Import Upstream version 4.12.4
This commit is contained in:
geos_one
@@ -2,7 +2,7 @@
|
||||
# Dogtag PKI configuration file
|
||||
#
|
||||
# The ipaca_default.ini contains hard-coded defaults that cannot be modified
|
||||
# by a user without breaking FreeIPA internals.
|
||||
# by a user without breaking IPA internals.
|
||||
#
|
||||
# Note: "%" must be quoted as "%%".
|
||||
#
|
||||
@@ -40,7 +40,7 @@ pki_ca_port=%(pki_security_domain_https_port)s
|
||||
|
||||
# nickname and subject are hard-coded
|
||||
pki_ca_signing_nickname=caSigningCert cert-pki-ca
|
||||
pki_ca_signing_cert_path=%(pki_instance_configuration_path)s/external_ca.cert
|
||||
pki_ca_signing_cert_path=
|
||||
|
||||
pki_client_admin_cert_p12=%(ipa_admin_cert_p12)s
|
||||
pki_client_database_password=
|
||||
@@ -67,7 +67,6 @@ pki_replication_password=
|
||||
|
||||
pki_enable_proxy=True
|
||||
pki_ajp_secret=%(ipa_ajp_secret)s
|
||||
pki_restart_configured_instance=False
|
||||
pki_security_domain_hostname=%(ipa_fqdn)s
|
||||
pki_security_domain_https_port=443
|
||||
pki_security_domain_name=IPA
|
||||
@@ -81,7 +80,6 @@ pki_skip_installation=False
|
||||
pki_skip_sd_verify=False
|
||||
|
||||
pki_sslserver_token=internal
|
||||
pki_ssl_server_token=%(pki_sslserver_token)s
|
||||
pki_sslserver_nickname=Server-Cert cert-pki-ca
|
||||
pki_sslserver_subject_dn=cn=%(ipa_fqdn)s,%(ipa_subject_base)s
|
||||
|
||||
@@ -89,14 +87,12 @@ pki_sslserver_subject_dn=cn=%(ipa_fqdn)s,%(ipa_subject_base)s
|
||||
pki_subsystem_nickname=subsystemCert cert-pki-ca
|
||||
pki_subsystem_subject_dn=cn=CA Subsystem,%(ipa_subject_base)s
|
||||
|
||||
pki_theme_enable=True
|
||||
pki_theme_server_dir=/usr/share/pki/common-ui
|
||||
pki_audit_group=pkiaudit
|
||||
pki_group=pkiuser
|
||||
pki_user=pkiuser
|
||||
pki_existing=False
|
||||
|
||||
pki_cert_chain_path=%(pki_instance_configuration_path)s/external_ca_chain.cert
|
||||
pki_cert_chain_path=
|
||||
pki_cert_chain_nickname=caSigningCert External CA
|
||||
|
||||
pki_pkcs12_path=
|
||||
@@ -110,7 +106,7 @@ pki_ca_signing_record_create=True
|
||||
pki_ca_signing_serial_number=1
|
||||
pki_ca_signing_subject_dn=%(ipa_ca_subject)s
|
||||
|
||||
pki_ca_signing_csr_path=/root/ipa.csr
|
||||
pki_ca_signing_csr_path=
|
||||
|
||||
pki_ca_starting_crl_number=0
|
||||
|
||||
@@ -132,6 +128,7 @@ pki_audit_signing_nickname=auditSigningCert cert-pki-ca
|
||||
pki_audit_signing_subject_dn=cn=CA Audit,%(ipa_subject_base)s
|
||||
|
||||
pki_share_db=False
|
||||
pki_share_dbuser_dn=uid=pkidbuser,ou=people,o=ipaca
|
||||
pki_master_crl_enable=True
|
||||
|
||||
pki_default_ocsp_uri=%(ipa_ocsp_uri)s
|
||||
@@ -167,3 +164,6 @@ pki_audit_signing_subject_dn=cn=KRA Audit,%(ipa_subject_base)s
|
||||
# We will use the dbuser created for the CA.
|
||||
pki_share_db=True
|
||||
pki_share_dbuser_dn=uid=pkidbuser,ou=people,o=ipaca
|
||||
|
||||
# KRA padding, set RSA-OAEP in FIPS mode
|
||||
pki_use_oaep_rsa_keywrap=%(fips_use_oaep_rsa_keywrap)s
|
||||
Reference in New Issue
Block a user