1pki-tps-connector(5) PKI TPS Connector Configuration pki-tps-connector(5)
2
3
4
6 pki-tps-connector - PKI TPS Connector Configuration
7
8
10 /var/lib/pki/instance/conf/tps/CS.cfg
11
12
14 TPS connector provides a mechanism for TPS to communicate with other
15 PKI subsystems. There are three supported connector types: CA, KRA,
16 and TKS. The connectors are defined using properties in the TPS con‐
17 figuration file.
18
19
21 A CA connector is defined using properties that begin with tps.connec‐
22 tor.ca<n> where n is a positive integer indicating the ID of the
23 CA connector.
24
25
26 tps.connector.ca<n>.enable
27 This property contains a boolean value indicating whether the connector
28 is enabled.
29
30
31 tps.connector.ca<n>.host
32 In no-failover configuration, the property contains the hostname of the
33 CA.
34
35
36 In failover configuration, the property contains a list of hostnames
37 and port numbers of the CA subsystems. The format is hostname:port
38 separated by spaces.
39
40
41 tps.connector.ca<n>.port
42 In no-failover configuration, the property contains the port number of
43 the CA.
44
45
46 tps.connector.ca<n>.nickName
47 This property contains the nickname of the TPS subsystem certificate
48 for SSL client authentication to the CA.
49
50
51 tps.connector.ca<n>.minHttpConns
52 This property contains the minimum number of HTTP connections.
53
54
55 tps.connector.ca<n>.maxHttpConns
56 This property contains the maximum number of HTTP connections.
57
58
59 tps.connector.ca<n>.uri.<op>
60 This property contains the URI to contact CA for the operation
61 <op>. Example ops: enrollment, renewal, revoke, unrevoke,
62 getcert.
63
64
65 tps.connector.ca<n>.timeout
66 This property contains the connection timeout.
67
68
69 tps.connCAList
70 This property is used for Revocation Routing. It contains a list of
71 ordered ca id's separated by ',' that the revocation attempt should be
72 made to. Example: tps.connCAList=ca1,ca2
73
74
75 tps.connector.ca<n>.caNickname
76 This property is used for Revocation Routing. It contains the nickname
77 of the CA signing certificate that represents this ca<n>.
78
79
80 tps.connector.ca<n>.caSKI
81 This property is used for Revocation Routing. It contains the Subject
82 Key Identifier of the CA signing certificate of this ca<n>. This
83 value is automatically calculated by TPS once and should not need han‐
84 dling by the administrator.
85
86
88 A KRA connector is defined using properties that begin with tps.connec‐
89 tor.kra<n> where n is a positive integer indicating the ID of the
90 KRA connector.
91
92
93 tps.connector.kra<n>.enable
94 This property contains a boolean value indicating whether the connector
95 is enabled.
96
97
98 tps.connector.kra<n>.host
99 In no-failover configuration, the property contains the hostname of the
100 KRA.
101
102
103 In failover configuration, the property contains a list of hostnames
104 and port numbers of the KRA subsystems. The format is hostname:port
105 separated by spaces.
106
107
108 tps.connector.kra<n>.port
109 In no-failover configuration, the property contains the port number of
110 the KRA.
111
112
113 tps.connector.kra<n>.nickName
114 This property contains the nickname of the TPS subsystem certificate
115 for SSL client authentication to the KRA.
116
117
118 tps.connector.kra<n>.minHttpConns
119 This property contains the minimum number of HTTP connections.
120
121
122 tps.connector.kra<n>.maxHttpConns
123 This property contains the maximum number of HTTP connections.
124
125
126 tps.connector.kra<n>.uri.<op>
127 This property contains the URI to contact KRA for the operation
128 <op>. Example ops: GenerateKeyPair, TokenKeyRecovery.
129
130
131 tps.connector.kra<n>.timeout
132 This property contains the connection timeout.
133
134
136 A TKS connector is defined using properties that begin with tps.connec‐
137 tor.tks<n> where n is a positive integer indicating the ID of the
138 TKS connector.
139
140
141 tps.connector.tks<n>.enable
142 This property contains a boolean value indicating whether the connector
143 is enabled.
144
145
146 tps.connector.tks<n>.host
147 In no-failover configuration, the property contains the hostname of the
148 TKS.
149
150
151 In failover configuration, the property contains a list of hostnames
152 and port numbers of the TKS subsystems. The format is hostname:port
153 separated by spaces.
154
155
156 tps.connector.tks<n>.port
157 In no-failover configuration, the property contains the port number of
158 the TKS.
159
160
161 tps.connector.tks<n>.nickName
162 This property contains the nickname of the TPS subsystem certificate
163 for SSL client authentication to the TKS.
164
165
166 tps.connector.tks<n>.minHttpConns
167 This property contains the minimum number of HTTP connections.
168
169
170 tps.connector.tks<n>.maxHttpConns
171 This property contains the maximum number of HTTP connections.
172
173
174 tps.connector.tks<n>.uri.<op>
175 This property contains the URI to contact TKS for the operation
176 <op>. Example ops: computeRandomData, computeSessionKey, cre‐
177 ateKeySetData, encryptData.
178
179
180 tps.connector.tks<n>.timeout
181 This property contains the connection timeout.
182
183
184 tps.connector.tks<n>.generateHostChallenge
185 This property contains a boolean value indicating whether to generate
186 host challenge.
187
188
189 tps.connector.tks<n>.serverKeygen
190 This property contains a boolean value indicating whether to generate
191 keys on server side.
192
193
194 tps.connector.tks<n>.keySet
195 This property contains the key set to be used on TKS.
196
197
198 tps.connector.tks<n>.tksSharedSymKeyName
199 This property contains the shared secret key name.
200
201
203 tps.connector.ca1.enable=true
204 tps.connector.ca1.host=server.example.com
205 tps.connector.ca1.port=8443
206 tps.connector.ca1.minHttpConns=1
207 tps.connector.ca1.maxHttpConns=15
208 tps.connector.ca1.nickName=subsystemCert cert-pki-tomcat TPS
209 tps.connector.ca1.timeout=30
210 tps.connector.ca1.uri.enrollment=/ca/ee/ca/profileSubmitSSLClient
211 tps.connector.ca1.uri.renewal=/ca/ee/ca/profileSubmitSSLClient
212 tps.connector.ca1.uri.revoke=/ca/ee/subsystem/ca/doRevoke
213 tps.connector.ca1.uri.unrevoke=/ca/ee/subsystem/ca/doUnrevoke
214 # in case of Revocation Routing
215 # note that caSKI is automatically calculated by TPS
216 tps.connCAList=ca1,ca2
217 tps.connector.ca1.caNickname=caSigningCert cert-pki-tomcat CA
218 tps.connector.ca1.caSKI=hAzNarQMlzit4BymAlbduZMwVCc
219 # ca2 connector in case of Revocation Routing
220 tps.connector.ca2.<etc.>
221
222 tps.connector.kra1.enable=true
223 tps.connector.kra1.host=server.example.com
224 tps.connector.kra1.port=8443
225 tps.connector.kra1.minHttpConns=1
226 tps.connector.kra1.maxHttpConns=15
227 tps.connector.kra1.nickName=subsystemCert cert-pki-tomcat TPS
228 tps.connector.kra1.timeout=30
229 tps.connector.kra1.uri.GenerateKeyPair=/kra/agent/kra/GenerateKeyPair
230 tps.connector.kra1.uri.TokenKeyRecovery=/kra/agent/kra/TokenKeyRecovery
231
232 tps.connector.tks1.enable=true
233 tps.connector.tks1.host=server.example.com
234 tps.connector.tks1.port=8443
235 tps.connector.tks1.minHttpConns=1
236 tps.connector.tks1.maxHttpConns=15
237 tps.connector.tks1.nickName=subsystemCert cert-pki-tomcat TPS
238 tps.connector.tks1.timeout=30
239 tps.connector.tks1.generateHostChallenge=true
240 tps.connector.tks1.serverKeygen=false
241 tps.connector.tks1.keySet=defKeySet
242 tps.connector.tks1.tksSharedSymKeyName=sharedSecret
243 tps.connector.tks1.uri.computeRandomData=/tks/agent/tks/computeRandomData
244 tps.connector.tks1.uri.computeSessionKey=/tks/agent/tks/computeSessionKey
245 tps.connector.tks1.uri.createKeySetData=/tks/agent/tks/createKeySetData
246 tps.connector.tks1.uri.encryptData=/tks/agent/tks/encryptData
247
248
249
251 Dogtag PKI Team <devel@lists.dogtagpki.org>.
252
253
255 Copyright (c) 2014 Red Hat, Inc. This is licensed under the GNU Gen‐
256 eral Public License, version 2 (GPLv2). A copy of this license is
257 available at http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.
258
259
260
261PKI April 22, 2014 pki-tps-connector(5)