Red Hat CERTIFICATE SYSTEM 8.0 - ADMINISTRATION Admin Manual page 154

Chapter 5. Using and Configuring the Token Management System: TPS, TKS, and Enterprise Security Client
Parameter
op.enroll.tokenType.keyGen.tokenName
op.enroll.tokenType.keyGen.keyType.num
op.enroll.tokenType.keyGen.keyType.value.#
op.enroll.tokenType.keyGen.signing.keySize
op.enroll.tokenType.keyGen.signing.label
op.enroll.tokenType.keyGen.signing.cuid_label The CUID to show in the certificate.
op.enroll.tokenType.keyGen.signing.overwrite
op.enroll.tokenType.keyGen.signing.ca.profileId The CA profile that should be used for creating the signing certificate. The
op.enroll.tokenType.keyGen.signing.ca.conn
op.enroll.tokenType.keyGen.encryption.keySize The key size for the encryption key. The recommended setting is 2048.
op.enroll.tokenType.keyGen.encryption.label
op.enroll.tokenType.keyGen.encryption.cuid_label The CUID to show in the certificate.
op.enroll.tokenType.keyGen.encryption.overwriteSpecifies if the encryption certificate on the token should be overwritten. T
op.enroll.tokenType.keyGen.encryption.ca.profileId The CA profile to use for enrolling encryption certificates. The default valu
op.enroll.tokenType.keyGen.encryption.ca.conn The CA connection to use to generate encryption certs. The default value
op.enroll.tokenType.update.applet.emptyToken.enable
op.enroll.tokenType.update.applet.enable
op.enroll.tokenType.update.applet.requiredVersion The version of the applet to use. It should be the file name of the applet w
op.enroll.tokenType.update.applet.directory
op.enroll.tokenType.update.symmetricKeys.enable Specifies if the key changeover feature should be enabled. The valid valu
op.enroll.tokenType.update.symmetricKeys.requiredVersion
op.enroll.tokenType.loginRequest.enable
op.enroll.tokenType.pinReset.enable
op.enroll.tokenType.pinReset.pin.minLen
op.enroll.tokenType.pinReset.pin.maxRetries
op.enroll.tokenType.pinReset.pin.maxLen
op.enroll.tokenType.tks.conn
op.enroll.tokenType.auth.id
op.enroll.tokenType.auth.enable
Table 5.2. Enrollment Operation Parameters
There are some parameters in the CS.cfg file that are set to configure signing and encryption
enrollment operations which should never be altered.
132
Description
• 5 - Cessation of operation.
• 6 - Certificate is on hold.
The name of the token to use. The TPS can substitute some special strin
of the token; if using uid, the tokenName is substituted with the UID of t
The number of keys/certificates to be generated for the profile. The value
Specifies keyType. The default values are signing|encryption.
Specifies the key size to use for key generation. The recommended settin
The token label for the signing certificate. The valid values are $pretty_
are replaced by the user-supplied information when the certificate is gene
Specifies if the TPS should overwrite the existing signing certificate. The
The CA connection to use. The default value is ca1.
The token label for the encryption certificate. The valid values are $pret
variables are replaced by the user-supplied information when the certifica
Specifies whether TPS should upload an applet to the token when it does
Specifies if applet upgrade is turned on. The valid values are true|fals
The local filesystem directory where the applets are located.
sent by the token matches symmetricKeys.requiredVersion.
The required key version.
Specifies if the login request should be sent to the token. This parameter
Specifies if the token's PIN should be reset. The default value is true. Th
The minimum number of characters for the PIN.
The maximum number of times PIN authentication can be attempted on t
token is formatted.
The maximum number of characters for the PIN.
The TKS connection to use.
The LDAP authentication instance to use. The default value is ldap1.
Specifies whether to authenticate the user information. The valid values a