Sample configuration files
.cfg file
With partial inclusion from the file stored in the repo.
[source,shell]
----
[DEFAULT]
JAVA_HOME=%(java_home)s
NSS_DEFAULT_DB_TYPE=%(nss_default_db_type)s
pki_admin_cert_file=%(pki_client_dir)s/admin.cer
pki_admin_cert_request_type=pkcs10
pki_admin_dualkey=False
pki_admin_key_algorithm=SHA256withRSA
pki_admin_key_size=2048
pki_admin_key_type=rsa
pki_admin_password=password
pki_audit_group=pkiaudit
pki_audit_signing_key_algorithm=SHA256withRSA
pki_audit_signing_key_size=2048
pki_audit_signing_key_type=rsa
pki_audit_signing_signing_algorithm=SHA256withRSA
pki_audit_signing_token=OCS1
pki_ca_hostname=%(pki_security_domain_hostname)s
pki_ca_port=%(pki_security_domain_https_port)s
pki_ca_signing_cert_path=/etc/pki/ca-1/alias/ca-1_caSigningCert.cer
pki_ca_signing_nickname=caSigningCert cert-%(pki_instance_name)s CA
pki_cert_chain_nickname=caSigningCert External CA
pki_cert_chain_path=/etc/pki/ca-1/alias/caChain.p7c
pki_client_admin_cert=%(pki_client_dir)s/%(pki_subsystem_type)s_admin.cer
pki_client_admin_cert_p12=%(pki_client_dir)s/%(pki_subsystem_type)s_admin.p12
pki_client_cert_database=%(pki_client_database_dir)s/cert8.db
pki_client_database_dir=%(pki_client_subsystem_dir)s
pki_client_database_password=password
pki_client_database_purge=False
pki_client_dir=/etc/pki/ca-1/agent_alias
pki_client_key_database=%(pki_client_database_dir)s/key3.db
pki_client_password_conf=%(pki_client_subsystem_dir)s/password.conf
pki_client_pkcs12_password=password
pki_client_pkcs12_password_conf=%(pki_client_subsystem_dir)s/pkcs12_password.conf
pki_client_secmod_database=%(pki_client_database_dir)s/secmod.db
pki_client_subsystem_dir=%(pki_client_dir)s
pki_configuration_path=%(pki_root_prefix)s/etc/pki
pki_ds_bind_dn=cn=Directory Manager
pki_ds_create_new_db=True
pki_ds_ldap_port=389
pki_ds_ldaps_port=636
pki_ds_password=password
pki_ds_remove_data=True
pki_ds_secure_connection=False
pki_ds_secure_connection_ca_nickname=Directory Server CA certificate
pki_ds_secure_connection_ca_pem_file=
pki_existing=False
pki_external_ca_cert_chain_path=%(pki_cert_chain_path)s
pki_group=pkiuser
pki_hostname=pki.domain.com
pki_hsm_enable=True
pki_hsm_libfile=/opt/nfast/toolkits/pkcs11/libcknfast.so
pki_hsm_modulename=nfast
pki_http_port=8080
pki_https_port=8443
pki_instance_conf_link=%(pki_instance_path)s/conf
pki_instance_configuration_path=%(pki_configuration_path)s/%(pki_instance_name)s
pki_instance_database_link=%(pki_instance_path)s/alias
pki_instance_log_path=%(pki_log_path)s/%(pki_instance_name)s
pki_instance_logs_link=%(pki_instance_path)s/logs
pki_instance_name=ca-1
pki_instance_path=%(pki_path)s/%(pki_instance_name)s
pki_issuing_ca=%(pki_issuing_ca_uri)s
pki_issuing_ca_hostname=%(pki_security_domain_hostname)s
pki_issuing_ca_https_port=%(pki_security_domain_https_port)s
pki_issuing_ca_uri=https://%(pki_issuing_ca_hostname)s:%(pki_issuing_ca_https_port)s
pki_log_path=%(pki_root_prefix)s/var/log/pki
pki_path=%(pki_root_prefix)s/var/lib/pki
pki_pkcs12_password=password
pki_pkcs12_path=
pki_registry_path=%(pki_root_prefix)s/etc/sysconfig/pki
pki_replication_password=password
pki_restart_configured_instance=True
pki_san_for_server_cert=
pki_san_inject=False
pki_security_domain_hostname=%(pki_hostname)s
pki_security_domain_https_port=8443
pki_security_domain_name=Security Domain
pki_security_domain_password=password
pki_security_domain_user=admin
pki_self_signed_token=internal
pki_server_database_password=password
pki_server_database_path=%(pki_instance_configuration_path)s/alias
pki_skip_configuration=False
pki_skip_ds_verify=False
pki_skip_installation=False
pki_skip_sd_verify=False
pki_source_conf_path=/usr/share/pki/%(pki_subsystem_type)s/conf
pki_source_cs_cfg=/usr/share/pki/%(pki_subsystem_type)s/conf/CS.cfg
pki_source_registry=/usr/share/pki/setup/pkidaemon_registry
pki_source_server_path=/usr/share/pki/server/conf
pki_source_setup_path=/usr/share/pki/setup
pki_source_subsystem_path=/usr/share/pki/%(pki_subsystem_type)s
pki_sslserver_key_algorithm=SHA256withRSA
pki_sslserver_key_size=2048
pki_sslserver_key_type=rsa
pki_sslserver_nickname=Server-Cert cert-%(pki_instance_name)s CA
pki_sslserver_subject_dn=cn=ca-1.domain.com,OU=Group,OU=Division,O=nCipher Security,C=US
pki_sslserver_token=OCS1
pki_subsystem_archive_log_path=%(pki_subsystem_log_path)s/archive
pki_subsystem_conf_link=%(pki_subsystem_path)s/conf
pki_subsystem_configuration_path=%(pki_instance_configuration_path)s/%(pki_subsystem_
type)s
pki_subsystem_database_link=%(pki_subsystem_path)s/alias
pki_subsystem_key_algorithm=SHA256withRSA
pki_subsystem_key_size=2048
pki_subsystem_key_type=rsa
pki_subsystem_log_path=%(pki_instance_log_path)s/%(pki_subsystem_type)s
pki_subsystem_logs_link=%(pki_subsystem_path)s/logs
pki_subsystem_nickname=subsystemCert cert-%(pki_instance_name)s CA
pki_subsystem_path=%(pki_instance_path)s/%(pki_subsystem_type)s
pki_subsystem_registry_link=%(pki_subsystem_path)s/registry
pki_subsystem_subject_dn=cn=CA-1 Subsystem Certificate,OU=Group,OU=Division,O=nCipher
Security,C=US
pki_subsystem_token=OCS1
pki_theme_enable=True
pki_theme_server_dir=/usr/share/pki/common-ui
pki_token_name=OCS1
pki_token_password=password
pki_user=pkiuser-ca-1
[Tomcat]
pki_ajp_host=localhost
pki_ajp_port=8009
pki_cgroup_cpu_systemd_service=%(pki_cgroup_cpu_systemd_service_path)s/%(pki_systemd_service)
s
pki_cgroup_cpu_systemd_service_path=/sys/fs/cgroup/cpu\,cpuacct/system/%(pki_systemd_
service)s
pki_cgroup_systemd_service=%(pki_cgroup_systemd_service_path)s/%(pki_instance_name)s
pki_cgroup_systemd_service_path=/sys/fs/cgroup/systemd/system/%(pki_systemd_service)s
pki_clone=False
pki_clone_pkcs12_password=password
pki_clone_pkcs12_path=
pki_clone_reindex_data=False
pki_clone_replicate_schema=True
pki_clone_replication_clone_port=
pki_clone_replication_master_port=
pki_clone_replication_security=None
pki_clone_setup_replication=True
pki_clone_uri=https://%(pki_master_hostname)s:%(pki_master_https_port)s
pki_enable_access_log=True
pki_enable_java_debugger=False
pki_enable_on_system_boot=True
pki_enable_proxy=False
pki_instance_conf_log4j_properties=%(pki_instance_configuration_path)s/log4j.properties
pki_instance_lib=%(pki_instance_path)s/lib
pki_instance_lib_log4j_properties=%(pki_instance_lib)s/log4j.properties
pki_instance_registry_path=%(pki_instance_type_registry_path)s/%(pki_instance_name)s
pki_instance_systemd_link=%(pki_instance_path)s/%(pki_instance_name)s
pki_instance_type=Tomcat
pki_instance_type_registry_path=%(pki_registry_path)s/tomcat
pki_master_hostname=%(pki_security_domain_hostname)s
pki_master_https_port=%(pki_security_domain_https_port)s
pki_proxy_http_port=80
pki_proxy_https_port=443
pki_security_manager=true
pki_server_external_certs_path=
pki_server_pkcs12_password=password
pki_server_pkcs12_path=
pki_source_catalina_properties=%(pki_source_server_path)s/catalina.properties
pki_source_context_xml=%(pki_source_server_path)s/context.xml
pki_source_server_xml=%(pki_source_server_path)s/server.xml
pki_source_servercertnick_conf=%(pki_source_server_path)s/serverCertNick.conf
pki_source_tomcat_conf=%(pki_source_server_path)s/tomcat.conf
pki_subsystem_registry_path=%(pki_instance_registry_path)s/%(pki_subsystem_type)s
pki_subsystem_signed_audit_log_path=%(pki_subsystem_log_path)s/signedAudit
pki_systemd_service=/lib/systemd/system/pki-tomcatd@.service
pki_systemd_service_link=%(pki_systemd_target_wants)s/pki-tomcatd@%(pki_instance_
name)s.service
pki_systemd_target=/lib/systemd/system/pki-tomcatd.target
pki_systemd_target_wants=/etc/systemd/system/pki-tomcatd.target.wants
pki_tomcat_bin_link=%(pki_instance_path)s/bin
pki_tomcat_bin_path=/usr/share/tomcat/bin
pki_tomcat_common_lib_path=%(pki_tomcat_common_path)s/lib
pki_tomcat_common_path=%(pki_instance_path)s/common
pki_tomcat_common_webapps_path=%(pki_instance_path)s/common/webapps
pki_tomcat_lib_path=/usr/share/tomcat/lib
pki_tomcat_server_port=8005
pki_tomcat_subsystem_webapps_path=%(pki_subsystem_path)s/webapps
pki_tomcat_systemd=/usr/sbin/tomcat
pki_tomcat_tmpdir_path=%(pki_instance_path)s/temp
pki_tomcat_webapps_path=%(pki_instance_path)s/webapps
pki_tomcat_webapps_subsystem_path=%(pki_tomcat_subsystem_webapps_path)s/%(pki_subsystem_
type)s
pki_tomcat_webapps_subsystem_webinf_classes_path=%(pki_tomcat_webapps_subsystem_
path)s/WEB-INF/classes
pki_tomcat_webapps_subsystem_webinf_lib_path=%(pki_tomcat_webapps_subsystem_path)s/WEBINF/
lib
pki_tomcat_work_catalina_host_path=%(pki_tomcat_work_catalina_path)s/localhost
pki_tomcat_work_catalina_host_run_path=%(pki_tomcat_work_catalina_host_path)s/_
pki_tomcat_work_catalina_host_subsystem_path=%(pki_tomcat_work_catalina_host_path)s/%
(pki_subsystem_type)s
pki_tomcat_work_catalina_path=%(pki_tomcat_work_path)s/Catalina
pki_tomcat_work_path=%(pki_instance_path)s/work
[CA]
pki_admin_email=%(pki_admin_name)s@localhost
pki_admin_name=%(pki_admin_uid)s
pki_admin_nickname=CA-1 Agent Certificate
pki_admin_subject_dn=cn=CA-1 Agent Certificate,OU=Group,OU=Division,O=nCipher Security,
C=US
pki_admin_uid=admin
pki_audit_signing_cert_path=
pki_audit_signing_csr_path=
pki_audit_signing_nickname=auditSigningCert cert-%(pki_instance_name)s CA
pki_audit_signing_subject_dn=cn=CA-1 Audit Certificate,OU=Group,OU=Division,O=nCipher
Security,C=US
pki_ca_signing_csr_path=/etc/pki/ca-1/alias/ca-1_caSigningCert.req
pki_ca_signing_key_algorithm=SHA256withRSA
pki_ca_signing_key_size=2048
pki_ca_signing_key_type=rsa
pki_ca_signing_record_create=True
pki_ca_signing_serial_number=1
pki_ca_signing_signing_algorithm=SHA256withRSA
pki_ca_signing_subject_dn=cn=CA-1,OU=Group,OU=Division,O=nCipher Security,C=US
pki_ca_signing_token=OCS1
pki_ca_starting_crl_number=0
pki_default_ocsp_uri=
pki_ds_base_dn=o=%(pki_instance_name)s-CA
pki_ds_database=%(pki_instance_name)s-CA
pki_ds_hostname=ldap.domain.com
pki_external=False
pki_external_pkcs12_password=password
pki_external_pkcs12_path=%(pki_pkcs12_path)s
pki_external_step_two=False
pki_import_admin_cert=False
pki_master_crl_enable=True
pki_ocsp_signing_cert_path=
pki_ocsp_signing_csr_path=
pki_ocsp_signing_key_algorithm=SHA256withRSA
pki_ocsp_signing_key_size=2048
pki_ocsp_signing_key_type=rsa
pki_ocsp_signing_nickname=ocspSigningCert cert-%(pki_instance_name)s CA
pki_ocsp_signing_signing_algorithm=SHA256withRSA
pki_ocsp_signing_subject_dn=cn=CA-1 OCSP Certificate,OU=Group,OU=Division,O=nCipher Security,
C=US
pki_ocsp_signing_token=OCS1
pki_profiles_in_ldap=False
pki_random_serial_numbers_enable=False
pki_replica_number_range_end=100
pki_replica_number_range_start=1
pki_req_ext_add=False
pki_req_ext_critical=False
pki_req_ext_data=1E0A00530075006200430041
pki_req_ext_oid=1.3.6.1.4.1.311.20.2
pki_request_number_range_end=10000000
pki_request_number_range_start=1
pki_serial_number_range_end=10000000
pki_serial_number_range_start=1
pki_share_db=False
pki_source_admincert_profile=%(pki_source_conf_path)s/%(pki_admin_key_type)sAdminCert.
profile
pki_source_caauditsigningcert_profile=%(pki_source_conf_path)s/caAuditSigningCert.profile
pki_source_cacert_profile=%(pki_source_conf_path)s/caCert.profile
pki_source_caocspcert_profile=%(pki_source_conf_path)s/caOCSPCert.profile
pki_source_emails=/usr/share/pki/ca/emails
pki_source_flatfile_txt=%(pki_source_conf_path)s/flatfile.txt
pki_source_profiles=/usr/share/pki/ca/profiles
pki_source_proxy_conf=%(pki_source_conf_path)s/proxy.conf
pki_source_registry_cfg=%(pki_source_conf_path)s/registry.cfg
pki_source_servercert_profile=%(pki_source_conf_path)s/%(pki_sslserver_key_type)sServer-
Cert.profile
pki_source_subsystemcert_profile=%(pki_source_conf_path)s/%(pki_subsystem_key_
type)sSubsystemCert.profile
pki_sslserver_cert_path=
pki_sslserver_csr_path=
pki_subordinate=False
pki_subordinate_create_new_security_domain=False
pki_subordinate_security_domain_name=%(pki_dns_domainname)s Subordinate Security Domain
pki_subsystem_cert_path=
pki_subsystem_csr_path=
pki_subsystem_emails_path=%(pki_subsystem_path)s/emails
pki_subsystem_name=CA %(pki_hostname)s %(pki_https_port)s
pki_subsystem_profiles_path=%(pki_subsystem_path)s/profiles
----[DEFAULT]
JAVA_HOME=%(java_home)s
NSS_DEFAULT_DB_TYPE=%(nss_default_db_type)s
pki_admin_cert_file=%(pki_client_dir)s/admin.cer
pki_admin_cert_request_type=pkcs10
pki_admin_dualkey=False
pki_admin_key_algorithm=SHA256withRSA
pki_admin_key_size=2048
pki_admin_key_type=rsa
pki_admin_password=password
pki_audit_group=pkiaudit
pki_audit_signing_key_algorithm=SHA256withRSA
pki_audit_signing_key_size=2048
pki_audit_signing_key_type=rsa
pki_audit_signing_signing_algorithm=SHA256withRSA
pki_audit_signing_token=OCS1
pki_ca_hostname=%(pki_security_domain_hostname)s
pki_ca_port=%(pki_security_domain_https_port)s
pki_ca_signing_cert_path=/etc/pki/ca-1/alias/ca-1_caSigningCert.cer
pki_ca_signing_nickname=caSigningCert cert-%(pki_instance_name)s CA
pki_cert_chain_nickname=caSigningCert External CA
pki_cert_chain_path=/etc/pki/ca-1/alias/caChain.p7c
pki_client_admin_cert=%(pki_client_dir)s/%(pki_subsystem_type)s_admin.cer
pki_client_admin_cert_p12=%(pki_client_dir)s/%(pki_subsystem_type)s_admin.p12
pki_client_cert_database=%(pki_client_database_dir)s/cert8.db
pki_client_database_dir=%(pki_client_subsystem_dir)s
pki_client_database_password=password
pki_client_database_purge=False
pki_client_dir=/etc/pki/ca-1/agent_alias
pki_client_key_database=%(pki_client_database_dir)s/key3.db
pki_client_password_conf=%(pki_client_subsystem_dir)s/password.conf
pki_client_pkcs12_password=password
pki_client_pkcs12_password_conf=%(pki_client_subsystem_dir)s/pkcs12_password.conf
pki_client_secmod_database=%(pki_client_database_dir)s/secmod.db
pki_client_subsystem_dir=%(pki_client_dir)s
pki_configuration_path=%(pki_root_prefix)s/etc/pki
pki_ds_bind_dn=cn=Directory Manager
pki_ds_create_new_db=True
pki_ds_ldap_port=389
pki_ds_ldaps_port=636
pki_ds_password=password
pki_ds_remove_data=True
pki_ds_secure_connection=False
pki_ds_secure_connection_ca_nickname=Directory Server CA certificate
pki_ds_secure_connection_ca_pem_file=
pki_existing=False
pki_external_ca_cert_chain_path=%(pki_cert_chain_path)s
pki_group=pkiuser
pki_hostname=pki.domain.com
pki_hsm_enable=True
pki_hsm_libfile=/opt/nfast/toolkits/pkcs11/libcknfast.so
pki_hsm_modulename=nfast
pki_http_port=8080
pki_https_port=8443
pki_instance_conf_link=%(pki_instance_path)s/conf
pki_instance_configuration_path=%(pki_configuration_path)s/%(pki_instance_name)s
pki_instance_database_link=%(pki_instance_path)s/alias
pki_instance_log_path=%(pki_log_path)s/%(pki_instance_name)s
pki_instance_logs_link=%(pki_instance_path)s/logs
pki_instance_name=ca-1
pki_instance_path=%(pki_path)s/%(pki_instance_name)s
pki_issuing_ca=%(pki_issuing_ca_uri)s
pki_issuing_ca_hostname=%(pki_security_domain_hostname)s
pki_issuing_ca_https_port=%(pki_security_domain_https_port)s
pki_issuing_ca_uri=https://%(pki_issuing_ca_hostname)s:%(pki_issuing_ca_https_port)s
pki_log_path=%(pki_root_prefix)s/var/log/pki
pki_path=%(pki_root_prefix)s/var/lib/pki
pki_pkcs12_password=password
pki_pkcs12_path=
pki_registry_path=%(pki_root_prefix)s/etc/sysconfig/pki
pki_replication_password=password
pki_restart_configured_instance=True
pki_san_for_server_cert=
pki_san_inject=False
pki_security_domain_hostname=%(pki_hostname)s
pki_security_domain_https_port=8443
pki_security_domain_name=Security Domain
pki_security_domain_password=password
pki_security_domain_user=admin
pki_self_signed_token=internal
pki_server_database_password=password
pki_server_database_path=%(pki_instance_configuration_path)s/alias
pki_skip_configuration=False
pki_skip_ds_verify=False
pki_skip_installation=False
pki_skip_sd_verify=False
pki_source_conf_path=/usr/share/pki/%(pki_subsystem_type)s/conf
pki_source_cs_cfg=/usr/share/pki/%(pki_subsystem_type)s/conf/CS.cfg
pki_source_registry=/usr/share/pki/setup/pkidaemon_registry
pki_source_server_path=/usr/share/pki/server/conf
pki_source_setup_path=/usr/share/pki/setup
pki_source_subsystem_path=/usr/share/pki/%(pki_subsystem_type)s
pki_sslserver_key_algorithm=SHA256withRSA
pki_sslserver_key_size=2048
pki_sslserver_key_type=rsa
pki_sslserver_nickname=Server-Cert cert-%(pki_instance_name)s CA
pki_sslserver_subject_dn=cn=ca-1.domain.com,OU=Group,OU=Division,O=nCipher Security,C=US
pki_sslserver_token=OCS1
pki_subsystem_archive_log_path=%(pki_subsystem_log_path)s/archive
pki_subsystem_conf_link=%(pki_subsystem_path)s/conf
pki_subsystem_configuration_path=%(pki_instance_configuration_path)s/%(pki_subsystem_
type)s
pki_subsystem_database_link=%(pki_subsystem_path)s/alias
pki_subsystem_key_algorithm=SHA256withRSA
pki_subsystem_key_size=2048
pki_subsystem_key_type=rsa
pki_subsystem_log_path=%(pki_instance_log_path)s/%(pki_subsystem_type)s
pki_subsystem_logs_link=%(pki_subsystem_path)s/logs
pki_subsystem_nickname=subsystemCert cert-%(pki_instance_name)s CA
pki_subsystem_path=%(pki_instance_path)s/%(pki_subsystem_type)s
pki_subsystem_registry_link=%(pki_subsystem_path)s/registry
pki_subsystem_subject_dn=cn=CA-1 Subsystem Certificate,OU=Group,OU=Division,O=nCipher
Security,C=US
pki_subsystem_token=OCS1
pki_theme_enable=True
pki_theme_server_dir=/usr/share/pki/common-ui
pki_token_name=OCS1
pki_token_password=password
pki_user=pkiuser-ca-1
[Tomcat]
pki_ajp_host=localhost
pki_ajp_port=8009
pki_cgroup_cpu_systemd_service=%(pki_cgroup_cpu_systemd_service_path)s/%(pki_systemd_service)
s
pki_cgroup_cpu_systemd_service_path=/sys/fs/cgroup/cpu\,cpuacct/system/%(pki_systemd_
service)s
pki_cgroup_systemd_service=%(pki_cgroup_systemd_service_path)s/%(pki_instance_name)s
pki_cgroup_systemd_service_path=/sys/fs/cgroup/systemd/system/%(pki_systemd_service)s
pki_clone=False
pki_clone_pkcs12_password=password
pki_clone_pkcs12_path=
pki_clone_reindex_data=False
pki_clone_replicate_schema=True
pki_clone_replication_clone_port=
pki_clone_replication_master_port=
pki_clone_replication_security=None
pki_clone_setup_replication=True
pki_clone_uri=https://%(pki_master_hostname)s:%(pki_master_https_port)s
pki_enable_access_log=True
pki_enable_java_debugger=False
pki_enable_on_system_boot=True
pki_enable_proxy=False
pki_instance_conf_log4j_properties=%(pki_instance_configuration_path)s/log4j.properties
pki_instance_lib=%(pki_instance_path)s/lib
pki_instance_lib_log4j_properties=%(pki_instance_lib)s/log4j.properties
pki_instance_registry_path=%(pki_instance_type_registry_path)s/%(pki_instance_name)s
pki_instance_systemd_link=%(pki_instance_path)s/%(pki_instance_name)s
pki_instance_type=Tomcat
pki_instance_type_registry_path=%(pki_registry_path)s/tomcat
pki_master_hostname=%(pki_security_domain_hostname)s
pki_master_https_port=%(pki_security_domain_https_port)s
pki_proxy_http_port=80
pki_proxy_https_port=443
pki_security_manager=true
pki_server_external_certs_path=
pki_server_pkcs12_password=password
pki_server_pkcs12_path=
pki_source_catalina_properties=%(pki_source_server_path)s/catalina.properties
pki_source_context_xml=%(pki_source_server_path)s/context.xml
pki_source_server_xml=%(pki_source_server_path)s/server.xml
pki_source_servercertnick_conf=%(pki_source_server_path)s/serverCertNick.conf
pki_source_tomcat_conf=%(pki_source_server_path)s/tomcat.conf
pki_subsystem_registry_path=%(pki_instance_registry_path)s/%(pki_subsystem_type)s
pki_subsystem_signed_audit_log_path=%(pki_subsystem_log_path)s/signedAudit
pki_systemd_service=/lib/systemd/system/pki-tomcatd@.service
pki_systemd_service_link=%(pki_systemd_target_wants)s/pki-tomcatd@%(pki_instance_
name)s.service
pki_systemd_target=/lib/systemd/system/pki-tomcatd.target
pki_systemd_target_wants=/etc/systemd/system/pki-tomcatd.target.wants
pki_tomcat_bin_link=%(pki_instance_path)s/bin
pki_tomcat_bin_path=/usr/share/tomcat/bin
pki_tomcat_common_lib_path=%(pki_tomcat_common_path)s/lib
pki_tomcat_common_path=%(pki_instance_path)s/common
pki_tomcat_common_webapps_path=%(pki_instance_path)s/common/webapps
pki_tomcat_lib_path=/usr/share/tomcat/lib
pki_tomcat_server_port=8005
pki_tomcat_subsystem_webapps_path=%(pki_subsystem_path)s/webapps
pki_tomcat_systemd=/usr/sbin/tomcat
pki_tomcat_tmpdir_path=%(pki_instance_path)s/temp
pki_tomcat_webapps_path=%(pki_instance_path)s/webapps
pki_tomcat_webapps_subsystem_path=%(pki_tomcat_subsystem_webapps_path)s/%(pki_subsystem_
type)s
pki_tomcat_webapps_subsystem_webinf_classes_path=%(pki_tomcat_webapps_subsystem_
path)s/WEB-INF/classes
pki_tomcat_webapps_subsystem_webinf_lib_path=%(pki_tomcat_webapps_subsystem_path)s/WEBINF/
lib
pki_tomcat_work_catalina_host_path=%(pki_tomcat_work_catalina_path)s/localhost
pki_tomcat_work_catalina_host_run_path=%(pki_tomcat_work_catalina_host_path)s/_
pki_tomcat_work_catalina_host_subsystem_path=%(pki_tomcat_work_catalina_host_path)s/%
(pki_subsystem_type)s
pki_tomcat_work_catalina_path=%(pki_tomcat_work_path)s/Catalina
pki_tomcat_work_path=%(pki_instance_path)s/work
[CA]
pki_admin_email=%(pki_admin_name)s@localhost
pki_admin_name=%(pki_admin_uid)s
pki_admin_nickname=CA-1 Agent Certificate
pki_admin_subject_dn=cn=CA-1 Agent Certificate,OU=Group,OU=Division,O=nCipher Security,
C=US
pki_admin_uid=admin
pki_audit_signing_cert_path=
pki_audit_signing_csr_path=
pki_audit_signing_nickname=auditSigningCert cert-%(pki_instance_name)s CA
pki_audit_signing_subject_dn=cn=CA-1 Audit Certificate,OU=Group,OU=Division,O=nCipher
Security,C=US
pki_ca_signing_csr_path=/etc/pki/ca-1/alias/ca-1_caSigningCert.req
pki_ca_signing_key_algorithm=SHA256withRSA
pki_ca_signing_key_size=2048
pki_ca_signing_key_type=rsa
pki_ca_signing_record_create=True
pki_ca_signing_serial_number=1
pki_ca_signing_signing_algorithm=SHA256withRSA
pki_ca_signing_subject_dn=cn=CA-1,OU=Group,OU=Division,O=nCipher Security,C=US
pki_ca_signing_token=OCS1
pki_ca_starting_crl_number=0
pki_default_ocsp_uri=
pki_ds_base_dn=o=%(pki_instance_name)s-CA
pki_ds_database=%(pki_instance_name)s-CA
pki_ds_hostname=ldap.domain.com
pki_external=False
pki_external_pkcs12_password=password
pki_external_pkcs12_path=%(pki_pkcs12_path)s
pki_external_step_two=False
pki_import_admin_cert=False
pki_master_crl_enable=True
pki_ocsp_signing_cert_path=
pki_ocsp_signing_csr_path=
pki_ocsp_signing_key_algorithm=SHA256withRSA
pki_ocsp_signing_key_size=2048
pki_ocsp_signing_key_type=rsa
pki_ocsp_signing_nickname=ocspSigningCert cert-%(pki_instance_name)s CA
pki_ocsp_signing_signing_algorithm=SHA256withRSA
pki_ocsp_signing_subject_dn=cn=CA-1 OCSP Certificate,OU=Group,OU=Division,O=nCipher Security,
C=US
pki_ocsp_signing_token=OCS1
pki_profiles_in_ldap=False
pki_random_serial_numbers_enable=False
pki_replica_number_range_end=100
pki_replica_number_range_start=1
pki_req_ext_add=False
pki_req_ext_critical=False
pki_req_ext_data=1E0A00530075006200430041
pki_req_ext_oid=1.3.6.1.4.1.311.20.2
pki_request_number_range_end=10000000
pki_request_number_range_start=1
pki_serial_number_range_end=10000000
pki_serial_number_range_start=1
pki_share_db=False
pki_source_admincert_profile=%(pki_source_conf_path)s/%(pki_admin_key_type)sAdminCert.
profile
pki_source_caauditsigningcert_profile=%(pki_source_conf_path)s/caAuditSigningCert.profile
pki_source_cacert_profile=%(pki_source_conf_path)s/caCert.profile
pki_source_caocspcert_profile=%(pki_source_conf_path)s/caOCSPCert.profile
pki_source_emails=/usr/share/pki/ca/emails
pki_source_flatfile_txt=%(pki_source_conf_path)s/flatfile.txt
pki_source_profiles=/usr/share/pki/ca/profiles
pki_source_proxy_conf=%(pki_source_conf_path)s/proxy.conf
pki_source_registry_cfg=%(pki_source_conf_path)s/registry.cfg
pki_source_servercert_profile=%(pki_source_conf_path)s/%(pki_sslserver_key_type)sServer-
Cert.profile
pki_source_subsystemcert_profile=%(pki_source_conf_path)s/%(pki_subsystem_key_
type)sSubsystemCert.profile
pki_sslserver_cert_path=
pki_sslserver_csr_path=
pki_subordinate=False
pki_subordinate_create_new_security_domain=False
pki_subordinate_security_domain_name=%(pki_dns_domainname)s Subordinate Security Domain
pki_subsystem_cert_path=
pki_subsystem_csr_path=
pki_subsystem_emails_path=%(pki_subsystem_path)s/emails
pki_subsystem_name=CA %(pki_hostname)s %(pki_https_port)s
pki_subsystem_profiles_path=%(pki_subsystem_path)s/profiles.yaml file
[source,yaml]
----
kind: Pod
apiVersion: v1
metadata:
generateName: ncop-test-dummy-
namespace: ncop-test
labels:
app: nshield
spec:
containers:
- name: ncop-ubi8
securityContext:
privileged: true
command:
- sh
- '-c'
- sleep 3600
image: >-
image-registry.openshift-image-registry.svc:5000/openshift/nshield-ubi8:latest
ports:
- containerPort: 8080
protocol: TCP
resources: {}
volumeMounts:
- mountPath: /opt/nfast/kmdata
name: ncop-kmdata
volumes:
- name: ncop-kmdata
persistentVolumeClaim:
claimName: nfast-kmdata
----kind: Pod
apiVersion: v1
metadata:
generateName: ncop-test-dummy-
namespace: ncop-test
labels:
app: nshield
spec:
containers:
- name: ncop-ubi8
securityContext:
privileged: true
command:
- sh
- '-c'
- sleep 3600
image: >-
image-registry.openshift-image-registry.svc:5000/openshift/nshield-ubi8:latest
ports:
- containerPort: 8080
protocol: TCP
resources: {}
volumeMounts:
- mountPath: /opt/nfast/kmdata
name: ncop-kmdata
volumes:
- name: ncop-kmdata
persistentVolumeClaim:
claimName: nfast-kmdata