Red Hat CERTIFICATE SYSTEM 7.2 - ADMINISTRATION Administration Manual page 194

Chapter 7. Token Processing System
Parameter
op.enroll.tokenType.keyGen.encryption.recovery.keyCompromise.scheme
op.enroll.tokenType.keyGen.encryption.recovery.keyCompromise.revokeCert
op.enroll.tokenType.keyGen.encryption.recovery.keyCompromise.revokeCert.reason
op.enroll.tokenType.keyGen.recovery.onHold.keyType.num
op.enroll.tokenType.keyGen.recovery.onHold.keyType.value.n
op.enroll.tokenType.keyGen.signing.recovery.onHold.scheme
op.enroll.tokenType.keyGen.signing.recovery.onHold.revokeCert
op.enroll.tokenType.keyGen.signing.recovery.onHold.revokeCert.reason
174
Description
• 2 - CA key compromised.
• 3 - Affiliation changed.
• 4 - Certificate superseded.
• 5 - Cessation of operation.
• 6 - Certificate is on hold.
Specifies encryption certificate recovery scheme
for tokens whose key is compromised. The
valid values include GenerateNewKey and
RecoverLast.
Specifies if the encryption certificate should be
revoked if the token's key has been comprised.
The valid values are true|false.
Specifies what the signing certificate revocation
reason should be. The default value is 0. The
valid values are as follows:
• 0 - Unspecified.
• 1 - Key compromised.
• 2 - CA key compromised.
• 3 - Affiliation changed.
• 4 - Certificate superseded.
• 5 - Cessation of operation.
• 6 - Certificate is on hold.
The number of key types for the tokens to put on
hold for temporary loss reasons. The valid values
are integers. The default is 2.
Specifies keyType. The default values are
signing|encryption.
The recovery scheme for signing certificates
for tokens that are to be put on hold. The
valid values are GenerateNewKey and
RecoverLast.
Specifies if the signing certificate should be
revoked if the token's key has been comprised.
The valid values are true|false.
Specifies what the signing certificate revocation
reason should be. The default value is 0. The
valid values are as follows:
• 0 - Unspecified.