pki-tps-connector(5)

1pki-tps-connector(5)    PKI TPS Connector Configuration   pki-tps-connector(5)
2
3
4

NAME

6       pki-tps-connector - PKI TPS Connector Configuration
7
8

LOCATION

10       /var/lib/pki/instance/conf/tps/CS.cfg
11
12

DESCRIPTION

14       TPS  connector  provides  a mechanism for TPS to communicate with other
15       PKI subsystems.  There are three supported connector  types:  CA,  KRA,
16       and  TKS.   The connectors are defined using properties in the TPS con‐
17       figuration file.
18
19

CA CONNECTOR

21       A CA connector is defined using properties that begin with  tps.connec‐
22       tor.calt;ngt; where n is a positive integer indicating the ID of the CA
23       connector.
24
25
26       tps.connector.calt;ngt;.enable
27       This property contains a boolean value indicating whether the connector
28       is enabled.
29
30
31       tps.connector.calt;ngt;.host
32       In no-failover configuration, the property contains the hostname of the
33       CA.
34
35
36       In failover configuration, the property contains a  list  of  hostnames
37       and  port  numbers  of  the CA subsystems.  The format is hostname:port
38       separated by spaces.
39
40
41       tps.connector.calt;ngt;.port
42       In no-failover configuration, the property contains the port number  of
43       the CA.
44
45
46       tps.connector.calt;ngt;.nickName
47       This  property  contains  the nickname of the TPS subsystem certificate
48       for SSL client authentication to the CA.
49
50
51       tps.connector.calt;ngt;.minHttpConns
52       This property contains the minimum number of HTTP connections.
53
54
55       tps.connector.calt;ngt;.maxHttpConns
56       This property contains the maximum number of HTTP connections.
57
58
59       tps.connector.calt;ngt;.uri.lt;opgt;
60       This property  contains  the  URI  to  contact  CA  for  the  operation
61       lt;opgt;.  Example ops: enrollment, renewal, revoke, unrevoke, getcert.
62
63
64       tps.connector.calt;ngt;.timeout
65       This property contains the connection timeout.
66
67
68       tps.connCAList
69       This  property  is  used for Revocation Routing.  It contains a list of
70       ordered ca id's separated by ',' that the revocation attempt should  be
71       made to.  Example: tps.connCAList=ca1,ca2
72
73
74       tps.connector.calt;ngt;.caNickname
75       This property is used for Revocation Routing.  It contains the nickname
76       of the CA signing certificate that represents this calt;ngt;.
77
78
79       tps.connector.calt;ngt;.caSKI
80       This property is used for Revocation Routing.  It contains the  Subject
81       Key  Identifier  of the CA signing certificate of this calt;ngt;.  This
82       value is automatically calculated by TPS once and should not need  han‐
83       dling by the administrator.
84
85

KRA CONNECTOR

87       A KRA connector is defined using properties that begin with tps.connec‐
88       tor.kralt;ngt; where n is a positive integer indicating the ID  of  the
89       KRA connector.
90
91
92       tps.connector.kralt;ngt;.enable
93       This property contains a boolean value indicating whether the connector
94       is enabled.
95
96
97       tps.connector.kralt;ngt;.host
98       In no-failover configuration, the property contains the hostname of the
99       KRA.
100
101
102       In  failover  configuration,  the property contains a list of hostnames
103       and port numbers of the KRA subsystems.  The  format  is  hostname:port
104       separated by spaces.
105
106
107       tps.connector.kralt;ngt;.port
108       In  no-failover configuration, the property contains the port number of
109       the KRA.
110
111
112       tps.connector.kralt;ngt;.nickName
113       This property contains the nickname of the  TPS  subsystem  certificate
114       for SSL client authentication to the KRA.
115
116
117       tps.connector.kralt;ngt;.minHttpConns
118       This property contains the minimum number of HTTP connections.
119
120
121       tps.connector.kralt;ngt;.maxHttpConns
122       This property contains the maximum number of HTTP connections.
123
124
125       tps.connector.kralt;ngt;.uri.lt;opgt;
126       This  property  contains  the  URI  to  contact  KRA  for the operation
127       lt;opgt;.  Example ops: GenerateKeyPair, TokenKeyRecovery.
128
129
130       tps.connector.kralt;ngt;.timeout
131       This property contains the connection timeout.
132
133

TKS CONNECTOR

135       A TKS connector is defined using properties that begin with tps.connec‐
136       tor.tkslt;ngt;  where  n is a positive integer indicating the ID of the
137       TKS connector.
138
139
140       tps.connector.tkslt;ngt;.enable
141       This property contains a boolean value indicating whether the connector
142       is enabled.
143
144
145       tps.connector.tkslt;ngt;.host
146       In no-failover configuration, the property contains the hostname of the
147       TKS.
148
149
150       In failover configuration, the property contains a  list  of  hostnames
151       and  port  numbers  of  the TKS subsystems. The format is hostname:port
152       separated by spaces.
153
154
155       tps.connector.tkslt;ngt;.port
156       In no-failover configuration, the property contains the port number  of
157       the TKS.
158
159
160       tps.connector.tkslt;ngt;.nickName
161       This  property  contains  the nickname of the TPS subsystem certificate
162       for SSL client authentication to the TKS.
163
164
165       tps.connector.tkslt;ngt;.minHttpConns
166       This property contains the minimum number of HTTP connections.
167
168
169       tps.connector.tkslt;ngt;.maxHttpConns
170       This property contains the maximum number of HTTP connections.
171
172
173       tps.connector.tkslt;ngt;.uri.lt;opgt;
174       This property contains  the  URI  to  contact  TKS  for  the  operation
175       lt;opgt;.   Example  ops:  computeRandomData,  computeSessionKey,  cre‐
176       ateKeySetData, encryptData.
177
178
179       tps.connector.tkslt;ngt;.timeout
180       This property contains the connection timeout.
181
182
183       tps.connector.tkslt;ngt;.generateHostChallenge
184       This property contains a boolean value indicating whether  to  generate
185       host challenge.
186
187
188       tps.connector.tkslt;ngt;.serverKeygen
189       This  property  contains a boolean value indicating whether to generate
190       keys on server side.
191
192
193       tps.connector.tkslt;ngt;.keySet
194       This property contains the key set to be used on TKS.
195
196
197       tps.connector.tkslt;ngt;.tksSharedSymKeyName
198       This property contains the shared secret key name.
199
200

EXAMPLE

202              tps.connector.ca1.enable=true
203              tps.connector.ca1.host=server.example.com
204              tps.connector.ca1.port=8443
205              tps.connector.ca1.minHttpConns=1
206              tps.connector.ca1.maxHttpConns=15
207              tps.connector.ca1.nickName=subsystemCert cert-pki-tomcat TPS
208              tps.connector.ca1.timeout=30
209              tps.connector.ca1.uri.enrollment=/ca/ee/ca/profileSubmitSSLClient
210              tps.connector.ca1.uri.renewal=/ca/ee/ca/profileSubmitSSLClient
211              tps.connector.ca1.uri.revoke=/ca/ee/subsystem/ca/doRevoke
212              tps.connector.ca1.uri.unrevoke=/ca/ee/subsystem/ca/doUnrevoke
213              # in case of Revocation Routing
214              # note that caSKI is automatically calculated by TPS
215              tps.connCAList=ca1,ca2
216              tps.connector.ca1.caNickname=caSigningCert cert-pki-tomcat CA
217              tps.connector.ca1.caSKI=hAzNarQMlzit4BymAlbduZMwVCc
218              # ca2 connector in case of Revocation Routing
219              tps.connector.ca2.<etc.>
220
221              tps.connector.kra1.enable=true
222              tps.connector.kra1.host=server.example.com
223              tps.connector.kra1.port=8443
224              tps.connector.kra1.minHttpConns=1
225              tps.connector.kra1.maxHttpConns=15
226              tps.connector.kra1.nickName=subsystemCert cert-pki-tomcat TPS
227              tps.connector.kra1.timeout=30
228              tps.connector.kra1.uri.GenerateKeyPair=/kra/agent/kra/GenerateKeyPair
229              tps.connector.kra1.uri.TokenKeyRecovery=/kra/agent/kra/TokenKeyRecovery
230
231              tps.connector.tks1.enable=true
232              tps.connector.tks1.host=server.example.com
233              tps.connector.tks1.port=8443
234              tps.connector.tks1.minHttpConns=1
235              tps.connector.tks1.maxHttpConns=15
236              tps.connector.tks1.nickName=subsystemCert cert-pki-tomcat TPS
237              tps.connector.tks1.timeout=30
238              tps.connector.tks1.generateHostChallenge=true
239              tps.connector.tks1.serverKeygen=false
240              tps.connector.tks1.keySet=defKeySet
241              tps.connector.tks1.tksSharedSymKeyName=sharedSecret
242              tps.connector.tks1.uri.computeRandomData=/tks/agent/tks/computeRandomData
243              tps.connector.tks1.uri.computeSessionKey=/tks/agent/tks/computeSessionKey
244              tps.connector.tks1.uri.createKeySetData=/tks/agent/tks/createKeySetData
245              tps.connector.tks1.uri.encryptData=/tks/agent/tks/encryptData
246
247
248

AUTHORS

250       Dogtag PKI Team lt;pki-devel@redhat.comgt;.
251
252

COPYRIGHT

254       Copyright (c) 2014 Red Hat, Inc.  This is licensed under the  GNU  Gen‐
255       eral  Public  License,  version  2  (GPLv2).  A copy of this license is
256       available at http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.
257
258
259
260PKI                             April 22, 2014            pki-tps-connector(5)