###############################################################################
## Default Configuration: ##
## ##
## Values in this section are common to more than one PKI subsystem, and ##
## contain required information which MAY be overridden by users as ##
## necessary. ##
## ##
## There are also some meta-parameters that determine how the PKI ##
## configuratiion should work. ##
## ##
###############################################################################
[DEFAULT]
# The sensitive_parameters contains a list of parameters which may contain
# sensitive information which must not be displayed to the console nor stored
# in log files for security reasons.
sensitive_parameters=
pki_admin_password
pki_backup_password
pki_client_database_password
pki_client_pin
pki_client_pkcs12_password
pki_clone_pkcs12_password
pki_ds_password
pki_one_time_pin
pki_pin
pki_security_domain_password
pki_token_password
# The spawn_scriplets contains a list of scriplets to be executed by pkispawn.
spawn_scriplets=
initialization
infrastructure_layout
instance_layout
subsystem_layout
selinux_setup
webapp_deployment
slot_substitution
security_databases
configuration
finalization
# The destroy_scriplets contains a list of scriplets to be executed by pkidestroy.
destroy_scriplets=
initialization
configuration
webapp_deployment
subsystem_layout
security_databases
instance_layout
selinux_setup
infrastructure_layout
finalization
# By default, the following parameters will be set for Tomcat and Apache instances.
# There is no reason to uncomment these. They are provided for reference in
# case someone wants to override them in their config file.
#
# Tomcat instances:
# pki_instance_name=pki-tomcat
# pki_https_port=8443
# pki_http_port=8080
#
# Apache instances:
# pki_instance_name=pki-apache
# pki_https_port=443
# pki_http_port=80
pki_admin_cert_file=%(pki_client_dir)s/ca_admin.cert
pki_admin_cert_request_type=pkcs10
pki_admin_dualkey=False
pki_admin_keysize=2048
pki_admin_password=
pki_audit_group=pkiaudit
pki_audit_signing_key_algorithm=SHA256withRSA
pki_audit_signing_key_size=2048
pki_audit_signing_key_type=rsa
pki_audit_signing_signing_algorithm=SHA256withRSA
pki_audit_signing_token=Internal Key Storage Token
pki_backup_keys=False
pki_backup_password=
pki_client_admin_cert_p12=%(pki_client_dir)s/%(pki_subsystem_type)s_admin_cert.p12
pki_client_database_password=
pki_client_database_purge=True
pki_client_dir=%(home_dir)s/.dogtag/%(pki_instance_name)s
pki_client_pkcs12_password=
pki_ds_bind_dn=cn=Directory Manager
pki_ds_ldap_port=389
pki_ds_ldaps_port=636
pki_ds_password=
pki_ds_remove_data=True
pki_ds_secure_connection=False
pki_group=pkiuser
pki_issuing_ca_hostname=%(pki_security_domain_hostname)s
pki_issuing_ca_https_port=%(pki_security_domain_https_port)s
pki_issuing_ca_uri=https://%(pki_issuing_ca_hostname)s:%(pki_issuing_ca_https_port)s
pki_issuing_ca=%(pki_issuing_ca_uri)s
pki_restart_configured_instance=True
pki_security_domain_hostname=%(pki_hostname)s
pki_security_domain_https_port=8443
pki_security_domain_name=%(pki_dns_domainname)s Security Domain
pki_security_domain_password=
pki_security_domain_user=caadmin
pki_skip_configuration=False
pki_skip_installation=False
pki_ssl_server_key_algorithm=SHA256withRSA
pki_ssl_server_key_size=2048
pki_ssl_server_key_type=rsa
pki_ssl_server_nickname=Server-Cert cert-%(pki_instance_name)s
pki_ssl_server_subject_dn=cn=%(pki_hostname)s,o=%(pki_security_domain_name)s
pki_ssl_server_token=Internal Key Storage Token
pki_subsystem_key_algorithm=SHA256withRSA
pki_subsystem_key_size=2048
pki_subsystem_key_type=rsa
pki_subsystem_token=Internal Key Storage Token
pki_theme_enable=True
pki_theme_server_dir=/usr/share/pki/common-ui
pki_token_name=internal
pki_token_password=
pki_user=pkiuser
# Paths:
# These are used in the processing of pkispawn and are not supposed
# to be overwritten by user configuration files.
#
pki_client_database_dir=%(pki_client_subsystem_dir)s/alias
pki_client_subsystem_dir=%(pki_client_dir)s/%(pki_subsystem_type)s
pki_client_password_conf=%(pki_client_subsystem_dir)s/password.conf
pki_client_pkcs12_password_conf=%(pki_client_subsystem_dir)s/pkcs12_password.conf
pki_client_cert_database=%(pki_client_database_dir)s/cert8.db
pki_client_key_database=%(pki_client_database_dir)s/key3.db
pki_client_secmod_database=%(pki_client_database_dir)s/secmod.db
pki_client_admin_cert=%(pki_client_dir)s/%(pki_subsystem_type)s_admin.cert
pki_source_conf_path=/usr/share/pki/%(pki_subsystem_type)s/conf
pki_source_setup_path=/usr/share/pki/setup
pki_source_server_path=/usr/share/pki/server/conf
pki_source_cs_cfg=/usr/share/pki/%(pki_subsystem_type)s/conf/CS.cfg
pki_source_registry=/usr/share/pki/setup/pkidaemon_registry
pki_path=%(pki_root_prefix)s/var/lib/pki
pki_log_path=%(pki_root_prefix)s/var/log/pki
pki_configuration_path=%(pki_root_prefix)s/etc/pki
pki_registry_path=%(pki_root_prefix)s/etc/sysconfig/pki
pki_instance_path=%(pki_path)s/%(pki_instance_name)s
pki_instance_log_path=%(pki_log_path)s/%(pki_instance_name)s
pki_instance_configuration_path=%(pki_configuration_path)s/%(pki_instance_name)s
pki_database_path=%(pki_instance_configuration_path)s/alias
pki_instance_database_link=%(pki_instance_path)s/alias
pki_instance_conf_link=%(pki_instance_path)s/conf
pki_instance_logs_link=%(pki_instance_path)s/logs
pki_subsystem_path=%(pki_instance_path)s/%(pki_subsystem_type)s
pki_subsystem_log_path=%(pki_instance_log_path)s/%(pki_subsystem_type)s
pki_subsystem_archive_log_path=%(pki_subsystem_log_path)s/archive
pki_subsystem_configuration_path=%(pki_instance_configuration_path)s/%(pki_subsystem_type)s
pki_subsystem_database_link=%(pki_subsystem_path)s/alias
pki_subsystem_conf_link=%(pki_subsystem_path)s/conf
pki_subsystem_logs_link=%(pki_subsystem_path)s/logs
pki_subsystem_registry_link=%(pki_subsystem_path)s/registry
###############################################################################
## Apache Configuration: ##
## ##
## Values in this section are common to PKI subsystems that run ##
## as an instance of 'Apache' (RA and TPS subsystems), and contain ##
## required information which MAY be overridden by users as necessary. ##
###############################################################################
[Apache]
# Paths
# These are used in the processing of pkispawn and are not supposed
# to be overwritten by user configuration files.
#
pki_systemd_service=/lib/systemd/system/pki-apached@.service
pki_systemd_target=/lib/systemd/system/pki-apached.target
pki_systemd_target_wants=/etc/systemd/system/pki-apached.target.wants
pki_systemd_service_link=%(pki_systemd_target_wants)s/pki-apached@%(pki_instance_name)s.service
pki_cgroup_systemd_service_path=/sys/fs/cgroup/systemd/system/%(pki_systemd_service)s
pki_cgroup_systemd_service=%(pki_cgroup_systemd_service_path)s/%(pki_instance_name)s
pki_cgroup_cpu_systemd_service_path=/sys/fs/cgroup/cpu\,cpuacct/system/%(pki_systemd_service)s
pki_cgroup_cpu_systemd_service=%(pki_cgroup_cpu_systemd_service_path)s/%(pki_systemd_service)s
pki_instance_type=Apache
pki_instance_type_registry_path =%(pki_registry_path)s/apache
pki_instance_registry_path=%(pki_instance_type_registry_path)s/%(pki_instance_name)s
pki_subsystem_registry_path=%(pki_instance_registry_path)s/%(pki_subsystem_type)s
###############################################################################
## Tomcat Configuration: ##
## ##
## Values in this section are common to PKI subsystems that run ##
## as an instance of 'Tomcat' (CA, KRA, OCSP, and TKS subsystems ##
## including 'Clones', 'Subordinate CAs', and 'External CAs'), and contain ##
## required information which MAY be overridden by users as necessary. ##
## ##
## PKI CLONES: To specify a 'CA Clone', a 'KRA Clone', an 'OCSP Clone', ##
## or a 'TKS Clone', change the value of 'pki_clone' ##
## from 'False' to 'True'. ##
## ##
## REMINDER: PKI CA Clones, Subordinate CAs, and External CAs ##
## are MUTUALLY EXCLUSIVE entities!!! ##
###############################################################################
[Tomcat]
pki_ajp_port=8009
pki_clone=False
pki_clone_pkcs12_password=
pki_clone_pkcs12_path=
pki_clone_replicate_schema=True
pki_clone_replication_master_port=
pki_clone_replication_clone_port=
pki_clone_replication_security=None
pki_clone_uri=
pki_enable_java_debugger=False
pki_enable_proxy=False
pki_proxy_http_port=80
pki_proxy_https_port=443
pki_security_manager=true
pki_tomcat_server_port=8005
# Paths
# These are used in the processing of pkispawn and are not supposed
# to be overwritten by user configuration files.
#
pki_systemd_service=/lib/systemd/system/pki-tomcatd@.service
pki_systemd_target=/lib/systemd/system/pki-tomcatd.target
pki_systemd_target_wants=/etc/systemd/system/pki-tomcatd.target.wants
pki_systemd_service_link=%(pki_systemd_target_wants)s/pki-tomcatd@%(pki_instance_name)s.service
pki_cgroup_systemd_service_path=/sys/fs/cgroup/systemd/system/%(pki_systemd_service)s
pki_cgroup_systemd_service=%(pki_cgroup_systemd_service_path)s/%(pki_instance_name)s
pki_cgroup_cpu_systemd_service_path=/sys/fs/cgroup/cpu\,cpuacct/system/%(pki_systemd_service)s
pki_cgroup_cpu_systemd_service=%(pki_cgroup_cpu_systemd_service_path)s/%(pki_systemd_service)s
pki_tomcat_bin_path=/usr/share/tomcat/bin
pki_tomcat_lib_path=/usr/share/tomcat/lib
pki_tomcat_systemd=/usr/sbin/tomcat-sysd
pki_source_catalina_properties=%(pki_source_server_path)s/catalina.properties
pki_source_servercertnick_conf=%(pki_source_server_path)s/serverCertNick.conf
pki_source_server_xml=%(pki_source_server_path)s/server.xml
pki_source_context_xml=%(pki_source_server_path)s/context.xml
pki_source_tomcat_conf=%(pki_source_server_path)s/tomcat.conf
pki_instance_type=Tomcat
pki_tomcat_common_path=%(pki_instance_path)s/common
pki_tomcat_common_lib_path=%(pki_tomcat_common_path)s/lib
pki_tomcat_tmpdir_path=%(pki_instance_path)s/temp
pki_tomcat_webapps_path=%(pki_instance_path)s/webapps
pki_tomcat_webapps_root_path=%(pki_tomcat_webapps_path)s/ROOT
pki_tomcat_webapps_common_path=%(pki_tomcat_webapps_path)s/pki
pki_tomcat_webapps_root_webinf_path=%(pki_tomcat_webapps_root_path)s/WEB-INF
pki_tomcat_work_path=%(pki_instance_path)s/work
pki_tomcat_work_catalina_path=%(pki_tomcat_work_path)s/Catalina
pki_tomcat_work_catalina_host_path=%(pki_tomcat_work_catalina_path)s/localhost
pki_tomcat_work_catalina_host_run_path=%(pki_tomcat_work_catalina_host_path)s/_
pki_tomcat_work_catalina_host_subsystem_path=%(pki_tomcat_work_catalina_host_path)s/%(pki_subsystem_type)s
pki_instance_conf_log4j_properties=%(pki_instance_configuration_path)s/log4j.properties
pki_instance_type_registry_path=%(pki_registry_path)s/tomcat
pki_instance_registry_path=%(pki_instance_type_registry_path)s/%(pki_instance_name)s
pki_subsystem_registry_path=%(pki_instance_registry_path)s/%(pki_subsystem_type)s
pki_tomcat_bin_link=%(pki_instance_path)s/bin
pki_instance_lib=%(pki_instance_path)s/lib
pki_instance_lib_log4j_properties=%(pki_instance_lib)s/log4j.properties
pki_instance_systemd_link=%(pki_instance_path)s/%(pki_instance_name)s
pki_subsystem_signed_audit_log_path=%(pki_subsystem_log_path)s/signedAudit
pki_subsystem_tomcat_webapps_link=%(pki_subsystem_path)s/webapps
pki_tomcat_webapps_subsystem_path=%(pki_tomcat_webapps_path)s/%(pki_subsystem_type)s
pki_tomcat_webapps_subsystem_webinf_classes_path=%(pki_tomcat_webapps_subsystem_path)s/WEB-INF/classes
pki_tomcat_webapps_subsystem_webinf_lib_path=%(pki_tomcat_webapps_subsystem_path)s/WEB-INF/lib
pki_certsrv_jar_link=%(pki_tomcat_webapps_subsystem_webinf_lib_path)s/pki-certsrv.jar
pki_cmsbundle_jar_link=%(pki_tomcat_webapps_subsystem_webinf_lib_path)s/pki-cmsbundle.jar
pki_cmscore_jar_link=%(pki_tomcat_webapps_subsystem_webinf_lib_path)s/pki-cmscore.jar
pki_cms_jar_link=%(pki_tomcat_webapps_subsystem_webinf_lib_path)s/pki-cms.jar
pki_cmsutil_jar_link=%(pki_tomcat_webapps_subsystem_webinf_lib_path)s/pki-cmsutil.jar
pki_nsutil_jar_link=%(pki_tomcat_webapps_subsystem_webinf_lib_path)s/pki-nsutil.jar
# JAR paths
# These are used in the processing of pkispawn and are not supposed
# to be overwritten by user configuration files
pki_jss_jar=%(jni_jar_dir)s/jss4.jar
pki_symkey_jar=%(jni_jar_dir)s/symkey.jar
pki_apache_commons_collections_jar=/usr/share/java/apache-commons-collections.jar
pki_apache_commons_io_jar=/usr/share/java/apache-commons-io.jar
pki_apache_commons_lang_jar=/usr/share/java/apache-commons-lang.jar
pki_apache_commons_logging_jar=/usr/share/java/apache-commons-logging.jar
pki_commons_codec_jar=/usr/share/java/commons-codec.jar
pki_httpclient_jar=/usr/share/java/httpcomponents/httpclient.jar
pki_httpcore_jar=/usr/share/java/httpcomponents/httpcore.jar
pki_javassist_jar=/usr/share/java/javassist.jar
pki_jettison_jar=/usr/share/java/jettison.jar
pki_ldapjdk_jar=/usr/share/java/ldapjdk.jar
pki_certsrv_jar=/usr/share/java/pki/pki-certsrv.jar
pki_cmsbundle=/usr/share/java/pki/pki-cmsbundle.jar
pki_cmscore=/usr/share/java/pki/pki-cmscore.jar
pki_cms=/usr/share/java/pki/pki-cms.jar
pki_cmsutil=/usr/share/java/pki/pki-cmsutil.jar
pki_resteasy_jaxrs_api_jar=%(resteasy_lib)s/jaxrs-api.jar
pki_nsutil=/usr/share/java/pki/pki-nsutil.jar
pki_tomcat_jar=/usr/share/java/pki/pki-tomcat.jar
pki_resteasy_atom_provider_jar=%(resteasy_lib)s/resteasy-atom-provider.jar
pki_resteasy_jaxb_provider_jar=%(resteasy_lib)s/resteasy-jaxb-provider.jar
pki_resteasy_jaxrs_jar=%(resteasy_lib)s/resteasy-jaxrs.jar
pki_resteasy_jettison_provider_jar=%(resteasy_lib)s/resteasy-jettison-provider.jar
pki_scannotation_jar=/usr/share/java/scannotation.jar
pki_tomcatjss_jar=/usr/share/java/tomcat7jss.jar
pki_velocity_jar=/usr/share/java/velocity.jar
pki_xerces_j2_jar=/usr/share/java/xerces-j2.jar
pki_xml_commons_apis_jar=/usr/share/java/xml-commons-apis.jar
pki_xml_commons_resolver_jar=/usr/share/java/xml-commons-resolver.jar
pki_jss_jar_link=%(pki_tomcat_common_lib_path)s/jss4.jar
pki_symkey_jar_link=%(pki_tomcat_common_lib_path)s/symkey.jar
pki_apache_commons_collections_jar_link=%(pki_tomcat_common_lib_path)s/apache-commons-collections.jar
pki_apache_commons_io_jar_link=%(pki_tomcat_common_lib_path)s/apache-commons-io.jar
pki_apache_commons_lang_jar_link=%(pki_tomcat_common_lib_path)s/apache-commons-lang.jar
pki_apache_commons_logging_jar_link=%(pki_tomcat_common_lib_path)s/apache-commons-logging.jar
pki_commons_codec_jar_link=%(pki_tomcat_common_lib_path)s/apache-commons-codec.jar
pki_httpclient_jar_link=%(pki_tomcat_common_lib_path)s/httpclient.jar
pki_httpcore_jar_link=%(pki_tomcat_common_lib_path)s/httpcore.jar
pki_javassist_jar_link=%(pki_tomcat_common_lib_path)s/javassist.jar
pki_resteasy_jaxrs_api_jar_link=%(pki_tomcat_common_lib_path)s/jaxrs-api.jar
pki_jettison_jar_link=%(pki_tomcat_common_lib_path)s/jettison.jar
pki_ldapjdk_jar_link=%(pki_tomcat_common_lib_path)s/ldapjdk.jar
pki_tomcat_jar_link=%(pki_tomcat_common_lib_path)s/pki-tomcat.jar
pki_resteasy_atom_provider_jar_link=%(pki_tomcat_common_lib_path)s/resteasy-atom-provider.jar
pki_resteasy_jaxb_provider_jar_link=%(pki_tomcat_common_lib_path)s/resteasy-jaxb-provider.jar
pki_resteasy_jaxrs_jar_link=%(pki_tomcat_common_lib_path)s/resteasy-jaxrs.jar
pki_resteasy_jettison_provider_jar_link=%(pki_tomcat_common_lib_path)s/resteasy-jettison-provider.jar
pki_scannotation_jar_link=%(pki_tomcat_common_lib_path)s/scannotation.jar
pki_tomcatjss_jar_link=%(pki_tomcat_common_lib_path)s/tomcatjss.jar
pki_velocity_jar_link=%(pki_tomcat_common_lib_path)s/velocity.jar
pki_xerces_j2_jar_link=%(pki_tomcat_common_lib_path)s/xerces-j2.jar
pki_xml_commons_apis_jar_link=%(pki_tomcat_common_lib_path)s/xml-commons-apis.jar
pki_xml_commons_resolver_jar_link=%(pki_tomcat_common_lib_path)s/xml-commons-resolver.jar
pki_ca_jar=/usr/share/java/pki/pki-ca.jar
pki_ca_jar_link=%(pki_tomcat_webapps_subsystem_webinf_lib_path)s/pki-ca.jar
pki_kra_jar=/usr/share/java/pki/pki-kra.jar
pki_kra_jar_link=%(pki_tomcat_webapps_subsystem_webinf_lib_path)s/pki-kra.jar
pki_ocsp_jar=/usr/share/java/pki/pki-ocsp.jar
pki_ocsp_jar_link=%(pki_tomcat_webapps_subsystem_webinf_lib_path)s/pki-ocsp.jar
pki_tks_jar=/usr/share/java/pki/pki-tks.jar
pki_tks_jar_link=%(pki_tomcat_webapps_subsystem_webinf_lib_path)s/pki-tks.jar
###############################################################################
## CA Configuration: ##
## ##
## Values in this section are common to CA subsystems including 'PKI CAs', ##
## 'Cloned CAs', 'Subordinate CAs', and 'External CAs', and contain ##
## required information which MAY be overridden by users as necessary. ##
## ##
## EXTERNAL CAs: To specify an 'External CA', change the value ##
## of 'pki_external' from 'False' to 'True'. ##
## ##
## SUBORDINATE CAs: To specify a 'Subordinate CA', change the value ##
## of 'pki_subordinate' from 'False' to 'True'. ##
## ##
## REMINDER: PKI CA Clones, Subordinate CAs, and External CAs ##
## are MUTUALLY EXCLUSIVE entities!!! ##
###############################################################################
[CA]
pki_ca_signing_key_algorithm=SHA256withRSA
pki_ca_signing_key_size=2048
pki_ca_signing_key_type=rsa
pki_ca_signing_nickname=caSigningCert cert-%(pki_instance_name)s CA
pki_ca_signing_signing_algorithm=SHA256withRSA
pki_ca_signing_subject_dn=cn=CA Signing Certificate,o=%(pki_security_domain_name)s
pki_ca_signing_token=Internal Key Storage Token
pki_external=False
pki_external_ca_cert_chain_path=
pki_external_ca_cert_path=
pki_external_csr_path=
pki_external_step_two=False
pki_import_admin_cert=False
pki_ocsp_signing_key_algorithm=SHA256withRSA
pki_ocsp_signing_key_size=2048
pki_ocsp_signing_key_type=rsa
pki_ocsp_signing_nickname=ocspSigningCert cert-%(pki_instance_name)s CA
pki_ocsp_signing_signing_algorithm=SHA256withRSA
pki_ocsp_signing_subject_dn=cn=CA OCSP Signing Certificate,o=%(pki_security_domain_name)s
pki_ocsp_signing_token=Internal Key Storage Token
pki_random_serial_numbers_enable=False
pki_subordinate=False
pki_admin_email=%(pki_admin_name)s@%(pki_dns_domainname)s
pki_admin_name=%(pki_admin_uid)s
pki_admin_nickname=PKI Administrator for %(pki_dns_domainname)s
pki_admin_subject_dn=cn=PKI Administrator,e=%(pki_admin_email)s,o=%(pki_security_domain_name)s
pki_admin_uid=caadmin
pki_audit_signing_nickname=auditSigningCert cert-%(pki_instance_name)s CA
pki_audit_signing_subject_dn=cn=CA Audit Signing Certificate,o=%(pki_security_domain_name)s
pki_ds_base_dn=o=%(pki_instance_name)s-CA
pki_ds_database=%(pki_instance_name)s-CA
pki_ds_hostname=%(pki_hostname)s
pki_subsystem_name=CA %(pki_hostname)s %(pki_https_port)s
pki_subsystem_nickname=subsystemCert cert-%(pki_instance_name)s CA
pki_subsystem_subject_dn=cn=CA Subsystem Certificate,o=%(pki_security_domain_name)s
# Paths
# These are used in the processing of pkispawn and are not supposed
# to be overwritten by user configuration files.
#
pki_source_emails=/usr/share/pki/ca/emails
pki_source_flatfile_txt=%(pki_source_conf_path)s/flatfile.txt
pki_source_profiles=/usr/share/pki/ca/profiles
pki_source_proxy_conf=%(pki_source_conf_path)s/proxy.conf
pki_source_registry_cfg=%(pki_source_conf_path)s/registry.cfg
pki_source_admincert_profile=%(pki_source_conf_path)s/adminCert.profile
pki_source_caauditsigningcert_profile=%(pki_source_conf_path)s/caAuditSigningCert.profile
pki_source_cacert_profile=%(pki_source_conf_path)s/caCert.profile
pki_source_caocspcert_profile=%(pki_source_conf_path)s/caOCSPCert.profile
pki_source_servercert_profile=%(pki_source_conf_path)s/serverCert.profile
pki_source_subsystemcert_profile=%(pki_source_conf_path)s/subsystemCert.profile
pki_subsystem_emails_path=%(pki_subsystem_path)s/emails
pki_subsystem_profiles_path=%(pki_subsystem_path)s/profiles
###############################################################################
## KRA Configuration: ##
## ##
## Values in this section are common to KRA subsystems ##
## including 'PKI KRAs' and 'Cloned KRAs', and contain ##
## required information which MAY be overridden by users as necessary. ##
###############################################################################
[KRA]
pki_import_admin_cert=True
pki_storage_key_algorithm=SHA256withRSA
pki_storage_key_size=2048
pki_storage_key_type=rsa
pki_storage_nickname=storageCert cert-%(pki_instance_name)s KRA
pki_storage_signing_algorithm=SHA256withRSA
pki_storage_subject_dn=cn=DRM Storage Certificate,o=%(pki_security_domain_name)s
pki_storage_token=Internal Key Storage Token
pki_transport_key_algorithm=SHA256withRSA
pki_transport_key_size=2048
pki_transport_key_type=rsa
pki_transport_nickname=transportCert cert-%(pki_instance_name)s KRA
pki_transport_signing_algorithm=SHA256withRSA
pki_transport_subject_dn=cn=DRM Transport Certificate,o=%(pki_security_domain_name)s
pki_transport_token=Internal Key Storage Token
pki_admin_email=%(pki_admin_name)s@%(pki_dns_domainname)s
pki_admin_name=%(pki_admin_uid)s
pki_admin_nickname=PKI Administrator for %(pki_dns_domainname)s
pki_admin_subject_dn=cn=PKI Administrator,e=%(pki_admin_email)s,o=%(pki_security_domain_name)s
pki_admin_uid=kraadmin
pki_audit_signing_nickname=auditSigningCert cert-%(pki_instance_name)s KRA
pki_audit_signing_subject_dn=cn=KRA Audit Signing Certificate,o=%(pki_security_domain_name)s
pki_ds_base_dn=o=%(pki_instance_name)s-KRA
pki_ds_database=%(pki_instance_name)s-KRA
pki_ds_hostname=%(pki_hostname)s
pki_subsystem_name=KRA %(pki_hostname)s %(pki_https_port)s
pki_subsystem_nickname=subsystemCert cert-%(pki_instance_name)s KRA
pki_subsystem_subject_dn=cn=KRA Subsystem Certificate,o=%(pki_security_domain_name)s
# Paths
# These are used in the processing of pkispawn and are not supposed
# to be overwritten by user configuration files.
#
pki_source_servercert_profile=%(pki_source_conf_path)s/serverCert.profile
pki_source_storagecert_profile=%(pki_source_conf_path)s/storageCert.profile
pki_source_subsystemcert_profile=%(pki_source_conf_path)s/subsystemCert.profile
pki_source_transportcert_profile=%(pki_source_conf_path)s/transportCert.profile
###############################################################################
## OCSP Configuration: ##
## ##
## Values in this section are common to OCSP subsystems ##
## including 'PKI OCSPs' and 'Cloned OCSPs', and contain ##
## required information which MAY be overridden by users as necessary. ##
###############################################################################
[OCSP]
pki_import_admin_cert=True
pki_ocsp_signing_key_algorithm=SHA256withRSA
pki_ocsp_signing_key_size=2048
pki_ocsp_signing_key_type=rsa
pki_ocsp_signing_nickname=ocspSigningCert cert-%(pki_instance_name)s OCSP
pki_ocsp_signing_signing_algorithm=SHA256withRSA
pki_ocsp_signing_subject_dn=cn=OCSP Signing Certificate,o=%(pki_security_domain_name)s
pki_ocsp_signing_token=Internal Key Storage Token
pki_admin_email=%(pki_admin_name)s@%(pki_dns_domainname)s
pki_admin_name=%(pki_admin_uid)s
pki_admin_nickname=PKI Administrator for %(pki_dns_domainname)s
pki_admin_subject_dn=cn=PKI Administrator,e=%(pki_admin_email)s,o=%(pki_security_domain_name)s
pki_admin_uid=ocspadmin
pki_audit_signing_nickname=auditSigningCert cert-%(pki_instance_name)s OCSP
pki_audit_signing_subject_dn=cn=OCSP Audit Signing Certificate,o=%(pki_security_domain_name)s
pki_ds_base_dn=o=%(pki_instance_name)s-OCSP
pki_ds_database=%(pki_instance_name)s-OCSP
pki_ds_hostname=%(pki_hostname)s
pki_subsystem_name=OCSP %(pki_hostname)s %(pki_https_port)s
pki_subsystem_nickname=subsystemCert cert-%(pki_instance_name)s OCSP
pki_subsystem_subject_dn=cn=OCSP Subsystem Certificate,o=%(pki_security_domain_name)s
###############################################################################
## RA Configuration: ##
## ##
## Values in this section are common to PKI RA subsystems, and contain ##
## required information which MAY be overridden by users as necessary. ##
###############################################################################
[RA]
###############################################################################
## TKS Configuration: ##
## ##
## Values in this section are common to TKS subsystems ##
## including 'PKI TKSs' and 'Cloned TKSs', and contain ##
## required information which MAY be overridden by users as necessary. ##
###############################################################################
[TKS]
pki_import_admin_cert=True
pki_admin_email=%(pki_admin_name)s@%(pki_dns_domainname)s
pki_admin_name=%(pki_admin_uid)s
pki_admin_nickname=PKI Administrator for %(pki_dns_domainname)s
pki_admin_subject_dn=cn=PKI Administrator,e=%(pki_admin_email)s,o=%(pki_security_domain_name)s
pki_admin_uid=tksadmin
pki_audit_signing_nickname=auditSigningCert cert-%(pki_instance_name)s TKS
pki_audit_signing_subject_dn=cn=TKS Audit Signing Certificate,o=%(pki_security_domain_name)s
pki_ds_base_dn=o=%(pki_instance_name)s-TKS
pki_ds_database=%(pki_instance_name)s-TKS
pki_ds_hostname=%(pki_hostname)s
pki_subsystem_name=TKS %(pki_hostname)s %(pki_https_port)s
pki_subsystem_nickname=subsystemCert cert-%(pki_instance_name)s TKS
pki_subsystem_subject_dn=cn=TKS Subsystem Certificate,o=%(pki_security_domain_name)s
###############################################################################
## TPS Configuration: ##
## ##
## Values in this section are common to PKI TPS subsystems, and contain ##
## required information which MAY be overridden by users as necessary. ##
###############################################################################
[TPS]
# Paths
# These are used in the processing of pkispawn and are not supposed
# to be overwritten by user configuration files.
#
pki_subsystem_signed_audit_log_path=%(pki_subsystem_log_path)s/signedAudit
distrib
>
Fedora
>
18
>
x86_64
>
media
>
updates
>
by-pkgid
>
501d4c44d5e67a5abbdef8844aea6606
>
files
>
1
