Difference between revisions of "PKI Subsystem Configuration"

From Dogtag
Jump to: navigation, search
m (JSS Subsystem)
m
 
(10 intermediate revisions by the same user not shown)
Line 1: Line 1:
 +
= Static Subsystems =
  
 +
* Debug
 +
* LogSubsystem
 +
* [[JSS Subsystem]]
 +
* DBSubsystem
 +
* UGSubsystem
 +
* PluginRegistry
 +
* OidLoaderSubsystem
 +
* X500NameSubsystem
 +
* RequestSubsystem
  
= JSS Subsystem =
+
= Dynamic Subsystems =
 +
 
 +
Dynamic subsystems can be configured in the CS.cfg.
 +
 
 +
== CA Subsystems ==
  
 
<pre>
 
<pre>
jss.enable=true
+
subsystem.0.class=com.netscape.ca.CertificateAuthority
 +
subsystem.0.id=ca
 +
subsystem.1.class=com.netscape.cmscore.profile.[PKI_PROFILE_SUBSYSTEM]
 +
subsystem.1.id=profile
 +
subsystem.1.enabled=false
 +
subsystem.2.class=com.netscape.cmscore.selftests.SelfTestSubsystem
 +
subsystem.2.id=selftests
 +
subsystem.3.class=com.netscape.cmscore.cert.CrossCertPairSubsystem
 +
subsystem.3.id=CrossCertPair
 +
subsystem.4.class=com.netscape.cmscore.util.StatsSubsystem
 +
subsystem.4.id=stats
 
</pre>
 
</pre>
  
== NSS database ==
+
See also https://github.com/dogtagpki/pki/blob/master/base/ca/shared/conf/CS.cfg.
 +
 
 +
== KRA Subsystems ==
  
 
<pre>
 
<pre>
jss.configDir=[PKI_INSTANCE_PATH]/alias/
+
subsystem.0.class=com.netscape.kra.KeyRecoveryAuthority
jss.secmodName=secmod.db
+
subsystem.0.id=kra
 +
subsystem.1.class=com.netscape.cmscore.selftests.SelfTestSubsystem
 +
subsystem.1.id=selftests
 +
subsystem.2.class=com.netscape.cmscore.util.StatsSubsystem
 +
subsystem.2.id=stats
 
</pre>
 
</pre>
  
== OCSP ==
+
See also https://github.com/dogtagpki/pki/blob/master/base/kra/shared/conf/CS.cfg.
 +
 
 +
== OCSP Subsystems ==
  
 
<pre>
 
<pre>
jss.ocspcheck.enable=false
+
subsystem.0.class=com.netscape.ocsp.OCSPAuthority
 +
subsystem.0.id=ocsp
 +
subsystem.1.class=com.netscape.cmscore.selftests.SelfTestSubsystem
 +
subsystem.1.id=selftests
 +
subsystem.2.class=com.netscape.cmscore.util.StatsSubsystem
 +
subsystem.2.id=stats
 
</pre>
 
</pre>
  
== SSL ==
+
See also https://github.com/dogtagpki/pki/blob/master/base/ocsp/shared/conf/CS.cfg.
 +
 
 +
== TKS Subsystems ==
  
 
<pre>
 
<pre>
jss.ssl.cipherfortezza=true
+
subsystem.0.class=com.netscape.tks.TKSAuthority
jss.ssl.cipherpref=
+
subsystem.0.id=tks
jss.ssl.cipherversion=cipherdomestic
+
subsystem.1.class=com.netscape.cmscore.selftests.SelfTestSubsystem
 +
subsystem.1.id=selftests
 +
subsystem.2.class=com.netscape.cmscore.util.StatsSubsystem
 +
subsystem.2.id=stats
 
</pre>
 
</pre>
  
== Secure Random ==
+
See also https://github.com/dogtagpki/pki/blob/master/base/tks/shared/conf/CS.cfg.
 +
 
 +
== TPS Subsystems ==
  
 
<pre>
 
<pre>
jss.secureRandom.algorithm=pkcs11prng
+
subsystem.0.class=org.dogtagpki.server.tps.TPSSubsystem
jss.secureRandom.provider=Mozilla-JSS
+
subsystem.0.id=tps
 +
subsystem.1.class=com.netscape.cmscore.selftests.SelfTestSubsystem
 +
subsystem.1.id=selftests
 +
subsystem.2.class=com.netscape.cmscore.util.StatsSubsystem
 +
subsystem.2.id=stats
 
</pre>
 
</pre>
  
= References =  
+
See also https://github.com/dogtagpki/pki/blob/master/base/tps/shared/conf/CS.cfg.
 +
 
 +
= Final Subsystems =
  
* [[PKI Server Configuration]]
+
* AuthSubsystem
 +
* AuthzSubsystem
 +
* [https://github.com/dogtagpki/pki/wiki/Scheduler-Configuration JobsScheduler]

Latest revision as of 23:02, 29 July 2022

Static Subsystems

  • Debug
  • LogSubsystem
  • JSS Subsystem
  • DBSubsystem
  • UGSubsystem
  • PluginRegistry
  • OidLoaderSubsystem
  • X500NameSubsystem
  • RequestSubsystem

Dynamic Subsystems

Dynamic subsystems can be configured in the CS.cfg.

CA Subsystems

subsystem.0.class=com.netscape.ca.CertificateAuthority
subsystem.0.id=ca
subsystem.1.class=com.netscape.cmscore.profile.[PKI_PROFILE_SUBSYSTEM]
subsystem.1.id=profile
subsystem.1.enabled=false
subsystem.2.class=com.netscape.cmscore.selftests.SelfTestSubsystem
subsystem.2.id=selftests
subsystem.3.class=com.netscape.cmscore.cert.CrossCertPairSubsystem
subsystem.3.id=CrossCertPair
subsystem.4.class=com.netscape.cmscore.util.StatsSubsystem
subsystem.4.id=stats

See also https://github.com/dogtagpki/pki/blob/master/base/ca/shared/conf/CS.cfg.

KRA Subsystems

subsystem.0.class=com.netscape.kra.KeyRecoveryAuthority
subsystem.0.id=kra
subsystem.1.class=com.netscape.cmscore.selftests.SelfTestSubsystem
subsystem.1.id=selftests
subsystem.2.class=com.netscape.cmscore.util.StatsSubsystem
subsystem.2.id=stats

See also https://github.com/dogtagpki/pki/blob/master/base/kra/shared/conf/CS.cfg.

OCSP Subsystems

subsystem.0.class=com.netscape.ocsp.OCSPAuthority
subsystem.0.id=ocsp
subsystem.1.class=com.netscape.cmscore.selftests.SelfTestSubsystem
subsystem.1.id=selftests
subsystem.2.class=com.netscape.cmscore.util.StatsSubsystem
subsystem.2.id=stats

See also https://github.com/dogtagpki/pki/blob/master/base/ocsp/shared/conf/CS.cfg.

TKS Subsystems

subsystem.0.class=com.netscape.tks.TKSAuthority
subsystem.0.id=tks
subsystem.1.class=com.netscape.cmscore.selftests.SelfTestSubsystem
subsystem.1.id=selftests
subsystem.2.class=com.netscape.cmscore.util.StatsSubsystem
subsystem.2.id=stats

See also https://github.com/dogtagpki/pki/blob/master/base/tks/shared/conf/CS.cfg.

TPS Subsystems

subsystem.0.class=org.dogtagpki.server.tps.TPSSubsystem
subsystem.0.id=tps
subsystem.1.class=com.netscape.cmscore.selftests.SelfTestSubsystem
subsystem.1.id=selftests
subsystem.2.class=com.netscape.cmscore.util.StatsSubsystem
subsystem.2.id=stats

See also https://github.com/dogtagpki/pki/blob/master/base/tps/shared/conf/CS.cfg.

Final Subsystems