSPSigningExt.predicate=HTTP_PARAMS.certType==ocspResponder
  319. ca.Policy.rule.ObjSignCertKeyUsageExt.crlSign=false
  320. ca.Policy.rule.ObjSignCertKeyUsageExt.dataEncipherment=false
  321. ca.Policy.rule.ObjSignCertKeyUsageExt.decipherOnly=false
  322. ca.Policy.rule.ObjSignCertKeyUsageExt.digitalSignature=true
  323. ca.Policy.rule.ObjSignCertKeyUsageExt.enable=true
  324. ca.Policy.rule.ObjSignCertKeyUsageExt.encipherOnly=false
  325. ca.Policy.rule.ObjSignCertKeyUsageExt.implName=KeyUsageExt
  326. ca.Policy.rule.ObjSignCertKeyUsageExt.keyAgreement=false
  327. ca.Policy.rule.ObjSignCertKeyUsageExt.keyCertsign=true
  328. ca.Policy.rule.ObjSignCertKeyUsageExt.keyEncipherment=false
  329. ca.Policy.rule.ObjSignCertKeyUsageExt.nonRepudiation=false
  330. ca.Policy.rule.ObjSignCertKeyUsageExt.predicate=HTTP_PARAMS.certType==objSignClient
  331. ca.Policy.rule.PolicyConstraintsExt.critical=false
  332. ca.Policy.rule.PolicyConstraintsExt.enable=false
  333. ca.Policy.rule.PolicyConstraintsExt.implName=PolicyConstraintsExt
  334. ca.Policy.rule.PolicyConstraintsExt.inhibitPolicyMapping=0
  335. ca.Policy.rule.PolicyConstraintsExt.predicate=HTTP_PARAMS.certType==ca
  336. ca.Policy.rule.PolicyConstraintsExt.reqExplicitPolicy=0
  337. ca.Policy.rule.PolicyMappingsExt.critical=false
  338. ca.Policy.rule.PolicyMappingsExt.enable=false
  339. ca.Policy.rule.PolicyMappingsExt.implName=PolicyMappingsExt
  340. ca.Policy.rule.PolicyMappingsExt.numPolicyMappings=1
  341. ca.Policy.rule.PolicyMappingsExt.policyMap0.issuerDomainPolicy=
  342. ca.Policy.rule.PolicyMappingsExt.policyMap0.subjectDomainPolicy=
  343. ca.Policy.rule.PolicyMappingsExt.predicate=HTTP_PARAMS.certType==ca
  344. ca.Policy.rule.RMCertKeyUsageExt.crlSign=false
  345. ca.Policy.rule.RMCertKeyUsageExt.dataEncipherment=false
  346. ca.Policy.rule.RMCertKeyUsageExt.decipherOnly=false
  347. ca.Policy.rule.RMCertKeyUsageExt.digitalSignature=true
  348. ca.Policy.rule.RMCertKeyUsageExt.enable=true
  349. ca.Policy.rule.RMCertKeyUsageExt.encipherOnly=false
  350. ca.Policy.rule.RMCertKeyUsageExt.implName=KeyUsageExt
  351. ca.Policy.rule.RMCertKeyUsageExt.keyAgreement=false
  352. ca.Policy.rule.RMCertKeyUsageExt.keyCertsign=false
  353. ca.Policy.rule.RMCertKeyUsageExt.keyEncipherment=false
  354. ca.Policy.rule.RMCertKeyUsageExt.nonRepudiation=true
  355. ca.Policy.rule.RMCertKeyUsageExt.predicate=HTTP_PARAMS.certType==ra
  356. ca.Policy.rule.RSAKeyRule.enable=false
  357. ca.Policy.rule.RSAKeyRule.exponents=3,7,17,65537
  358. ca.Policy.rule.RSAKeyRule.implName=RSAKeyConstraints
  359. ca.Policy.rule.RSAKeyRule.maxSize=2048
  360. ca.Policy.rule.RSAKeyRule.minSize=512
  361. ca.Policy.rule.RSAKeyRule.predicate=
  362. ca.Policy.rule.RenewalConstraintsRule.enable=true
  363. ca.Policy.rule.RenewalConstraintsRule.implName=RenewalConstraints
  364. ca.Policy.rule.RenewalConstraintsRule.predicate=
  365. ca.Policy.rule.RevocationConstraintsRule.enable=true
  366. ca.Policy.rule.RevocationConstraintsRule.implName=RevocationConstraints
  367. ca.Policy.rule.RevocationConstraintsRule.predicate=
  368. ca.Policy.rule.ServerCertKeyUsageExt.crlSign=false
  369. ca.Policy.rule.ServerCertKeyUsageExt.dataEncipherment=true
  370. ca.Policy.rule.ServerCertKeyUsageExt.decipherOnly=false
  371. ca.Policy.rule.ServerCertKeyUsageExt.digitalSignature=true
  372. ca.Policy.rule.ServerCertKeyUsageExt.enable=true
  373. ca.Policy.rule.ServerCertKeyUsageExt.encipherOnly=false
  374. ca.Policy.rule.ServerCertKeyUsageExt.implName=KeyUsageExt
  375. ca.Policy.rule.ServerCertKeyUsageExt.keyAgreement=false
  376. ca.Policy.rule.ServerCertKeyUsageExt.keyCertsign=false
  377. ca.Policy.rule.ServerCertKeyUsageExt.keyEncipherment=true
  378. ca.Policy.rule.ServerCertKeyUsageExt.nonRepudiation=true
  379. ca.Policy.rule.ServerCertKeyUsageExt.predicate=HTTP_PARAMS.certType==server
  380. ca.Policy.rule.SigningAlgRule.algorithms=MD5withRSA,MD2withRSA,SHA1withRSA,SHA256withRSA,SHA512withRSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC
  381. ca.Policy.rule.SigningAlgRule.enable=true
  382. ca.Policy.rule.SigningAlgRule.implName=SigningAlgorithmConstraints
  383. ca.Policy.rule.SigningAlgRule.predicate=
  384. ca.Policy.rule.SubCANameConstraints.enable=true
  385. ca.Policy.rule.SubCANameConstraints.implName=SubCANameConstraints
  386. ca.Policy.rule.SubCANameConstraints.predicate=HTTP_PARAMS.certType == ca
  387. ca.Policy.rule.SubjectAltNameExt.enable=true
  388. ca.Policy.rule.SubjectAltNameExt.generalName0.generalNameChoice=rfc822Name
  389. ca.Policy.rule.SubjectAltNameExt.generalName0.requestAttr=AUTH_TOKEN.mail
  390. ca.Policy.rule.SubjectAltNameExt.generalName1.generalNameChoice=rfc822Name
  391. ca.Policy.rule.SubjectAltNameExt.generalName1.requestAttr=AUTH_TOKEN.mailalternateaddress
  392. ca.Policy.rule.SubjectAltNameExt.generalName2.generalNameChoice=rfc822Name
  393. ca.Policy.rule.SubjectAltNameExt.generalName2.requestAttr=HTTP_PARAMS.csrRequestorEmail
  394. ca.Policy.rule.SubjectAltNameExt.implName=SubjectAltNameExt
  395. ca.Policy.rule.SubjectAltNameExt.numGeneralNames=3
  396. ca.Policy.rule.SubjectAltNameExt.predicate=HTTP_PARAMS.certType!=CEP-Request
  397. ca.Policy.rule.SubjectKeyIdentifierExt.enable=true
  398. ca.Policy.rule.SubjectKeyIdentifierExt.implName=SubjectKeyIdentifierExt
  399. ca.Policy.rule.SubjectKeyIdentifierExt.predicate=HTTP_PARAMS.certType==ca
  400. ca.Policy.rule.UniqueSubjectNameConstraints.enable=false
  401. ca.Policy.rule.UniqueSubjectNameConstraints.implName=UniqueSubjectNameConstraints
  402. ca.Policy.rule.UniqueSubjectNameConstraints.predicate=
  403. ca.audit_signing.cert=MII...
  404. ca.audit_signing.certreq=MII...
  405. ca.audit_signing.nickname=auditSigningCert cert-pki-ca
  406. ca.audit_signing.tokenname=Internal Key Storage Token
  407. ca.cert.audit_signing.certusage=ObjectSigner
  408. ca.cert.audit_signing.nickname=auditSigningCert cert-pki-ca
  409. ca.cert.list=signing,ocsp_signing,sslserver,subsystem,audit_signing
  410. ca.cert.ocsp_signing.certusage=StatusResponder
  411. ca.cert.ocsp_signing.nickname=ocspSigningCert cert-pki-ca
  412. ca.cert.signing.certusage=SSLCA
  413. ca.cert.signing.nickname=caSigningCert cert-pki-ca
  414. ca.cert.sslserver.certusage=SSLServer
  415. ca.cert.sslserver.nickname=Server-Cert cert-pki-ca
  416. ca.cert.subsystem.certusage=SSLClient
  417. ca.cert.subsystem.nickname=subsystemCert cert-pki-ca
  418. ca.certStatusUpdateInterval=0
  419. ca.certdbInc=20
  420. ca.crl.MasterCRL.allowExtensions=true
  421. ca.crl.MasterCRL.alwaysUpdate=false
  422. ca.crl.MasterCRL.autoUpdateInterval=240
  423. ca.crl.MasterCRL.caCertsOnly=false
  424. ca.crl.MasterCRL.cacheUpdateInterval=15
  425. ca.crl.MasterCRL.class=com.netscape.ca.CRLIssuingPoint
  426. ca.crl.MasterCRL.dailyUpdates=1:00
  427. ca.crl.MasterCRL.description=CA's complete Certificate Revocation List
  428. ca.crl.MasterCRL.enable=true
  429. ca.crl.MasterCRL.enableCRLCache=True
  430. ca.crl.MasterCRL.enableCRLUpdates=True
  431. ca.crl.MasterCRL.enableCacheRecovery=true
  432. ca.crl.MasterCRL.enableCacheTesting=false
  433. ca.crl.MasterCRL.enableDailyUpdates=true
  434. ca.crl.MasterCRL.enableUpdateInterval=true
  435. ca.crl.MasterCRL.extendedNextUpdate=true
  436. ca.crl.MasterCRL.extension.AuthorityInformationAccess.accessLocation0=
  437. ca.crl.MasterCRL.extension.AuthorityInformationAccess.accessLocationType0=URI
  438. ca.crl.MasterCRL.extension.AuthorityInformationAccess.accessMethod0=caIssuers
  439. ca.crl.MasterCRL.extension.AuthorityInformationAccess.class=com.netscape.cms.crl.CMSAuthInfoAccessExtension
  440. ca.crl.MasterCRL.extension.AuthorityInformationAccess.critical=false
  441. ca.crl.MasterCRL.extension.AuthorityInformationAccess.enable=false
  442. ca.crl.MasterCRL.extension.AuthorityInformationAccess.numberOfAccessDescriptions=1
  443. ca.crl.MasterCRL.extension.AuthorityInformationAccess.type=CRLExtension
  444. ca.crl.MasterCRL.extension.AuthorityKeyIdentifier.class=com.netscape.cms.crl.CMSAuthorityKeyIdentifierExtension
  445. ca.crl.MasterCRL.extension.AuthorityKeyIdentifier.critical=false
  446. ca.crl.MasterCRL.extension.AuthorityKeyIdentifier.enable=true
  447. ca.crl.MasterCRL.extension.AuthorityKeyIdentifier.type=CRLExtension
  448. ca.crl.MasterCRL.extension.CRLNumber.class=com.netscape.cms.crl.CMSCRLNumberExtension
  449. ca.crl.MasterCRL.extension.CRLNumber.critical=false
  450. ca.crl.MasterCRL.extension.CRLNumber.enable=true
  451. ca.crl.MasterCRL.extension.CRLNumber.type=CRLExtension
  452. ca.crl.MasterCRL.extension.CRLReason.class=com.netscape.cms.crl.CMSCRLReasonExtension
  453. ca.crl.MasterCRL.extension.CRLReason.critical=false
  454. ca.crl.MasterCRL.extension.CRLReason.enable=true
  455. ca.crl.MasterCRL.extension.CRLReason.type=CRLEntryExtension
  456. ca.crl.MasterCRL.extension.DeltaCRLIndicator.class=com.netscape.cms.crl.CMSDeltaCRLIndicatorExtension
  457. ca.crl.MasterCRL.extension.DeltaCRLIndicator.critical=true
  458. ca.crl.MasterCRL.extension.DeltaCRLIndicator.enable=false
  459. ca.crl.MasterCRL.extension.DeltaCRLIndicator.type=CRLExtension
  460. ca.crl.MasterCRL.extension.FreshestCRL.class=com.netscape.cms.crl.CMSFreshestCRLExtension
  461. ca.crl.MasterCRL.extension.FreshestCRL.critical=false
  462. ca.crl.MasterCRL.extension.FreshestCRL.enable=false
  463. ca.crl.MasterCRL.extension.FreshestCRL.numPoints=0
  464. ca.crl.MasterCRL.extension.FreshestCRL.pointName0=
  465. ca.crl.MasterCRL.extension.FreshestCRL.pointType0=
  466. ca.crl.MasterCRL.extension.FreshestCRL.type=CRLExtension
  467. ca.crl.MasterCRL.extension.InvalidityDate.class=com.netscape.cms.crl.CMSInvalidityDateExtension
  468. ca.crl.MasterCRL.extension.InvalidityDate.critical=false
  469. ca.crl.MasterCRL.extension.InvalidityDate.enable=true
  470. ca.crl.MasterCRL.extension.InvalidityDate.type=CRLEntryExtension
  471. ca.crl.MasterCRL.extension.IssuerAlternativeName.class=com.netscape.cms.crl.CMSIssuerAlternativeNameExtension
  472. ca.crl.MasterCRL.extension.IssuerAlternativeName.critical=false
  473. ca.crl.MasterCRL.extension.IssuerAlternativeName.enable=false
  474. ca.crl.MasterCRL.extension.IssuerAlternativeName.name0=
  475. ca.crl.MasterCRL.extension.IssuerAlternativeName.nameType0=
  476. ca.crl.MasterCRL.extension.IssuerAlternativeName.numNames=0
  477. ca.crl.MasterCRL.extension.IssuerAlternativeName.type=CRLExtension
  478. ca.crl.MasterCRL.extension.IssuingDistributionPoint.class=com.netscape.cms.crl.CMSIssuingDistributionPointExtension
  479. ca.crl.MasterCRL.extension.IssuingDistributionPoint.critical=true
  480. ca.crl.MasterCRL.extension.IssuingDistributionPoint.enable=false
  481. ca.crl.MasterCRL.extension.IssuingDistributionPoint.indirectCRL=false
  482. ca.crl.MasterCRL.extension.IssuingDistributionPoint.onlyContainsCACerts=false
  483. ca.crl.MasterCRL.extension.IssuingDistributionPoint.onlyContainsUserCerts=false
  484. ca.crl.MasterCRL.extension.IssuingDistributionPoint.onlySomeReasons=
  485. ca.crl.MasterCRL.extension.IssuingDistributionPoint.pointName=
  486. ca.crl.MasterCRL.extension.IssuingDistributionPoint.pointType=
  487. ca.crl.MasterCRL.extension.IssuingDistributionPoint.type=CRLExtension
  488. ca.crl.MasterCRL.includeExpiredCerts=false
  489. ca.crl.MasterCRL.minUpdateInterval=0
  490. ca.crl.MasterCRL.nextUpdateGracePeriod=0
  491. ca.crl.MasterCRL.publishOnStart=false
  492. ca.crl.MasterCRL.saveMemory=false
  493. ca.crl.MasterCRL.signingAlgorithm=SHA256withRSA
  494. ca.crl.MasterCRL.updateSchema=1
  495. ca.crl._000=##
  496. ca.crl._001=## CA CRL
  497. ca.crl._002=##
  498. ca.crl.pageSize=100
  499. ca.crldbInc=20
  500. ca.enableNonces=false
  501. ca.id=ca
  502. ca.listenToCloneModifications=false
  503. ca.local=true
  504. ca.maxNumberOfNonces=100
  505. ca.maxSearchReturns=1000
  506. ca.maxSearchReturns._000=##
  507. ca.maxSearchReturns._001=## limits number of search results
  508. ca.maxSearchReturns._002=## returned by SearchReqs and SrchCerts
  509. ca.maxSearchReturns._003=##
  510. ca.notification.certIssued.emailSubject=Your Certificate Request
  511. ca.notification.certIssued.emailTemplate=/var/lib/pki/pki-tomcat/ca/emails/certIssued_CA.html
  512. ca.notification.certIssued.enabled=false
  513. ca.notification.certIssued.senderEmail=
  514. ca.notification.certRevoked.emailSubject=Your Certificate Revoked
  515. ca.notification.certRevoked.emailTemplate=/var/lib/pki/pki-tomcat/ca/emails/certRevoked_CA.html
  516. ca.notification.certRevoked.enabled=false
  517. ca.notification.certRevoked.senderEmail=
  518. ca.notification.requestInQ.emailSubject=Certificate Request in Queue
  519. ca.notification.requestInQ.emailTemplate=/var/lib/pki/pki-tomcat/ca/emails/reqInQueue_CA.html
  520. ca.notification.requestInQ.enabled=false
  521. ca.notification.requestInQ.recipientEmail=
  522. ca.notification.requestInQ.senderEmail=
  523. ca.ocsp=true
  524. ca.ocspUseCache=false
  525. ca.ocsp_signing.cacertnickname=ocspSigningCert cert-pki-ca
  526. ca.ocsp_signing.cert=MII...
  527. ca.ocsp_signing.certnickname=ocspSigningCert cert-pki-ca
  528. ca.ocsp_signing.certreq=MII...
  529. ca.ocsp_signing.defaultSigningAlgorithm=SHA256withRSA
  530. ca.ocsp_signing.newNickname=ocspSigningCert cert-pki-ca
  531. ca.ocsp_signing.nickname=ocspSigningCert cert-pki-ca
  532. ca.ocsp_signing.tokenname=Internal Key Storage Token
  533. ca.profiles.defaultSigningAlgsAllowed=SHA256withRSA,SHA1withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA256withEC,SHA1withEC,SHA384withEC,SHA512withEC
  534. ca.publish.createOwnDNEntry=false
  535. ca.publish.enable=true
  536. ca.publish.ldappublish.enable=false
  537. ca.publish.mapper.impl.LdapCaSimpleMap.class=com.netscape.cms.publish.mappers.LdapCaSimpleMap
  538. ca.publish.mapper.impl.LdapDNCompsMap.class=com.netscape.cms.publish.mappers.LdapCertCompsMap
  539. ca.publish.mapper.impl.LdapDNExactMap.class=com.netscape.cms.publish.mappers.LdapCertExactMap
  540. ca.publish.mapper.impl.LdapEnhancedMap.class=com.netscape.cms.publish.mappers.LdapEnhancedMap
  541. ca.publish.mapper.impl.LdapSimpleMap.class=com.netscape.cms.publish.mappers.LdapSimpleMap
  542. ca.publish.mapper.impl.LdapSubjAttrMap.class=com.netscape.cms.publish.mappers.LdapCertSubjMap
  543. ca.publish.mapper.impl.NoMap.class=com.netscape.cms.publish.mappers.NoMap
  544. ca.publish.mapper.instance.LdapCaCertMap.createCAEntry=true
  545. ca.publish.mapper.instance.LdapCaCertMap.dnPattern=UID=$subj.cn,OU=people,O=$subj.o
  546. ca.publish.mapper.instance.LdapCaCertMap.pluginName=LdapCaSimpleMap
  547. ca.publish.mapper.instance.LdapCrlMap.createCAEntry=true
  548. ca.publish.mapper.instance.LdapCrlMap.dnPattern=UID=$subj.cn,OU=people,O=$subj.o
  549. ca.publish.mapper.instance.LdapCrlMap.pluginName=LdapCaSimpleMap
  550. ca.publish.mapper.instance.LdapUserCertMap.dnPattern=UID=$subj.UID,OU=people,O=$subj.o
  551. ca.publish.mapper.instance.LdapUserCertMap.pluginName=LdapSimpleMap
  552. ca.publish.mapper.instance.NoMap.pluginName=NoMap
  553. ca.publish.publisher.impl.FileBasedPublisher.class=com.netscape.cms.publish.publishers.FileBasedPublisher
  554. ca.publish.publisher.impl.LdapCaCertPublisher.class=com.netscape.cms.publish.publishers.LdapCaCertPublisher
  555. ca.publish.publisher.impl.LdapCertificatePairPublisher.class=com.netscape.cms.publish.publishers.LdapCertificatePairPublisher
  556. ca.publish.publisher.impl.LdapCrlPublisher.class=com.netscape.cms.publish.publishers.LdapCrlPublisher
  557. ca.publish.publisher.impl.LdapDeltaCrlPublisher.class=com.netscape.cms.publish.publishers.LdapCrlPublisher
  558. ca.publish.publisher.impl.LdapUserCertPublisher.class=com.netscape.cms.publish.publishers.LdapUserCertPublisher
  559. ca.publish.publisher.impl.OCSPPublisher.class=com.netscape.cms.publish.publishers.OCSPPublisher
  560. ca.publish.publisher.instance.FileBaseCRLPublisher.Filename.b64=false
  561. ca.publish.publisher.instance.FileBaseCRLPublisher.Filename.der=true
  562. ca.publish.publisher.instance.FileBaseCRLPublisher.crlLinkExt=bin
  563. ca.publish.publisher.instance.FileBaseCRLPublisher.directory=/var/lib/ipa/pki-ca/publish
  564. ca.publish.publisher.instance.FileBaseCRLPublisher.latestCrlLink=true
  565. ca.publish.publisher.instance.FileBaseCRLPublisher.pluginName=FileBasedPublisher
  566. ca.publish.publisher.instance.FileBaseCRLPublisher.timeStamp=LocalTime
  567. ca.publish.publisher.instance.FileBaseCRLPublisher.zipCRLs=false
  568. ca.publish.publisher.instance.FileBaseCRLPublisher.zipLevel=9
  569. ca.publish.publisher.instance.LdapCaCertPublisher.caCertAttr=caCertificate;binary
  570. ca.publish.publisher.instance.LdapCaCertPublisher.caObjectClass=pkiCA
  571. ca.publish.publisher.instance.LdapCaCertPublisher.pluginName=LdapCaCertPublisher
  572. ca.publish.publisher.instance.LdapCrlPublisher.crlAttr=certificateRevocationList;binary
  573. ca.publish.publisher.instance.LdapCrlPublisher.crlObjectClass=pkiCA
  574. ca.publish.publisher.instance.LdapCrlPublisher.pluginName=LdapCrlPublisher
  575. ca.publish.publisher.instance.LdapCrossCertPairPublisher.caObjectClass=pkiCA
  576. ca.publish.publisher.instance.LdapCrossCertPairPublisher.crossCertPairAttr=crossCertificatePair;binary
  577. ca.publish.publisher.instance.LdapCrossCertPairPublisher.pluginName=LdapCertificatePairPublisher
  578. ca.publish.publisher.instance.LdapDeltaCrlPublisher.crlAttr=deltaRevocationList;binary
  579. ca.publish.publisher.instance.LdapDeltaCrlPublisher.crlObjectClass=pkiCA,deltaCRL
  580. ca.publish.publisher.instance.LdapDeltaCrlPublisher.pluginName=LdapDeltaCrlPublisher
  581. ca.publish.publisher.instance.LdapUserCertPublisher.certAttr=userCertificate;binary
  582. ca.publish.publisher.instance.LdapUserCertPublisher.pluginName=LdapUserCertPublisher
  583. ca.publish.queue.enable=true
  584. ca.publish.queue.maxNumberOfThreads=3
  585. ca.publish.queue.pageSize=40
  586. ca.publish.queue.priorityLevel=0
  587. ca.publish.queue.saveStatus=200
  588. ca.publish.rule.impl.Rule.class=com.netscape.cmscore.ldap.LdapRule
  589. ca.publish.rule.instance.FileCrlRule.enable=true
  590. ca.publish.rule.instance.FileCrlRule.mapper=NoMap
  591. ca.publish.rule.instance.FileCrlRule.pluginName=Rule
  592. ca.publish.rule.instance.FileCrlRule.predicate=
  593. ca.publish.rule.instance.FileCrlRule.publisher=FileBaseCRLPublisher
  594. ca.publish.rule.instance.FileCrlRule.type=crl
  595. ca.publish.rule.instance.LdapCaCertRule.enable=false
  596. ca.publish.rule.instance.LdapCaCertRule.mapper=LdapCaCertMap
  597. ca.publish.rule.instance.LdapCaCertRule.pluginName=Rule
  598. ca.publish.rule.instance.LdapCaCertRule.predicate=
  599. ca.publish.rule.instance.LdapCaCertRule.publisher=LdapCaCertPublisher
  600. ca.publish.rule.instance.LdapCaCertRule.type=cacert
  601. ca.publish.rule.instance.LdapCrlRule.enable=false
  602. ca.publish.rule.instance.LdapCrlRule.mapper=LdapCrlMap
  603. ca.publish.rule.instance.LdapCrlRule.pluginName=Rule
  604. ca.publish.rule.instance.LdapCrlRule.predicate=
  605. ca.publish.rule.instance.LdapCrlRule.publisher=LdapCrlPublisher
  606. ca.publish.rule.instance.LdapCrlRule.type=crl
  607. ca.publish.rule.instance.LdapUserCertRule.enable=false
  608. ca.publish.rule.instance.LdapUserCertRule.mapper=LdapUserCertMap
  609. ca.publish.rule.instance.LdapUserCertRule.pluginName=Rule
  610. ca.publish.rule.instance.LdapUserCertRule.predicate=
  611. ca.publish.rule.instance.LdapUserCertRule.publisher=LdapUserCertPublisher
  612. ca.publish.rule.instance.LdapUserCertRule.type=certs
  613. ca.publish.rule.instance.LdapXCertRule.enable=false
  614. ca.publish.rule.instance.LdapXCertRule.mapper=LdapCaCertMap
  615. ca.publish.rule.instance.LdapXCertRule.pluginName=Rule
  616. ca.publish.rule.instance.LdapXCertRule.predicate=
  617. ca.publish.rule.instance.LdapXCertRule.publisher=LdapCrossCertPairPublisher
  618. ca.publish.rule.instance.LdapXCertRule.type=xcert
  619. ca.reqdbInc=20
  620. ca.scep._000=##
  621. ca.scep._001=## Enable the following parameters to enable SCEP requests
  622. ca.scep._002=## to be signed by a separate key pair:
  623. ca.scep._003=##
  624. ca.scep._004=## ca.scep.nickname=
  625. ca.scep._005=## ca.scep.tokenname=
  626. ca.scep._006=##
  627. ca.scep.allowedEncryptionAlgorithms=DES3
  628. ca.scep.allowedHashAlgorithms=SHA1,SHA256,SHA512
  629. ca.scep.enable=false
  630. ca.scep.encryptionAlgorithm=DES3
  631. ca.scep.hashAlgorithm=SHA1
  632. ca.scep.nonceSizeLimit=16
  633. ca.signing.cacertnickname=caSigningCert cert-pki-ca
  634. ca.signing.cert=MII...
  635. ca.signing.defaultSigningAlgorithm=SHA256withRSA
  636. ca.signing.newNickname=caSigningCert cert-pki-ca
  637. ca.signing.nickname=caSigningCert cert-pki-ca
  638. ca.signing.tokenname=Internal Key Storage Token
  639. ca.sslserver.cert=MII...
  640. ca.sslserver.certreq=MII...
  641. ca.sslserver.nickname=Server-Cert cert-pki-ca
  642. ca.sslserver.tokenname=Internal Key Storage Token
  643. ca.subsystem.cert=MII...
  644. ca.subsystem.certreq=MII...
  645. ca.subsystem.nickname=subsystemCert cert-pki-ca
  646. ca.subsystem.tokenname=Internal Key Storage Token
  647. ca.transitMaxRecords=1000000
  648. ca.transitRecordPageSize=200
  649. cloning.audit_signing.dn=cn=CA Audit,O=ourdomain.tld
  650. cloning.audit_signing.keyalgorithm=SHA256withRSA
  651. cloning.audit_signing.keytype=rsa
  652. cloning.audit_signing.nickname=auditSigningCert cert-pki-ca
  653. cloning.audit_signing.privkey.id=....(id)....
  654. cloning.audit_signing.pubkey.encoded=
  655. cloning.audit_signing.pubkey.exponent=10001
  656. cloning.audit_signing.pubkey.modulus=....................(modulus)........
  657. cloning.list=signing,ocsp_signing,sslserver,subsystem,audit_signing
  658. cloning.module.token=Internal Key Storage Token
  659. cloning.ocsp_signing.dn=cn=OCSP Subsystem,O=ourdomain.tld
  660. cloning.ocsp_signing.keyalgorithm=SHA256withRSA
  661. cloning.ocsp_signing.keytype=rsa
  662. cloning.ocsp_signing.nickname=ocspSigningCert cert-pki-ca
  663. cloning.ocsp_signing.privkey.id=....(id)....
  664. cloning.ocsp_signing.pubkey.encoded=
  665. cloning.ocsp_signing.pubkey.exponent=10001
  666. cloning.ocsp_signing.pubkey.modulus=....(modulus)....
  667. cloning.signing.dn=cn=Certificate Authority,O=ourdomain.tld
  668. cloning.signing.keyalgorithm=SHA256withRSA
  669. cloning.signing.keytype=rsa
  670. cloning.signing.nickname=caSigningCert cert-pki-ca
  671. cloning.signing.privkey.id=6d7e44668f963a4e5a20fee55151b495e8f1b6bd
  672. cloning.signing.pubkey.encoded=
  673. cloning.signing.pubkey.exponent=10001
  674. cloning.signing.pubkey.modulus=....(modulus)....
  675. cloning.subsystem.dn=cn=CA Subsystem,O=ourdomain.tld
  676. cloning.subsystem.keyalgorithm=SHA256withRSA
  677. cloning.subsystem.keytype=rsa
  678. cloning.subsystem.nickname=subsystemCert cert-pki-ca
  679. cloning.subsystem.privkey.id=....(id)....
  680. cloning.subsystem.pubkey.encoded=
  681. cloning.subsystem.pubkey.exponent=10001
  682. cloning.subsystem.pubkey.modulus=....(modulus)....
  683. cmc.cert.confirmRequired=false
  684. cmc.lraPopWitness.verify.allow=true
  685. cmc.revokeCert.sharedSecret.class=com.netscape.cms.authentication.SharedSecret
  686. cmc.revokeCert.verify=true
  687. cmc.sharedSecret.class=com.netscape.cms.authentication.SharedSecret
  688. cms.password.ignore.publishing.failure=true
  689. cms.passwordlist=internaldb,replicationdb
  690. cms.product.version=10.2.5
  691. cms.version=10.2
  692. cmsgateway._000=##
  693. cmsgateway._001=## In the event that all Admin Certificates have been lost
  694. cmsgateway._002=## for a given instance, perform the following steps to
  695. cmsgateway._003=## re-enroll for a new Admin Certificate:
  696. cmsgateway._004=##
  697. cmsgateway._005=## (1) Become 'root'
  698. cmsgateway._006=## (2) Type: 'service pki-tomcat stop'
  699. cmsgateway._007=## (3) Edit '/etc/pki/pki-tomcat/ca/CS.cfg'
  700. cmsgateway._008=## and set the following name-value pairs (if necessary):
  701. cmsgateway._009=##
  702. cmsgateway._010=## ca.Policy.enable=true
  703. cmsgateway._011=## cmsgateway.enableAdminEnroll=true
  704. cmsgateway._012=##
  705. cmsgateway._013=## (4) Type: 'service pki-tomcat start'
  706. cmsgateway._014=## (5) Launch a browser and re-enroll for
  707. cmsgateway._015=## a new Admin Certificate by typing:
  708. cmsgateway._016=##
  709. cmsgateway._017=## https://host-ipa01.ourdomain.tld:8443/ca/admin/ca/adminEnroll.html
  710. cmsgateway._018=##
  711. cmsgateway._019=## (6) Verify that the browser contains the new
  712. cmsgateway._020=## Admin Certificate by successfully navigating to:
  713. cmsgateway._021=##
  714. cmsgateway._022=## https://host-ipa01.ourdomain.tld:8443/ca/agent/ca/
  715. cmsgateway._023=##
  716. cmsgateway._024=## (7) Optionally, disable the Certificate Policies Framework
  717. cmsgateway._025=## by following steps (1) - (4), but ONLY resetting
  718. cmsgateway._026=## 'ca.Policy.enable=false', as
  719. cmsgateway._027=## 'cmsgateway.enableAdminEnroll=false' should have
  720. cmsgateway._028=## already been reset.
  721. cmsgateway._029=##
  722. cmsgateway.enableAdminEnroll=false
  723. configurationRoot=/ca/conf/
  724. cs.state=1
  725. cs.state._000=##
  726. cs.state._001=## cs.state=0 (pre-operational)
  727. cs.state._002=## cs.state=1 (running)
  728. cs.state._003=##
  729. cs.type=CA
  730. dbs.beginReplicaNumber=87
  731. dbs.beginRequestNumber=9970001
  732. dbs.beginSerialNumber=ffd0001
  733. dbs.enableRandomSerialNumbers=false
  734. dbs.enableSerialManagement=true
  735. dbs.endReplicaNumber=90
  736. dbs.endRequestNumber=9980000
  737. dbs.endSerialNumber=ffe0000
  738. dbs.ldap=internaldb
  739. dbs.newSchemaEntryAdded=true
  740. dbs.nextBeginReplicaNumber=1000
  741. dbs.nextBeginRequestNumber=30000001
  742. dbs.nextBeginSerialNumber=30000001
  743. dbs.nextEndReplicaNumber=1069
  744. dbs.nextEndRequestNumber=39940000
  745. dbs.nextEndSerialNumber=3ffa0000
  746. dbs.randomSerialNumberCounter=-1
  747. dbs.replicaCloneTransferNumber=5
  748. dbs.replicaDN=ou=replica
  749. dbs.replicaIncrement=100
  750. dbs.replicaLowWaterMark=20
  751. dbs.replicaRangeDN=ou=replica, ou=ranges
  752. dbs.requestCloneTransferNumber=10000
  753. dbs.requestDN=ou=ca, ou=requests
  754. dbs.requestIncrement=10000000
  755. dbs.requestLowWaterMark=2000000
  756. dbs.requestRangeDN=ou=requests, ou=ranges
  757. dbs.serialCloneTransferNumber=10000
  758. dbs.serialDN=ou=certificateRepository, ou=ca
  759. dbs.serialIncrement=10000000
  760. dbs.serialLowWaterMark=2000000
  761. dbs.serialRangeDN=ou=certificateRepository, ou=ranges
  762. debug.append=true
  763. debug.enabled=true
  764. debug.filename=/var/lib/pki/pki-tomcat/logs/ca/debug
  765. debug.hashkeytypes=
  766. debug.level=0
  767. debug.showcaller=false
  768. ee.interface.uri=ca/ee/ca
  769. http.port=8080
  770. https.port=8443
  771. installDate=Wed Dec 30 16:24:22 2015
  772. instanceId=pki-tomcat
  773. instanceRoot=/var/lib/pki/pki-tomcat
  774. internaldb._000=##
  775. internaldb._001=## Internal Database
  776. internaldb._002=##
  777. internaldb.basedn=o=ipaca
  778. internaldb.database=ipaca
  779. internaldb.ldapauth.authtype=SslClientAuth
  780. internaldb.ldapauth.bindDN=uid=pkidbuser,ou=people,o=ipaca
  781. internaldb.ldapauth.bindPWPrompt=internaldb
  782. internaldb.ldapauth.clientCertNickname=subsystemCert cert-pki-ca
  783. internaldb.ldapconn.cloneReplicationPort=389
  784. internaldb.ldapconn.host=host-ipa01.ourdomain.tld
  785. internaldb.ldapconn.masterReplicationPort=389
  786. internaldb.ldapconn.port=636
  787. internaldb.ldapconn.replicationSecurity=TLS
  788. internaldb.ldapconn.secureConn=true
  789. internaldb.maxConns=15
  790. internaldb.minConns=3
  791. internaldb.multipleSuffix.enable=false
  792. internaldb.replication.consumer=cloneAgreement1-host-ipa01.ourdomain.tld-pki-tomcat
  793. internaldb.replication.master=masterAgreement1-host-ipa01.ourdomain.tld-pki-tomcat
  794. jobsScheduler._000=##
  795. jobsScheduler._001=## jobScheduler
  796. jobsScheduler._002=##
  797. jobsScheduler.enabled=false
  798. jobsScheduler.impl.PublishCertsJob.class=com.netscape.cms.jobs.PublishCertsJob
  799. jobsScheduler.impl.RenewalNotificationJob.class=com.netscape.cms.jobs.RenewalNotificationJob
  800. jobsScheduler.impl.RequestInQueueJob.class=com.netscape.cms.jobs.RequestInQueueJob
  801. jobsScheduler.impl.UnpublishExpiredJob.class=com.netscape.cms.jobs.UnpublishExpiredJob
  802. jobsScheduler.interval=1
  803. jobsScheduler.job.certRenewalNotifier.cron=0 3 * * 1-5
  804. jobsScheduler.job.certRenewalNotifier.emailSubject=Certificate Renewal Notification
  805. jobsScheduler.job.certRenewalNotifier.emailTemplate=/var/lib/pki/pki-tomcat/ca/emails/rnJob1.txt
  806. jobsScheduler.job.certRenewalNotifier.enabled=false
  807. jobsScheduler.job.certRenewalNotifier.notifyEndOffset=30
  808. jobsScheduler.job.certRenewalNotifier.notifyTriggerOffset=30
  809. jobsScheduler.job.certRenewalNotifier.pluginName=RenewalNotificationJob
  810. jobsScheduler.job.certRenewalNotifier.senderEmail=
  811. jobsScheduler.job.certRenewalNotifier.summary.emailSubject=Certificate Renewal Notification Summary
  812. jobsScheduler.job.certRenewalNotifier.summary.emailTemplate=/var/lib/pki/pki-tomcat/ca/emails/rnJob1Summary.txt
  813. jobsScheduler.job.certRenewalNotifier.summary.enabled=true
  814. jobsScheduler.job.certRenewalNotifier.summary.itemTemplate=/var/lib/pki/pki-tomcat/ca/emails/rnJob1Item.txt
  815. jobsScheduler.job.certRenewalNotifier.summary.recipientEmail=
  816. jobsScheduler.job.certRenewalNotifier.summary.senderEmail=
  817. jobsScheduler.job.publishCerts.cron=0 0 * * 2
  818. jobsScheduler.job.publishCerts.enabled=false
  819. jobsScheduler.job.publishCerts.pluginName=PublishCertsJob
  820. jobsScheduler.job.publishCerts.summary.emailSubject=Certs Publishing Summary
  821. jobsScheduler.job.publishCerts.summary.emailTemplate=/var/lib/pki/pki-tomcat/ca/emails/publishCerts.html
  822. jobsScheduler.job.publishCerts.summary.enabled=true
  823. jobsScheduler.job.publishCerts.summary.itemTemplate=/var/lib/pki/pki-tomcat/ca/emails/publishCertsItem.html
  824. jobsScheduler.job.publishCerts.summary.recipientEmail=
  825. jobsScheduler.job.publishCerts.summary.senderEmail=
  826. jobsScheduler.job.requestInQueueNotifier.cron=0 0 * * 0
  827. jobsScheduler.job.requestInQueueNotifier.enabled=false
  828. jobsScheduler.job.requestInQueueNotifier.pluginName=RequestInQueueJob
  829. jobsScheduler.job.requestInQueueNotifier.subsystemId=ca
  830. jobsScheduler.job.requestInQueueNotifier.summary.emailSubject=Requests in Queue Summary Report
  831. jobsScheduler.job.requestInQueueNotifier.summary.emailTemplate=/var/lib/pki/pki-tomcat/ca/emails/riq1Summary.html
  832. jobsScheduler.job.requestInQueueNotifier.summary.enabled=true
  833. jobsScheduler.job.requestInQueueNotifier.summary.recipientEmail=
  834. jobsScheduler.job.requestInQueueNotifier.summary.senderEmail=
  835. jobsScheduler.job.unpublishExpiredCerts.cron=0 0 * * 6
  836. jobsScheduler.job.unpublishExpiredCerts.enabled=false
  837. jobsScheduler.job.unpublishExpiredCerts.pluginName=UnpublishExpiredJob
  838. jobsScheduler.job.unpublishExpiredCerts.summary.emailSubject=Expired Certs Unpublished Summary
  839. jobsScheduler.job.unpublishExpiredCerts.summary.emailTemplate=/var/lib/pki/pki-tomcat/ca/emails/euJob1.html
  840. jobsScheduler.job.unpublishExpiredCerts.summary.enabled=true
  841. jobsScheduler.job.unpublishExpiredCerts.summary.itemTemplate=/var/lib/pki/pki-tomcat/ca/emails/euJob1Item.html
  842. jobsScheduler.job.unpublishExpiredCerts.summary.recipientEmail=
  843. jobsScheduler.job.unpublishExpiredCerts.summary.senderEmail=
  844. jss._000=##
  845. jss._001=## JSS
  846. jss._002=##
  847. jss.configDir=/var/lib/pki/pki-tomcat/alias/
  848. jss.enable=true
  849. jss.ocspcheck.enable=false
  850. jss.secmodName=secmod.db
  851. jss.ssl.cipherfortezza=true
  852. jss.ssl.cipherpref=
  853. jss.ssl.cipherversion=cipherdomestic
  854. jss.ssl.sslserver.ectype=ECDHE
  855. keys.ecc.curve.default=nistp256
  856. keys.ecc.curve.display.list=nistp256 (secp256r1),nistp384 (secp384r1),nistp521 (secp521r1),nistk163 (sect163k1),sect163r1,nistb163 (sect163r2),sect193r1,sect193r2,nistk233 (sect233k1),nistb233 (sect233r1),sect239k1,nistk283 (sect283k1),nistb283 (sect283r1),nistk409 (sect409k1),nistb409 (sect409r1),nistk571 (sect571k1),nistb571 (sect571r1),secp160k1,secp160r1,secp160r2,secp192k1,nistp192 (secp192r1, prime192v1),secp224k1,nistp224 (secp224r1),secp256k1,prime192v2,prime192v3,prime239v1,prime239v2,prime239v3,c2pnb163v1,c2pnb163v2,c2pnb163v3,c2pnb176v1,c2tnb191v1,c2tnb191v2,c2tnb191v3,c2pnb208w1,c2tnb239v1,c2tnb239v2,c2tnb239v3,c2pnb272w1,c2pnb304w1,c2tnb359w1,c2pnb368w1,c2tnb431r1,secp112r1,secp112r2,secp128r1,secp128r2,sect113r1,sect113r2,sect131r1,sect131r2
  857. keys.ecc.curve.list=nistp256,nistp384,nistp521,sect163k1,nistk163,sect163r1,sect163r2,nistb163,sect193r1,sect193r2,sect233k1,nistk233,sect233r1,nistb233,sect239k1,sect283k1,nistk283,sect283r1,nistb283,sect409k1,nistk409,sect409r1,nistb409,sect571k1,nistk571,sect571r1,nistb571,secp160k1,secp160r1,secp160r2,secp192k1,secp192r1,nistp192,secp224k1,secp224r1,nistp224,secp256k1,secp256r1,secp384r1,secp521r1,prime192v1,prime192v2,prime192v3,prime239v1,prime239v2,prime239v3,c2pnb163v1,c2pnb163v2,c2pnb163v3,c2pnb176v1,c2tnb191v1,c2tnb191v2,c2tnb191v3,c2pnb208w1,c2tnb239v1,c2tnb239v2,c2tnb239v3,c2pnb272w1,c2pnb304w1,c2tnb359w1,c2pnb368w1,c2tnb431r1,secp112r1,secp112r2,secp128r1,secp128r2,sect113r1,sect113r2,sect131r1,sect131r2
  858. keys.rsa.keysize.default=2048
  859. log._000=##
  860. log._001=## Logging
  861. log._002=##
  862. log.impl.file.class=com.netscape.cms.logging.RollingLogFile
  863. log.instance.SignedAudit._000=##
  864. log.instance.SignedAudit._001=## Signed Audit Logging
  865. log.instance.SignedAudit._002=##
  866. log.instance.SignedAudit._003=##
  867. log.instance.SignedAudit._004=## Available Audit events:
  868. log.instance.SignedAudit._005=## AUDIT_LOG_STARTUP,AUDIT_LOG_SHUTDOWN,ROLE_ASSUME,CONFIG_CERT_POLICY,CONFIG_CERT_PROFILE,CONFIG_CRL_PROFILE,CONFIG_OCSP_PROFILE,CONFIG_AUTH,CONFIG_ROLE,CONFIG_ACL,CONFIG_SIGNED_AUDIT,CONFIG_ENCRYPTION,CONFIG_TRUSTED_PUBLIC_KEY,CONFIG_DRM,SELFTESTS_EXECUTION,AUDIT_LOG_DELETE,LOG_PATH_CHANGE,LOG_EXPIRATION_CHANGE,PRIVATE_KEY_ARCHIVE_REQUEST,PRIVATE_KEY_ARCHIVE_REQUEST_PROCESSED,PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS,PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE,KEY_RECOVERY_REQUEST,KEY_RECOVERY_REQUEST_ASYNC,KEY_RECOVERY_AGENT_LOGIN,KEY_RECOVERY_REQUEST_PROCESSED,KEY_RECOVERY_REQUEST_PROCESSED_ASYNC,KEY_GEN_ASYMMETRIC,NON_PROFILE_CERT_REQUEST,PROFILE_CERT_REQUEST,CERT_REQUEST_PROCESSED,CERT_STATUS_CHANGE_REQUEST,CERT_STATUS_CHANGE_REQUEST_PROCESSED,AUTHZ_SUCCESS,AUTHZ_FAIL,INTER_BOUNDARY,AUTH_FAIL,AUTH_SUCCESS,CERT_PROFILE_APPROVAL,PROOF_OF_POSSESSION,CRL_RETRIEVAL,CRL_VALIDATION,CMC_SIGNED_REQUEST_SIG_VERIFY,SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_FAILURE,SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_SUCCESS,SERVER_SIDE_KEYGEN_REQUEST,COMPUTE_SESSION_KEY_REQUEST,COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS, COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE,DIVERSIFY_KEY_REQUEST,DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS, DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE,ENCRYPT_DATA_REQUEST,ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS,ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE,OCSP_ADD_CA_REQUEST,OCSP_ADD_CA_REQUEST_PROCESSED,OCSP_REMOVE_CA_REQUEST,OCSP_REMOVE_CA_REQUEST_PROCESSED_SUCCESS,OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE,COMPUTE_RANDOM_DATA_REQUEST,COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_SUCCESS,COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_FAILURE,CIMC_CERT_VERIFICATION,SECURITY_DOMAIN_UPDATE,CONFIG_SERIAL_NUMBER
  869. log.instance.SignedAudit._006=##
  870. log.instance.SignedAudit.bufferSize=512
  871. log.instance.SignedAudit.enable=true
  872. log.instance.SignedAudit.events=AUDIT_LOG_STARTUP,AUDIT_LOG_SHUTDOWN,ROLE_ASSUME,CONFIG_CERT_POLICY,CONFIG_CERT_PROFILE,CONFIG_CRL_PROFILE,CONFIG_OCSP_PROFILE,CONFIG_AUTH,CONFIG_ROLE,CONFIG_ACL,CONFIG_SIGNED_AUDIT,CONFIG_ENCRYPTION,CONFIG_TRUSTED_PUBLIC_KEY,CONFIG_DRM,SELFTESTS_EXECUTION,AUDIT_LOG_DELETE,LOG_PATH_CHANGE,PRIVATE_KEY_ARCHIVE_REQUEST,PRIVATE_KEY_ARCHIVE_REQUEST_PROCESSED,PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS,PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE,KEY_RECOVERY_REQUEST,KEY_RECOVERY_REQUEST_ASYNC,KEY_RECOVERY_AGENT_LOGIN,KEY_RECOVERY_REQUEST_PROCESSED,KEY_RECOVERY_REQUEST_PROCESSED_ASYNC,KEY_GEN_ASYMMETRIC,NON_PROFILE_CERT_REQUEST,PROFILE_CERT_REQUEST,CERT_REQUEST_PROCESSED,CERT_STATUS_CHANGE_REQUEST,CERT_STATUS_CHANGE_REQUEST_PROCESSED,AUTHZ_SUCCESS,AUTHZ_FAIL,INTER_BOUNDARY,AUTH_FAIL,AUTH_SUCCESS,CERT_PROFILE_APPROVAL,PROOF_OF_POSSESSION,CRL_RETRIEVAL,CRL_VALIDATION,CMC_SIGNED_REQUEST_SIG_VERIFY,SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_FAILURE,SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_SUCCESS,SERVER_SIDE_KEYGEN_REQUEST,COMPUTE_SESSION_KEY_REQUEST,COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS, COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE,DIVERSIFY_KEY_REQUEST,DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS, DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE,ENCRYPT_DATA_REQUEST,ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS,ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE,OCSP_ADD_CA_REQUEST,OCSP_ADD_CA_REQUEST_PROCESSED,OCSP_REMOVE_CA_REQUEST,OCSP_REMOVE_CA_REQUEST_PROCESSED_SUCCESS,OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE,COMPUTE_RANDOM_DATA_REQUEST,COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_SUCCESS,COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_FAILURE,CIMC_CERT_VERIFICATION,SECURITY_DOMAIN_UPDATE,CONFIG_SERIAL_NUMBER
  873. log.instance.SignedAudit.expirationTime=0
  874. log.instance.SignedAudit.fileName=/var/lib/pki/pki-tomcat/logs/ca/signedAudit/ca_audit
  875. log.instance.SignedAudit.flushInterval=5
  876. log.instance.SignedAudit.level=1
  877. log.instance.SignedAudit.logSigning=false
  878. log.instance.SignedAudit.maxFileSize=2000
  879. log.instance.SignedAudit.pluginName=file
  880. log.instance.SignedAudit.rolloverInterval=2592000
  881. log.instance.SignedAudit.signedAudit=_002=##
  882. log.instance.SignedAudit.signedAuditCertNickname=auditSigningCert cert-pki-ca
  883. log.instance.SignedAudit.type=signedAudit
  884. log.instance.System._000=##
  885. log.instance.System._001=## System Logging
  886. log.instance.System._002=##
  887. log.instance.System.bufferSize=512
  888. log.instance.System.enable=true
  889. log.instance.System.expirationTime=0
  890. log.instance.System.fileName=/var/lib/pki/pki-tomcat/logs/ca/system
  891. log.instance.System.flushInterval=5
  892. log.instance.System.level=3
  893. log.instance.System.maxFileSize=2000
  894. log.instance.System.pluginName=file
  895. log.instance.System.rolloverInterval=2592000
  896. log.instance.System.type=system
  897. log.instance.Transactions._000=##
  898. log.instance.Transactions._001=## Transaction Logging
  899. log.instance.Transactions._002=##
  900. log.instance.Transactions.bufferSize=512
  901. log.instance.Transactions.enable=true
  902. log.instance.Transactions.expirationTime=0
  903. log.instance.Transactions.fileName=/var/lib/pki/pki-tomcat/logs/ca/transactions
  904. log.instance.Transactions.flushInterval=5
  905. log.instance.Transactions.level=1
  906. log.instance.Transactions.maxFileSize=2000
  907. log.instance.Transactions.pluginName=file
  908. log.instance.Transactions.rolloverInterval=2592000
  909. log.instance.Transactions.type=transaction
  910. logAudit.fileName=/var/lib/pki/pki-tomcat/logs/ca/access
  911. logError.fileName=/var/lib/pki/pki-tomcat/logs/ca/error
  912. machineName=host-ipa01.ourdomain.tld
  913. master.ca.agent.host=host-sso02.ourdomain.tld
  914. master.ca.agent.port=443
  915. multiroles._000=##
  916. multiroles._001=## multiroles
  917. multiroles._002=##
  918. multiroles.enable=true
  919. multiroles.false.groupEnforceList=Administrators,Auditors,Trusted Managers,Certificate Manager Agents,Registration Manager Agents,Data Recovery Manager Agents,Online Certificate Status Manager Agents,Token Key Service Manager Agents,Enterprise CA Administrators,Enterprise KRA Administrators,Enterprise OCSP Administrators,Enterprise RA Administrators,Enterprise TKS Administrators,Enterprise TPS Administrators,Security Domain Administrators,Subsystem Group,ClonedSubsystems
  920. oidmap.auth_info_access.class=netscape.security.extensions.AuthInfoAccessExtension
  921. oidmap.auth_info_access.oid=1.3.6.1.5.5.7.1.1
  922. oidmap.challenge_password.class=com.netscape.cms.servlet.cert.scep.ChallengePassword
  923. oidmap.challenge_password.oid=1.2.840.113549.1.9.7
  924. oidmap.extended_key_usage.class=netscape.security.extensions.ExtendedKeyUsageExtension
  925. oidmap.extended_key_usage.oid=2.5.29.37
  926. oidmap.extensions_requested_pkcs9.class=com.netscape.cms.servlet.cert.scep.ExtensionsRequested
  927. oidmap.extensions_requested_pkcs9.oid=1.2.840.113549.1.9.14
  928. oidmap.extensions_requested_vsgn.class=com.netscape.cms.servlet.cert.scep.ExtensionsRequested
  929. oidmap.extensions_requested_vsgn.oid=2.16.840.1.113733.1.9.8
  930. oidmap.netscape_comment.class=netscape.security.x509.NSCCommentExtension
  931. oidmap.netscape_comment.oid=2.16.840.1.113730.1.13
  932. oidmap.ocsp_no_check.class=netscape.security.extensions.OCSPNoCheckExtension
  933. oidmap.ocsp_no_check.oid=1.3.6.1.5.5.7.48.1.5
  934. oidmap.pse.class=netscape.security.extensions.PresenceServerExtension
  935. oidmap.pse.oid=2.16.840.1.113730.1.18
  936. oidmap.subject_info_access.class=netscape.security.extensions.SubjectInfoAccessExtension
  937. oidmap.subject_info_access.oid=1.3.6.1.5.5.7.1.11
  938. os.userid=nobody
  939. passwordClass=com.netscape.cmsutil.password.PlainPasswordFile
  940. passwordFile=/var/lib/pki/pki-tomcat/conf/password.conf
  941. pidDir=/var/run/pki/tomcat
  942. pkicreate.admin_secure_port=8443
  943. pkicreate.agent_secure_port=8443
  944. pkicreate.arg11.group=pkiuser
  945. pkicreate.ee_secure_client_auth_port=8443
  946. pkicreate.ee_secure_port=8443
  947. pkicreate.pki_instance_name=pki-tomcat
  948. pkicreate.pki_instance_root=/var/lib/pki
  949. pkicreate.secure_port=8443
  950. pkicreate.subsystem_type=ca
  951. pkicreate.systemd.servicename=pki-tomcatd@pki-tomcat.service
  952. pkicreate.tomcat_server_port=8005
  953. pkicreate.unsecure_port=8080
  954. pkicreate.user=pkiuser
  955. pkiremove.cert.subsystem.nickname=subsystemCert cert-pki-tomcat
  956. processor.caDoRevoke-agent.authMgr=certUserDBAuthMgr
  957. processor.caDoRevoke-agent.authorityId=ca
  958. processor.caDoRevoke-agent.authzMgr=BasicAclAuthz
  959. processor.caDoRevoke-agent.authzResourceName=certServer.ca.certificates
  960. processor.caDoRevoke-agent.getClientCert=true
  961. processor.caDoRevoke.authorityId=ca
  962. processor.caDoRevoke.authzMgr=BasicAclAuthz
  963. processor.caDoRevoke.authzResourceName=certServer.ee.certificates
  964. processor.caDoRevoke.getClientCert=false
  965. processor.caDoUnrevoke.authMgr=certUserDBAuthMgr
  966. processor.caDoUnrevoke.authorityId=ca
  967. processor.caDoUnrevoke.authzMgr=BasicAclAuthz
  968. processor.caDoUnrevoke.authzResourceName=certServer.ca.certificate
  969. processor.caDoUnrevoke.getClientCert=true
  970. processor.caProfileProcess.authMgr=certUserDBAuthMgr
  971. processor.caProfileProcess.authorityId=ca
  972. processor.caProfileProcess.authzMgr=BasicAclAuthz
  973. processor.caProfileProcess.authzResourceName=certServer.ca.request.profile
  974. processor.caProfileProcess.getClientCert=true
  975. processor.caProfileSubmit.authorityId=ca
  976. processor.caProfileSubmit.authzMgr=BasicAclAuthz
  977. processor.caProfileSubmit.authzResourceName=certServer.ee.profile
  978. processor.caProfileSubmit.getClientCert=false
  979. profile.AdminCert.class_id=caEnrollImpl
  980. profile.AdminCert.config=/var/lib/pki/pki-tomcat/ca/profiles/ca/AdminCert.cfg
  981. profile.DomainController.class_id=caEnrollImpl
  982. profile.DomainController.config=/var/lib/pki/pki-tomcat/ca/profiles/ca/DomainController.cfg
  983. profile.caAdminCert.class_id=caEnrollImpl
  984. profile.caAdminCert.config=/var/lib/pki/pki-tomcat/ca/profiles/ca/caAdminCert.cfg
  985. profile.caAgentFileSigning.class_id=caEnrollImpl
  986. profile.caAgentFileSigning.config=/var/lib/pki/pki-tomcat/ca/profiles/ca/caAgentFileSigning.cfg
  987. profile.caAgentServerCert.class_id=caEnrollImpl
  988. profile.caAgentServerCert.config=/var/lib/pki/pki-tomcat/ca/profiles/ca/caAgentServerCert.cfg
  989. profile.caCACert.class_id=caEnrollImpl
  990. profile.caCACert.config=/var/lib/pki/pki-tomcat/ca/profiles/ca/caCACert.cfg
  991. profile.caCMCUserCert.class_id=caEnrollImpl
  992. profile.caCMCUserCert.config=/var/lib/pki/pki-tomcat/ca/profiles/ca/caCMCUserCert.cfg
  993. profile.caCrossSignedCACert.class_id=caEnrollImpl
  994. profile.caCrossSignedCACert.config=/var/lib/pki/pki-tomcat/ca/profiles/ca/caCrossSignedCACert.cfg
  995. profile.caDirPinUserCert.class_id=caEnrollImpl
  996. profile.caDirPinUserCert.config=/var/lib/pki/pki-tomcat/ca/profiles/ca/caDirPinUserCert.cfg
  997. profile.caDirUserCert.class_id=caEnrollImpl
  998. profile.caDirUserCert.config=/var/lib/pki/pki-tomcat/ca/profiles/ca/caDirUserCert.cfg
  999. profile.caDirUserRenewal.class_id=caEnrollImpl
  1000. profile.caDirUserRenewal.config=/var/lib/pki/pki-tomcat/ca/profiles/ca/caDirUserRenewal.cfg
  1001. profile.caDualCert.class_id=caEnrollImpl
  1002. profile.caDualCert.config=/var/lib/pki/pki-tomcat/ca/profiles/ca/caDualCert.cfg
  1003. profile.caDualRAuserCert.class_id=caEnrollImpl
  1004. profile.caDualRAuserCert.config=/var/lib/pki/pki-tomcat/ca/profiles/ca/caDualRAuserCert.cfg
  1005. profile.caECDirUserCert.class_id=caEnrollImpl
  1006. profile.caECDirUserCert.config=/var/lib/pki/pki-tomcat/ca/profiles/ca/caECDirUserCert.cfg
  1007. profile.caECDualCert.class_id=caEnrollImpl
  1008. profile.caECDualCert.config=/var/lib/pki/pki-tomcat/ca/profiles/ca/caECDualCert.cfg
  1009. profile.caECUserCert.class_id=caEnrollImpl
  1010. profile.caECUserCert.config=/var/lib/pki/pki-tomcat/ca/profiles/ca/caECUserCert.cfg
  1011. profile.caEncECUserCert.class_id=caEnrollImpl
  1012. profile.caEncECUserCert.config=/var/lib/pki/pki-tomcat/ca/profiles/ca/caEncECUserCert.cfg
  1013. profile.caEncUserCert.class_id=caEnrollImpl
  1014. profile.caEncUserCert.config=/var/lib/pki/pki-tomcat/ca/profiles/ca/caEncUserCert.cfg
  1015. profile.caFullCMCUserCert.class_id=caEnrollImpl
  1016. profile.caFullCMCUserCert.config=/var/lib/pki/pki-tomcat/ca/profiles/ca/caFullCMCUserCert.cfg
  1017. profile.caIPAserviceCert.class_id=caEnrollImpl
  1018. profile.caIPAserviceCert.config=/var/lib/pki/pki-tomcat/ca/profiles/ca/caIPAserviceCert.cfg
  1019. profile.caInstallCACert.class_id=caEnrollImpl
  1020. profile.caInstallCACert.config=/var/lib/pki/pki-tomcat/ca/profiles/ca/caInstallCACert.cfg
  1021. profile.caInternalAuthAuditSigningCert.class_id=caEnrollImpl
  1022. profile.caInternalAuthAuditSigningCert.config=/var/lib/pki/pki-tomcat/ca/profiles/ca/caInternalAuthAuditSigningCert.cfg
  1023. profile.caInternalAuthDRMstorageCert.class_id=caEnrollImpl
  1024. profile.caInternalAuthDRMstorageCert.config=/var/lib/pki/pki-tomcat/ca/profiles/ca/caInternalAuthDRMstorageCert.cfg
  1025. profile.caInternalAuthOCSPCert.class_id=caEnrollImpl
  1026. profile.caInternalAuthOCSPCert.config=/var/lib/pki/pki-tomcat/ca/profiles/ca/caInternalAuthOCSPCert.cfg
  1027. profile.caInternalAuthServerCert.class_id=caEnrollImpl
  1028. profile.caInternalAuthServerCert.config=/var/lib/pki/pki-tomcat/ca/profiles/ca/caInternalAuthServerCert.cfg
  1029. profile.caInternalAuthSubsystemCert.class_id=caEnrollImpl
  1030. profile.caInternalAuthSubsystemCert.config=/var/lib/pki/pki-tomcat/ca/profiles/ca/caInternalAuthSubsystemCert.cfg
  1031. profile.caInternalAuthTransportCert.class_id=caEnrollImpl
  1032. profile.caInternalAuthTransportCert.config=/var/lib/pki/pki-tomcat/ca/profiles/ca/caInternalAuthTransportCert.cfg
  1033. profile.caJarSigningCert.class_id=caEnrollImpl
  1034. profile.caJarSigningCert.config=/var/lib/pki/pki-tomcat/ca/profiles/ca/caJarSigningCert.cfg
  1035. profile.caManualRenewal.class_id=caEnrollImpl
  1036. profile.caManualRenewal.config=/var/lib/pki/pki-tomcat/ca/profiles/ca/caManualRenewal.cfg
  1037. profile.caOCSPCert.class_id=caEnrollImpl
  1038. profile.caOCSPCert.config=/var/lib/pki/pki-tomcat/ca/profiles/ca/caOCSPCert.cfg
  1039. profile.caOtherCert.class_id=caEnrollImpl
  1040. profile.caOtherCert.config=/var/lib/pki/pki-tomcat/ca/profiles/ca/caOtherCert.cfg
  1041. profile.caRACert.class_id=caEnrollImpl
  1042. profile.caRACert.config=/var/lib/pki/pki-tomcat/ca/profiles/ca/caRACert.cfg
  1043. profile.caRARouterCert.class_id=caEnrollImpl
  1044. profile.caRARouterCert.config=/var/lib/pki/pki-tomcat/ca/profiles/ca/caRARouterCert.cfg
  1045. profile.caRAagentCert.class_id=caEnrollImpl
  1046. profile.caRAagentCert.config=/var/lib/pki/pki-tomcat/ca/profiles/ca/caRAagentCert.cfg
  1047. profile.caRAserverCert.class_id=caEnrollImpl
  1048. profile.caRAserverCert.config=/var/lib/pki/pki-tomcat/ca/profiles/ca/caRAserverCert.cfg
  1049. profile.caRouterCert.class_id=caEnrollImpl
  1050. profile.caRouterCert.config=/var/lib/pki/pki-tomcat/ca/profiles/ca/caRouterCert.cfg
  1051. profile.caSSLClientSelfRenewal.class_id=caEnrollImpl
  1052. profile.caSSLClientSelfRenewal.config=/var/lib/pki/pki-tomcat/ca/profiles/ca/caSSLClientSelfRenewal.cfg
  1053. profile.caServerCert.class_id=caEnrollImpl
  1054. profile.caServerCert.config=/var/lib/pki/pki-tomcat/ca/profiles/ca/caServerCert.cfg
  1055. profile.caSignedLogCert.class_id=caEnrollImpl
  1056. profile.caSignedLogCert.config=/var/lib/pki/pki-tomcat/ca/profiles/ca/caSignedLogCert.cfg
  1057. profile.caSimpleCMCUserCert.class_id=caEnrollImpl
  1058. profile.caSimpleCMCUserCert.config=/var/lib/pki/pki-tomcat/ca/profiles/ca/caSimpleCMCUserCert.cfg
  1059. profile.caStorageCert.class_id=caEnrollImpl
  1060. profile.caStorageCert.config=/var/lib/pki/pki-tomcat/ca/profiles/ca/caStorageCert.cfg
  1061. profile.caSubsystemCert.class_id=caEnrollImpl
  1062. profile.caSubsystemCert.config=/var/lib/pki/pki-tomcat/ca/profiles/ca/caSubsystemCert.cfg
  1063. profile.caTPSCert.class_id=caEnrollImpl
  1064. profile.caTPSCert.config=/var/lib/pki/pki-tomcat/ca/profiles/ca/caTPSCert.cfg
  1065. profile.caTempTokenDeviceKeyEnrollment.class_id=caUserCertEnrollImpl
  1066. profile.caTempTokenDeviceKeyEnrollment.config=/var/lib/pki/pki-tomcat/ca/profiles/ca/caTempTokenDeviceKeyEnrollment.cfg
  1067. profile.caTempTokenUserEncryptionKeyEnrollment.class_id=caUserCertEnrollImpl
  1068. profile.caTempTokenUserEncryptionKeyEnrollment.config=/var/lib/pki/pki-tomcat/ca/profiles/ca/caTempTokenUserEncryptionKeyEnrollment.cfg
  1069. profile.caTempTokenUserSigningKeyEnrollment.class_id=caUserCertEnrollImpl
  1070. profile.caTempTokenUserSigningKeyEnrollment.config=/var/lib/pki/pki-tomcat/ca/profiles/ca/caTempTokenUserSigningKeyEnrollment.cfg
  1071. profile.caTokenDeviceKeyEnrollment.class_id=caUserCertEnrollImpl
  1072. profile.caTokenDeviceKeyEnrollment.config=/var/lib/pki/pki-tomcat/ca/profiles/ca/caTokenDeviceKeyEnrollment.cfg
  1073. profile.caTokenMSLoginEnrollment.class_id=caUserCertEnrollImpl
  1074. profile.caTokenMSLoginEnrollment.config=/var/lib/pki/pki-tomcat/ca/profiles/ca/caTokenMSLoginEnrollment.cfg
  1075. profile.caTokenUserAuthKeyRenewal.class_id=caUserCertEnrollImpl
  1076. profile.caTokenUserAuthKeyRenewal.config=/var/lib/pki/pki-tomcat/ca/profiles/ca/caTokenUserAuthKeyRenewal.cfg
  1077. profile.caTokenUserDelegateAuthKeyEnrollment.class_id=caUserCertEnrollImpl
  1078. profile.caTokenUserDelegateAuthKeyEnrollment.config=/var/lib/pki/pki-tomcat/ca/profiles/ca/caTokenUserDelegateAuthKeyEnrollment.cfg
  1079. profile.caTokenUserDelegateSigningKeyEnrollment.class_id=caUserCertEnrollImpl
  1080. profile.caTokenUserDelegateSigningKeyEnrollment.config=/var/lib/pki/pki-tomcat/ca/profiles/ca/caTokenUserDelegateSigningKeyEnrollment.cfg
  1081. profile.caTokenUserEncryptionKeyEnrollment.class_id=caUserCertEnrollImpl
  1082. profile.caTokenUserEncryptionKeyEnrollment.config=/var/lib/pki/pki-tomcat/ca/profiles/ca/caTokenUserEncryptionKeyEnrollment.cfg
  1083. profile.caTokenUserEncryptionKeyRenewal.class_id=caUserCertEnrollImpl
  1084. profile.caTokenUserEncryptionKeyRenewal.config=/var/lib/pki/pki-tomcat/ca/profiles/ca/caTokenUserEncryptionKeyRenewal.cfg
  1085. profile.caTokenUserSigningKeyEnrollment.class_id=caUserCertEnrollImpl
  1086. profile.caTokenUserSigningKeyEnrollment.config=/var/lib/pki/pki-tomcat/ca/profiles/ca/caTokenUserSigningKeyEnrollment.cfg
  1087. profile.caTokenUserSigningKeyRenewal.class_id=caUserCertEnrollImpl
  1088. profile.caTokenUserSigningKeyRenewal.config=/var/lib/pki/pki-tomcat/ca/profiles/ca/caTokenUserSigningKeyRenewal.cfg
  1089. profile.caTransportCert.class_id=caEnrollImpl
  1090. profile.caTransportCert.config=/var/lib/pki/pki-tomcat/ca/profiles/ca/caTransportCert.cfg
  1091. profile.caUUIDdeviceCert.class_id=caEnrollImpl
  1092. profile.caUUIDdeviceCert.config=/var/lib/pki/pki-tomcat/ca/profiles/ca/caUUIDdeviceCert.cfg
  1093. profile.caUserCert.class_id=caEnrollImpl
  1094. profile.caUserCert.config=/var/lib/pki/pki-tomcat/ca/profiles/ca/caUserCert.cfg
  1095. profile.caUserSMIMEcapCert.class_id=caEnrollImpl
  1096. profile.caUserSMIMEcapCert.config=/var/lib/pki/pki-tomcat/ca/profiles/ca/caUserSMIMEcapCert.cfg
  1097. profile.list=caUserCert,caECUserCert,caUserSMIMEcapCert,caDualCert,caECDualCert,AdminCert,caSignedLogCert,caTPSCert,caRARouterCert,caRouterCert,caServerCert,caSubsystemCert,caOtherCert,caCACert,caCrossSignedCACert,caInstallCACert,caRACert,caOCSPCert,caStorageCert,caTransportCert,caDirPinUserCert,caDirUserCert,caECDirUserCert,caAgentServerCert,caAgentFileSigning,caCMCUserCert,caFullCMCUserCert,caSimpleCMCUserCert,caTokenDeviceKeyEnrollment,caTokenUserEncryptionKeyEnrollment,caTokenUserSigningKeyEnrollment,caTempTokenDeviceKeyEnrollment,caTempTokenUserEncryptionKeyEnrollment,caTempTokenUserSigningKeyEnrollment,caAdminCert,caInternalAuthServerCert,caInternalAuthTransportCert,caInternalAuthDRMstorageCert,caInternalAuthSubsystemCert,caInternalAuthOCSPCert,caInternalAuthAuditSigningCert,DomainController,caDualRAuserCert,caRAagentCert,caRAserverCert,caUUIDdeviceCert,caSSLClientSelfRenewal,caDirUserRenewal,caManualRenewal,caTokenMSLoginEnrollment,caTokenUserSigningKeyRenewal,caTokenUserEncryptionKeyRenewal,caTokenUserAuthKeyRenewal,caJarSigningCert,caIPAserviceCert,caEncUserCert,caEncECUserCert,caTokenUserDelegateAuthKeyEnrollment,caTokenUserDelegateSigningKeyEnrollment
  1098. proxy.securePort=443
  1099. proxy.unsecurePort=80
  1100. registry.file=/var/lib/pki/pki-tomcat/conf/ca/registry.cfg
  1101. request.assignee.enable=true
  1102. securitydomain.checkIP=false
  1103. securitydomain.checkinterval=300000
  1104. securitydomain.flushinterval=86400000
  1105. securitydomain.host=host-ipa01.ourdomain.tld
  1106. securitydomain.httpport=80
  1107. securitydomain.httpsadminport=443
  1108. securitydomain.httpsagentport=443
  1109. securitydomain.httpseeport=443
  1110. securitydomain.name=IPA
  1111. securitydomain.select=new
  1112. securitydomain.source=ldap
  1113. securitydomain.store=ldap
  1114. selftests._000=##
  1115. selftests._001=## Self Tests
  1116. selftests._002=##
  1117. selftests._003=## The Self-Test plugin SystemCertsVerification uses the
  1118. selftests._004=## following parameters (where certusage is optional):
  1119. selftests._005=## ca.cert.list = <list of cert tag names deliminated by ",">
  1120. selftests._006=## ca.cert.<cert tag name>.nickname
  1121. selftests._007=## ca.cert.<cert tag name>.certusage
  1122. selftests._008=##
  1123. selftests.container.instance.CAPresence=com.netscape.cms.selftests.ca.CAPresence
  1124. selftests.container.instance.CAValidity=com.netscape.cms.selftests.ca.CAValidity
  1125. selftests.container.instance.SystemCertsVerification=com.netscape.cms.selftests.common.SystemCertsVerification
  1126. selftests.container.logger.bufferSize=512
  1127. selftests.container.logger.class=com.netscape.cms.logging.RollingLogFile
  1128. selftests.container.logger.enable=true
  1129. selftests.container.logger.expirationTime=0
  1130. selftests.container.logger.fileName=/var/lib/pki/pki-tomcat/logs/ca/selftests.log
  1131. selftests.container.logger.flushInterval=5
  1132. selftests.container.logger.level=1
  1133. selftests.container.logger.maxFileSize=2000
  1134. selftests.container.logger.register=false
  1135. selftests.container.logger.rolloverInterval=2592000
  1136. selftests.container.logger.type=transaction
  1137. selftests.container.order.onDemand=CAPresence:critical, SystemCertsVerification:critical, CAValidity:critical
  1138. selftests.container.order.startup=CAPresence:critical, SystemCertsVerification:critical
  1139. selftests.plugin.CAPresence.CaSubId=ca
  1140. selftests.plugin.CAValidity.CaSubId=ca
  1141. selftests.plugin.SystemCertsVerification.SubId=ca
  1142. service.clientauth_securePort=8443
  1143. service.instanceDir=/var/lib/pki
  1144. service.instanceID=pki-tomcat
  1145. service.machineName=host-ipa01.ourdomain.tld
  1146. service.non_clientauth_securePort=8443
  1147. service.securePort=8443
  1148. service.securityDomainPort=443
  1149. service.unsecurePort=8080
  1150. smtp.host=localhost
  1151. smtp.port=25
  1152. subsystem.0.class=com.netscape.ca.CertificateAuthority
  1153. subsystem.0.id=ca
  1154. subsystem.1.class=com.netscape.cmscore.profile.LDAPProfileSubsystem
  1155. subsystem.1.enabled=true
  1156. subsystem.1.id=profile
  1157. subsystem.2.class=com.netscape.cmscore.selftests.SelfTestSubsystem
  1158. subsystem.2.id=selftests
  1159. subsystem.3.class=com.netscape.cmscore.cert.CrossCertPairSubsystem
  1160. subsystem.3.id=CrossCertPair
  1161. subsystem.4.class=com.netscape.cmscore.util.StatsSubsystem
  1162. subsystem.4.id=stats
  1163. subsystem.count=0
  1164. subsystem.select=Clone
  1165. usrgrp._000=##
  1166. usrgrp._001=## User/Group
  1167. usrgrp._002=##
  1168. usrgrp.ldap=internaldb
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!