[DEFAULT]
pki_hostname = pki.exemple.com
pki_https_port = 8443
pki_http_port = 8080
pki_security_domain_name = %(secdomain_name)s
pki_security_domain_user = caadmin
pki_instance_name = pki-tomcat
conf_company_name = EXEMPLE
pki_ds_password =
pki_admin_password =
pki_security_domain_password =
pki_client_database_password =
pki_client_pkcs12_password =
pki_token_password =
pki_pkcs12_password =
ldap_host = ldap.exemple.com
ldap_port = 389
secdomain_name = secdomain
secdomain_user = secdomadmin
basedn = dc=pki,dc=exemple.com
pki_dns_domainname = exemple.com
[CA]
pki_existing = True
pki_import_system_certs = True
pki_import_admin_cert = False
pki_admin_uid = caadmin
pki_admin_name = %(pki_admin_uid)s
pki_admin_email = %(pki_admin_name)s@%(pki_dns_domainname)s
pki_admin_nickname = caadmin
pki_admin_subject_dn = cn = PKI Admin, o = %(pki_security_domain_name)s
pki_security_domain_name = %(secdomain_name)s
pki_security_domain_user = %(secdomain_user)s
pki_ds_hostname = %(ldap_host)s
pki_ds_ldap_port = %(ldap_port)s
pki_ds_secure_connection = False
pki_ds_base_dn = dc=ca,%(basedn)s
pki_ds_bind_dn = cn = dirman
pki_ds_database = userroot
pki_share_db = True
pki_share_dbuser_dn = uid=pkidbuser,ou=people, dc=ca, %(basedn)s
pki_ds_create_new_db = False
pki_ds_remove_data = True
pki_random_serial_numbers_enable = True
pki_pkcs12_path = /root/pki-ecc.p12
#================================================
pki_ca_signing_nickname = pki_root_ca
pki_ca_signing_key_size = nistp384
pki_ca_signing_key_type = ecc
pki_ca_signing_key_algorithm = SHA384withEC
pki_ca_signing_signing_algorithm = SHA384withEC
pki_sslserver_nickname = pki_ssl_server
pki_sslserver_key_size = nistp256
pki_sslserver_key_type = ecc
pki_sslserver_key_algorithm = SHA256withEC
pki_sslserver_signing_algorithm = SHA256withEC
pki_subsystem_nickname = pki_subsystem
pki_subsystem_key_size = nistp256
pki_subsystem_key_type = ecc
pki_subsystem_key_algorithm = SHA256withEC
pki_subsystem_signing_algorithm = SHA256withEC
#================================================
pki_audit_signing_nickname = pki_ca_audit_sign
pki_audit_signing_key_size = nistp521
pki_audit_signing_key_type = ecc
pki_audit_signing_key_algorithm = SHA512withEC
pki_audit_signing_signing_algorithm = SHA512withEC
pki_ocsp_signing_nickname = pki_ca_ocsp_sign
pki_ocsp_signing_key_size = nistp521
pki_ocsp_signing_key_type = ecc
pki_ocsp_signing_key_algorithm = SHA512withEC
pki_ocsp_signing_signing_algorithm = SHA512withEC
[OCSP]
pki_import_system_certs = True
pki_import_admin_cert = True
pki_ds_hostname = %(ldap_host)s
pki_ds_ldap_port = %(ldap_port)s
pki_ds_secure_connection = False
pki_ds_base_dn = dc=ocsp,%(basedn)s
pki_ds_bind_dn = cn = dirman
pki_ds_database = userroot
pki_ds_create_new_db = False
pki_ds_remove_data = True
pki_share_db = True
pki_share_dbuser_dn = uid=pkidbuser,ou=people, dc=ca, %(basedn)s
pki_admin_uid = ocspadmin
pki_admin_name = %(pki_admin_uid)s
pki_admin_email = %(pki_admin_name)s@%(pki_dns_domainname)s
pki_admin_nickname = ocspadmin
pki_security_domain_name = %(domain_name)s
pki_security_domain_user = %(secdomain_user)s
#================================================
pki_ca_signing_nickname = pki_root_ca
pki_ca_signing_key_size = nistp384
pki_ca_signing_key_type = ecc
pki_ca_signing_key_algorithm = SHA384withEC
pki_ca_signing_signing_algorithm = SHA384withEC
pki_sslserver_nickname = pki_ssl_server
pki_sslserver_key_size = nistp256
pki_sslserver_key_type = ecc
pki_sslserver_key_algorithm = SHA256withEC
pki_sslserver_signing_algorithm = SHA256withEC
pki_subsystem_nickname = pki_subsystem
pki_subsystem_key_size = nistp256
pki_subsystem_key_type = ecc
pki_subsystem_key_algorithm = SHA256withEC
pki_subsystem_signing_algorithm = SHA256withEC
#================================================
pki_audit_signing_nickname = pki_ocsp_audit_sign
pki_audit_signing_key_size = nistp521
pki_audit_signing_key_type = ecc
pki_audit_signing_key_algorithm = SHA512withEC
pki_audit_signing_signing_algorithm = SHA512withEC
pki_ocsp_signing_nickname = pki_ocsp_sign
pki_ocsp_signing_key_size = nistp521
pki_ocsp_signing_key_type = ecc
pki_ocsp_signing_key_algorithm = SHA512withEC
pki_ocsp_signing_signing_algorithm = SHA512withEC
[KRA]
pki_import_system_certs = True
pki_import_admin_cert = True
pki_admin_uid = kraadmin
pki_admin_name = %(pki_admin_uid)s
pki_admin_email = %(pki_admin_name)s@%(pki_dns_domainname)s
pki_admin_nickname = kraadmin
pki_ds_hostname = %(ldap_host)s
pki_ds_ldap_port = %(ldap_port)s
pki_ds_secure_connection = False
pki_ds_bind_dn = cn = dirman
pki_ds_base_dn = dc=kra,%(basedn)s
pki_ds_database = userroot
pki_ds_create_new_db = False
pki_ds_remove_data = True
pki_share_db = True
pki_share_dbuser_dn = uid=pkidbuser,ou=people, dc=ca, %(basedn)s
pki_security_domain_name = %(domain_name)s
pki_security_domain_user = %(secdomain_user)s
#================================================
pki_ca_signing_nickname = pki_root_ca
pki_ca_signing_key_size = nistp521
pki_ca_signing_key_type = ecc
pki_ca_signing_key_algorithm = SHA512withEC
pki_ca_signing_signing_algorithm = SHA512withEC
pki_sslserver_nickname = pki_ssl_server
pki_sslserver_key_size = nistp521
pki_sslserver_key_type = ecc
pki_sslserver_key_algorithm = SHA256withEC
pki_sslserver_signing_algorithm = SHA256withEC
pki_subsystem_nickname = pki_subsystem
pki_subsystem_key_size = nistp521
pki_subsystem_key_type = ecc
pki_subsystem_key_algorithm = SHA256withEC
pki_subsystem_signing_algorithm = SHA256withEC
#================================================
pki_storage_nickname = pki_kra_storage
pki_storage_key_size = 2048
pki_storage_key_type = rsa
pki_storage_key_algorithm = SHA512withRSA
pki_storage_signing_algorithm = SHA512withRSA
pki_transport_nickname = pki_kra_transport
pki_transport_key_size = 2048
pki_transport_key_type = rsa
pki_transport_key_algorithm = SHA512withRSA
pki_transport_signing_algorithm = SHA512withRSA
#================================================
pki_audit_signing_nickname = pki_kra_audit_sign
pki_audit_signing_key_size = nistp521
pki_audit_signing_key_type = ecc
pki_audit_signing_key_algorithm = SHA512withEC
pki_audit_signing_signing_algorithm = SHA512withEC
pki_ocsp_signing_nickname = pki_kra_ocsp_sign
pki_ocsp_signing_key_size = nistp521
pki_ocsp_signing_key_type = ecc
pki_ocsp_signing_key_algorithm = SHA512withEC
pki_ocsp_signing_signing_algorithm = SHA512withEC