Sophie

Sophie

distrib > Mandriva > 2008.1 > x86_64 > by-pkgid > 46e45ddae9e5a9239c9c8fc98859d800 > files > 4

openca-web-interfaces-pub-0.9.3-0.rc1.4mdv2008.1.x86_64.rpm

## Secure Server Configuration File
## (c) 1999 by Massimiliano Pala and the OpenCA Group
##
## Please Refer to the Documentation for a full detailed
## description of params. Read the README file in this dir
## for more infos on programs accessing this file.

## ============== [ General Section ] =========================

DEFAULT_LANGUAGE "@default_language@"
DEFAULT_CHARSET  "@default_charset@"

DBmodule "@dbmodule@"

CgiLibPath		"/usr/share/openca/functions"
CgiServerType		"public"
CgiServerName		"pub"

HtdocsUrlPrefix		"@pub_htdocs_url_prefix@"

SessionDir      /var/lib/openca/session/cookie
SessionLifetime 1200

ModuleID		@pub_module_id@
ModuleShift		@module_shift@
AccessControlConfiguration "/etc/openca/access_control/pub.xml"
SoftwareConfiguration      "/etc/openca/config.xml"
RoleConfiguration          "/etc/openca/rbac/roles.xml"
ModuleConfiguration        "/etc/openca/rbac/modules.xml"
TokenConfiguration         "/etc/openca/token.xml"
LogConfiguration           "/etc/openca/log.xml"
MenuConfiguration          "/etc/openca/menu.xml"
LOAConfiguration           "/etc/openca/loa.xml"

CertsDir 		"/var/lib/openca/crypto/certs"
CACertificate		"/var/lib/openca/crypto/cacerts/cacert.pem"
ChainDir		"/var/lib/openca/crypto/chain"

## Paths
openssl 	"/usr/bin/openssl"
sslconfig 	"/etc/openca/openssl/openssl.cnf"
scepPath	"/usr/bin/openca-scep"
tempdir 	"/var/lib/openca/tmp"

BP_DIR		"/var/lib/openca/batch"

## ============== [ End General Section ] ====================


#================= [ LOA Support ] =========================
#USE_LOAS takes either YES or NO
USE_LOAS                "@USE_LOAS@"

#================ End of LOA support ============================





## ================ [ request Section ] ======================

## Default Registration Authority
RegistrationAuthority "Trustcenter itself" "Help Desk 1" "Help Desk 2"

## Misc configuration Parameters
MinPinLength 10

## ================== [ End request Section ] ===================

## ================== [ Basic CSR Section ] =====================

## Basic CSR Forms
Basic_CSR_Keysizes "1024" "2048" "4096" "512" "768"

DN_TYPES "BASIC" "TOKEN" "SPKAC" "IE" "PKCS10"

## ================== [ DN_TYPE ::= BASIC ] =====================
DN_TYPE_BASIC_BODY "YES"
DN_TYPE_BASIC_KEYGEN_MODE  "SERVER"

DN_TYPE_BASIC_BASE     "O" "C"
# if you have more than one OU simply add them
# this works for all possible attributes
# DN_TYPE_BASIC_ELEMENTS "EMAIL" "CN" "OU" "OU"
DN_TYPE_BASIC_ELEMENTS "emailAddress" "CN" "OU"
DN_TYPE_BASIC_NAME     "Basic User Request"

DN_TYPE_BASIC_BASE_1 "@ca_organization@"
DN_TYPE_BASIC_BASE_2 "@ca_country@"

DN_TYPE_BASIC_ELEMENT_1                "E-Mail"
DN_TYPE_BASIC_ELEMENT_1_MINIMUM_LENGTH 7
DN_TYPE_BASIC_ELEMENT_1_REQUIRED       "YES"
DN_TYPE_BASIC_ELEMENT_1_CHARACTERSET   "EMAIL"

DN_TYPE_BASIC_ELEMENT_2                "Name"
DN_TYPE_BASIC_ELEMENT_2_MINIMUM_LENGTH 3
DN_TYPE_BASIC_ELEMENT_2_REQUIRED       "YES"
DN_TYPE_BASIC_ELEMENT_2_CHARACTERSET   "LATIN1_LETTERS"

DN_TYPE_BASIC_ELEMENT_3                "Certificate Request Group"
DN_TYPE_BASIC_ELEMENT_3_SELECT         "Internet" "Partners" "Employees" "Trustcenter"
DN_TYPE_BASIC_ELEMENT_3_MINIMUM_LENGTH 8
DN_TYPE_BASIC_ELEMENT_3_REQUIRED       "YES"
DN_TYPE_BASIC_ELEMENT_3_CHARACTERSET   "LATIN1_LETTERS"

DN_TYPE_BASIC_SUBJECTALTNAMES   "email" "IP" "DNS" "DNS"

DN_TYPE_BASIC_SUBJECTALTNAME_1  "alternative email"
DN_TYPE_BASIC_SUBJECTALTNAME_1_MINIMUM_LENGTH 3
DN_TYPE_BASIC_SUBJECTALTNAME_1_REQUIRED    "NO"

DN_TYPE_BASIC_SUBJECTALTNAME_2  "IP address"
DN_TYPE_BASIC_SUBJECTALTNAME_2_MINIMUM_LENGTH 7
DN_TYPE_BASIC_SUBJECTALTNAME_2_REQUIRED    "NO"

DN_TYPE_BASIC_SUBJECTALTNAME_3  "DNS name"
DN_TYPE_BASIC_SUBJECTALTNAME_3_MINIMUM_LENGTH 9
DN_TYPE_BASIC_SUBJECTALTNAME_3_REQUIRED    "NO"

DN_TYPE_BASIC_SUBJECTALTNAME_4  "DNS name"
DN_TYPE_BASIC_SUBJECTALTNAME_4_MINIMUM_LENGTH 9
DN_TYPE_BASIC_SUBJECTALTNAME_4_REQUIRED    "NO"

## ================== [ DN_TYPE ::= TOKEN ] =====================
DN_TYPE_TOKEN_BODY "NO"

DN_TYPE_TOKEN_BASE     "O" "C"
# if you have more than one OU simply add them
# this works for all possible attributes
# DN_TYPE_TOKEN_ELEMENTS "EMAIL" "CN" "OU" "OU"
DN_TYPE_TOKEN_ELEMENTS "emailAddress" "CN" "OU"
DN_TYPE_TOKEN_NAME     "Basic User Request"

DN_TYPE_TOKEN_BASE_1 "@ca_organization@"
DN_TYPE_TOKEN_BASE_2 "@ca_country@"

DN_TYPE_TOKEN_ELEMENT_1                "E-Mail"
DN_TYPE_TOKEN_ELEMENT_1_MINIMUM_LENGTH 7
DN_TYPE_TOKEN_ELEMENT_1_REQUIRED       "YES"
DN_TYPE_TOKEN_ELEMENT_1_CHARACTERSET   "EMAIL"

DN_TYPE_TOKEN_ELEMENT_2                "Name"
DN_TYPE_TOKEN_ELEMENT_2_MINIMUM_LENGTH 3
DN_TYPE_TOKEN_ELEMENT_2_REQUIRED       "YES"
DN_TYPE_TOKEN_ELEMENT_2_CHARACTERSET   "LATIN1_LETTERS"

DN_TYPE_TOKEN_ELEMENT_3                "Certificate Request Group"
DN_TYPE_TOKEN_ELEMENT_3_SELECT         "Internet" "Partners" "Employees" "Trustcenter"
DN_TYPE_TOKEN_ELEMENT_3_MINIMUM_LENGTH 8
DN_TYPE_TOKEN_ELEMENT_3_REQUIRED       "YES"
DN_TYPE_TOKEN_ELEMENT_3_CHARACTERSET   "LATIN1_LETTERS"

DN_TYPE_TOKEN_SUBJECTALTNAMES   "email" "IP" "DNS" "DNS"

DN_TYPE_TOKEN_SUBJECTALTNAME_1  "alternative email"
DN_TYPE_TOKEN_SUBJECTALTNAME_1_MINIMUM_LENGTH 3
DN_TYPE_TOKEN_SUBJECTALTNAME_1_REQUIRED    "NO"

DN_TYPE_TOKEN_SUBJECTALTNAME_2  "IP address"
DN_TYPE_TOKEN_SUBJECTALTNAME_2_MINIMUM_LENGTH 7
DN_TYPE_TOKEN_SUBJECTALTNAME_2_REQUIRED    "NO"

DN_TYPE_TOKEN_SUBJECTALTNAME_3  "DNS name"
DN_TYPE_TOKEN_SUBJECTALTNAME_3_MINIMUM_LENGTH 9
DN_TYPE_TOKEN_SUBJECTALTNAME_3_REQUIRED    "NO"

DN_TYPE_TOKEN_SUBJECTALTNAME_4  "DNS name"
DN_TYPE_TOKEN_SUBJECTALTNAME_4_MINIMUM_LENGTH 9
DN_TYPE_TOKEN_SUBJECTALTNAME_4_REQUIRED    "NO"

## ================== [ DN_TYPE ::= SPKAC ] =====================
DN_TYPE_SPKAC_BODY "YES"
DN_TYPE_SPKAC_KEYGEN_MODE  "SPKAC"

DN_TYPE_SPKAC_BASE     "O" "C"
# if you have more than one OU simply add them
# this works for all possible attributes
# DN_TYPE_SPKAC_ELEMENTS "EMAIL" "CN" "OU" "OU"
DN_TYPE_SPKAC_ELEMENTS "emailAddress" "CN" "OU"
DN_TYPE_SPKAC_NAME     "Basic User Request"

DN_TYPE_SPKAC_BASE_1 "@ca_organization@"
DN_TYPE_SPKAC_BASE_2 "@ca_country@"

DN_TYPE_SPKAC_ELEMENT_1                "E-Mail"
DN_TYPE_SPKAC_ELEMENT_1_MINIMUM_LENGTH 7
DN_TYPE_SPKAC_ELEMENT_1_REQUIRED       "YES"
DN_TYPE_SPKAC_ELEMENT_1_CHARACTERSET   "EMAIL"

DN_TYPE_SPKAC_ELEMENT_2                "Name"
DN_TYPE_SPKAC_ELEMENT_2_MINIMUM_LENGTH 3
DN_TYPE_SPKAC_ELEMENT_2_REQUIRED       "YES"
DN_TYPE_SPKAC_ELEMENT_2_CHARACTERSET   "LATIN1_LETTERS"

DN_TYPE_SPKAC_ELEMENT_3                "Certificate Request Group"
DN_TYPE_SPKAC_ELEMENT_3_SELECT         "Internet" "Partners" "Employees" "Trustcenter"
DN_TYPE_SPKAC_ELEMENT_3_MINIMUM_LENGTH 8
DN_TYPE_SPKAC_ELEMENT_3_REQUIRED       "YES"
DN_TYPE_SPKAC_ELEMENT_3_CHARACTERSET   "LATIN1_LETTERS"

DN_TYPE_SPKAC_SUBJECTALTNAMES   "email" "IP" "DNS" "DNS"

DN_TYPE_SPKAC_SUBJECTALTNAME_1  "alternative email"
DN_TYPE_SPKAC_SUBJECTALTNAME_1_MINIMUM_LENGTH 3
DN_TYPE_SPKAC_SUBJECTALTNAME_1_REQUIRED    "NO"

DN_TYPE_SPKAC_SUBJECTALTNAME_2  "IP address"
DN_TYPE_SPKAC_SUBJECTALTNAME_2_MINIMUM_LENGTH 7
DN_TYPE_SPKAC_SUBJECTALTNAME_2_REQUIRED    "NO"

DN_TYPE_SPKAC_SUBJECTALTNAME_3  "DNS name"
DN_TYPE_SPKAC_SUBJECTALTNAME_3_MINIMUM_LENGTH 9
DN_TYPE_SPKAC_SUBJECTALTNAME_3_REQUIRED    "NO"

DN_TYPE_SPKAC_SUBJECTALTNAME_4  "DNS name"
DN_TYPE_SPKAC_SUBJECTALTNAME_4_MINIMUM_LENGTH 9
DN_TYPE_SPKAC_SUBJECTALTNAME_4_REQUIRED    "NO"

## ================== [ DN_TYPE ::= IE ] =====================
DN_TYPE_IE_BODY "YES"
DN_TYPE_IE_KEYGEN_MODE  "IE"

DN_TYPE_IE_BASE     "O" "C"
# if you have more than one OU simply add them
# this works for all possible attributes
# DN_TYPE_IE_ELEMENTS "EMAIL" "CN" "OU" "OU"
DN_TYPE_IE_ELEMENTS "emailAddress" "CN" "OU"
DN_TYPE_IE_NAME     "Basic User Request"

DN_TYPE_IE_BASE_1 "@ca_organization@"
DN_TYPE_IE_BASE_2 "@ca_country@"

DN_TYPE_IE_ELEMENT_1                "E-Mail"
DN_TYPE_IE_ELEMENT_1_MINIMUM_LENGTH 7
DN_TYPE_IE_ELEMENT_1_REQUIRED       "YES"
DN_TYPE_IE_ELEMENT_1_CHARACTERSET   "EMAIL"

DN_TYPE_IE_ELEMENT_2                "Name"
DN_TYPE_IE_ELEMENT_2_MINIMUM_LENGTH 3
DN_TYPE_IE_ELEMENT_2_REQUIRED       "YES"
DN_TYPE_IE_ELEMENT_2_CHARACTERSET   "LATIN1_LETTERS"

DN_TYPE_IE_ELEMENT_3                "Certificate Request Group"
DN_TYPE_IE_ELEMENT_3_SELECT         "Internet" "Partners" "Employees" "Trustcenter"
DN_TYPE_IE_ELEMENT_3_MINIMUM_LENGTH 8
DN_TYPE_IE_ELEMENT_3_REQUIRED       "YES"
DN_TYPE_IE_ELEMENT_3_CHARACTERSET   "LATIN1_LETTERS"

DN_TYPE_IE_SUBJECTALTNAMES   "email" "IP" "DNS" "DNS"

DN_TYPE_IE_SUBJECTALTNAME_1  "alternative email"
DN_TYPE_IE_SUBJECTALTNAME_1_MINIMUM_LENGTH 3
DN_TYPE_IE_SUBJECTALTNAME_1_REQUIRED    "NO"

DN_TYPE_IE_SUBJECTALTNAME_2  "IP address"
DN_TYPE_IE_SUBJECTALTNAME_2_MINIMUM_LENGTH 7
DN_TYPE_IE_SUBJECTALTNAME_2_REQUIRED    "NO"

DN_TYPE_IE_SUBJECTALTNAME_3  "DNS name"
DN_TYPE_IE_SUBJECTALTNAME_3_MINIMUM_LENGTH 9
DN_TYPE_IE_SUBJECTALTNAME_3_REQUIRED    "NO"

DN_TYPE_IE_SUBJECTALTNAME_4  "DNS name"
DN_TYPE_IE_SUBJECTALTNAME_4_MINIMUM_LENGTH 9
DN_TYPE_IE_SUBJECTALTNAME_4_REQUIRED    "NO"

## ================== [ End Basic CSR Section ] =================

##================== [ PKCS #10 Request DN Policy Section ] ====================
##
## You  may subtitute the value of any Attribute with "ANY" to make it accept any value
## but it will still check for the existance of the attribute
##
DN_TYPE_PKCS10_REQUIRED_ELEMENTS "CN" "OU" "O" "C"
DN_TYPE_PKCS10_BASE     "O" "C"

## YES, EXIST, NO
DN_TYPE_PKCS10_ENFORCE_BASE "EXIST"

DN_TYPE_PKCS10_BASE_1 "@ca_organization@"
DN_TYPE_PKCS10_BASE_2 "@ca_country@"

ADDITIONAL_REQUEST_ATTRIBUTES   "requestercn" "email" "department" "telephone"
ADDITIONAL_ATTRIBUTES_DISPLAY_VALUE     "Name (first and Last name)" "Email" "Department"  "Telephone"
ADDITIONAL_REQUEST_ATTRIBUTES_STRING_TYPE "LATIN1_LETTERS" "EMAIL" "LATIN1_LETTERS" "LATIN1_LETTERS"

## ================== [ Begin LDAP based CSR Section ] =================

LDAP_BASED_CSR_GENERATION "OFF"

LDAP_CSR_BIND_DN_PREFIX "uid="
LDAP_CSR_BIND_DN_SUFFIX ", OU=Users, O=@ca_organization@, C=@ca_country@"

DN_TYPE_LDAP_BASE     "O" "C"
DN_TYPE_LDAP_ELEMENTS "emailAddress" "CN" "OU"

DN_TYPE_LDAP_BASE_1 "@ca_organization@"
DN_TYPE_LDAP_BASE_2 "@ca_country@"

DN_TYPE_LDAP_SUBJECTALTNAMES   "email" "IP" "DNS"

## ================== [ End Basic CSR Section ] =================

## =================== [ pending Section ] ======================

MaxReturnedItems 20

## ================== [ End pending Section ] ===================


## ==================== [ lists Section ] ======================

CmdRefs_viewCert	"INSTALL_CERT" "SENDCERT" "SEND_CERT_KEY"
CmdRefs_revoke_req	"REQUIRE_AUTH"
REQUIRE_PASSWD_PUBLIC	"YES"

## ================= [ End lists Section ] =====================

## ================== [ sendcert Section ] ======================
## ================= [ End sendcert Section ] ===================

## ================== [ testcert Section ] ======================
VerifyCACert 	"/var/lib/openca/crypto/cacerts/cacert.pem"
## ================= [ End testcert Section ] ===================

## ================== [ getcrl Section ] ======================
crlfile 	"/var/lib/openca/crypto/crls/cacrl.crl"
## ================= [ End getcrl Section ] ===================

## ================== [ Role Section ] ======================
RBAC_DIR  "/etc/openca/rbac"
ROLES_DIR "roles"
## ================= [ End Role Section ] ===================

## ================== [ Images Section ] ======================
SigErrorImage	"@pub_htdocs_url_prefix@/images/sigError.png"
ValidSigImage	"@pub_htdocs_url_prefix@/images/validSig.png"
## ================= [ End Images Section ] ===================

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional