Sophie

Sophie

distrib > Mandriva > 2010.0 > i586 > media > contrib-release > by-pkgid > d6e3c017ac329b370fb81a64dbf5a993 > files > 5

openca-web-interfaces-ra-1.0.2-4mdv2010.0.i586.rpm

## Configuration File for RA Manager Utility
## (c) 1998 by Massimiliano Pala - All Rights Reserved

## Crypto Section
## ==============
openssl    	"/usr/bin/openssl"
sslconfig  	"/etc/openca/openssl/openssl.cnf"
OCSPindex	"/var/lib/openca/crypto/ocsp_index.txt"
MakePath   	"/usr/bin/make -s"

## General Section
## ===============

DEFAULT_LANGUAGE "@default_language@"
DEFAULT_CHARSET  "@default_charset@"

CgiLibPath		"/usr/share/openca/functions"
CgiServerType		"ra"
CgiServerName		"ra"

HtdocsUrlPrefix		"/openca/ra"
EtcPrefix		"/etc/openca"

SessionDir      /var/lib/openca/session/cookie
SessionLifetime 1200

ModuleID	@ra_module_id@
ModuleShift	@module_shift@
AccessControlConfiguration "/etc/openca/access_control/ra.xml"
SoftwareConfiguration      "/etc/openca/config.xml"
RoleConfiguration          "/etc/openca/rbac/roles.xml"
ModuleConfiguration        "/etc/openca/rbac/modules.xml"
TokenConfiguration         "/etc/openca/token.xml"
LogConfiguration           "/etc/openca/log.xml"
MenuConfiguration          "/etc/openca/menu.xml"
LOAConfiguration           "/etc/openca/loa.xml"

# New Browser Configuration
BrowserRequestConfig       "/etc/openca/browser_req.xml"

# Authenticated Browser Request
AuthBrowserRequestConfig   "/etc/openca/auth_browser_req.xml"
DataSourcesConfig	   "/etc/openca/datasources.xml"
EnableAuthBrowserReq       "YES"

DBmodule 	"@dbmodule@"

CertDir		"/var/lib/openca/crypto/certs"
TempDir 	"/var/lib/openca/tmp"
MaxReturnedItems 20


## ==================== [ LOA Support ] =========================
## USE_LOAS takes either YES or NO
USE_LOAS                "@USE_LOAS@"


ADDITIONAL_REQUEST_ATTRIBUTES   "requestercn" "email" "department" "telephone"
ADDITIONAL_ATTRIBUTES_DISPLAY_VALUE     "Name (first and Last name)" "Email" "Department"  "Telephone"
ADDITIONAL_REQUEST_ATTRIBUTES_STRING_TYPE "LATIN1_LETTERS" "EMAIL" "LATIN1_LETTERS" "LATIN1_LETTERS"

CSR_SUPPORTED_ATTRIBUTES            "emailAddress" "CN" "SN" "unstructuredName" "unstructuredAddress" "OU" "L" "ST" "O" "C" "DC" "serialNumber" "UID"
CSR_DEFAULT_ATTRIBUTE_FIELDS        7
CSR_ALLOW_MULTIVALUED_ATTRIBUTES    YES
CSR_SUPPORTED_SUBJECT_ALT_NAMES     "email" "DNS" "IP" "DirName" "URI" "RID" "otherName" "Microsoft_GUID" "Microsoft_UPN"
CSR_DEFAULT_SUBJECT_ALT_NAME_FIELDS 4

## create key
## ==========

RegistrationAuthority	"Trustcenter itself" "Help Desk 1" "Help Desk 2"
MinPinLength		10

## ================== [ Basic CSR Section ] =====================

## Basic CSR Forms
Basic_CSR_Keysizes "1024" "2048" "4096" "512" "768"

DN_TYPES "SPKAC" "IE"

## ================== [ DN_TYPE ::= SPKAC ] =====================
DN_TYPE_SPKAC_BODY "YES"
DN_TYPE_SPKAC_KEYGEN_MODE  "SPKAC"

DN_TYPE_SPKAC_BASE     "O" "C"
# if you have more than one OU simply add them
# this works for all possible attributes
# DN_TYPE_SPKAC_ELEMENTS "EMAIL" "CN" "OU" "OU"
DN_TYPE_SPKAC_ELEMENTS "emailAddress" "CN" "OU"
DN_TYPE_SPKAC_NAME     "Basic User Request"

DN_TYPE_SPKAC_BASE_1 "OpenCA PKI Services"
DN_TYPE_SPKAC_BASE_2 "IT"

DN_TYPE_SPKAC_ELEMENT_1                "E-Mail"
DN_TYPE_SPKAC_ELEMENT_1_MINIMUM_LENGTH 7
DN_TYPE_SPKAC_ELEMENT_1_REQUIRED       "YES"
DN_TYPE_SPKAC_ELEMENT_1_CHARACTERSET   "EMAIL"

DN_TYPE_SPKAC_ELEMENT_2                "Name"
DN_TYPE_SPKAC_ELEMENT_2_MINIMUM_LENGTH 3
DN_TYPE_SPKAC_ELEMENT_2_REQUIRED       "YES"
DN_TYPE_SPKAC_ELEMENT_2_CHARACTERSET   "UTF8_LETTERS"

DN_TYPE_SPKAC_ELEMENT_3                "Certificate Request Group"
DN_TYPE_SPKAC_ELEMENT_3_SELECT         "Internet" "Partners" "Employees" "Trustcenter"
DN_TYPE_SPKAC_ELEMENT_3_MINIMUM_LENGTH 8
DN_TYPE_SPKAC_ELEMENT_3_REQUIRED       "YES"
DN_TYPE_SPKAC_ELEMENT_3_CHARACTERSET   "LATIN1_LETTERS"

## ================== [ DN_TYPE ::= IE ] =====================
DN_TYPE_IE_BODY "YES"
DN_TYPE_IE_KEYGEN_MODE  "IE"

DN_TYPE_IE_BASE     "O" "C"
# if you have more than one OU simply add them
# this works for all possible attributes
# DN_TYPE_IE_ELEMENTS "EMAIL" "CN" "OU" "OU"
DN_TYPE_IE_ELEMENTS "emailAddress" "CN" "OU"
DN_TYPE_IE_NAME     "Basic User Request"

DN_TYPE_IE_BASE_1 "OpenCA PKI Services"
DN_TYPE_IE_BASE_2 "IT"

DN_TYPE_IE_ELEMENT_1                "E-Mail"
DN_TYPE_IE_ELEMENT_1_MINIMUM_LENGTH 7
DN_TYPE_IE_ELEMENT_1_REQUIRED       "YES"
DN_TYPE_IE_ELEMENT_1_CHARACTERSET   "EMAIL"

DN_TYPE_IE_ELEMENT_2                "Name"
DN_TYPE_IE_ELEMENT_2_MINIMUM_LENGTH 3
DN_TYPE_IE_ELEMENT_2_REQUIRED       "YES"
DN_TYPE_IE_ELEMENT_2_CHARACTERSET   "UTF8_LETTERS"

DN_TYPE_IE_ELEMENT_3                "Certificate Request Group"
DN_TYPE_IE_ELEMENT_3_SELECT         "Internet" "Partners" "Employees" "Trustcenter"
DN_TYPE_IE_ELEMENT_3_MINIMUM_LENGTH 8
DN_TYPE_IE_ELEMENT_3_REQUIRED       "YES"
DN_TYPE_IE_ELEMENT_3_CHARACTERSET   "LATIN1_LETTERS"

CmdRefs_viewCert	"REVOCATION" "SENDCERT" "SEND_CERT_KEY" "VIEW_CSR" "TOKENHANDLING" "MAIL" "SET_PUBLIC_PASSWD" "DELETE_PUBLIC_PASSWD"
CmdRefs_viewCSR		"APPROVE_WITHOUT_SIGNING" "APPROVE" "DELETE_SIGNED" "DELETE_PENDING" "DELETE_RENEW" "DELETE_NEW" "EDIT" "RENEW" "GENERATE_KEY"
CmdRefs_viewCRR		"APPROVE_WITHOUT_SIGNING" "APPROVE" "DELETE_SIGNED" "DELETE_PENDING" "DELETE_NEW" "EDIT" "VIEW_CERT" "VIEW_USER_CRR"
CmdRefs_revoke_req	"NO_AUTH"
REQUIRE_PASSWD_PUBLIC	"NO"
CHANGE_DAYS             "YES"

## Images Section
=================
ValidSigImage	"/openca/ra/images/validSig.png"
SigErrorImage	"/openca/ra/images/sigError.png"

## Certificates and CRLs Section
## =============================

CACertificate 		"/var/lib/openca/crypto/cacerts/cacert.pem"
CACertificateDER 	"/var/lib/openca/crypto/cacerts/cacert.der"
CACertificateCRT 	"/var/lib/openca/crypto/chain/cacert.crt"
CACertsDir 		"/var/lib/openca/crypto/cacerts"
CertsDir 		"/var/lib/openca/crypto/certs"
ChainDir	 	"/var/lib/openca/crypto/chain"
CRLDir			"/var/lib/openca/crypto/crls"

## Mail Section
## ============
##
## The RA Manager program needs to send an e-mail to each user when he
## certificate has been successuffly published. Because of this you
## have to configure the sendmail program to use the right server.
## Watch out for mail attacs. Secure yourself.

## Do you want to send mail when certificate is published ?
warnuser yes

## Now let's define the command line for the sendmail with right options
mailcommand 		"@sendmail@"
basemailfile 		"/usr/share/openca/mails/__LANGUAGE__/certsMail.msg"

SERVICE_MAIL_ACCOUNT	"pki@openca.org"
WARN_EXPIRING_MSG	"/usr/share/openca/mails/__LANGUAGE__/expiringMail.msg"
WARN_EXPIRING_DAYS	31

##
## Role management Section
## -----------------------

RBAC_DIR          "/etc/openca/rbac"
RBAC_MODULE       "RA 1"
ROLES_DIR         "roles"
RIGHTS_DIR        "rights"
SCRIPT_CONFIG_DIR "scripts"
OPENSSL_DIR       "/etc/openca/openssl/openssl"
EXT_DIR           "/etc/openca/openssl/extfiles"

######################
## support for PKIX ##
######################

SET_REQUEST_SERIAL_IN_DN "N"
REQUEST_SERIAL_NAME "sn"

SET_CERTIFICATE_SERIAL_IN_DN "Y"
CERTIFICATE_SERIAL_NAME "serialNumber"

DN_WITHOUT_EMAIL "YES"

AUTOMATIC_SUBJECT_ALT_NAME "Y"
DEFAULT_SUBJECT_ALT_NAME   "Email"

UNIQUE_DN "YES"

##################################
## secure PIN support for certs ##
##################################
MAIL_DIR                  "/var/lib/openca/mail"
CRIN_MAIL_DIR             "/var/lib/openca/mail/crins"
DEFAULT_MAIL_DIR          "/var/lib/openca/mail/default"
SENT_MAIL_CRIN_COUNTER    "/var/lib/openca/mail/crins/mailcounter"
SENT_MAIL_DEFAULT_COUNTER "/var/lib/openca/mail/default/mailcounter"

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional