Red Hat CERTIFICATE SYSTEM 8.0 - ADMINISTRATION Admin Manual page 306
Hide thumbs
Also See for CERTIFICATE SYSTEM 8.0 - ADMINISTRATION:
- Using manual (48 pages) ,
- Agents manual (146 pages) ,
- Manual (124 pages)
Table of Contents
Advertisement
Chapter 12. Editing Configuration in the CS.cfg File
ca.sslserver.tokenname=Internal Key Storage Token
12.2.2.6. Settings for Required Subsystems
At a minimum, each subsystem depends on a CA, which means that the CA (and any other required
subsystem) has to be configured in the subsystem's settings. Any connection to another subsystem is
prefaced by conn. and then the subsystem type and number.
conn.ca1.clientNickname=subsystemCert cert-pki-tps
conn.ca1.hostadminport=server.example.com:9445
conn.ca1.hostagentport=server.example.com:9444
conn.ca1.hostport=server.example.com:9443
conn.ca1.keepAlive=true
conn.ca1.retryConnect=3
conn.ca1.servlet.enrollment=/ca/ee/ca/profileSubmitSSLClient
conn.ca1.servlet.renewal=/ca/ee/ca/profileSubmitSSLClient
conn.ca1.servlet.revoke=/ca/subsystem/ca/doRevoke
conn.ca1.servlet.unrevoke=/ca/subsystem/ca/doUnrevoke
conn.ca1.timeout=100
12.2.2.7. Database Settings
All of the subsystems except for the RA use an LDAP directory to store their information. This internal
database is configured in the internaldb parameters, except for the TPS which configured it in the
tokendb parameters with a lot of other configuration settings.
internaldb._000=##
internaldb._001=## Internal Database
internaldb._002=##
internaldb.basedn=dc=server.example.com-pki-ca
internaldb.database=server.example.com-pki-ca
internaldb.maxConns=15
internaldb.minConns=3
internaldb.ldapauth.authtype=BasicAuth
internaldb.ldapauth.bindDN=cn=Directory Manager
internaldb.ldapauth.bindPWPrompt=Internal LDAP Database
internaldb.ldapauth.clientCertNickname=
internaldb.ldapconn.host=localhost
internaldb.ldapconn.port=389
internaldb.ldapconn.secureConn=false
internaldb.multipleSuffix.enable=false
12.2.2.8. Settings for PKI Tasks
The CS.cfg file is used to configure the PKI tasks for every subsystem. The parameters are different
for every single subsystem, without any overlap.
For example, the DRM has settings for storing and recovering keys
kra.keySplitting=false
kra.noOfRequiredRecoveryAgents=1
Review the CS.cfg file for each subsystem to become familiar with its PKI task settings; the
comments in the file are a decent guide for learning what the different parameters are.
• The CA configuration file lists all of the certificate profiles and policy settings, as well as rules for
generating CRLs.
284
Advertisement
Table of Contents
Related Manuals for Red Hat CERTIFICATE SYSTEM 8.0 - ADMINISTRATION
Related Products for Red Hat CERTIFICATE SYSTEM 8.0 - ADMINISTRATION
- Red Hat CERTIFICATE 7.2 RELEASE NOTES
- Red Hat CERTIFICATE SYSTEM 7.2 - MIGRATION GUIDE
- Red Hat CERTIFICATE SYSTEM 7.1 - ADMINSISTRATOR
- Red Hat CERTIFICATE 7.3 RELEASE NOTES
- Red Hat CERTIFICATE SYSTEM 8 - DEPLOYMENT
- Red Hat CERTIFICATE SYSTEM 8 - AGENTS GUIDE
- Red Hat CERTIFICATE 8.0 RELEASE NOTES
- Red Hat CERTIFICATE SYSTEM ENTERPRISE - SECURITY GUIDE
- Red Hat CLUSTER SUITE - CONFIGURING AND MANAGING A CLUSTER 2006
- Red Hat CLUSTER MANAGER - INSTALLATION AND
- Red Hat Cluster Suite
- Red Hat Application Server
- Red Hat APPLICATION SERVER - JONAS
- Red Hat APPLICATION STACK 1.1 RELEASE
- Red Hat APPLICATION STACK 1.2 RELEASE
- Red Hat APPLICATION STACK 1.3 RELEASE
Need help?
Do you have a question about the CERTIFICATE SYSTEM 8.0 - ADMINISTRATION and is the answer not in the manual?
Questions and answers