Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- sudo cat /etc/pki/pki-tomcat/ca/CS.cfg
- CrossCertPair._000=##
- CrossCertPair._001=## CrossCertPair Import
- CrossCertPair._002=##
- CrossCertPair.ldap=internaldb
- _000=##
- _001=## Certificate Authority (CA) Configuration File
- _002=##
- accessEvaluator.impl.group.class=com.netscape.cms.evaluators.GroupAccessEvaluator
- accessEvaluator.impl.ipaddress.class=com.netscape.cms.evaluators.IPAddressAccessEvaluator
- accessEvaluator.impl.user.class=com.netscape.cms.evaluators.UserAccessEvaluator
- accessEvaluator.impl.user_origreq.class=com.netscape.cms.evaluators.UserOrigReqAccessEvaluator
- admin.interface.uri=ca/admin/console/config/wizard
- agent.interface.uri=ca/agent/ca
- archive.configuration_file=true
- authType=pwd
- auths._000=##
- auths._001=## new authentication
- auths._002=##
- auths.impl.AgentCertAuth.class=com.netscape.cms.authentication.AgentCertAuthentication
- auths.impl.CMCAuth.class=com.netscape.cms.authentication.CMCAuth
- auths.impl.FlatFileAuth.class=com.netscape.cms.authentication.FlatFileAuth
- auths.impl.NISAuth.class=com.netscape.cms.authentication.NISAuth
- auths.impl.PortalEnroll.class=com.netscape.cms.authentication.PortalEnroll
- auths.impl.SSLclientCertAuth.class=com.netscape.cms.authentication.SSLclientCertAuthentication
- auths.impl.TokenAuth.class=com.netscape.cms.authentication.TokenAuthentication
- auths.impl.UdnPwdDirAuth.class=com.netscape.cms.authentication.UdnPwdDirAuthentication
- auths.impl.UidPwdDirAuth.class=com.netscape.cms.authentication.UidPwdDirAuthentication
- auths.impl.UidPwdGroupDirAuth.class=com.netscape.cms.authentication.UidPwdGroupDirAuthentication
- auths.impl.UidPwdPinDirAuth.class=com.netscape.cms.authentication.UidPwdPinDirAuthentication
- auths.impl.UserPwdDirAuth.class=com.netscape.cms.authentication.UserPwdDirAuthentication
- auths.impl._000=##
- auths.impl._001=## authentication manager implementations
- auths.impl._002=##
- auths.instance.AgentCertAuth.agentGroup=Certificate Manager Agents
- auths.instance.AgentCertAuth.pluginName=AgentCertAuth
- auths.instance.SSLclientCertAuth.pluginName=SSLclientCertAuth
- auths.instance.TokenAuth.pluginName=TokenAuth
- auths.instance.flatFileAuth.authAttributes=PWD
- auths.instance.flatFileAuth.deferOnFailure=true
- auths.instance.flatFileAuth.fileName=/var/lib/pki/pki-tomcat/conf/ca/flatfile.txt
- auths.instance.flatFileAuth.keyAttributes=UID
- auths.instance.flatFileAuth.pluginName=FlatFileAuth
- auths.instance.raCertAuth.agentGroup=Registration Manager Agents
- auths.instance.raCertAuth.pluginName=AgentCertAuth
- auths.revocationChecking.bufferSize=50
- auths.revocationChecking.ca=ca
- auths.revocationChecking.enabled=true
- auths.revocationChecking.unknownStateInterval=0
- auths.revocationChecking.validityInterval=120
- authz._000=##
- authz._001=## new authorizatioin
- authz._002=##
- authz.evaluateOrder=deny,allow
- authz.impl.BasicAclAuthz.class=com.netscape.cms.authorization.BasicAclAuthz
- authz.impl.DirAclAuthz.class=com.netscape.cms.authorization.DirAclAuthz
- authz.impl._000=##
- authz.impl._001=## authorization manager implementations
- authz.impl._002=##
- authz.instance.BasicAclAuthz.pluginName=BasicAclAuthz
- authz.instance.DirAclAuthz.ldap=internaldb
- authz.instance.DirAclAuthz.ldap._000=##
- authz.instance.DirAclAuthz.ldap._001=## Internal Database
- authz.instance.DirAclAuthz.ldap._002=##
- authz.instance.DirAclAuthz.ldap.ldapauth.authtype=SslClientAuth
- authz.instance.DirAclAuthz.ldap.ldapauth.bindDN=uid=pkidbuser,ou=people,o=ipaca
- authz.instance.DirAclAuthz.ldap.ldapauth.clientCertNickname=subsystemCert cert-pki-ca
- authz.instance.DirAclAuthz.ldap.ldapconn.port=636
- authz.instance.DirAclAuthz.ldap.ldapconn.secureConn=true
- authz.instance.DirAclAuthz.pluginName=DirAclAuthz
- authz.sourceType=ldap
- ca.Policy._000=##
- ca.Policy._001=## Certificate Policy Framework (deprecated)
- ca.Policy._002=##
- ca.Policy._003=## Set 'ca.Policy.enable=true' to allow the following:
- ca.Policy._004=##
- ca.Policy._005=## SERVLET-NAME URL-PATTERN
- ca.Policy._006=## ====================================================
- ca.Policy._007=## caadminEnroll ca/admin/ca/adminEnroll.html
- ca.Policy._008=## cabulkissuance ca/agent/ca/bulkissuance.html
- ca.Policy._009=## cacertbasedenrollment ca/certbasedenrollment.html
- ca.Policy._010=## caenrollment ca/enrollment.html
- ca.Policy._011=## capolicy ca/capolicy
- ca.Policy._012=##
- ca.Policy.enable=false
- ca.Policy.impl.AttributePresentConstraints.class=com.netscape.cms.policy.constraints.AttributePresentConstraints
- ca.Policy.impl.AuthInfoAccessExt.class=com.netscape.cms.policy.extensions.AuthInfoAccessExt
- ca.Policy.impl.AuthorityKeyIdentifierExt.class=com.netscape.cms.policy.extensions.AuthorityKeyIdentifierExt
- ca.Policy.impl.BasicConstraintsExt.class=com.netscape.cms.policy.extensions.BasicConstraintsExt
- ca.Policy.impl.CRLDistributionPointsExt.class=com.netscape.cms.policy.extensions.CRLDistributionPointsExt
- ca.Policy.impl.CertificatePoliciesExt.class=com.netscape.cms.policy.extensions.CertificatePoliciesExt
- ca.Policy.impl.CertificateRenewalWindowExt.class=com.netscape.cms.policy.extensions.CertificateRenewalWindowExt
- ca.Policy.impl.CertificateScopeOfUseExt.class=com.netscape.cms.policy.extensions.CertificateScopeOfUseExt
- ca.Policy.impl.DSAKeyConstraints.class=com.netscape.cms.policy.constraints.DSAKeyConstraints
- ca.Policy.impl.ExtendedKeyUsageExt.class=com.netscape.cms.policy.extensions.ExtendedKeyUsageExt
- ca.Policy.impl.GenericASN1Ext.class=com.netscape.cms.policy.extensions.GenericASN1Ext
- ca.Policy.impl.IssuerAltNameExt.class=com.netscape.cms.policy.extensions.IssuerAltNameExt
- ca.Policy.impl.IssuerConstraints.class=com.netscape.cms.policy.constraints.IssuerConstraints
- ca.Policy.impl.KeyAlgorithmConstraints.class=com.netscape.cms.policy.constraints.KeyAlgorithmConstraints
- ca.Policy.impl.KeyUsageExt.class=com.netscape.cms.policy.extensions.KeyUsageExt
- ca.Policy.impl.NSCCommentExt.class=com.netscape.cms.policy.extensions.NSCCommentExt
- ca.Policy.impl.NSCertTypeExt.class=com.netscape.cms.policy.extensions.NSCertTypeExt
- ca.Policy.impl.NameConstraintsExt.class=com.netscape.cms.policy.extensions.NameConstraintsExt
- ca.Policy.impl.OCSPNoCheckExt.class=com.netscape.cms.policy.extensions.OCSPNoCheckExt
- ca.Policy.impl.PolicyConstraintsExt.class=com.netscape.cms.policy.extensions.PolicyConstraintsExt
- ca.Policy.impl.PolicyMappingsExt.class=com.netscape.cms.policy.extensions.PolicyMappingsExt
- ca.Policy.impl.PrivateKeyUsagePeriodExt.class=com.netscape.cms.policy.extensions.PrivateKeyUsagePeriodExt
- ca.Policy.impl.RSAKeyConstraints.class=com.netscape.cms.policy.constraints.RSAKeyConstraints
- ca.Policy.impl.RemoveBasicConstraintsExt.class=com.netscape.cms.policy.extensions.RemoveBasicConstraintsExt
- ca.Policy.impl.RenewalConstraints.class=com.netscape.cms.policy.constraints.RenewalConstraints
- ca.Policy.impl.RenewalValidityConstraints.class=com.netscape.cms.policy.constraints.RenewalValidityConstraints
- ca.Policy.impl.RevocationConstraints.class=com.netscape.cms.policy.constraints.RevocationConstraints
- ca.Policy.impl.SigningAlgorithmConstraints.class=com.netscape.cms.policy.constraints.SigningAlgorithmConstraints
- ca.Policy.impl.SubCANameConstraints.class=com.netscape.cms.policy.constraints.SubCANameConstraints
- ca.Policy.impl.SubjectAltNameExt.class=com.netscape.cms.policy.extensions.SubjectAltNameExt
- ca.Policy.impl.SubjectDirectoryAttributesExt.class=com.netscape.cms.policy.extensions.SubjectDirectoryAttributesExt
- ca.Policy.impl.SubjectKeyIdentifierExt.class=com.netscape.cms.policy.extensions.SubjectKeyIdentifierExt
- ca.Policy.impl.UniqueSubjectNameConstraints.class=com.netscape.cms.policy.constraints.UniqueSubjectNameConstraints
- ca.Policy.impl.ValidityConstraints.class=com.netscape.cms.policy.constraints.ValidityConstraints
- ca.Policy.impl._000=##
- ca.Policy.impl._001=## Policy Implementations
- ca.Policy.impl._002=##
- ca.Policy.order=KeyAlgRule, RSAKeyRule, DefaultValidityRule, RenewalConstraintsRule, DefaultRenewalValidityRule, RevocationConstraintsRule, NSCertTypeExt, CMCertKeyUsageExt, RMCertKeyUsageExt, ClientCertKeyUsageExt, ServerCertKeyUsageExt, ObjSignCertKeyUsageExt, CRLSignCertKeyUsageExt, SubjectKeyIdentifierExt, CertificatePoliciesExt, NSCCommentExt, OCSPNoCheckExt, OCSPSigningExt, CODESigningExt, GenericASN1Ext, CRLDistributionPointsExt, SubjectAltNameExt, SigningAlgRule, AuthorityKeyIdentifierExt, AuthInfoAccessExt, BasicConstraintsExt, UniqueSubjectNameConstraints, NameConstraintsExt, PolicyConstraintsExt, SubCANameConstraints, PolicyMappingsExt, IssuerRule
- ca.Policy.processor=classic
- ca.Policy.rule.AuthInfoAccessExt.ad0_location=http://<ipa-csmaster-fqdn>:8080/ocsp
- ca.Policy.rule.AuthInfoAccessExt.ad0_location_type=URL
- ca.Policy.rule.AuthInfoAccessExt.ad0_method=ocsp
- ca.Policy.rule.AuthInfoAccessExt.enable=false
- ca.Policy.rule.AuthInfoAccessExt.implName=AuthInfoAccessExt
- ca.Policy.rule.AuthInfoAccessExt.numADs=1
- ca.Policy.rule.AuthInfoAccessExt.predicate=HTTP_PARAMS.certType==client
- ca.Policy.rule.AuthorityKeyIdentifierExt.enable=true
- ca.Policy.rule.AuthorityKeyIdentifierExt.implName=AuthorityKeyIdentifierExt
- ca.Policy.rule.AuthorityKeyIdentifierExt.predicate=
- ca.Policy.rule.BasicConstraintsExt.critical=true
- ca.Policy.rule.BasicConstraintsExt.enable=true
- ca.Policy.rule.BasicConstraintsExt.implName=BasicConstraintsExt
- ca.Policy.rule.BasicConstraintsExt.maxPathLen=
- ca.Policy.rule.BasicConstraintsExt.predicate=HTTP_PARAMS.certType == ca
- ca.Policy.rule.BasicConstraintsExt.removeBasicExt=true
- ca.Policy.rule.CMCertKeyUsageExt.crlSign=true
- ca.Policy.rule.CMCertKeyUsageExt.dataEncipherment=false
- ca.Policy.rule.CMCertKeyUsageExt.decipherOnly=false
- ca.Policy.rule.CMCertKeyUsageExt.digitalSignature=true
- ca.Policy.rule.CMCertKeyUsageExt.enable=true
- ca.Policy.rule.CMCertKeyUsageExt.encipherOnly=false
- ca.Policy.rule.CMCertKeyUsageExt.implName=KeyUsageExt
- ca.Policy.rule.CMCertKeyUsageExt.keyAgreement=false
- ca.Policy.rule.CMCertKeyUsageExt.keyCertsign=true
- ca.Policy.rule.CMCertKeyUsageExt.keyEncipherment=false
- ca.Policy.rule.CMCertKeyUsageExt.nonRepudiation=true
- ca.Policy.rule.CMCertKeyUsageExt.predicate=HTTP_PARAMS.certType==ca
- ca.Policy.rule.CODESigningExt.critical=false
- ca.Policy.rule.CODESigningExt.enable=true
- ca.Policy.rule.CODESigningExt.id0=1.3.6.1.5.5.7.3.3
- ca.Policy.rule.CODESigningExt.implName=ExtendedKeyUsageExt
- ca.Policy.rule.CODESigningExt.predicate=HTTP_PARAMS.certType==codeSignClient
- ca.Policy.rule.CRLDistributionPointsExt.enable=false
- ca.Policy.rule.CRLDistributionPointsExt.implName=CRLDistributionPointsExt
- ca.Policy.rule.CRLDistributionPointsExt.issuerName0=
- ca.Policy.rule.CRLDistributionPointsExt.issuerName1=
- ca.Policy.rule.CRLDistributionPointsExt.issuerName2=
- ca.Policy.rule.CRLDistributionPointsExt.issuerType0=
- ca.Policy.rule.CRLDistributionPointsExt.issuerType1=
- ca.Policy.rule.CRLDistributionPointsExt.issuerType2=
- ca.Policy.rule.CRLDistributionPointsExt.numPoints=0
- ca.Policy.rule.CRLDistributionPointsExt.pointName0=
- ca.Policy.rule.CRLDistributionPointsExt.pointName1=
- ca.Policy.rule.CRLDistributionPointsExt.pointName2=
- ca.Policy.rule.CRLDistributionPointsExt.pointType0=
- ca.Policy.rule.CRLDistributionPointsExt.pointType1=
- ca.Policy.rule.CRLDistributionPointsExt.pointType2=
- ca.Policy.rule.CRLDistributionPointsExt.predicate=
- ca.Policy.rule.CRLDistributionPointsExt.reasons0=
- ca.Policy.rule.CRLDistributionPointsExt.reasons1=
- ca.Policy.rule.CRLDistributionPointsExt.reasons2=
- ca.Policy.rule.CRLSignCertKeyUsageExt.crlSign=true
- ca.Policy.rule.CRLSignCertKeyUsageExt.dataEncipherment=false
- ca.Policy.rule.CRLSignCertKeyUsageExt.decipherOnly=false
- ca.Policy.rule.CRLSignCertKeyUsageExt.digitalSignature=false
- ca.Policy.rule.CRLSignCertKeyUsageExt.enable=true
- ca.Policy.rule.CRLSignCertKeyUsageExt.encipherOnly=false
- ca.Policy.rule.CRLSignCertKeyUsageExt.implName=KeyUsageExt
- ca.Policy.rule.CRLSignCertKeyUsageExt.keyAgreement=false
- ca.Policy.rule.CRLSignCertKeyUsageExt.keyCertsign=false
- ca.Policy.rule.CRLSignCertKeyUsageExt.keyEncipherment=false
- ca.Policy.rule.CRLSignCertKeyUsageExt.nonRepudiation=false
- ca.Policy.rule.CRLSignCertKeyUsageExt.predicate=HTTP_PARAMS.certType==caCrlSigning
- ca.Policy.rule.CertificatePoliciesExt.certPolicy0.cpsURI=
- ca.Policy.rule.CertificatePoliciesExt.certPolicy0.noticeRefNumbers=
- ca.Policy.rule.CertificatePoliciesExt.certPolicy0.noticeRefOrganization=
- ca.Policy.rule.CertificatePoliciesExt.certPolicy0.policyId=
- ca.Policy.rule.CertificatePoliciesExt.certPolicy0.userNoticeExplicitText=
- ca.Policy.rule.CertificatePoliciesExt.critical=false
- ca.Policy.rule.CertificatePoliciesExt.enable=false
- ca.Policy.rule.CertificatePoliciesExt.implName=CertificatePoliciesExt
- ca.Policy.rule.CertificatePoliciesExt.numCertPolicies=1
- ca.Policy.rule.CertificatePoliciesExt.predicate=
- ca.Policy.rule.ClientCertKeyUsageExt.crlSign=false
- ca.Policy.rule.ClientCertKeyUsageExt.dataEncipherment=false
- ca.Policy.rule.ClientCertKeyUsageExt.decipherOnly=false
- ca.Policy.rule.ClientCertKeyUsageExt.digitalSignature=true
- ca.Policy.rule.ClientCertKeyUsageExt.enable=true
- ca.Policy.rule.ClientCertKeyUsageExt.encipherOnly=false
- ca.Policy.rule.ClientCertKeyUsageExt.implName=KeyUsageExt
- ca.Policy.rule.ClientCertKeyUsageExt.keyAgreement=false
- ca.Policy.rule.ClientCertKeyUsageExt.keyCertsign=false
- ca.Policy.rule.ClientCertKeyUsageExt.keyEncipherment=true
- ca.Policy.rule.ClientCertKeyUsageExt.nonRepudiation=true
- ca.Policy.rule.ClientCertKeyUsageExt.predicate=HTTP_PARAMS.certType==client
- ca.Policy.rule.DSAKeyRule.enable=true
- ca.Policy.rule.DSAKeyRule.implName=DSAKeyConstraints
- ca.Policy.rule.DSAKeyRule.maxSize=1024
- ca.Policy.rule.DSAKeyRule.minSize=512
- ca.Policy.rule.DSAKeyRule.predicate=
- ca.Policy.rule.DefaultRenewalValidityRule.enable=true
- ca.Policy.rule.DefaultRenewalValidityRule.implName=RenewalValidityConstraints
- ca.Policy.rule.DefaultRenewalValidityRule.maxValidity=365
- ca.Policy.rule.DefaultRenewalValidityRule.minValidity=30
- ca.Policy.rule.DefaultRenewalValidityRule.predicate=
- ca.Policy.rule.DefaultRenewalValidityRule.renewalInterval=15
- ca.Policy.rule.DefaultValidityRule.enable=true
- ca.Policy.rule.DefaultValidityRule.implName=ValidityConstraints
- ca.Policy.rule.DefaultValidityRule.maxValidity=365
- ca.Policy.rule.DefaultValidityRule.minValidity=1
- ca.Policy.rule.DefaultValidityRule.predicate=
- ca.Policy.rule.GenericASN1Ext.attribute.0.source=
- ca.Policy.rule.GenericASN1Ext.attribute.0.type=
- ca.Policy.rule.GenericASN1Ext.attribute.0.value=
- ca.Policy.rule.GenericASN1Ext.attribute.1.source=
- ca.Policy.rule.GenericASN1Ext.attribute.1.type=
- ca.Policy.rule.GenericASN1Ext.attribute.1.value=
- ca.Policy.rule.GenericASN1Ext.attribute.2.source=
- ca.Policy.rule.GenericASN1Ext.attribute.2.type=
- ca.Policy.rule.GenericASN1Ext.attribute.2.value=
- ca.Policy.rule.GenericASN1Ext.attribute.3.source=
- ca.Policy.rule.GenericASN1Ext.attribute.3.type=
- ca.Policy.rule.GenericASN1Ext.attribute.3.value=
- ca.Policy.rule.GenericASN1Ext.attribute.4.source=
- ca.Policy.rule.GenericASN1Ext.attribute.4.type=
- ca.Policy.rule.GenericASN1Ext.attribute.4.value=
- ca.Policy.rule.GenericASN1Ext.attribute.5.source=
- ca.Policy.rule.GenericASN1Ext.attribute.5.type=
- ca.Policy.rule.GenericASN1Ext.attribute.5.value=
- ca.Policy.rule.GenericASN1Ext.attribute.6.source=
- ca.Policy.rule.GenericASN1Ext.attribute.6.type=
- ca.Policy.rule.GenericASN1Ext.attribute.6.value=
- ca.Policy.rule.GenericASN1Ext.attribute.7.source=
- ca.Policy.rule.GenericASN1Ext.attribute.7.type=
- ca.Policy.rule.GenericASN1Ext.attribute.7.value=
- ca.Policy.rule.GenericASN1Ext.attribute.8.source=
- ca.Policy.rule.GenericASN1Ext.attribute.8.type=
- ca.Policy.rule.GenericASN1Ext.attribute.8.value=
- ca.Policy.rule.GenericASN1Ext.attribute.9.source=
- ca.Policy.rule.GenericASN1Ext.attribute.9.type=
- ca.Policy.rule.GenericASN1Ext.attribute.9.value=
- ca.Policy.rule.GenericASN1Ext.critical=false
- ca.Policy.rule.GenericASN1Ext.enable=false
- ca.Policy.rule.GenericASN1Ext.implName=GenericASN1Ext
- ca.Policy.rule.GenericASN1Ext.name=
- ca.Policy.rule.GenericASN1Ext.oid=
- ca.Policy.rule.GenericASN1Ext.pattern=
- ca.Policy.rule.GenericASN1Ext.predicate=
- ca.Policy.rule.IssuerRule.enable=false
- ca.Policy.rule.IssuerRule.implName=IssuerConstraints
- ca.Policy.rule.IssuerRule.issuerDN=
- ca.Policy.rule.IssuerRule.predicate=HTTP_PARAMS.certType==client AND certauthEnroll==on
- ca.Policy.rule.KeyAlgRule.algorithms=RSA,DSA
- ca.Policy.rule.KeyAlgRule.enable=true
- ca.Policy.rule.KeyAlgRule.implName=KeyAlgorithmConstraints
- ca.Policy.rule.KeyAlgRule.predicate=
- ca.Policy.rule.NSCCommentExt.commentFile=
- ca.Policy.rule.NSCCommentExt.enable=false
- ca.Policy.rule.NSCCommentExt.implName=NSCCommentExt
- ca.Policy.rule.NSCCommentExt.inputType=Text
- ca.Policy.rule.NSCCommentExt.predicate=
- ca.Policy.rule.NSCertTypeExt.enable=true
- ca.Policy.rule.NSCertTypeExt.implName=NSCertTypeExt
- ca.Policy.rule.NSCertTypeExt.predicate=HTTP_PARAMS.certType!=CEP-Request
- ca.Policy.rule.NameConstraintsExt.critical=true
- ca.Policy.rule.NameConstraintsExt.enable=false
- ca.Policy.rule.NameConstraintsExt.excludedSubtrees0.base.generalNameChoice=
- ca.Policy.rule.NameConstraintsExt.excludedSubtrees0.base.generalNameValue=
- ca.Policy.rule.NameConstraintsExt.excludedSubtrees0.max=-1
- ca.Policy.rule.NameConstraintsExt.excludedSubtrees0.min=0
- ca.Policy.rule.NameConstraintsExt.excludedSubtrees1.base.generalNameChoice=
- ca.Policy.rule.NameConstraintsExt.excludedSubtrees1.base.generalNameValue=
- ca.Policy.rule.NameConstraintsExt.excludedSubtrees1.max=-1
- ca.Policy.rule.NameConstraintsExt.excludedSubtrees1.min=0
- ca.Policy.rule.NameConstraintsExt.excludedSubtrees2.base.generalNameChoice=
- ca.Policy.rule.NameConstraintsExt.excludedSubtrees2.base.generalNameValue=
- ca.Policy.rule.NameConstraintsExt.excludedSubtrees2.max=-1
- ca.Policy.rule.NameConstraintsExt.excludedSubtrees2.min=0
- ca.Policy.rule.NameConstraintsExt.implName=NameConstraintsExt
- ca.Policy.rule.NameConstraintsExt.numExcludedSubtrees=3
- ca.Policy.rule.NameConstraintsExt.numPermittedSubtrees=3
- ca.Policy.rule.NameConstraintsExt.permittedSubtrees0.base.generalNameChoice=
- ca.Policy.rule.NameConstraintsExt.permittedSubtrees0.base.generalNameValue=
- ca.Policy.rule.NameConstraintsExt.permittedSubtrees0.max=-1
- ca.Policy.rule.NameConstraintsExt.permittedSubtrees0.min=0
- ca.Policy.rule.NameConstraintsExt.permittedSubtrees1.base.generalNameChoice=
- ca.Policy.rule.NameConstraintsExt.permittedSubtrees1.base.generalNameValue=
- ca.Policy.rule.NameConstraintsExt.permittedSubtrees1.max=-1
- ca.Policy.rule.NameConstraintsExt.permittedSubtrees1.min=0
- ca.Policy.rule.NameConstraintsExt.permittedSubtrees2.base.generalNameChoice=
- ca.Policy.rule.NameConstraintsExt.permittedSubtrees2.base.generalNameValue=
- ca.Policy.rule.NameConstraintsExt.permittedSubtrees2.max=-1
- ca.Policy.rule.NameConstraintsExt.permittedSubtrees2.min=0
- ca.Policy.rule.NameConstraintsExt.predicate=HTTP_PARAMS.certType == ca
- ca.Policy.rule.OCSPNoCheckExt.critical=false
- ca.Policy.rule.OCSPNoCheckExt.enable=true
- ca.Policy.rule.OCSPNoCheckExt.implName=OCSPNoCheckExt
- ca.Policy.rule.OCSPNoCheckExt.predicate=HTTP_PARAMS.certType==ocspResponder
- ca.Policy.rule.OCSPSigningExt.critical=false
- ca.Policy.rule.OCSPSigningExt.enable=true
- ca.Policy.rule.OCSPSigningExt.id0=1.3.6.1.5.5.7.3.9
- ca.Policy.rule.OCSPSigningExt.implName=ExtendedKeyUsageExt
- ca.Policy.rule.OCSPSigningExt.predicate=HTTP_PARAMS.certType==ocspResponder
- ca.Policy.rule.ObjSignCertKeyUsageExt.crlSign=false
- ca.Policy.rule.ObjSignCertKeyUsageExt.dataEncipherment=false
- ca.Policy.rule.ObjSignCertKeyUsageExt.decipherOnly=false
- ca.Policy.rule.ObjSignCertKeyUsageExt.digitalSignature=true
- ca.Policy.rule.ObjSignCertKeyUsageExt.enable=true
- ca.Policy.rule.ObjSignCertKeyUsageExt.encipherOnly=false
- ca.Policy.rule.ObjSignCertKeyUsageExt.implName=KeyUsageExt
- ca.Policy.rule.ObjSignCertKeyUsageExt.keyAgreement=false
- ca.Policy.rule.ObjSignCertKeyUsageExt.keyCertsign=true
- ca.Policy.rule.ObjSignCertKeyUsageExt.keyEncipherment=false
- ca.Policy.rule.ObjSignCertKeyUsageExt.nonRepudiation=false
- ca.Policy.rule.ObjSignCertKeyUsageExt.predicate=HTTP_PARAMS.certType==objSignClient
- ca.Policy.rule.PolicyConstraintsExt.critical=false
- ca.Policy.rule.PolicyConstraintsExt.enable=false
- ca.Policy.rule.PolicyConstraintsExt.implName=PolicyConstraintsExt
- ca.Policy.rule.PolicyConstraintsExt.inhibitPolicyMapping=0
- ca.Policy.rule.PolicyConstraintsExt.predicate=HTTP_PARAMS.certType==ca
- ca.Policy.rule.PolicyConstraintsExt.reqExplicitPolicy=0
- ca.Policy.rule.PolicyMappingsExt.critical=false
- ca.Policy.rule.PolicyMappingsExt.enable=false
- ca.Policy.rule.PolicyMappingsExt.implName=PolicyMappingsExt
- ca.Policy.rule.PolicyMappingsExt.numPolicyMappings=1
- ca.Policy.rule.PolicyMappingsExt.policyMap0.issuerDomainPolicy=
- ca.Policy.rule.PolicyMappingsExt.policyMap0.subjectDomainPolicy=
- ca.Policy.rule.PolicyMappingsExt.predicate=HTTP_PARAMS.certType==ca
- ca.Policy.rule.RMCertKeyUsageExt.crlSign=false
- ca.Policy.rule.RMCertKeyUsageExt.dataEncipherment=false
- ca.Policy.rule.RMCertKeyUsageExt.decipherOnly=false
- ca.Policy.rule.RMCertKeyUsageExt.digitalSignature=true
- ca.Policy.rule.RMCertKeyUsageExt.enable=true
- ca.Policy.rule.RMCertKeyUsageExt.encipherOnly=false
- ca.Policy.rule.RMCertKeyUsageExt.implName=KeyUsageExt
- ca.Policy.rule.RMCertKeyUsageExt.keyAgreement=false
- ca.Policy.rule.RMCertKeyUsageExt.keyCertsign=false
- ca.Policy.rule.RMCertKeyUsageExt.keyEncipherment=false
- ca.Policy.rule.RMCertKeyUsageExt.nonRepudiation=true
- ca.Policy.rule.RMCertKeyUsageExt.predicate=HTTP_PARAMS.certType==ra
- ca.Policy.rule.RSAKeyRule.enable=false
- ca.Policy.rule.RSAKeyRule.exponents=3,7,17,65537
- ca.Policy.rule.RSAKeyRule.implName=RSAKeyConstraints
- ca.Policy.rule.RSAKeyRule.maxSize=2048
- ca.Policy.rule.RSAKeyRule.minSize=512
- ca.Policy.rule.RSAKeyRule.predicate=
- ca.Policy.rule.RenewalConstraintsRule.enable=true
- ca.Policy.rule.RenewalConstraintsRule.implName=RenewalConstraints
- ca.Policy.rule.RenewalConstraintsRule.predicate=
- ca.Policy.rule.RevocationConstraintsRule.enable=true
- ca.Policy.rule.RevocationConstraintsRule.implName=RevocationConstraints
- ca.Policy.rule.RevocationConstraintsRule.predicate=
- ca.Policy.rule.ServerCertKeyUsageExt.crlSign=false
- ca.Policy.rule.ServerCertKeyUsageExt.dataEncipherment=true
- ca.Policy.rule.ServerCertKeyUsageExt.decipherOnly=false
- ca.Policy.rule.ServerCertKeyUsageExt.digitalSignature=true
- ca.Policy.rule.ServerCertKeyUsageExt.enable=true
- ca.Policy.rule.ServerCertKeyUsageExt.encipherOnly=false
- ca.Policy.rule.ServerCertKeyUsageExt.implName=KeyUsageExt
- ca.Policy.rule.ServerCertKeyUsageExt.keyAgreement=false
- ca.Policy.rule.ServerCertKeyUsageExt.keyCertsign=false
- ca.Policy.rule.ServerCertKeyUsageExt.keyEncipherment=true
- ca.Policy.rule.ServerCertKeyUsageExt.nonRepudiation=true
- ca.Policy.rule.ServerCertKeyUsageExt.predicate=HTTP_PARAMS.certType==server
- ca.Policy.rule.SigningAlgRule.algorithms=MD5withRSA,MD2withRSA,SHA1withRSA,SHA256withRSA,SHA512withRSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC
- ca.Policy.rule.SigningAlgRule.enable=true
- ca.Policy.rule.SigningAlgRule.implName=SigningAlgorithmConstraints
- ca.Policy.rule.SigningAlgRule.predicate=
- ca.Policy.rule.SubCANameConstraints.enable=true
- ca.Policy.rule.SubCANameConstraints.implName=SubCANameConstraints
- ca.Policy.rule.SubCANameConstraints.predicate=HTTP_PARAMS.certType == ca
- ca.Policy.rule.SubjectAltNameExt.enable=true
- ca.Policy.rule.SubjectAltNameExt.generalName0.generalNameChoice=rfc822Name
- ca.Policy.rule.SubjectAltNameExt.generalName0.requestAttr=AUTH_TOKEN.mail
- ca.Policy.rule.SubjectAltNameExt.generalName1.generalNameChoice=rfc822Name
- ca.Policy.rule.SubjectAltNameExt.generalName1.requestAttr=AUTH_TOKEN.mailalternateaddress
- ca.Policy.rule.SubjectAltNameExt.generalName2.generalNameChoice=rfc822Name
- ca.Policy.rule.SubjectAltNameExt.generalName2.requestAttr=HTTP_PARAMS.csrRequestorEmail
- ca.Policy.rule.SubjectAltNameExt.implName=SubjectAltNameExt
- ca.Policy.rule.SubjectAltNameExt.numGeneralNames=3
- ca.Policy.rule.SubjectAltNameExt.predicate=HTTP_PARAMS.certType!=CEP-Request
- ca.Policy.rule.SubjectKeyIdentifierExt.enable=true
- ca.Policy.rule.SubjectKeyIdentifierExt.implName=SubjectKeyIdentifierExt
- ca.Policy.rule.SubjectKeyIdentifierExt.predicate=HTTP_PARAMS.certType==ca
- ca.Policy.rule.UniqueSubjectNameConstraints.enable=false
- ca.Policy.rule.UniqueSubjectNameConstraints.implName=UniqueSubjectNameConstraints
- ca.Policy.rule.UniqueSubjectNameConstraints.predicate=
- ca.audit_signing.cert=MII...
- ca.audit_signing.certreq=MII...
- ca.audit_signing.nickname=auditSigningCert cert-pki-ca
- ca.audit_signing.tokenname=Internal Key Storage Token
- ca.cert.audit_signing.certusage=ObjectSigner
- ca.cert.audit_signing.nickname=auditSigningCert cert-pki-ca
- ca.cert.list=signing,ocsp_signing,sslserver,subsystem,audit_signing
- ca.cert.ocsp_signing.certusage=StatusResponder
- ca.cert.ocsp_signing.nickname=ocspSigningCert cert-pki-ca
- ca.cert.signing.certusage=SSLCA
- ca.cert.signing.nickname=caSigningCert cert-pki-ca
- ca.cert.sslserver.certusage=SSLServer
- ca.cert.sslserver.nickname=Server-Cert cert-pki-ca
- ca.cert.subsystem.certusage=SSLClient
- ca.cert.subsystem.nickname=subsystemCert cert-pki-ca
- ca.certStatusUpdateInterval=0
- ca.certdbInc=20
- ca.crl.MasterCRL.allowExtensions=true
- ca.crl.MasterCRL.alwaysUpdate=false
- ca.crl.MasterCRL.autoUpdateInterval=240
- ca.crl.MasterCRL.caCertsOnly=false
- ca.crl.MasterCRL.cacheUpdateInterval=15
- ca.crl.MasterCRL.class=com.netscape.ca.CRLIssuingPoint
- ca.crl.MasterCRL.dailyUpdates=1:00
- ca.crl.MasterCRL.description=CA's complete Certificate Revocation List
- ca.crl.MasterCRL.enable=true
- ca.crl.MasterCRL.enableCRLCache=True
- ca.crl.MasterCRL.enableCRLUpdates=True
- ca.crl.MasterCRL.enableCacheRecovery=true
- ca.crl.MasterCRL.enableCacheTesting=false
- ca.crl.MasterCRL.enableDailyUpdates=true
- ca.crl.MasterCRL.enableUpdateInterval=true
- ca.crl.MasterCRL.extendedNextUpdate=true
- ca.crl.MasterCRL.extension.AuthorityInformationAccess.accessLocation0=
- ca.crl.MasterCRL.extension.AuthorityInformationAccess.accessLocationType0=URI
- ca.crl.MasterCRL.extension.AuthorityInformationAccess.accessMethod0=caIssuers
- ca.crl.MasterCRL.extension.AuthorityInformationAccess.class=com.netscape.cms.crl.CMSAuthInfoAccessExtension
- ca.crl.MasterCRL.extension.AuthorityInformationAccess.critical=false
- ca.crl.MasterCRL.extension.AuthorityInformationAccess.enable=false
- ca.crl.MasterCRL.extension.AuthorityInformationAccess.numberOfAccessDescriptions=1
- ca.crl.MasterCRL.extension.AuthorityInformationAccess.type=CRLExtension
- ca.crl.MasterCRL.extension.AuthorityKeyIdentifier.class=com.netscape.cms.crl.CMSAuthorityKeyIdentifierExtension
- ca.crl.MasterCRL.extension.AuthorityKeyIdentifier.critical=false
- ca.crl.MasterCRL.extension.AuthorityKeyIdentifier.enable=true
- ca.crl.MasterCRL.extension.AuthorityKeyIdentifier.type=CRLExtension
- ca.crl.MasterCRL.extension.CRLNumber.class=com.netscape.cms.crl.CMSCRLNumberExtension
- ca.crl.MasterCRL.extension.CRLNumber.critical=false
- ca.crl.MasterCRL.extension.CRLNumber.enable=true
- ca.crl.MasterCRL.extension.CRLNumber.type=CRLExtension
- ca.crl.MasterCRL.extension.CRLReason.class=com.netscape.cms.crl.CMSCRLReasonExtension
- ca.crl.MasterCRL.extension.CRLReason.critical=false
- ca.crl.MasterCRL.extension.CRLReason.enable=true
- ca.crl.MasterCRL.extension.CRLReason.type=CRLEntryExtension
- ca.crl.MasterCRL.extension.DeltaCRLIndicator.class=com.netscape.cms.crl.CMSDeltaCRLIndicatorExtension
- ca.crl.MasterCRL.extension.DeltaCRLIndicator.critical=true
- ca.crl.MasterCRL.extension.DeltaCRLIndicator.enable=false
- ca.crl.MasterCRL.extension.DeltaCRLIndicator.type=CRLExtension
- ca.crl.MasterCRL.extension.FreshestCRL.class=com.netscape.cms.crl.CMSFreshestCRLExtension
- ca.crl.MasterCRL.extension.FreshestCRL.critical=false
- ca.crl.MasterCRL.extension.FreshestCRL.enable=false
- ca.crl.MasterCRL.extension.FreshestCRL.numPoints=0
- ca.crl.MasterCRL.extension.FreshestCRL.pointName0=
- ca.crl.MasterCRL.extension.FreshestCRL.pointType0=
- ca.crl.MasterCRL.extension.FreshestCRL.type=CRLExtension
- ca.crl.MasterCRL.extension.InvalidityDate.class=com.netscape.cms.crl.CMSInvalidityDateExtension
- ca.crl.MasterCRL.extension.InvalidityDate.critical=false
- ca.crl.MasterCRL.extension.InvalidityDate.enable=true
- ca.crl.MasterCRL.extension.InvalidityDate.type=CRLEntryExtension
- ca.crl.MasterCRL.extension.IssuerAlternativeName.class=com.netscape.cms.crl.CMSIssuerAlternativeNameExtension
- ca.crl.MasterCRL.extension.IssuerAlternativeName.critical=false
- ca.crl.MasterCRL.extension.IssuerAlternativeName.enable=false
- ca.crl.MasterCRL.extension.IssuerAlternativeName.name0=
- ca.crl.MasterCRL.extension.IssuerAlternativeName.nameType0=
- ca.crl.MasterCRL.extension.IssuerAlternativeName.numNames=0
- ca.crl.MasterCRL.extension.IssuerAlternativeName.type=CRLExtension
- ca.crl.MasterCRL.extension.IssuingDistributionPoint.class=com.netscape.cms.crl.CMSIssuingDistributionPointExtension
- ca.crl.MasterCRL.extension.IssuingDistributionPoint.critical=true
- ca.crl.MasterCRL.extension.IssuingDistributionPoint.enable=false
- ca.crl.MasterCRL.extension.IssuingDistributionPoint.indirectCRL=false
- ca.crl.MasterCRL.extension.IssuingDistributionPoint.onlyContainsCACerts=false
- ca.crl.MasterCRL.extension.IssuingDistributionPoint.onlyContainsUserCerts=false
- ca.crl.MasterCRL.extension.IssuingDistributionPoint.onlySomeReasons=
- ca.crl.MasterCRL.extension.IssuingDistributionPoint.pointName=
- ca.crl.MasterCRL.extension.IssuingDistributionPoint.pointType=
- ca.crl.MasterCRL.extension.IssuingDistributionPoint.type=CRLExtension
- ca.crl.MasterCRL.includeExpiredCerts=false
- ca.crl.MasterCRL.minUpdateInterval=0
- ca.crl.MasterCRL.nextUpdateGracePeriod=0
- ca.crl.MasterCRL.publishOnStart=false
- ca.crl.MasterCRL.saveMemory=false
- ca.crl.MasterCRL.signingAlgorithm=SHA256withRSA
- ca.crl.MasterCRL.updateSchema=1
- ca.crl._000=##
- ca.crl._001=## CA CRL
- ca.crl._002=##
- ca.crl.pageSize=100
- ca.crldbInc=20
- ca.enableNonces=false
- ca.id=ca
- ca.listenToCloneModifications=false
- ca.local=true
- ca.maxNumberOfNonces=100
- ca.maxSearchReturns=1000
- ca.maxSearchReturns._000=##
- ca.maxSearchReturns._001=## limits number of search results
- ca.maxSearchReturns._002=## returned by SearchReqs and SrchCerts
- ca.maxSearchReturns._003=##
- ca.notification.certIssued.emailSubject=Your Certificate Request
- ca.notification.certIssued.emailTemplate=/var/lib/pki/pki-tomcat/ca/emails/certIssued_CA.html
- ca.notification.certIssued.enabled=false
- ca.notification.certIssued.senderEmail=
- ca.notification.certRevoked.emailSubject=Your Certificate Revoked
- ca.notification.certRevoked.emailTemplate=/var/lib/pki/pki-tomcat/ca/emails/certRevoked_CA.html
- ca.notification.certRevoked.enabled=false
- ca.notification.certRevoked.senderEmail=
- ca.notification.requestInQ.emailSubject=Certificate Request in Queue
- ca.notification.requestInQ.emailTemplate=/var/lib/pki/pki-tomcat/ca/emails/reqInQueue_CA.html
- ca.notification.requestInQ.enabled=false
- ca.notification.requestInQ.recipientEmail=
- ca.notification.requestInQ.senderEmail=
- ca.ocsp=true
- ca.ocspUseCache=false
- ca.ocsp_signing.cacertnickname=ocspSigningCert cert-pki-ca
- ca.ocsp_signing.cert=MII...
- ca.ocsp_signing.certnickname=ocspSigningCert cert-pki-ca
- ca.ocsp_signing.certreq=MII...
- ca.ocsp_signing.defaultSigningAlgorithm=SHA256withRSA
- ca.ocsp_signing.newNickname=ocspSigningCert cert-pki-ca
- ca.ocsp_signing.nickname=ocspSigningCert cert-pki-ca
- ca.ocsp_signing.tokenname=Internal Key Storage Token
- ca.profiles.defaultSigningAlgsAllowed=SHA256withRSA,SHA1withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA256withEC,SHA1withEC,SHA384withEC,SHA512withEC
- ca.publish.createOwnDNEntry=false
- ca.publish.enable=true
- ca.publish.ldappublish.enable=false
- ca.publish.mapper.impl.LdapCaSimpleMap.class=com.netscape.cms.publish.mappers.LdapCaSimpleMap
- ca.publish.mapper.impl.LdapDNCompsMap.class=com.netscape.cms.publish.mappers.LdapCertCompsMap
- ca.publish.mapper.impl.LdapDNExactMap.class=com.netscape.cms.publish.mappers.LdapCertExactMap
- ca.publish.mapper.impl.LdapEnhancedMap.class=com.netscape.cms.publish.mappers.LdapEnhancedMap
- ca.publish.mapper.impl.LdapSimpleMap.class=com.netscape.cms.publish.mappers.LdapSimpleMap
- ca.publish.mapper.impl.LdapSubjAttrMap.class=com.netscape.cms.publish.mappers.LdapCertSubjMap
- ca.publish.mapper.impl.NoMap.class=com.netscape.cms.publish.mappers.NoMap
- ca.publish.mapper.instance.LdapCaCertMap.createCAEntry=true
- ca.publish.mapper.instance.LdapCaCertMap.dnPattern=UID=$subj.cn,OU=people,O=$subj.o
- ca.publish.mapper.instance.LdapCaCertMap.pluginName=LdapCaSimpleMap
- ca.publish.mapper.instance.LdapCrlMap.createCAEntry=true
- ca.publish.mapper.instance.LdapCrlMap.dnPattern=UID=$subj.cn,OU=people,O=$subj.o
- ca.publish.mapper.instance.LdapCrlMap.pluginName=LdapCaSimpleMap
- ca.publish.mapper.instance.LdapUserCertMap.dnPattern=UID=$subj.UID,OU=people,O=$subj.o
- ca.publish.mapper.instance.LdapUserCertMap.pluginName=LdapSimpleMap
- ca.publish.mapper.instance.NoMap.pluginName=NoMap
- ca.publish.publisher.impl.FileBasedPublisher.class=com.netscape.cms.publish.publishers.FileBasedPublisher
- ca.publish.publisher.impl.LdapCaCertPublisher.class=com.netscape.cms.publish.publishers.LdapCaCertPublisher
- ca.publish.publisher.impl.LdapCertificatePairPublisher.class=com.netscape.cms.publish.publishers.LdapCertificatePairPublisher
- ca.publish.publisher.impl.LdapCrlPublisher.class=com.netscape.cms.publish.publishers.LdapCrlPublisher
- ca.publish.publisher.impl.LdapDeltaCrlPublisher.class=com.netscape.cms.publish.publishers.LdapCrlPublisher
- ca.publish.publisher.impl.LdapUserCertPublisher.class=com.netscape.cms.publish.publishers.LdapUserCertPublisher
- ca.publish.publisher.impl.OCSPPublisher.class=com.netscape.cms.publish.publishers.OCSPPublisher
- ca.publish.publisher.instance.FileBaseCRLPublisher.Filename.b64=false
- ca.publish.publisher.instance.FileBaseCRLPublisher.Filename.der=true
- ca.publish.publisher.instance.FileBaseCRLPublisher.crlLinkExt=bin
- ca.publish.publisher.instance.FileBaseCRLPublisher.directory=/var/lib/ipa/pki-ca/publish
- ca.publish.publisher.instance.FileBaseCRLPublisher.latestCrlLink=true
- ca.publish.publisher.instance.FileBaseCRLPublisher.pluginName=FileBasedPublisher
- ca.publish.publisher.instance.FileBaseCRLPublisher.timeStamp=LocalTime
- ca.publish.publisher.instance.FileBaseCRLPublisher.zipCRLs=false
- ca.publish.publisher.instance.FileBaseCRLPublisher.zipLevel=9
- ca.publish.publisher.instance.LdapCaCertPublisher.caCertAttr=caCertificate;binary
- ca.publish.publisher.instance.LdapCaCertPublisher.caObjectClass=pkiCA
- ca.publish.publisher.instance.LdapCaCertPublisher.pluginName=LdapCaCertPublisher
- ca.publish.publisher.instance.LdapCrlPublisher.crlAttr=certificateRevocationList;binary
- ca.publish.publisher.instance.LdapCrlPublisher.crlObjectClass=pkiCA
- ca.publish.publisher.instance.LdapCrlPublisher.pluginName=LdapCrlPublisher
- ca.publish.publisher.instance.LdapCrossCertPairPublisher.caObjectClass=pkiCA
- ca.publish.publisher.instance.LdapCrossCertPairPublisher.crossCertPairAttr=crossCertificatePair;binary
- ca.publish.publisher.instance.LdapCrossCertPairPublisher.pluginName=LdapCertificatePairPublisher
- ca.publish.publisher.instance.LdapDeltaCrlPublisher.crlAttr=deltaRevocationList;binary
- ca.publish.publisher.instance.LdapDeltaCrlPublisher.crlObjectClass=pkiCA,deltaCRL
- ca.publish.publisher.instance.LdapDeltaCrlPublisher.pluginName=LdapDeltaCrlPublisher
- ca.publish.publisher.instance.LdapUserCertPublisher.certAttr=userCertificate;binary
- ca.publish.publisher.instance.LdapUserCertPublisher.pluginName=LdapUserCertPublisher
- ca.publish.queue.enable=true
- ca.publish.queue.maxNumberOfThreads=3
- ca.publish.queue.pageSize=40
- ca.publish.queue.priorityLevel=0
- ca.publish.queue.saveStatus=200
- ca.publish.rule.impl.Rule.class=com.netscape.cmscore.ldap.LdapRule
- ca.publish.rule.instance.FileCrlRule.enable=true
- ca.publish.rule.instance.FileCrlRule.mapper=NoMap
- ca.publish.rule.instance.FileCrlRule.pluginName=Rule
- ca.publish.rule.instance.FileCrlRule.predicate=
- ca.publish.rule.instance.FileCrlRule.publisher=FileBaseCRLPublisher
- ca.publish.rule.instance.FileCrlRule.type=crl
- ca.publish.rule.instance.LdapCaCertRule.enable=false
- ca.publish.rule.instance.LdapCaCertRule.mapper=LdapCaCertMap
- ca.publish.rule.instance.LdapCaCertRule.pluginName=Rule
- ca.publish.rule.instance.LdapCaCertRule.predicate=
- ca.publish.rule.instance.LdapCaCertRule.publisher=LdapCaCertPublisher
- ca.publish.rule.instance.LdapCaCertRule.type=cacert
- ca.publish.rule.instance.LdapCrlRule.enable=false
- ca.publish.rule.instance.LdapCrlRule.mapper=LdapCrlMap
- ca.publish.rule.instance.LdapCrlRule.pluginName=Rule
- ca.publish.rule.instance.LdapCrlRule.predicate=
- ca.publish.rule.instance.LdapCrlRule.publisher=LdapCrlPublisher
- ca.publish.rule.instance.LdapCrlRule.type=crl
- ca.publish.rule.instance.LdapUserCertRule.enable=false
- ca.publish.rule.instance.LdapUserCertRule.mapper=LdapUserCertMap
- ca.publish.rule.instance.LdapUserCertRule.pluginName=Rule
- ca.publish.rule.instance.LdapUserCertRule.predicate=
- ca.publish.rule.instance.LdapUserCertRule.publisher=LdapUserCertPublisher
- ca.publish.rule.instance.LdapUserCertRule.type=certs
- ca.publish.rule.instance.LdapXCertRule.enable=false
- ca.publish.rule.instance.LdapXCertRule.mapper=LdapCaCertMap
- ca.publish.rule.instance.LdapXCertRule.pluginName=Rule
- ca.publish.rule.instance.LdapXCertRule.predicate=
- ca.publish.rule.instance.LdapXCertRule.publisher=LdapCrossCertPairPublisher
- ca.publish.rule.instance.LdapXCertRule.type=xcert
- ca.reqdbInc=20
- ca.scep._000=##
- ca.scep._001=## Enable the following parameters to enable SCEP requests
- ca.scep._002=## to be signed by a separate key pair:
- ca.scep._003=##
- ca.scep._004=## ca.scep.nickname=
- ca.scep._005=## ca.scep.tokenname=
- ca.scep._006=##
- ca.scep.allowedEncryptionAlgorithms=DES3
- ca.scep.allowedHashAlgorithms=SHA1,SHA256,SHA512
- ca.scep.enable=false
- ca.scep.encryptionAlgorithm=DES3
- ca.scep.hashAlgorithm=SHA1
- ca.scep.nonceSizeLimit=16
- ca.signing.cacertnickname=caSigningCert cert-pki-ca
- ca.signing.cert=MII...
- ca.signing.defaultSigningAlgorithm=SHA256withRSA
- ca.signing.newNickname=caSigningCert cert-pki-ca
- ca.signing.nickname=caSigningCert cert-pki-ca
- ca.signing.tokenname=Internal Key Storage Token
- ca.sslserver.cert=MII...
- ca.sslserver.certreq=MII...
- ca.sslserver.nickname=Server-Cert cert-pki-ca
- ca.sslserver.tokenname=Internal Key Storage Token
- ca.subsystem.cert=MII...
- ca.subsystem.certreq=MII...
- ca.subsystem.nickname=subsystemCert cert-pki-ca
- ca.subsystem.tokenname=Internal Key Storage Token
- ca.transitMaxRecords=1000000
- ca.transitRecordPageSize=200
- cloning.audit_signing.dn=cn=CA Audit,O=ourdomain.tld
- cloning.audit_signing.keyalgorithm=SHA256withRSA
- cloning.audit_signing.keytype=rsa
- cloning.audit_signing.nickname=auditSigningCert cert-pki-ca
- cloning.audit_signing.privkey.id=....(id)....
- cloning.audit_signing.pubkey.encoded=
- cloning.audit_signing.pubkey.exponent=10001
- cloning.audit_signing.pubkey.modulus=....................(modulus)........
- cloning.list=signing,ocsp_signing,sslserver,subsystem,audit_signing
- cloning.module.token=Internal Key Storage Token
- cloning.ocsp_signing.dn=cn=OCSP Subsystem,O=ourdomain.tld
- cloning.ocsp_signing.keyalgorithm=SHA256withRSA
- cloning.ocsp_signing.keytype=rsa
- cloning.ocsp_signing.nickname=ocspSigningCert cert-pki-ca
- cloning.ocsp_signing.privkey.id=....(id)....
- cloning.ocsp_signing.pubkey.encoded=
- cloning.ocsp_signing.pubkey.exponent=10001
- cloning.ocsp_signing.pubkey.modulus=....(modulus)....
- cloning.signing.dn=cn=Certificate Authority,O=ourdomain.tld
- cloning.signing.keyalgorithm=SHA256withRSA
- cloning.signing.keytype=rsa
- cloning.signing.nickname=caSigningCert cert-pki-ca
- cloning.signing.privkey.id=6d7e44668f963a4e5a20fee55151b495e8f1b6bd
- cloning.signing.pubkey.encoded=
- cloning.signing.pubkey.exponent=10001
- cloning.signing.pubkey.modulus=....(modulus)....
- cloning.subsystem.dn=cn=CA Subsystem,O=ourdomain.tld
- cloning.subsystem.keyalgorithm=SHA256withRSA
- cloning.subsystem.keytype=rsa
- cloning.subsystem.nickname=subsystemCert cert-pki-ca
- cloning.subsystem.privkey.id=....(id)....
- cloning.subsystem.pubkey.encoded=
- cloning.subsystem.pubkey.exponent=10001
- cloning.subsystem.pubkey.modulus=....(modulus)....
- cmc.cert.confirmRequired=false
- cmc.lraPopWitness.verify.allow=true
- cmc.revokeCert.sharedSecret.class=com.netscape.cms.authentication.SharedSecret
- cmc.revokeCert.verify=true
- cmc.sharedSecret.class=com.netscape.cms.authentication.SharedSecret
- cms.password.ignore.publishing.failure=true
- cms.passwordlist=internaldb,replicationdb
- cms.product.version=10.2.5
- cms.version=10.2
- cmsgateway._000=##
- cmsgateway._001=## In the event that all Admin Certificates have been lost
- cmsgateway._002=## for a given instance, perform the following steps to
- cmsgateway._003=## re-enroll for a new Admin Certificate:
- cmsgateway._004=##
- cmsgateway._005=## (1) Become 'root'
- cmsgateway._006=## (2) Type: 'service pki-tomcat stop'
- cmsgateway._007=## (3) Edit '/etc/pki/pki-tomcat/ca/CS.cfg'
- cmsgateway._008=## and set the following name-value pairs (if necessary):
- cmsgateway._009=##
- cmsgateway._010=## ca.Policy.enable=true
- cmsgateway._011=## cmsgateway.enableAdminEnroll=true
- cmsgateway._012=##
- cmsgateway._013=## (4) Type: 'service pki-tomcat start'
- cmsgateway._014=## (5) Launch a browser and re-enroll for
- cmsgateway._015=## a new Admin Certificate by typing:
- cmsgateway._016=##
- cmsgateway._017=## https://host-ipa01.ourdomain.tld:8443/ca/admin/ca/adminEnroll.html
- cmsgateway._018=##
- cmsgateway._019=## (6) Verify that the browser contains the new
- cmsgateway._020=## Admin Certificate by successfully navigating to:
- cmsgateway._021=##
- cmsgateway._022=## https://host-ipa01.ourdomain.tld:8443/ca/agent/ca/
- cmsgateway._023=##
- cmsgateway._024=## (7) Optionally, disable the Certificate Policies Framework
- cmsgateway._025=## by following steps (1) - (4), but ONLY resetting
- cmsgateway._026=## 'ca.Policy.enable=false', as
- cmsgateway._027=## 'cmsgateway.enableAdminEnroll=false' should have
- cmsgateway._028=## already been reset.
- cmsgateway._029=##
- cmsgateway.enableAdminEnroll=false
- configurationRoot=/ca/conf/
- cs.state=1
- cs.state._000=##
- cs.state._001=## cs.state=0 (pre-operational)
- cs.state._002=## cs.state=1 (running)
- cs.state._003=##
- cs.type=CA
- dbs.beginReplicaNumber=87
- dbs.beginRequestNumber=9970001
- dbs.beginSerialNumber=ffd0001
- dbs.enableRandomSerialNumbers=false
- dbs.enableSerialManagement=true
- dbs.endReplicaNumber=90
- dbs.endRequestNumber=9980000
- dbs.endSerialNumber=ffe0000
- dbs.ldap=internaldb
- dbs.newSchemaEntryAdded=true
- dbs.nextBeginReplicaNumber=1000
- dbs.nextBeginRequestNumber=30000001
- dbs.nextBeginSerialNumber=30000001
- dbs.nextEndReplicaNumber=1069
- dbs.nextEndRequestNumber=39940000
- dbs.nextEndSerialNumber=3ffa0000
- dbs.randomSerialNumberCounter=-1
- dbs.replicaCloneTransferNumber=5
- dbs.replicaDN=ou=replica
- dbs.replicaIncrement=100
- dbs.replicaLowWaterMark=20
- dbs.replicaRangeDN=ou=replica, ou=ranges
- dbs.requestCloneTransferNumber=10000
- dbs.requestDN=ou=ca, ou=requests
- dbs.requestIncrement=10000000
- dbs.requestLowWaterMark=2000000
- dbs.requestRangeDN=ou=requests, ou=ranges
- dbs.serialCloneTransferNumber=10000
- dbs.serialDN=ou=certificateRepository, ou=ca
- dbs.serialIncrement=10000000
- dbs.serialLowWaterMark=2000000
- dbs.serialRangeDN=ou=certificateRepository, ou=ranges
- debug.append=true
- debug.enabled=true
- debug.filename=/var/lib/pki/pki-tomcat/logs/ca/debug
- debug.hashkeytypes=
- debug.level=0
- debug.showcaller=false
- ee.interface.uri=ca/ee/ca
- http.port=8080
- https.port=8443
- installDate=Wed Dec 30 16:24:22 2015
- instanceId=pki-tomcat
- instanceRoot=/var/lib/pki/pki-tomcat
- internaldb._000=##
- internaldb._001=## Internal Database
- internaldb._002=##
- internaldb.basedn=o=ipaca
- internaldb.database=ipaca
- internaldb.ldapauth.authtype=SslClientAuth
- internaldb.ldapauth.bindDN=uid=pkidbuser,ou=people,o=ipaca
- internaldb.ldapauth.bindPWPrompt=internaldb
- internaldb.ldapauth.clientCertNickname=subsystemCert cert-pki-ca
- internaldb.ldapconn.cloneReplicationPort=389
- internaldb.ldapconn.host=host-ipa01.ourdomain.tld
- internaldb.ldapconn.masterReplicationPort=389
- internaldb.ldapconn.port=636
- internaldb.ldapconn.replicationSecurity=TLS
- internaldb.ldapconn.secureConn=true
- internaldb.maxConns=15
- internaldb.minConns=3
- internaldb.multipleSuffix.enable=false
- internaldb.replication.consumer=cloneAgreement1-host-ipa01.ourdomain.tld-pki-tomcat
- internaldb.replication.master=masterAgreement1-host-ipa01.ourdomain.tld-pki-tomcat
- jobsScheduler._000=##
- jobsScheduler._001=## jobScheduler
- jobsScheduler._002=##
- jobsScheduler.enabled=false
- jobsScheduler.impl.PublishCertsJob.class=com.netscape.cms.jobs.PublishCertsJob
- jobsScheduler.impl.RenewalNotificationJob.class=com.netscape.cms.jobs.RenewalNotificationJob
- jobsScheduler.impl.RequestInQueueJob.class=com.netscape.cms.jobs.RequestInQueueJob
- jobsScheduler.impl.UnpublishExpiredJob.class=com.netscape.cms.jobs.UnpublishExpiredJob
- jobsScheduler.interval=1
- jobsScheduler.job.certRenewalNotifier.cron=0 3 * * 1-5
- jobsScheduler.job.certRenewalNotifier.emailSubject=Certificate Renewal Notification
- jobsScheduler.job.certRenewalNotifier.emailTemplate=/var/lib/pki/pki-tomcat/ca/emails/rnJob1.txt
- jobsScheduler.job.certRenewalNotifier.enabled=false
- jobsScheduler.job.certRenewalNotifier.notifyEndOffset=30
- jobsScheduler.job.certRenewalNotifier.notifyTriggerOffset=30
- jobsScheduler.job.certRenewalNotifier.pluginName=RenewalNotificationJob
- jobsScheduler.job.certRenewalNotifier.senderEmail=
- jobsScheduler.job.certRenewalNotifier.summary.emailSubject=Certificate Renewal Notification Summary
- jobsScheduler.job.certRenewalNotifier.summary.emailTemplate=/var/lib/pki/pki-tomcat/ca/emails/rnJob1Summary.txt
- jobsScheduler.job.certRenewalNotifier.summary.enabled=true
- jobsScheduler.job.certRenewalNotifier.summary.itemTemplate=/var/lib/pki/pki-tomcat/ca/emails/rnJob1Item.txt
- jobsScheduler.job.certRenewalNotifier.summary.recipientEmail=
- jobsScheduler.job.certRenewalNotifier.summary.senderEmail=
- jobsScheduler.job.publishCerts.cron=0 0 * * 2
- jobsScheduler.job.publishCerts.enabled=false
- jobsScheduler.job.publishCerts.pluginName=PublishCertsJob
- jobsScheduler.job.publishCerts.summary.emailSubject=Certs Publishing Summary
- jobsScheduler.job.publishCerts.summary.emailTemplate=/var/lib/pki/pki-tomcat/ca/emails/publishCerts.html
- jobsScheduler.job.publishCerts.summary.enabled=true
- jobsScheduler.job.publishCerts.summary.itemTemplate=/var/lib/pki/pki-tomcat/ca/emails/publishCertsItem.html
- jobsScheduler.job.publishCerts.summary.recipientEmail=
- jobsScheduler.job.publishCerts.summary.senderEmail=
- jobsScheduler.job.requestInQueueNotifier.cron=0 0 * * 0
- jobsScheduler.job.requestInQueueNotifier.enabled=false
- jobsScheduler.job.requestInQueueNotifier.pluginName=RequestInQueueJob
- jobsScheduler.job.requestInQueueNotifier.subsystemId=ca
- jobsScheduler.job.requestInQueueNotifier.summary.emailSubject=Requests in Queue Summary Report
- jobsScheduler.job.requestInQueueNotifier.summary.emailTemplate=/var/lib/pki/pki-tomcat/ca/emails/riq1Summary.html
- jobsScheduler.job.requestInQueueNotifier.summary.enabled=true
- jobsScheduler.job.requestInQueueNotifier.summary.recipientEmail=
- jobsScheduler.job.requestInQueueNotifier.summary.senderEmail=
- jobsScheduler.job.unpublishExpiredCerts.cron=0 0 * * 6
- jobsScheduler.job.unpublishExpiredCerts.enabled=false
- jobsScheduler.job.unpublishExpiredCerts.pluginName=UnpublishExpiredJob
- jobsScheduler.job.unpublishExpiredCerts.summary.emailSubject=Expired Certs Unpublished Summary
- jobsScheduler.job.unpublishExpiredCerts.summary.emailTemplate=/var/lib/pki/pki-tomcat/ca/emails/euJob1.html
- jobsScheduler.job.unpublishExpiredCerts.summary.enabled=true
- jobsScheduler.job.unpublishExpiredCerts.summary.itemTemplate=/var/lib/pki/pki-tomcat/ca/emails/euJob1Item.html
- jobsScheduler.job.unpublishExpiredCerts.summary.recipientEmail=
- jobsScheduler.job.unpublishExpiredCerts.summary.senderEmail=
- jss._000=##
- jss._001=## JSS
- jss._002=##
- jss.configDir=/var/lib/pki/pki-tomcat/alias/
- jss.enable=true
- jss.ocspcheck.enable=false
- jss.secmodName=secmod.db
- jss.ssl.cipherfortezza=true
- jss.ssl.cipherpref=
- jss.ssl.cipherversion=cipherdomestic
- jss.ssl.sslserver.ectype=ECDHE
- keys.ecc.curve.default=nistp256
- keys.ecc.curve.display.list=nistp256 (secp256r1),nistp384 (secp384r1),nistp521 (secp521r1),nistk163 (sect163k1),sect163r1,nistb163 (sect163r2),sect193r1,sect193r2,nistk233 (sect233k1),nistb233 (sect233r1),sect239k1,nistk283 (sect283k1),nistb283 (sect283r1),nistk409 (sect409k1),nistb409 (sect409r1),nistk571 (sect571k1),nistb571 (sect571r1),secp160k1,secp160r1,secp160r2,secp192k1,nistp192 (secp192r1, prime192v1),secp224k1,nistp224 (secp224r1),secp256k1,prime192v2,prime192v3,prime239v1,prime239v2,prime239v3,c2pnb163v1,c2pnb163v2,c2pnb163v3,c2pnb176v1,c2tnb191v1,c2tnb191v2,c2tnb191v3,c2pnb208w1,c2tnb239v1,c2tnb239v2,c2tnb239v3,c2pnb272w1,c2pnb304w1,c2tnb359w1,c2pnb368w1,c2tnb431r1,secp112r1,secp112r2,secp128r1,secp128r2,sect113r1,sect113r2,sect131r1,sect131r2
- keys.ecc.curve.list=nistp256,nistp384,nistp521,sect163k1,nistk163,sect163r1,sect163r2,nistb163,sect193r1,sect193r2,sect233k1,nistk233,sect233r1,nistb233,sect239k1,sect283k1,nistk283,sect283r1,nistb283,sect409k1,nistk409,sect409r1,nistb409,sect571k1,nistk571,sect571r1,nistb571,secp160k1,secp160r1,secp160r2,secp192k1,secp192r1,nistp192,secp224k1,secp224r1,nistp224,secp256k1,secp256r1,secp384r1,secp521r1,prime192v1,prime192v2,prime192v3,prime239v1,prime239v2,prime239v3,c2pnb163v1,c2pnb163v2,c2pnb163v3,c2pnb176v1,c2tnb191v1,c2tnb191v2,c2tnb191v3,c2pnb208w1,c2tnb239v1,c2tnb239v2,c2tnb239v3,c2pnb272w1,c2pnb304w1,c2tnb359w1,c2pnb368w1,c2tnb431r1,secp112r1,secp112r2,secp128r1,secp128r2,sect113r1,sect113r2,sect131r1,sect131r2
- keys.rsa.keysize.default=2048
- log._000=##
- log._001=## Logging
- log._002=##
- log.impl.file.class=com.netscape.cms.logging.RollingLogFile
- log.instance.SignedAudit._000=##
- log.instance.SignedAudit._001=## Signed Audit Logging
- log.instance.SignedAudit._002=##
- log.instance.SignedAudit._003=##
- log.instance.SignedAudit._004=## Available Audit events:
- log.instance.SignedAudit._005=## AUDIT_LOG_STARTUP,AUDIT_LOG_SHUTDOWN,ROLE_ASSUME,CONFIG_CERT_POLICY,CONFIG_CERT_PROFILE,CONFIG_CRL_PROFILE,CONFIG_OCSP_PROFILE,CONFIG_AUTH,CONFIG_ROLE,CONFIG_ACL,CONFIG_SIGNED_AUDIT,CONFIG_ENCRYPTION,CONFIG_TRUSTED_PUBLIC_KEY,CONFIG_DRM,SELFTESTS_EXECUTION,AUDIT_LOG_DELETE,LOG_PATH_CHANGE,LOG_EXPIRATION_CHANGE,PRIVATE_KEY_ARCHIVE_REQUEST,PRIVATE_KEY_ARCHIVE_REQUEST_PROCESSED,PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS,PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE,KEY_RECOVERY_REQUEST,KEY_RECOVERY_REQUEST_ASYNC,KEY_RECOVERY_AGENT_LOGIN,KEY_RECOVERY_REQUEST_PROCESSED,KEY_RECOVERY_REQUEST_PROCESSED_ASYNC,KEY_GEN_ASYMMETRIC,NON_PROFILE_CERT_REQUEST,PROFILE_CERT_REQUEST,CERT_REQUEST_PROCESSED,CERT_STATUS_CHANGE_REQUEST,CERT_STATUS_CHANGE_REQUEST_PROCESSED,AUTHZ_SUCCESS,AUTHZ_FAIL,INTER_BOUNDARY,AUTH_FAIL,AUTH_SUCCESS,CERT_PROFILE_APPROVAL,PROOF_OF_POSSESSION,CRL_RETRIEVAL,CRL_VALIDATION,CMC_SIGNED_REQUEST_SIG_VERIFY,SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_FAILURE,SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_SUCCESS,SERVER_SIDE_KEYGEN_REQUEST,COMPUTE_SESSION_KEY_REQUEST,COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS, COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE,DIVERSIFY_KEY_REQUEST,DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS, DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE,ENCRYPT_DATA_REQUEST,ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS,ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE,OCSP_ADD_CA_REQUEST,OCSP_ADD_CA_REQUEST_PROCESSED,OCSP_REMOVE_CA_REQUEST,OCSP_REMOVE_CA_REQUEST_PROCESSED_SUCCESS,OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE,COMPUTE_RANDOM_DATA_REQUEST,COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_SUCCESS,COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_FAILURE,CIMC_CERT_VERIFICATION,SECURITY_DOMAIN_UPDATE,CONFIG_SERIAL_NUMBER
- log.instance.SignedAudit._006=##
- log.instance.SignedAudit.bufferSize=512
- log.instance.SignedAudit.enable=true
- log.instance.SignedAudit.events=AUDIT_LOG_STARTUP,AUDIT_LOG_SHUTDOWN,ROLE_ASSUME,CONFIG_CERT_POLICY,CONFIG_CERT_PROFILE,CONFIG_CRL_PROFILE,CONFIG_OCSP_PROFILE,CONFIG_AUTH,CONFIG_ROLE,CONFIG_ACL,CONFIG_SIGNED_AUDIT,CONFIG_ENCRYPTION,CONFIG_TRUSTED_PUBLIC_KEY,CONFIG_DRM,SELFTESTS_EXECUTION,AUDIT_LOG_DELETE,LOG_PATH_CHANGE,PRIVATE_KEY_ARCHIVE_REQUEST,PRIVATE_KEY_ARCHIVE_REQUEST_PROCESSED,PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS,PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE,KEY_RECOVERY_REQUEST,KEY_RECOVERY_REQUEST_ASYNC,KEY_RECOVERY_AGENT_LOGIN,KEY_RECOVERY_REQUEST_PROCESSED,KEY_RECOVERY_REQUEST_PROCESSED_ASYNC,KEY_GEN_ASYMMETRIC,NON_PROFILE_CERT_REQUEST,PROFILE_CERT_REQUEST,CERT_REQUEST_PROCESSED,CERT_STATUS_CHANGE_REQUEST,CERT_STATUS_CHANGE_REQUEST_PROCESSED,AUTHZ_SUCCESS,AUTHZ_FAIL,INTER_BOUNDARY,AUTH_FAIL,AUTH_SUCCESS,CERT_PROFILE_APPROVAL,PROOF_OF_POSSESSION,CRL_RETRIEVAL,CRL_VALIDATION,CMC_SIGNED_REQUEST_SIG_VERIFY,SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_FAILURE,SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_SUCCESS,SERVER_SIDE_KEYGEN_REQUEST,COMPUTE_SESSION_KEY_REQUEST,COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS, COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE,DIVERSIFY_KEY_REQUEST,DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS, DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE,ENCRYPT_DATA_REQUEST,ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS,ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE,OCSP_ADD_CA_REQUEST,OCSP_ADD_CA_REQUEST_PROCESSED,OCSP_REMOVE_CA_REQUEST,OCSP_REMOVE_CA_REQUEST_PROCESSED_SUCCESS,OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE,COMPUTE_RANDOM_DATA_REQUEST,COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_SUCCESS,COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_FAILURE,CIMC_CERT_VERIFICATION,SECURITY_DOMAIN_UPDATE,CONFIG_SERIAL_NUMBER
- log.instance.SignedAudit.expirationTime=0
- log.instance.SignedAudit.fileName=/var/lib/pki/pki-tomcat/logs/ca/signedAudit/ca_audit
- log.instance.SignedAudit.flushInterval=5
- log.instance.SignedAudit.level=1
- log.instance.SignedAudit.logSigning=false
- log.instance.SignedAudit.maxFileSize=2000
- log.instance.SignedAudit.pluginName=file
- log.instance.SignedAudit.rolloverInterval=2592000
- log.instance.SignedAudit.signedAudit=_002=##
- log.instance.SignedAudit.signedAuditCertNickname=auditSigningCert cert-pki-ca
- log.instance.SignedAudit.type=signedAudit
- log.instance.System._000=##
- log.instance.System._001=## System Logging
- log.instance.System._002=##
- log.instance.System.bufferSize=512
- log.instance.System.enable=true
- log.instance.System.expirationTime=0
- log.instance.System.fileName=/var/lib/pki/pki-tomcat/logs/ca/system
- log.instance.System.flushInterval=5
- log.instance.System.level=3
- log.instance.System.maxFileSize=2000
- log.instance.System.pluginName=file
- log.instance.System.rolloverInterval=2592000
- log.instance.System.type=system
- log.instance.Transactions._000=##
- log.instance.Transactions._001=## Transaction Logging
- log.instance.Transactions._002=##
- log.instance.Transactions.bufferSize=512
- log.instance.Transactions.enable=true
- log.instance.Transactions.expirationTime=0
- log.instance.Transactions.fileName=/var/lib/pki/pki-tomcat/logs/ca/transactions
- log.instance.Transactions.flushInterval=5
- log.instance.Transactions.level=1
- log.instance.Transactions.maxFileSize=2000
- log.instance.Transactions.pluginName=file
- log.instance.Transactions.rolloverInterval=2592000
- log.instance.Transactions.type=transaction
- logAudit.fileName=/var/lib/pki/pki-tomcat/logs/ca/access
- logError.fileName=/var/lib/pki/pki-tomcat/logs/ca/error
- machineName=host-ipa01.ourdomain.tld
- master.ca.agent.host=host-sso02.ourdomain.tld
- master.ca.agent.port=443
- multiroles._000=##
- multiroles._001=## multiroles
- multiroles._002=##
- multiroles.enable=true
- multiroles.false.groupEnforceList=Administrators,Auditors,Trusted Managers,Certificate Manager Agents,Registration Manager Agents,Data Recovery Manager Agents,Online Certificate Status Manager Agents,Token Key Service Manager Agents,Enterprise CA Administrators,Enterprise KRA Administrators,Enterprise OCSP Administrators,Enterprise RA Administrators,Enterprise TKS Administrators,Enterprise TPS Administrators,Security Domain Administrators,Subsystem Group,ClonedSubsystems
- oidmap.auth_info_access.class=netscape.security.extensions.AuthInfoAccessExtension
- oidmap.auth_info_access.oid=1.3.6.1.5.5.7.1.1
- oidmap.challenge_password.class=com.netscape.cms.servlet.cert.scep.ChallengePassword
- oidmap.challenge_password.oid=1.2.840.113549.1.9.7
- oidmap.extended_key_usage.class=netscape.security.extensions.ExtendedKeyUsageExtension
- oidmap.extended_key_usage.oid=2.5.29.37
- oidmap.extensions_requested_pkcs9.class=com.netscape.cms.servlet.cert.scep.ExtensionsRequested
- oidmap.extensions_requested_pkcs9.oid=1.2.840.113549.1.9.14
- oidmap.extensions_requested_vsgn.class=com.netscape.cms.servlet.cert.scep.ExtensionsRequested
- oidmap.extensions_requested_vsgn.oid=2.16.840.1.113733.1.9.8
- oidmap.netscape_comment.class=netscape.security.x509.NSCCommentExtension
- oidmap.netscape_comment.oid=2.16.840.1.113730.1.13
- oidmap.ocsp_no_check.class=netscape.security.extensions.OCSPNoCheckExtension
- oidmap.ocsp_no_check.oid=1.3.6.1.5.5.7.48.1.5
- oidmap.pse.class=netscape.security.extensions.PresenceServerExtension
- oidmap.pse.oid=2.16.840.1.113730.1.18
- oidmap.subject_info_access.class=netscape.security.extensions.SubjectInfoAccessExtension
- oidmap.subject_info_access.oid=1.3.6.1.5.5.7.1.11
- os.userid=nobody
- passwordClass=com.netscape.cmsutil.password.PlainPasswordFile
- passwordFile=/var/lib/pki/pki-tomcat/conf/password.conf
- pidDir=/var/run/pki/tomcat
- pkicreate.admin_secure_port=8443
- pkicreate.agent_secure_port=8443
- pkicreate.arg11.group=pkiuser
- pkicreate.ee_secure_client_auth_port=8443
- pkicreate.ee_secure_port=8443
- pkicreate.pki_instance_name=pki-tomcat
- pkicreate.pki_instance_root=/var/lib/pki
- pkicreate.secure_port=8443
- pkicreate.subsystem_type=ca
- pkicreate.systemd.servicename=pki-tomcatd@pki-tomcat.service
- pkicreate.tomcat_server_port=8005
- pkicreate.unsecure_port=8080
- pkicreate.user=pkiuser
- pkiremove.cert.subsystem.nickname=subsystemCert cert-pki-tomcat
- processor.caDoRevoke-agent.authMgr=certUserDBAuthMgr
- processor.caDoRevoke-agent.authorityId=ca
- processor.caDoRevoke-agent.authzMgr=BasicAclAuthz
- processor.caDoRevoke-agent.authzResourceName=certServer.ca.certificates
- processor.caDoRevoke-agent.getClientCert=true
- processor.caDoRevoke.authorityId=ca
- processor.caDoRevoke.authzMgr=BasicAclAuthz
- processor.caDoRevoke.authzResourceName=certServer.ee.certificates
- processor.caDoRevoke.getClientCert=false
- processor.caDoUnrevoke.authMgr=certUserDBAuthMgr
- processor.caDoUnrevoke.authorityId=ca
- processor.caDoUnrevoke.authzMgr=BasicAclAuthz
- processor.caDoUnrevoke.authzResourceName=certServer.ca.certificate
- processor.caDoUnrevoke.getClientCert=true
- processor.caProfileProcess.authMgr=certUserDBAuthMgr
- processor.caProfileProcess.authorityId=ca
- processor.caProfileProcess.authzMgr=BasicAclAuthz
- processor.caProfileProcess.authzResourceName=certServer.ca.request.profile
- processor.caProfileProcess.getClientCert=true
- processor.caProfileSubmit.authorityId=ca
- processor.caProfileSubmit.authzMgr=BasicAclAuthz
- processor.caProfileSubmit.authzResourceName=certServer.ee.profile
- processor.caProfileSubmit.getClientCert=false
- profile.AdminCert.class_id=caEnrollImpl
- profile.AdminCert.config=/var/lib/pki/pki-tomcat/ca/profiles/ca/AdminCert.cfg
- profile.DomainController.class_id=caEnrollImpl
- profile.DomainController.config=/var/lib/pki/pki-tomcat/ca/profiles/ca/DomainController.cfg
- profile.caAdminCert.class_id=caEnrollImpl
- profile.caAdminCert.config=/var/lib/pki/pki-tomcat/ca/profiles/ca/caAdminCert.cfg
- profile.caAgentFileSigning.class_id=caEnrollImpl
- profile.caAgentFileSigning.config=/var/lib/pki/pki-tomcat/ca/profiles/ca/caAgentFileSigning.cfg
- profile.caAgentServerCert.class_id=caEnrollImpl
- profile.caAgentServerCert.config=/var/lib/pki/pki-tomcat/ca/profiles/ca/caAgentServerCert.cfg
- profile.caCACert.class_id=caEnrollImpl
- profile.caCACert.config=/var/lib/pki/pki-tomcat/ca/profiles/ca/caCACert.cfg
- profile.caCMCUserCert.class_id=caEnrollImpl
- profile.caCMCUserCert.config=/var/lib/pki/pki-tomcat/ca/profiles/ca/caCMCUserCert.cfg
- profile.caCrossSignedCACert.class_id=caEnrollImpl
- profile.caCrossSignedCACert.config=/var/lib/pki/pki-tomcat/ca/profiles/ca/caCrossSignedCACert.cfg
- profile.caDirPinUserCert.class_id=caEnrollImpl
- profile.caDirPinUserCert.config=/var/lib/pki/pki-tomcat/ca/profiles/ca/caDirPinUserCert.cfg
- profile.caDirUserCert.class_id=caEnrollImpl
- profile.caDirUserCert.config=/var/lib/pki/pki-tomcat/ca/profiles/ca/caDirUserCert.cfg
- profile.caDirUserRenewal.class_id=caEnrollImpl
- profile.caDirUserRenewal.config=/var/lib/pki/pki-tomcat/ca/profiles/ca/caDirUserRenewal.cfg
- profile.caDualCert.class_id=caEnrollImpl
- profile.caDualCert.config=/var/lib/pki/pki-tomcat/ca/profiles/ca/caDualCert.cfg
- profile.caDualRAuserCert.class_id=caEnrollImpl
- profile.caDualRAuserCert.config=/var/lib/pki/pki-tomcat/ca/profiles/ca/caDualRAuserCert.cfg
- profile.caECDirUserCert.class_id=caEnrollImpl
- profile.caECDirUserCert.config=/var/lib/pki/pki-tomcat/ca/profiles/ca/caECDirUserCert.cfg
- profile.caECDualCert.class_id=caEnrollImpl
- profile.caECDualCert.config=/var/lib/pki/pki-tomcat/ca/profiles/ca/caECDualCert.cfg
- profile.caECUserCert.class_id=caEnrollImpl
- profile.caECUserCert.config=/var/lib/pki/pki-tomcat/ca/profiles/ca/caECUserCert.cfg
- profile.caEncECUserCert.class_id=caEnrollImpl
- profile.caEncECUserCert.config=/var/lib/pki/pki-tomcat/ca/profiles/ca/caEncECUserCert.cfg
- profile.caEncUserCert.class_id=caEnrollImpl
- profile.caEncUserCert.config=/var/lib/pki/pki-tomcat/ca/profiles/ca/caEncUserCert.cfg
- profile.caFullCMCUserCert.class_id=caEnrollImpl
- profile.caFullCMCUserCert.config=/var/lib/pki/pki-tomcat/ca/profiles/ca/caFullCMCUserCert.cfg
- profile.caIPAserviceCert.class_id=caEnrollImpl
- profile.caIPAserviceCert.config=/var/lib/pki/pki-tomcat/ca/profiles/ca/caIPAserviceCert.cfg
- profile.caInstallCACert.class_id=caEnrollImpl
- profile.caInstallCACert.config=/var/lib/pki/pki-tomcat/ca/profiles/ca/caInstallCACert.cfg
- profile.caInternalAuthAuditSigningCert.class_id=caEnrollImpl
- profile.caInternalAuthAuditSigningCert.config=/var/lib/pki/pki-tomcat/ca/profiles/ca/caInternalAuthAuditSigningCert.cfg
- profile.caInternalAuthDRMstorageCert.class_id=caEnrollImpl
- profile.caInternalAuthDRMstorageCert.config=/var/lib/pki/pki-tomcat/ca/profiles/ca/caInternalAuthDRMstorageCert.cfg
- profile.caInternalAuthOCSPCert.class_id=caEnrollImpl
- profile.caInternalAuthOCSPCert.config=/var/lib/pki/pki-tomcat/ca/profiles/ca/caInternalAuthOCSPCert.cfg
- profile.caInternalAuthServerCert.class_id=caEnrollImpl
- profile.caInternalAuthServerCert.config=/var/lib/pki/pki-tomcat/ca/profiles/ca/caInternalAuthServerCert.cfg
- profile.caInternalAuthSubsystemCert.class_id=caEnrollImpl
- profile.caInternalAuthSubsystemCert.config=/var/lib/pki/pki-tomcat/ca/profiles/ca/caInternalAuthSubsystemCert.cfg
- profile.caInternalAuthTransportCert.class_id=caEnrollImpl
- profile.caInternalAuthTransportCert.config=/var/lib/pki/pki-tomcat/ca/profiles/ca/caInternalAuthTransportCert.cfg
- profile.caJarSigningCert.class_id=caEnrollImpl
- profile.caJarSigningCert.config=/var/lib/pki/pki-tomcat/ca/profiles/ca/caJarSigningCert.cfg
- profile.caManualRenewal.class_id=caEnrollImpl
- profile.caManualRenewal.config=/var/lib/pki/pki-tomcat/ca/profiles/ca/caManualRenewal.cfg
- profile.caOCSPCert.class_id=caEnrollImpl
- profile.caOCSPCert.config=/var/lib/pki/pki-tomcat/ca/profiles/ca/caOCSPCert.cfg
- profile.caOtherCert.class_id=caEnrollImpl
- profile.caOtherCert.config=/var/lib/pki/pki-tomcat/ca/profiles/ca/caOtherCert.cfg
- profile.caRACert.class_id=caEnrollImpl
- profile.caRACert.config=/var/lib/pki/pki-tomcat/ca/profiles/ca/caRACert.cfg
- profile.caRARouterCert.class_id=caEnrollImpl
- profile.caRARouterCert.config=/var/lib/pki/pki-tomcat/ca/profiles/ca/caRARouterCert.cfg
- profile.caRAagentCert.class_id=caEnrollImpl
- profile.caRAagentCert.config=/var/lib/pki/pki-tomcat/ca/profiles/ca/caRAagentCert.cfg
- profile.caRAserverCert.class_id=caEnrollImpl
- profile.caRAserverCert.config=/var/lib/pki/pki-tomcat/ca/profiles/ca/caRAserverCert.cfg
- profile.caRouterCert.class_id=caEnrollImpl
- profile.caRouterCert.config=/var/lib/pki/pki-tomcat/ca/profiles/ca/caRouterCert.cfg
- profile.caSSLClientSelfRenewal.class_id=caEnrollImpl
- profile.caSSLClientSelfRenewal.config=/var/lib/pki/pki-tomcat/ca/profiles/ca/caSSLClientSelfRenewal.cfg
- profile.caServerCert.class_id=caEnrollImpl
- profile.caServerCert.config=/var/lib/pki/pki-tomcat/ca/profiles/ca/caServerCert.cfg
- profile.caSignedLogCert.class_id=caEnrollImpl
- profile.caSignedLogCert.config=/var/lib/pki/pki-tomcat/ca/profiles/ca/caSignedLogCert.cfg
- profile.caSimpleCMCUserCert.class_id=caEnrollImpl
- profile.caSimpleCMCUserCert.config=/var/lib/pki/pki-tomcat/ca/profiles/ca/caSimpleCMCUserCert.cfg
- profile.caStorageCert.class_id=caEnrollImpl
- profile.caStorageCert.config=/var/lib/pki/pki-tomcat/ca/profiles/ca/caStorageCert.cfg
- profile.caSubsystemCert.class_id=caEnrollImpl
- profile.caSubsystemCert.config=/var/lib/pki/pki-tomcat/ca/profiles/ca/caSubsystemCert.cfg
- profile.caTPSCert.class_id=caEnrollImpl
- profile.caTPSCert.config=/var/lib/pki/pki-tomcat/ca/profiles/ca/caTPSCert.cfg
- profile.caTempTokenDeviceKeyEnrollment.class_id=caUserCertEnrollImpl
- profile.caTempTokenDeviceKeyEnrollment.config=/var/lib/pki/pki-tomcat/ca/profiles/ca/caTempTokenDeviceKeyEnrollment.cfg
- profile.caTempTokenUserEncryptionKeyEnrollment.class_id=caUserCertEnrollImpl
- profile.caTempTokenUserEncryptionKeyEnrollment.config=/var/lib/pki/pki-tomcat/ca/profiles/ca/caTempTokenUserEncryptionKeyEnrollment.cfg
- profile.caTempTokenUserSigningKeyEnrollment.class_id=caUserCertEnrollImpl
- profile.caTempTokenUserSigningKeyEnrollment.config=/var/lib/pki/pki-tomcat/ca/profiles/ca/caTempTokenUserSigningKeyEnrollment.cfg
- profile.caTokenDeviceKeyEnrollment.class_id=caUserCertEnrollImpl
- profile.caTokenDeviceKeyEnrollment.config=/var/lib/pki/pki-tomcat/ca/profiles/ca/caTokenDeviceKeyEnrollment.cfg
- profile.caTokenMSLoginEnrollment.class_id=caUserCertEnrollImpl
- profile.caTokenMSLoginEnrollment.config=/var/lib/pki/pki-tomcat/ca/profiles/ca/caTokenMSLoginEnrollment.cfg
- profile.caTokenUserAuthKeyRenewal.class_id=caUserCertEnrollImpl
- profile.caTokenUserAuthKeyRenewal.config=/var/lib/pki/pki-tomcat/ca/profiles/ca/caTokenUserAuthKeyRenewal.cfg
- profile.caTokenUserDelegateAuthKeyEnrollment.class_id=caUserCertEnrollImpl
- profile.caTokenUserDelegateAuthKeyEnrollment.config=/var/lib/pki/pki-tomcat/ca/profiles/ca/caTokenUserDelegateAuthKeyEnrollment.cfg
- profile.caTokenUserDelegateSigningKeyEnrollment.class_id=caUserCertEnrollImpl
- profile.caTokenUserDelegateSigningKeyEnrollment.config=/var/lib/pki/pki-tomcat/ca/profiles/ca/caTokenUserDelegateSigningKeyEnrollment.cfg
- profile.caTokenUserEncryptionKeyEnrollment.class_id=caUserCertEnrollImpl
- profile.caTokenUserEncryptionKeyEnrollment.config=/var/lib/pki/pki-tomcat/ca/profiles/ca/caTokenUserEncryptionKeyEnrollment.cfg
- profile.caTokenUserEncryptionKeyRenewal.class_id=caUserCertEnrollImpl
- profile.caTokenUserEncryptionKeyRenewal.config=/var/lib/pki/pki-tomcat/ca/profiles/ca/caTokenUserEncryptionKeyRenewal.cfg
- profile.caTokenUserSigningKeyEnrollment.class_id=caUserCertEnrollImpl
- profile.caTokenUserSigningKeyEnrollment.config=/var/lib/pki/pki-tomcat/ca/profiles/ca/caTokenUserSigningKeyEnrollment.cfg
- profile.caTokenUserSigningKeyRenewal.class_id=caUserCertEnrollImpl
- profile.caTokenUserSigningKeyRenewal.config=/var/lib/pki/pki-tomcat/ca/profiles/ca/caTokenUserSigningKeyRenewal.cfg
- profile.caTransportCert.class_id=caEnrollImpl
- profile.caTransportCert.config=/var/lib/pki/pki-tomcat/ca/profiles/ca/caTransportCert.cfg
- profile.caUUIDdeviceCert.class_id=caEnrollImpl
- profile.caUUIDdeviceCert.config=/var/lib/pki/pki-tomcat/ca/profiles/ca/caUUIDdeviceCert.cfg
- profile.caUserCert.class_id=caEnrollImpl
- profile.caUserCert.config=/var/lib/pki/pki-tomcat/ca/profiles/ca/caUserCert.cfg
- profile.caUserSMIMEcapCert.class_id=caEnrollImpl
- profile.caUserSMIMEcapCert.config=/var/lib/pki/pki-tomcat/ca/profiles/ca/caUserSMIMEcapCert.cfg
- profile.list=caUserCert,caECUserCert,caUserSMIMEcapCert,caDualCert,caECDualCert,AdminCert,caSignedLogCert,caTPSCert,caRARouterCert,caRouterCert,caServerCert,caSubsystemCert,caOtherCert,caCACert,caCrossSignedCACert,caInstallCACert,caRACert,caOCSPCert,caStorageCert,caTransportCert,caDirPinUserCert,caDirUserCert,caECDirUserCert,caAgentServerCert,caAgentFileSigning,caCMCUserCert,caFullCMCUserCert,caSimpleCMCUserCert,caTokenDeviceKeyEnrollment,caTokenUserEncryptionKeyEnrollment,caTokenUserSigningKeyEnrollment,caTempTokenDeviceKeyEnrollment,caTempTokenUserEncryptionKeyEnrollment,caTempTokenUserSigningKeyEnrollment,caAdminCert,caInternalAuthServerCert,caInternalAuthTransportCert,caInternalAuthDRMstorageCert,caInternalAuthSubsystemCert,caInternalAuthOCSPCert,caInternalAuthAuditSigningCert,DomainController,caDualRAuserCert,caRAagentCert,caRAserverCert,caUUIDdeviceCert,caSSLClientSelfRenewal,caDirUserRenewal,caManualRenewal,caTokenMSLoginEnrollment,caTokenUserSigningKeyRenewal,caTokenUserEncryptionKeyRenewal,caTokenUserAuthKeyRenewal,caJarSigningCert,caIPAserviceCert,caEncUserCert,caEncECUserCert,caTokenUserDelegateAuthKeyEnrollment,caTokenUserDelegateSigningKeyEnrollment
- proxy.securePort=443
- proxy.unsecurePort=80
- registry.file=/var/lib/pki/pki-tomcat/conf/ca/registry.cfg
- request.assignee.enable=true
- securitydomain.checkIP=false
- securitydomain.checkinterval=300000
- securitydomain.flushinterval=86400000
- securitydomain.host=host-ipa01.ourdomain.tld
- securitydomain.httpport=80
- securitydomain.httpsadminport=443
- securitydomain.httpsagentport=443
- securitydomain.httpseeport=443
- securitydomain.name=IPA
- securitydomain.select=new
- securitydomain.source=ldap
- securitydomain.store=ldap
- selftests._000=##
- selftests._001=## Self Tests
- selftests._002=##
- selftests._003=## The Self-Test plugin SystemCertsVerification uses the
- selftests._004=## following parameters (where certusage is optional):
- selftests._005=## ca.cert.list = <list of cert tag names deliminated by ",">
- selftests._006=## ca.cert.<cert tag name>.nickname
- selftests._007=## ca.cert.<cert tag name>.certusage
- selftests._008=##
- selftests.container.instance.CAPresence=com.netscape.cms.selftests.ca.CAPresence
- selftests.container.instance.CAValidity=com.netscape.cms.selftests.ca.CAValidity
- selftests.container.instance.SystemCertsVerification=com.netscape.cms.selftests.common.SystemCertsVerification
- selftests.container.logger.bufferSize=512
- selftests.container.logger.class=com.netscape.cms.logging.RollingLogFile
- selftests.container.logger.enable=true
- selftests.container.logger.expirationTime=0
- selftests.container.logger.fileName=/var/lib/pki/pki-tomcat/logs/ca/selftests.log
- selftests.container.logger.flushInterval=5
- selftests.container.logger.level=1
- selftests.container.logger.maxFileSize=2000
- selftests.container.logger.register=false
- selftests.container.logger.rolloverInterval=2592000
- selftests.container.logger.type=transaction
- selftests.container.order.onDemand=CAPresence:critical, SystemCertsVerification:critical, CAValidity:critical
- selftests.container.order.startup=CAPresence:critical, SystemCertsVerification:critical
- selftests.plugin.CAPresence.CaSubId=ca
- selftests.plugin.CAValidity.CaSubId=ca
- selftests.plugin.SystemCertsVerification.SubId=ca
- service.clientauth_securePort=8443
- service.instanceDir=/var/lib/pki
- service.instanceID=pki-tomcat
- service.machineName=host-ipa01.ourdomain.tld
- service.non_clientauth_securePort=8443
- service.securePort=8443
- service.securityDomainPort=443
- service.unsecurePort=8080
- smtp.host=localhost
- smtp.port=25
- subsystem.0.class=com.netscape.ca.CertificateAuthority
- subsystem.0.id=ca
- subsystem.1.class=com.netscape.cmscore.profile.LDAPProfileSubsystem
- subsystem.1.enabled=true
- subsystem.1.id=profile
- subsystem.2.class=com.netscape.cmscore.selftests.SelfTestSubsystem
- subsystem.2.id=selftests
- subsystem.3.class=com.netscape.cmscore.cert.CrossCertPairSubsystem
- subsystem.3.id=CrossCertPair
- subsystem.4.class=com.netscape.cmscore.util.StatsSubsystem
- subsystem.4.id=stats
- subsystem.count=0
- subsystem.select=Clone
- usrgrp._000=##
- usrgrp._001=## User/Group
- usrgrp._002=##
- usrgrp.ldap=internaldb
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement