Sophie

Sophie

distrib > Mandriva > 2010.0 > i586 > media > contrib-release > by-pkgid > c72c673a8ff1bb0fed64a29e866eb252 > files > 4

openca-web-interfaces-scep-1.0.2-4mdv2010.0.i586.rpm

## Secure Server Configuration File
## (c) 1999 by Massimiliano Pala and the OpenCA Group
##
## Please Refer to the Documentation for a full detailed
## description of params. Read the README file in this dir
## for more infos on programs accessing this file.

## ============== [ General Section ] =========================

DEFAULT_LANGUAGE "@default_language@"
DEFAULT_CHARSET  "@default_charset@"

DBmodule "@dbmodule@"

CgiLibPath		"/usr/share/openca/functions"
CgiServerType		"scep"
CgiServerName		"scep"

HtdocsUrlPrefix		""

SessionDir      /var/lib/openca/session/cookie
SessionLifetime 1200

ModuleID		@scep_module_id@
ModuleShift		@module_shift@
AccessControlConfiguration "/etc/openca/access_control/scep.xml"
SoftwareConfiguration      "/etc/openca/config.xml"
RoleConfiguration          "/etc/openca/rbac/roles.xml"
ModuleConfiguration        "/etc/openca/rbac/modules.xml"
TokenConfiguration         "/etc/openca/token.xml"
LogConfiguration           "/etc/openca/log.xml"

CertsDir 		"/var/lib/openca/crypto/certs"
CACertificate		"/var/lib/openca/crypto/cacerts/cacert.pem"
ChainDir		"/var/lib/openca/crypto/chain"
CRLDir			"/var/lib/openca/crypto/crls"

## Paths
openssl 	"/usr/bin/openssl"
sslconfig 	"/etc/openca/openssl/openssl.cnf"
scepPath	"/usr/bin/openca-scep"
tempdir 	"/var/lib/openca/tmp"

crlfile 	"/var/lib/openca/crypto/crls/cacrl.crl"

## ==================== [ LOA Support ] =========================
## USE_LOAS takes either YES or NO
USE_LOAS                "@USE_LOAS@"

## ==================== [ SCEP Section ] ======================

## It is just an example, you should change the 03.pem and/or
## the path pointing to the right key/cert pair
ScepRACert	"@SCEP_RA_CERT@"
ScepRAKey	"@SCEP_RA_KEY@"
ScepRAPasswd	"@SCEP_RA_PASSWD@"

##
## SCEP Policy definition
##

# ScepAllowEnrollment: if set to "NO" the SCEP server will not accept 
#  requests for certificate DNs that don't exist yet.
ScepAllowEnrollment     "YES"

# ScepAllowRenewal: if set to "YES" the SCEP server will allow renewal
#  requests for existing certificates.
ScepAllowRenewal        "YES"

# ScepKeepSubjectAltName: parse incoming request and keep supplied 
#  SubjectAltName
ScepKeepSubjectAltName  "YES"

# ScepRenewRDNMatch: List of request RDNs that must match an 
#  existing certificate to identify the request as a renewal
#  Example: "CN,O,C"
#  Please note that CN might not be enough for your case if your CNs
#  are not unique. In this case add additional RDN components, such
#  as OU, O or DC in order to allow a match.
ScepRenewalRDNMatch     "CN"

# Defaults for initial enrollment
#  Change these according to your setup
ScepDefaultRole         "VPN Server"
ScepDefaultRA           "Trustcenter itself"

# ScepAutoApprove: if set to "YES" and the incoming SCEP request is signed 
#  with the already existing end entity certificate (newer SCEP drafts only!)
#  the request is automatically approved in the RA.
ScepAutoApprove         "NO"
################################





## ================== [ End SCEP Section ] ====================

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional