The Domain.xml File - Red Hat CERTIFICATE SYSTEM 7.3 - ADMINISTRATION Administration Manual

registry. The security domain service in Certificate System manages both the registration of PKI
services for Certificate System subsystems and a set of shared trust policies.
The registry provides a complete view of all PKI services provided by the subsystems within that
domain. Each Certificate System subsystem must be either a host or a member of a security domain.
A CA subsystem is the only subsystem which can host a security domain. The security domain shares
the CA internal database for privileged user and group information to determine which users can
update the security domain, register new PKI services, and issue certificates.

4.4.1. The domain.xml File

The security domain registry is an XML file, domain.xml, which is hosted on a designated CA.
The domain.xml file is created when the CA is configured as the security domain host, and every
subsystem which is added to the domain is added as an entry to the registry. The domain.xml file
looks like the following example:
<?xml version="1.0" encoding="UTF-8"?>
<DomainInfo><Name>Example Domain</Name>
<KRAList>
<KRA>
</KRA>
<SubsystemCount>1</SubsystemCount>
</KRAList>
<TPSList>
<SubsystemCount>0</SubsystemCount>
</TPSList>
<OCSPList>
<OCSP>
<DomainManager>false</DomainManager>
</OCSP>
<SubsystemCount>1</SubsystemCount>
</OCSPList>
<RAList>
<SubsystemCount>0</SubsystemCount>
</RAList>
<TKSList>
<TKS>
</TKS>
<SubsystemCount>1</SubsystemCount>
</TKSList>
<SubsystemName>rhpki-kra</SubsystemName>
<Host>server.example.com</Host>
<SecurePort>10443</SecurePort>
<DomainManager>false</DomainManager>
<Clone>false</Clone>
<SubsystemName>rhpki-ocsp</SubsystemName>
<Host>server.example.com</Host>
<SecurePort>11443</SecurePort>
<Clone>false</Clone>
<SubsystemName>rhpki-tks</SubsystemName>
<Host>server.example.com</Host>
<SecurePort>13443</SecurePort>
<DomainManager>false</DomainManager>
<Clone>false</Clone>
The domain.xml File
115