1pki-tps-connector(5)    PKI TPS Connector Configuration   pki-tps-connector(5)
2
3
4

NAME

6       pki-tps-connector - PKI TPS Connector Configuration
7
8

LOCATION

10       /var/lib/pki/instance/conf/tps/CS.cfg
11
12

DESCRIPTION

14       TPS  connector  provides  a mechanism for TPS to communicate with other
15       PKI subsystems.  There are three supported connector  types:  CA,  KRA,
16       and  TKS.   The connectors are defined using properties in the TPS con‐
17       figuration file.
18
19

CA CONNECTOR

21       A CA connector is defined using properties that begin with  tps.connec‐
22       tor.ca<n>  where n is a positive integer indicating the ID of the
23       CA connector.
24
25
26       tps.connector.ca<n>.enable
27       This property contains a boolean value indicating whether the connector
28       is enabled.
29
30
31       tps.connector.ca<n>.host
32       In no-failover configuration, the property contains the hostname of the
33       CA.
34
35
36       In failover configuration, the property contains a  list  of  hostnames
37       and  port  numbers  of  the CA subsystems.  The format is hostname:port
38       separated by spaces.
39
40
41       tps.connector.ca<n>.port
42       In no-failover configuration, the property contains the port number  of
43       the CA.
44
45
46       tps.connector.ca<n>.nickName
47       This  property  contains  the nickname of the TPS subsystem certificate
48       for SSL client authentication to the CA.
49
50
51       tps.connector.ca<n>.minHttpConns
52       This property contains the minimum number of HTTP connections.
53
54
55       tps.connector.ca<n>.maxHttpConns
56       This property contains the maximum number of HTTP connections.
57
58
59       tps.connector.ca<n>.uri.<op>
60       This property  contains  the  URI  to  contact  CA  for  the  operation
61       <op>.    Example  ops:  enrollment,  renewal,  revoke,  unrevoke,
62       getcert.
63
64
65       tps.connector.ca<n>.timeout
66       This property contains the connection timeout.
67
68
69       tps.connCAList
70       This property is used for Revocation Routing.  It contains  a  list  of
71       ordered  ca id's separated by ',' that the revocation attempt should be
72       made to.  Example: tps.connCAList=ca1,ca2
73
74
75       tps.connector.ca<n>.caNickname
76       This property is used for Revocation Routing.  It contains the nickname
77       of the CA signing certificate that represents this ca<n>.
78
79
80       tps.connector.ca<n>.caSKI
81       This  property is used for Revocation Routing.  It contains the Subject
82       Key Identifier of the CA signing certificate of this ca<n>.  This
83       value  is automatically calculated by TPS once and should not need han‐
84       dling by the administrator.
85
86

KRA CONNECTOR

88       A KRA connector is defined using properties that begin with tps.connec‐
89       tor.kra<n> where n is a positive integer indicating the ID of the
90       KRA connector.
91
92
93       tps.connector.kra<n>.enable
94       This property contains a boolean value indicating whether the connector
95       is enabled.
96
97
98       tps.connector.kra<n>.host
99       In no-failover configuration, the property contains the hostname of the
100       KRA.
101
102
103       In failover configuration, the property contains a  list  of  hostnames
104       and  port  numbers  of  the KRA subsystems. The format is hostname:port
105       separated by spaces.
106
107
108       tps.connector.kra<n>.port
109       In no-failover configuration, the property contains the port number  of
110       the KRA.
111
112
113       tps.connector.kra<n>.nickName
114       This  property  contains  the nickname of the TPS subsystem certificate
115       for SSL client authentication to the KRA.
116
117
118       tps.connector.kra<n>.minHttpConns
119       This property contains the minimum number of HTTP connections.
120
121
122       tps.connector.kra<n>.maxHttpConns
123       This property contains the maximum number of HTTP connections.
124
125
126       tps.connector.kra<n>.uri.<op>
127       This property contains  the  URI  to  contact  KRA  for  the  operation
128       <op>.  Example ops: GenerateKeyPair, TokenKeyRecovery.
129
130
131       tps.connector.kra<n>.timeout
132       This property contains the connection timeout.
133
134

TKS CONNECTOR

136       A TKS connector is defined using properties that begin with tps.connec‐
137       tor.tks<n> where n is a positive integer indicating the ID of the
138       TKS connector.
139
140
141       tps.connector.tks<n>.enable
142       This property contains a boolean value indicating whether the connector
143       is enabled.
144
145
146       tps.connector.tks<n>.host
147       In no-failover configuration, the property contains the hostname of the
148       TKS.
149
150
151       In  failover  configuration,  the property contains a list of hostnames
152       and port numbers of the TKS subsystems.  The  format  is  hostname:port
153       separated by spaces.
154
155
156       tps.connector.tks<n>.port
157       In  no-failover configuration, the property contains the port number of
158       the TKS.
159
160
161       tps.connector.tks<n>.nickName
162       This property contains the nickname of the  TPS  subsystem  certificate
163       for SSL client authentication to the TKS.
164
165
166       tps.connector.tks<n>.minHttpConns
167       This property contains the minimum number of HTTP connections.
168
169
170       tps.connector.tks<n>.maxHttpConns
171       This property contains the maximum number of HTTP connections.
172
173
174       tps.connector.tks<n>.uri.<op>
175       This  property  contains  the  URI  to  contact  TKS  for the operation
176       <op>.  Example ops:  computeRandomData,  computeSessionKey,  cre‐
177       ateKeySetData, encryptData.
178
179
180       tps.connector.tks<n>.timeout
181       This property contains the connection timeout.
182
183
184       tps.connector.tks<n>.generateHostChallenge
185       This  property  contains a boolean value indicating whether to generate
186       host challenge.
187
188
189       tps.connector.tks<n>.serverKeygen
190       This property contains a boolean value indicating whether  to  generate
191       keys on server side.
192
193
194       tps.connector.tks<n>.keySet
195       This property contains the key set to be used on TKS.
196
197
198       tps.connector.tks<n>.tksSharedSymKeyName
199       This property contains the shared secret key name.
200
201

EXAMPLE

203              tps.connector.ca1.enable=true
204              tps.connector.ca1.host=pki.example.com
205              tps.connector.ca1.port=8443
206              tps.connector.ca1.minHttpConns=1
207              tps.connector.ca1.maxHttpConns=15
208              tps.connector.ca1.nickName=subsystemCert cert-pki-tomcat TPS
209              tps.connector.ca1.timeout=30
210              tps.connector.ca1.uri.enrollment=/ca/ee/ca/profileSubmitSSLClient
211              tps.connector.ca1.uri.renewal=/ca/ee/ca/profileSubmitSSLClient
212              tps.connector.ca1.uri.revoke=/ca/ee/subsystem/ca/doRevoke
213              tps.connector.ca1.uri.unrevoke=/ca/ee/subsystem/ca/doUnrevoke
214              # in case of Revocation Routing
215              # note that caSKI is automatically calculated by TPS
216              tps.connCAList=ca1,ca2
217              tps.connector.ca1.caNickname=caSigningCert cert-pki-tomcat CA
218              tps.connector.ca1.caSKI=hAzNarQMlzit4BymAlbduZMwVCc
219              # ca2 connector in case of Revocation Routing
220              tps.connector.ca2.<etc.>
221
222              tps.connector.kra1.enable=true
223              tps.connector.kra1.host=pki.example.com
224              tps.connector.kra1.port=8443
225              tps.connector.kra1.minHttpConns=1
226              tps.connector.kra1.maxHttpConns=15
227              tps.connector.kra1.nickName=subsystemCert cert-pki-tomcat TPS
228              tps.connector.kra1.timeout=30
229              tps.connector.kra1.uri.GenerateKeyPair=/kra/agent/kra/GenerateKeyPair
230              tps.connector.kra1.uri.TokenKeyRecovery=/kra/agent/kra/TokenKeyRecovery
231
232              tps.connector.tks1.enable=true
233              tps.connector.tks1.host=pki.example.com
234              tps.connector.tks1.port=8443
235              tps.connector.tks1.minHttpConns=1
236              tps.connector.tks1.maxHttpConns=15
237              tps.connector.tks1.nickName=subsystemCert cert-pki-tomcat TPS
238              tps.connector.tks1.timeout=30
239              tps.connector.tks1.generateHostChallenge=true
240              tps.connector.tks1.serverKeygen=false
241              tps.connector.tks1.keySet=defKeySet
242              tps.connector.tks1.tksSharedSymKeyName=sharedSecret
243              tps.connector.tks1.uri.computeRandomData=/tks/agent/tks/computeRandomData
244              tps.connector.tks1.uri.computeSessionKey=/tks/agent/tks/computeSessionKey
245              tps.connector.tks1.uri.createKeySetData=/tks/agent/tks/createKeySetData
246              tps.connector.tks1.uri.encryptData=/tks/agent/tks/encryptData
247
248
249

AUTHORS

251       Dogtag PKI Team &lt;devel@lists.dogtagpki.org&gt;.
252
253
255       Copyright  (c)  2014 Red Hat, Inc.  This is licensed under the GNU Gen‐
256       eral Public License, version 2 (GPLv2).  A  copy  of  this  license  is
257       available at http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.
258
259
260
261PKI                             April 22, 2014            pki-tps-connector(5)
Impressum