trunk/package/morphix/config.xml

   1 <openxpki>
   2   <common>
   3     <log_config>/etc/openxpki/instances/trustcenter1/log.conf</log_config>
   4     <server>
   5         <user>openxpki</user>
   6         <group>openxpki</group>
   7         <socket_file>/var/openxpki/openxpki.socket</socket_file>
   8         <pid_file>/var/run/openxpkid.pid</pid_file>
   9         <session_dir>/var/openxpki/session</session_dir>
  10         <connection_timeout>120</connection_timeout>
  11         <session_lifetime>1200</session_lifetime>
  12         <stderr>/var/openxpki/stderr.log</stderr>
  13         <tmpdir>/var/tmp</tmpdir>
  14         <transport>Simple</transport>
  15         <service>Default</service>
  16         <service>SCEP</service>
  17     </server>
  18     <i18n>
  19         <locale_directory>/usr/share/locale</locale_directory>
  20         <default_language>C</default_language>
  21     </i18n>
  22     <data_exchange>
  23         <export>
  24             <dir>/var/openxpki/dataexchange/export</dir>
  25         </export>
  26         <import>
  27             <dir>/var/openxpki/dataexchange/import</dir>
  28         </import>
  29     </data_exchange>
  30
  31     <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="database.xml"/>
  32     <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="log_database.xml"/>
  33     <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="token.xml"/>
  34     <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="notification.xml"/>
  35
  36   </common>
  37
  38
  39   <pki_realm name="I18N_OPENXPKI_DEPLOYMENT_TEST_DUMMY_CA" id="I18N_OPENXPKI_DEPLOYMENT_TEST_DUMMY_CA">
  40     <common id="default">
  41       <!-- default token (used for general crypto operations not requiring
  42            private key operations) -->
  43       <token super="common/token_config/token{default}"/>
  44
  45       <secret>
  46         <group id="default" label="I18N_OPENXPKI_CONFIG_DEFAULT_SECRET_AUTHENTICATION_GROUP">
  47           <method id="plain">
  48             <total_shares>1</total_shares>
  49           </method>
  50         <!-- alternatively use one of the following methods:
  51           <method id="literal">password</method>
  52           Literal password in the configuration file, not recommended
  53           except for testing.
  54
  55           <method id="split">
  56             <total_shares>3</total_shares>
  57           </method>
  58           Shamir's secret splitting, three passphrase shares, three
  59           required to unlock the secret.
  60
  61           <method id="split">
  62             <total_shares>5</total_shares>
  63             <required_shares>3</required_shares>
  64           </method>
  65           Shamir's secret splitting, five passphrase shares, any three
  66           required to unlock the secret.
  67         -->
  68           <cache>
  69             <type>daemon</type>
  70             <usage_count>-1</usage_count>
  71           </cache>
  72         </group>
  73       </secret>
  74       <notification>
  75           <notifier>rt1</notifier>
  76       </notification>
  77
  78       <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="profile.xml"/>
  79       <!-- LDAP addition  -->
  80       <!-- WARNING: keep "ldap_enable" set to "no" to avoid surprises  -->
  81       <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="ldappublic.xml"/>
  82       <!-- end of LDAP addition  -->
  83     </common>
  84
  85     <!-- Issuing CAs defined for this realm -->
  86     <!-- 'id' is the internal CA identifier -->
  87     <ca id="testdummyca1">
  88       <token super="common/token_config/token{testdummyca1}"/>
  89       <!-- CONFIG -->
  90       <cert>
  91           <alias>testdummyca1</alias>
  92           <realm>I18N_OPENXPKI_DEPLOYMENT_TEST_DUMMY_CA</realm>
  93       </cert>
  94       <crl_publication>
  95         <file>
  96             <filename>/etc/openxpki/instances/trustcenter1/ca/testdummyca1/crl.pem</filename>
  97             <format>PEM</format>
  98         </file>
  99         <!--
 100         <ldap>
 101             <server></server>
 102             <port></port>
 103             <bind_dn></bind_dn>
 104             <pass></pass>
 105             <base_dn></base_dn>
 106             <search_dn></search_dn>
 107         </ldap>
 108         -->
 109         <!-- if you do not want to use bind authentication, you can
 110              use SASL as well (Authen::SASL is required for that to work)
 111
 112              as sasl_mechanism, you can for example configure DIGEST-MD5 for
 113              MS ADS
 114
 115              Also note that configuring a hostname (not an IP) is required
 116              for MS ADS
 117         -->
 118         <!--
 119         <ldap>
 120             <server></server>
 121             <port></port>
 122             <base_dn></base_dn>
 123             <search_dn></search_dn>
 124             <sasl>yes</sasl>
 125             <sasl_mechanism></sasl_mechanism>
 126             <sasl_user></sasl_user>
 127             <sasl_pass></sasl_pass>
 128         </ldap>
 129         -->
 130       </crl_publication>
 131     </ca>
 132     <ca id="testdummyca2">
 133       <token super="common/token_config/token{testdummyca2}"/>
 134       <!-- CONFIG -->
 135       <cert>
 136           <alias>testdummyca2</alias>
 137           <realm>I18N_OPENXPKI_DEPLOYMENT_TEST_DUMMY_CA</realm>
 138       </cert>
 139       <crl_publication>
 140         <file>
 141             <filename>/etc/openxpki/instances/trustcenter1/ca/testdummyca2/crl.pem</filename>
 142             <format>PEM</format>
 143         </file>
 144         <!--
 145         <ldap>
 146             <server></server>
 147             <port></port>
 148             <bind_dn></bind_dn>
 149             <pass></pass>
 150             <base_dn></base_dn>
 151             <search_dn></search_dn>
 152         </ldap>
 153         -->
 154         <!-- if you do not want to use bind authentication, you can
 155              use SASL as well (Authen::SASL is required for that to work)
 156
 157              as sasl_mechanism, you can for example configure DIGEST-MD5 for
 158              MS ADS
 159
 160              Also note that configuring a hostname (not an IP) is required
 161              for MS ADS
 162         -->
 163         <!--
 164         <ldap>
 165             <server></server>
 166             <port></port>
 167             <base_dn></base_dn>
 168             <search_dn></search_dn>
 169             <sasl>yes</sasl>
 170             <sasl_mechanism></sasl_mechanism>
 171             <sasl_user></sasl_user>
 172             <sasl_pass></sasl_pass>
 173         </ldap>
 174         -->
 175       </crl_publication>
 176     </ca>
 177
 178     <!-- Subsystems defined for this realm -->
 179     <!-- 'id' is the subsystem identifier -->
 180     <scep id="testscepserver1">
 181       <cert>
 182         <alias>testscepserver1</alias>
 183         <realm>I18N_OPENXPKI_DEPLOYMENT_TEST_DUMMY_CA</realm>
 184       </cert>
 185       <token super="common/token_config/token{testscepserver1}"/>
 186     </scep>
 187     <pkcs7 id="testsceppkcs7tool1">
 188       <token super="common/token_config/token{testsceppkcs7tool1}"/>
 189     </pkcs7>
 190     <createjavakeystore id="testcreatejavakeystore">
 191       <token super="common/token_config/token{testcreatejavakeystore}"/>
 192     </createjavakeystore>
 193     <password_safe id="passwordsafe1">
 194       <cert>
 195         <alias>passwordsafe1</alias>
 196         <realm>I18N_OPENXPKI_DEPLOYMENT_TEST_DUMMY_CA</realm>
 197       </cert>
 198       <token super="common/token_config/token{passwordsafe1}"/>
 199     </password_safe>
 200
 201
 202     <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="auth.xml"/>
 203     <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="acl.xml"/>
 204     <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="workflow.xml"/>
 205   </pki_realm>
 206
 207
 208 </openxpki>