Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 157948 Details for
Bug 245790
TPS can't do token operation against clone CA
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
tps log
TPS-CS.cfg (text/plain), 57.17 KB, created by
kent lamb
on 2007-06-26 19:58:13 UTC
(
hide
)
Description:
tps log
Filename:
MIME Type:
Creator:
kent lamb
Created:
2007-06-26 19:58:13 UTC
Size:
57.17 KB
patch
obsolete
>applet._000=######################################### >applet._001=# applet information >applet._002=######################################### >applet.aid.cardmgr_instance=A0000000030000 >applet.aid.netkey_file=627601FF0000 >applet.aid.netkey_instance=627601FF000000 >applet.aid.netkey_old_file=A000000001 >applet.aid.netkey_old_instance=A00000000101 >applet.delete_old=true >applet.so_pin=000000000000 >auth.instance.0.SSLOn=false >auth.instance.0.attributes=mail,cn,uid >auth.instance.0.attributes._001=############################################## >auth.instance.0.attributes._002=# attributes will be available >auth.instance.0.attributes._003=# as $auth.<attribute>$ >auth.instance.0.attributes._004=############################################## >auth.instance.0.authId=ldap1 >auth.instance.0.baseDN=dc=aoltw,dc=com >auth.instance.0.hostport=directory.office.aol.com:389 >auth.instance.0.libraryFactory=GetAuthentication >auth.instance.0.libraryName=/usr/lib/libldapauth.so >auth.instance.0.retries=1 >auth.instance.0.retryConnect=3 >auth.instance.0.ssl=false >auth.instance.0.type=LDAP_Authentication >auth.instance.0.ui.description.en=This authenticates user against the LDAP directory. >auth.instance.0.ui.id.PASSWORD.description.en=LDAP Password >auth.instance.0.ui.id.PASSWORD.name.en=LDAP Password >auth.instance.0.ui.id.UID.description.en=LDAP User ID >auth.instance.0.ui.id.UID.name.en=LDAP User ID >auth.instance.0.ui.title.en=LDAP Authentication AAAAA >auth.instance._000=######################################## >auth.instance._001=# publishing >auth.instance._002=# >auth.instance._003=# publisher.instance.<n>.libraryName: >auth.instance._004=# - name of the library specified with a fully qualified path name >auth.instance._005=# publisher.instance.<n>.libraryFactory: >auth.instance._006=# - the name of the function which instantiates the publisher >auth.instance._007=# publisher.instance.<n>.publisherId: >auth.instance._008=# - the publisher ID >auth.instance._009=# >auth.instance._010=# where >auth.instance._011=# <n> - publisher connection ID >auth.instance._012=######################################## >auth.instance._013=######################################### >auth.instance._014=# authentication >auth.instance._015=# >auth.instance._016=# auth.instance.<n>.libraryName: >auth.instance._017=# - name of the library specified with a fully qualified path name >auth.instance._018=# auth.instance.<n>.libraryFactory: >auth.instance._019=# - the name of the function which instantiates the authentication >auth.instance._020=# auth.instance.<n>.authId >auth.instance._021=# - the authentication ID >auth.instance._022=# auth.instance.<n>.hostport >auth.instance._023=# - parameter specific to the given authentication, >auth.instance._024=# i. e., LDAPAuthentication (id=ldap1) >auth.instance._025=# - host name and port number, host:port >auth.instance._026=# - for failover, provide multiple host:port designations >auth.instance._027=# separated by " " >auth.instance._028=# auth.instance.<n>.SSLOn: >auth.instance._029=# - parameter specific to the given authentication, >auth.instance._030=# i. e., LDAPAuthentication (id=ldap1) >auth.instance._031=# - use SSL or not for LDAP service >auth.instance._032=# auth.instance.<n>.retries: >auth.instance._033=# - parameter specific to the given authentication, >auth.instance._034=# i. e., LDAPAuthentication (id=ldap1) >auth.instance._035=# - number of authentication re-attempts when authentication failed >auth.instance._036=# auth.instance.<n>.retryConnect: >auth.instance._037=# - parameter specific to the given authentication, >auth.instance._038=# i. e., LDAPAuthentication (id=ldap1) >auth.instance._039=# - number of connection re-attempts when connection failed >auth.instance._040=# >auth.instance._041=# where >auth.instance._042=# <n> - authentication connection ID >auth.instance._043=######################################### >channel._000=######################################### >channel._001=# channel.encryption: >channel._002=# >channel._003=# - enable encryption for all operation commands to token >channel._004=# - default is true >channel._005=######################################### >channel.encryption=true >config.sdomainURL=https://ca-da.epki.sstest.office.aol.com:443 >conn.ca1.SSLOn=true >conn.ca1._000=######################################### >conn.ca1._001=# CA connection >conn.ca1._002=# >conn.ca1._003=# conn.ca<n>.hostport: >conn.ca1._004=# - host name and port number of your CA, format is host:port >conn.ca1._005=# conn.ca<n>.clientNickname: >conn.ca1._006=# - nickname of the client certificate for >conn.ca1._007=# authentication >conn.ca1._008=# conn.ca<n>.servlet.enrollment: >conn.ca1._009=# - servlet to contact in CA >conn.ca1._010=# - must be '/ca/profileSubmitSSLClient' >conn.ca1._011=# conn.ca<n>.retryConnect: >conn.ca1._012=# - number of reconnection attempts on failure >conn.ca1._013=# conn.ca<n>.timeout: >conn.ca1._014=# - connection timeout >conn.ca1._015=# conn.ca<n>.SSLOn: >conn.ca1._016=# - enable SSL or not >conn.ca1._017=# conn.ca<n>.keepAlive: >conn.ca1._018=# - enable keep alive or not >conn.ca1._019=# >conn.ca1._020=# where >conn.ca1._021=# <n> - CA connection ID >conn.ca1._022=######################################### >conn.ca1.clientNickname=epki-core-tps:subsystemCert cert-rhpki-tps9001 >conn.ca1.hostport=ca-da.epki.sstest.office.aol.com:443 >conn.ca1.keepAlive=true >conn.ca1.retryConnect=3 >conn.ca1.servlet.enrollment=/ca/ee/ca/profileSubmitSSLClient >conn.ca1.servlet.revoke=/ca/subsystem/ca/doRevoke >conn.ca1.servlet.unrevoke=/ca/subsystem/ca/doUnrevoke >conn.ca1.timeout=100 >conn.drm.totalConns=1 >conn.drm1.SSLOn=true >conn.drm1._000=######################################### >conn.drm1._001=# DRM connection >conn.drm1._002=# >conn.drm1._003=#conn.drm.totalConns >conn.drm1._004=# - # of DRM connections >conn.drm1._005=#conn.drm<n>.hostport >conn.drm1._006=# - host name and port number of your DRM, the format is host:port >conn.drm1._007=#conn.drm<n>.clientNickname >conn.drm1._008=# - nickname of the client certificate for >conn.drm1._009=# authentication >conn.drm1._010=#conn.drm<n>.servlet.GenerateKeyPair >conn.drm1._011=# - servlet to generate key pairs and archive keys on DRM >conn.drm1._012=# - must be '/kra/GenerateKeyPair' >conn.drm1._013=#conn.drm<n>.servlet.TokenKeyRecovery=/kra/TokenKeyRecovery >conn.drm1._014=# - servlet to handle key recovery >conn.drm1._015=# - must be '/kra/TokenKeyRecovery' >conn.drm1._016=#conn.drm<n>.retryConnect=3 >conn.drm1._017=# - number of reconnection attempts on failure >conn.drm1._018=#conn.drm<n>.SSLOn=true >conn.drm1._019=# - enable SSL or not >conn.drm1._020=#conn.drm<n>.keepAlive=false >conn.drm1._021=# - enable keep alive or not >conn.drm1._022=# >conn.drm1._023=# where >conn.drm1._024=# <n> - DRM connection ID >conn.drm1._025=######################################### >conn.drm1.clientNickname=epki-core-tps:subsystemCert cert-rhpki-tps9001 >conn.drm1.hostport=drm-da.epki.sstest.office.aol.com:8100 >conn.drm1.keepAlive=false >conn.drm1.retryConnect=3 >conn.drm1.servlet.GenerateKeyPair=/kra/agent/kra/GenerateKeyPair >conn.drm1.servlet.TokenKeyRecovery=/kra/agent/kra/TokenKeyRecovery >conn.drm1.timeout=100 >conn.tks1.SSLOn=true >conn.tks1._000=######################################### >conn.tks1._001=# TKS connection >conn.tks1._002=# >conn.tks1._003=# conn.tks<n>.hostport: >conn.tks1._004=# - host name and port number of your TKS, the format is host:port >conn.tks1._005=# conn.tks<n>.clientNickname: >conn.tks1._006=# - nickname of the client certificate for >conn.tks1._007=# authentication >conn.tks1._008=# conn.tks<n>.servlet.computeSessionKey: >conn.tks1._009=# - servlet to compute session key >conn.tks1._010=# - must be '/tks/computeSessionKey' >conn.tks1._011=# conn.tks<n>.servlet.encryptData: >conn.tks1._012=# - servlet to encrypt data >conn.tks1._013=# - must be '/tks/encryptData' >conn.tks1._014=# conn.tks<n>.servlet.createKeySetData: >conn.tks1._015=# - servlet to create key set data >conn.tks1._016=# - must be '/tks/createKeySetData' >conn.tks1._017=# conn.tks<n>.retryConnect: >conn.tks1._018=# - number of reconnection attempts on failure >conn.tks1._019=# conn.tks<n>.SSLOn >conn.tks1._020=# - enable SSL or not >conn.tks1._021=# conn.tks<n>.keepAlive: >conn.tks1._022=# - enable keep alive or not >conn.tks1._023=# >conn.tks1._024=# where >conn.tks1._025=# <n> - TKS connection ID >conn.tks1._026=######################################### >conn.tks1.clientNickname=epki-core-tps:subsystemCert cert-rhpki-tps9001 >conn.tks1.hostport=tks-da.epki.sstest.office.aol.com:8100 >conn.tks1.keepAlive=false >conn.tks1.retryConnect=3 >conn.tks1.serverKeygen=true >conn.tks1.servlet.computeSessionKey=/tks/agent/tks/computeSessionKey >conn.tks1.servlet.createKeySetData=/tks/agent/tks/createKeySetData >conn.tks1.servlet.encryptData=/tks/agent/tks/encryptData >conn.tks1.timeout=100 >cs.type=TPS >failover.pod.enable=false >logging._000=######################################### >logging._001=# RA configuration File >logging._002=# >logging._003=# All <...> must be replaced with >logging._004=# appropriate values. >logging._005=######################################### >logging._006=######################################## >logging._007=# logging >logging._008=# >logging._009=# logging.debug.enable: >logging._010=# logging.audit.enable: >logging._011=# logging.error.enable: >logging._012=# - enable or disable the corresponding logging >logging._013=# logging.debug.filename: >logging._014=# logging.audit.filename: >logging._015=# logging.error.filename: >logging._016=# - name of the log file >logging._017=# logging.debug.level: >logging._018=# logging.audit.level: >logging._019=# logging.error.level: >logging._020=# - level of logging. (0-10) >logging._021=# 0 - no logging, >logging._022=# 4 - LL_PER_SERVER these messages will occur only once >logging._023=# during the entire invocation of the >logging._024=# server, e. g. at startup or shutdown >logging._025=# time., reading the conf parameters. >logging._026=# Perhaps other infrequent events >logging._027=# relating to failing over of CA, TKS, >logging._028=# too >logging._029=# 6 - LL_PER_CONNECTION these messages happen once per >logging._030=# connection - most of the log events >logging._031=# will be at this level >logging._032=# 8 - LL_PER_PDU these messages relate to PDU >logging._033=# processing. If you have something that >logging._034=# is done for every PDU, such as >logging._035=# applying the MAC, it should be logged >logging._036=# at this level >logging._037=# 9 - LL_ALL_DATA_IN_PDU dump all the data in the PDU - a more >logging._038=# chatty version of the above >logging._039=# 10 - all logging >logging._040=######################################### >logging.audit.enable=true >logging.audit.filename=/opt/aolpki/rhpki-tps9001/logs/tps-audit.log >logging.audit.level=10 >logging.debug.enable=true >logging.debug.filename=/opt/aolpki/rhpki-tps9001/logs/tps-debug.log >logging.debug.level=7 >logging.error.enable=true >logging.error.filename=/opt/aolpki/rhpki-tps9001/logs/tps-error.log >logging.error.level=10 >op.enroll._000=######################################### >op.enroll._001=# Default Operations >op.enroll._002=# >op.enroll._003=# op.<op>.mapping.order=<n>,<n>,<n> >op.enroll._004=# - contains at least one value or a series >op.enroll._005=# of comma-separated mapping values which >op.enroll._006=# are checked in sequential order >op.enroll._007=# op.<op>.mapping.<n>.filter.tokenType=userKey >op.enroll._008=# - can be either empty or token type >op.enroll._009=# specified by the client >op.enroll._010=# op.<op>.mapping.<n>.filter.tokenATR= >op.enroll._011=# - can be either empty or token ATR >op.enroll._012=# specified by the client >op.enroll._013=# op.<op>.mapping.<n>.filter.appletMajorVersion=1 >op.enroll._014=# - can be either empty or applet major version >op.enroll._015=# specified by the client >op.enroll._016=# op.<op>.mapping.<n>.filter.appletMinorVersion= >op.enroll._017=# - can be either empty or applet minor version >op.enroll._018=# specified by the client >op.enroll._019=# - if major and minor versions are both zero, this >op.enroll._020=# indicate there is no applet on the token. >op.enroll._021=# op.<op>.mapping.<n>.target.tokenType=userKey >op.enroll._022=# - if tokenType, tokenATR, appletMajorVersion, >op.enroll._023=# and appletMinorVersion are matched, value in >op.enroll._024=# targetTokenType will be used to locate >op.enroll._025=# the corresponding token profile to >op.enroll._026=# process the request. >op.enroll._027=# >op.enroll._028=# where >op.enroll._029=# <op> - operation; enroll,pinReset,format >op.enroll._030=# <n> - mapping ID; order is specifiable >op.enroll._031=# >op.enroll._032=# Token ATR: >op.enroll._033=# Web Store - 3B759400006202020201 >op.enroll._034=######################################### >op.enroll.allowUnknownToken=true >op.enroll.mapping.0.filter.appletMajorVersion=1 >op.enroll.mapping.0.filter.appletMinorVersion= >op.enroll.mapping.0.filter.tokenATR= >op.enroll.mapping.0.filter.tokenCUID.end= >op.enroll.mapping.0.filter.tokenCUID.start= >op.enroll.mapping.0.filter.tokenType=userKey >op.enroll.mapping.0.target.tokenType=userKey >op.enroll.mapping.1.filter.appletMajorVersion= >op.enroll.mapping.1.filter.appletMinorVersion= >op.enroll.mapping.1.filter.tokenATR= >op.enroll.mapping.1.filter.tokenCUID.end= >op.enroll.mapping.1.filter.tokenCUID.start= >op.enroll.mapping.1.filter.tokenType= >op.enroll.mapping.1.target.tokenType=userKey >op.enroll.mapping.order=0,1 >op.enroll.userKey._000=######################################### >op.enroll.userKey._001=# Enrollment Operation For CoolKey >op.enroll.userKey._002=# >op.enroll.userKey._003=# op.enroll.<tokenType>.keyGen.<keyType>.keySize=1024 >op.enroll.userKey._004=# - size of the key the token should generate >op.enroll.userKey._005=# - max value: 1024 >op.enroll.userKey._006=# >op.enroll.userKey._007=# op.enroll.<tokenType>.keyGen.<keyType>.keyCapabilities.encrypt=false >op.enroll.userKey._008=# op.enroll.<tokenType>.keyGen.<keyType>.keyCapabilities.sign=true >op.enroll.userKey._009=# op.enroll.<tokenType>.keyGen.<keyType>.keyCapabilities.signRecover=true >op.enroll.userKey._010=# op.enroll.<tokenType>.keyGen.<keyType>.keyCapabilities.decrypt=false >op.enroll.userKey._011=# op.enroll.<tokenType>.keyGen.<keyType>.keyCapabilities.derive=false >op.enroll.userKey._012=# op.enroll.<tokenType>.keyGen.<keyType>.keyCapabilities.unwrap=false >op.enroll.userKey._013=# op.enroll.<tokenType>.keyGen.<keyType>.keyCapabilities.wrap=false >op.enroll.userKey._014=# op.enroll.<tokenType>.keyGen.<keyType>.keyCapabilities.verifyRecover=true >op.enroll.userKey._015=# op.enroll.<tokenType>.keyGen.<keyType>.keyCapabilities.verify=true >op.enroll.userKey._016=# op.enroll.<tokenType>.keyGen.<keyType>.keyCapabilities.sensitive=true >op.enroll.userKey._017=# op.enroll.<tokenType>.keyGen.<keyType>.keyCapabilities.private=true >op.enroll.userKey._018=# op.enroll.<tokenType>.keyGen.<keyType>.keyCapabilities.token=true >op.enroll.userKey._019=# - specify the PKCS11 attributes to set on the token >op.enroll.userKey._020=# >op.enroll.userKey._021=# op.enroll.userKey.keyGen.signing.cuid_label >op.enroll.userKey._022=# - specify the CUID shown in the certificate >op.enroll.userKey._023=# >op.enroll.userKey._024=# op.enroll.userKey.keyGen.signing.label >op.enroll.userKey._025=# - specify the token name. all resulting labels for co-existing keys >op.enroll.userKey._026=# on the same token must be unique >op.enroll.userKey._027=# - $pretty_cuid$ - Pretty Print CUID (i.e. 4090-0062-FF02-0000-0B9C) >op.enroll.userKey._028=# - $cuid$ - CUID (i.e. 40900062FF0200000B9C) >op.enroll.userKey._029=# - $msn$ - MSN >op.enroll.userKey._030=# - $userid$ - User ID >op.enroll.userKey._031=# - $profileId$ - Profile ID >op.enroll.userKey._032=# >op.enroll.userKey._033=# op.enroll.<tokenType>.keyGen.<keyType>.overwrite=true|false >op.enroll.userKey._034=# - if key and certificate exist, should RA overwrite them >op.enroll.userKey._035=# >op.enroll.userKey._036=# op.enroll.<tokenType>.keyGen.<keyType>.certId=C1 >op.enroll.userKey._037=# op.enroll.<tokenType>.keyGen.<keyType>.certAttrId=c1 >op.enroll.userKey._038=# op.enroll.<tokenType>.keyGen.<keyType>.privateKeyAttrId=k2 >op.enroll.userKey._039=# op.enroll.<tokenType>.keyGen.<keyType>.publicKeyAttrId=k3 >op.enroll.userKey._040=# op.enroll.<tokenType>.keyGen.<keyType>.privateKeyNumber=2 >op.enroll.userKey._041=# op.enroll.<tokenType>.keyGen.<keyType>.publicKeyNumber=3 >op.enroll.userKey._042=# - specify name PKCS11 object IDs >op.enroll.userKey._043=# - Lower case letters signify objects containing PKCS11 object attributes, >op.enroll.userKey._044=# in the format described below. >op.enroll.userKey._045=# 'c' An object containing PKCS11 attributes for a certificate. >op.enroll.userKey._046=# 'k' An object containing PKCS11 attributes for a public or private key >op.enroll.userKey._047=# 'r' An object containing PKCS11 attributes for an "reader". >op.enroll.userKey._048=# - Upper case letters signify objects containing raw data corresponding to >op.enroll.userKey._049=# the lower case letters described above. For example, object "C0" >op.enroll.userKey._050=# contains raw data corresponding to object "c0". >op.enroll.userKey._051=# 'C' This object contains an entire DER cert, and nothing else. >op.enroll.userKey._052=# 'K' This object contains a MUSCLE "key blob". TPS does not use this. >op.enroll.userKey._053=# >op.enroll.userKey._054=# op.enroll.<tokenType>.keyGen.<keyType>.keyUsage=0 >op.enroll.userKey._055=# op.enroll.<tokenType>.keyGen.<keyType>.keyUser=0 >op.enroll.userKey._056=# - user specifies which PIN user should be granted >op.enroll.userKey._057=# use privilege of the generated private key, or >op.enroll.userKey._058=# 15 if all users have use privilege for the private key >op.enroll.userKey._059=# - Valid uage: (only specifies the usage for the private key) >op.enroll.userKey._060=# 0 - default usage (Signing only for this APDU) >op.enroll.userKey._061=# 1 - signing only >op.enroll.userKey._062=# 2 - decryption only >op.enroll.userKey._063=# 3 - signing and decryption >op.enroll.userKey._064=# >op.enroll.userKey._065=# op.enroll.<tokenType>.pkcs11obj.enable=true|false >op.enroll.userKey._066=# - enable writing of PKCS11 cache object to the token >op.enroll.userKey._067=# >op.enroll.userKey._068=# op.enroll.<tokenType>.pkcs11obj.compress.enable=true|false >op.enroll.userKey._069=# - enable compression for writing of PKCS11 cache object to the token >op.enroll.userKey._070=# >op.enroll.userKey._071=# op.enroll.<tokenType>.pinReset.pin.maxRetries=127 >op.enroll.userKey._072=# - max number of retries before blocking the token >op.enroll.userKey._073=# - max value: 127 >op.enroll.userKey._074=# >op.enroll.userKey._075=# There is a special case of tokenType userKeyTemporary. >op.enroll.userKey._076=# Make sure the profile specified by the profileId to have >op.enroll.userKey._077=# short validity period (eg, 7 days) for the certificate. >op.enroll.userKey._078=######################################### >op.enroll.userKey._079=#op.enroll.userKey.keyGen.signing.publisherId=fileBasedPublisher >op.enroll.userKey._080=#op.enroll.userKeyTemporary.keyGen.signing.publisherId=fileBasedPublisher >op.enroll.userKey.auth.enable=true >op.enroll.userKey.auth.id=ldap1 >op.enroll.userKey.keyGen.encryption.ca.conn=ca1 >op.enroll.userKey.keyGen.encryption.ca.profileId=caTokenUserEncryptionKeyEnrollment >op.enroll.userKey.keyGen.encryption.certAttrId=c2 >op.enroll.userKey.keyGen.encryption.certId=C2 >op.enroll.userKey.keyGen.encryption.cuid_label=$cuid$ >op.enroll.userKey.keyGen.encryption.keySize=1024 >op.enroll.userKey.keyGen.encryption.keyUsage=0 >op.enroll.userKey.keyGen.encryption.keyUser=0 >op.enroll.userKey.keyGen.encryption.label=Privacy >op.enroll.userKey.keyGen.encryption.overwrite=false >op.enroll.userKey.keyGen.encryption.private.keyCapabilities.decrypt=true >op.enroll.userKey.keyGen.encryption.private.keyCapabilities.derive=false >op.enroll.userKey.keyGen.encryption.private.keyCapabilities.encrypt=false >op.enroll.userKey.keyGen.encryption.private.keyCapabilities.private=true >op.enroll.userKey.keyGen.encryption.private.keyCapabilities.sensitive=true >op.enroll.userKey.keyGen.encryption.private.keyCapabilities.sign=false >op.enroll.userKey.keyGen.encryption.private.keyCapabilities.signRecover=false >op.enroll.userKey.keyGen.encryption.private.keyCapabilities.token=true >op.enroll.userKey.keyGen.encryption.private.keyCapabilities.unwrap=true >op.enroll.userKey.keyGen.encryption.private.keyCapabilities.verify=false >op.enroll.userKey.keyGen.encryption.private.keyCapabilities.verifyRecover=false >op.enroll.userKey.keyGen.encryption.private.keyCapabilities.wrap=false >op.enroll.userKey.keyGen.encryption.privateKeyAttrId=k4 >op.enroll.userKey.keyGen.encryption.privateKeyNumber=4 >op.enroll.userKey.keyGen.encryption.public.keyCapabilities.decrypt=false >op.enroll.userKey.keyGen.encryption.public.keyCapabilities.derive=false >op.enroll.userKey.keyGen.encryption.public.keyCapabilities.encrypt=true >op.enroll.userKey.keyGen.encryption.public.keyCapabilities.private=false >op.enroll.userKey.keyGen.encryption.public.keyCapabilities.sensitive=false >op.enroll.userKey.keyGen.encryption.public.keyCapabilities.sign=false >op.enroll.userKey.keyGen.encryption.public.keyCapabilities.signRecover=false >op.enroll.userKey.keyGen.encryption.public.keyCapabilities.token=true >op.enroll.userKey.keyGen.encryption.public.keyCapabilities.unwrap=false >op.enroll.userKey.keyGen.encryption.public.keyCapabilities.verify=false >op.enroll.userKey.keyGen.encryption.public.keyCapabilities.verifyRecover=false >op.enroll.userKey.keyGen.encryption.public.keyCapabilities.wrap=true >op.enroll.userKey.keyGen.encryption.publicKeyAttrId=k5 >op.enroll.userKey.keyGen.encryption.publicKeyNumber=5 >op.enroll.userKey.keyGen.encryption.recovery.destroyed.revokeCert=true >op.enroll.userKey.keyGen.encryption.recovery.destroyed.revokeCert.reason=0 >op.enroll.userKey.keyGen.encryption.recovery.destroyed.scheme=RecoverLast >op.enroll.userKey.keyGen.encryption.recovery.keyCompromise.revokeCert=true >op.enroll.userKey.keyGen.encryption.recovery.keyCompromise.revokeCert.reason=1 >op.enroll.userKey.keyGen.encryption.recovery.keyCompromise.scheme=GenerateNewKey >op.enroll.userKey.keyGen.encryption.recovery.onHold.revokeCert=true >op.enroll.userKey.keyGen.encryption.recovery.onHold.revokeCert.reason=6 >op.enroll.userKey.keyGen.encryption.recovery.onHold.scheme=GenerateNewKey >op.enroll.userKey.keyGen.encryption.revokeCert=true >op.enroll.userKey.keyGen.encryption.serverKeygen.archive=true >op.enroll.userKey.keyGen.encryption.serverKeygen.drm.conn=drm1 >op.enroll.userKey.keyGen.encryption.serverKeygen.enable=true >op.enroll.userKey.keyGen.keyType.num=2 >op.enroll.userKey.keyGen.keyType.value.0=signing >op.enroll.userKey.keyGen.keyType.value.1=encryption >op.enroll.userKey.keyGen.recovery.destroyed.keyType.num=2 >op.enroll.userKey.keyGen.recovery.destroyed.keyType.value.0=signing >op.enroll.userKey.keyGen.recovery.destroyed.keyType.value.1=encryption >op.enroll.userKey.keyGen.recovery.keyCompromise.keyType.num=2 >op.enroll.userKey.keyGen.recovery.keyCompromise.keyType.value.0=signing >op.enroll.userKey.keyGen.recovery.keyCompromise.keyType.value.1=encryption >op.enroll.userKey.keyGen.recovery.onHold.keyType.num=2 >op.enroll.userKey.keyGen.recovery.onHold.keyType.value.0=signing >op.enroll.userKey.keyGen.recovery.onHold.keyType.value.1=encryption >op.enroll.userKey.keyGen.signing.ca.conn=ca1 >op.enroll.userKey.keyGen.signing.ca.profileId=caTokenUserSigningKeyEnrollment >op.enroll.userKey.keyGen.signing.certAttrId=c1 >op.enroll.userKey.keyGen.signing.certId=C1 >op.enroll.userKey.keyGen.signing.cuid_label=$cuid$ >op.enroll.userKey.keyGen.signing.keySize=1024 >op.enroll.userKey.keyGen.signing.keyUsage=0 >op.enroll.userKey.keyGen.signing.keyUser=0 >op.enroll.userKey.keyGen.signing.label=Identification >op.enroll.userKey.keyGen.signing.overwrite=false >op.enroll.userKey.keyGen.signing.private.keyCapabilities.decrypt=false >op.enroll.userKey.keyGen.signing.private.keyCapabilities.derive=false >op.enroll.userKey.keyGen.signing.private.keyCapabilities.encrypt=false >op.enroll.userKey.keyGen.signing.private.keyCapabilities.private=true >op.enroll.userKey.keyGen.signing.private.keyCapabilities.sensitive=true >op.enroll.userKey.keyGen.signing.private.keyCapabilities.sign=true >op.enroll.userKey.keyGen.signing.private.keyCapabilities.signRecover=true >op.enroll.userKey.keyGen.signing.private.keyCapabilities.token=true >op.enroll.userKey.keyGen.signing.private.keyCapabilities.unwrap=false >op.enroll.userKey.keyGen.signing.private.keyCapabilities.verify=false >op.enroll.userKey.keyGen.signing.private.keyCapabilities.verifyRecover=false >op.enroll.userKey.keyGen.signing.private.keyCapabilities.wrap=false >op.enroll.userKey.keyGen.signing.privateKeyAttrId=k2 >op.enroll.userKey.keyGen.signing.privateKeyNumber=2 >op.enroll.userKey.keyGen.signing.public.keyCapabilities.decrypt=false >op.enroll.userKey.keyGen.signing.public.keyCapabilities.derive=false >op.enroll.userKey.keyGen.signing.public.keyCapabilities.encrypt=false >op.enroll.userKey.keyGen.signing.public.keyCapabilities.private=false >op.enroll.userKey.keyGen.signing.public.keyCapabilities.sensitive=false >op.enroll.userKey.keyGen.signing.public.keyCapabilities.sign=false >op.enroll.userKey.keyGen.signing.public.keyCapabilities.signRecover=false >op.enroll.userKey.keyGen.signing.public.keyCapabilities.token=true >op.enroll.userKey.keyGen.signing.public.keyCapabilities.unwrap=false >op.enroll.userKey.keyGen.signing.public.keyCapabilities.verify=true >op.enroll.userKey.keyGen.signing.public.keyCapabilities.verifyRecover=true >op.enroll.userKey.keyGen.signing.public.keyCapabilities.wrap=false >op.enroll.userKey.keyGen.signing.publicKeyAttrId=k3 >op.enroll.userKey.keyGen.signing.publicKeyNumber=3 >op.enroll.userKey.keyGen.signing.recovery.destroyed.revokeCert=true >op.enroll.userKey.keyGen.signing.recovery.destroyed.revokeCert.reason=0 >op.enroll.userKey.keyGen.signing.recovery.destroyed.scheme=GenerateNewKey >op.enroll.userKey.keyGen.signing.recovery.keyCompromise.revokeCert=true >op.enroll.userKey.keyGen.signing.recovery.keyCompromise.revokeCert.reason=1 >op.enroll.userKey.keyGen.signing.recovery.keyCompromise.scheme=GenerateNewKey >op.enroll.userKey.keyGen.signing.recovery.onHold.revokeCert=true >op.enroll.userKey.keyGen.signing.recovery.onHold.revokeCert.reason=6 >op.enroll.userKey.keyGen.signing.recovery.onHold.scheme=GenerateNewKey >op.enroll.userKey.keyGen.signing.revokeCert=true >op.enroll.userKey.keyGen.tokenName=$userid$'s AOL Key >op.enroll.userKey.loginRequest.enable=true >op.enroll.userKey.pinReset.enable=true >op.enroll.userKey.pinReset.pin.maxLen=10 >op.enroll.userKey.pinReset.pin.maxRetries=127 >op.enroll.userKey.pinReset.pin.minLen=4 >op.enroll.userKey.pkcs11obj.compress.enable=true >op.enroll.userKey.pkcs11obj.enable=true >op.enroll.userKey.temporaryToken.tokenType=userKeyTemporary >op.enroll.userKey.tks.conn=tks1 >op.enroll.userKey.update.applet.directory=/usr/share/rhpki/tps/applets >op.enroll.userKey.update.applet.emptyToken.enable=true >op.enroll.userKey.update.applet.enable=true >op.enroll.userKey.update.applet.encryption=true >op.enroll.userKey.update.applet.requiredVersion=1.3.44724DDE >op.enroll.userKey.update.symmetricKeys.enable=false >op.enroll.userKey.update.symmetricKeys.requiredVersion=1 >op.enroll.userKeyTemporary.auth.enable=true >op.enroll.userKeyTemporary.auth.id=ldap1 >op.enroll.userKeyTemporary.keyGen.auth.ca.conn=ca1 >op.enroll.userKeyTemporary.keyGen.auth.ca.profileId=caTempTokenDeviceKeyEnrollment >op.enroll.userKeyTemporary.keyGen.auth.certAttrId=c0 >op.enroll.userKeyTemporary.keyGen.auth.certId=C0 >op.enroll.userKeyTemporary.keyGen.auth.cuid_label=$cuid$ >op.enroll.userKeyTemporary.keyGen.auth.keySize=1024 >op.enroll.userKeyTemporary.keyGen.auth.keyUsage=0 >op.enroll.userKeyTemporary.keyGen.auth.keyUser=15 >op.enroll.userKeyTemporary.keyGen.auth.label=Temporary Key for $userid$ >op.enroll.userKeyTemporary.keyGen.auth.overwrite=false >op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.decrypt=false >op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.derive=false >op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.encrypt=false >op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.private=false >op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.sensitive=true >op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.sign=true >op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.signRecover=true >op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.token=true >op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.unwrap=false >op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.verify=true >op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.verifyRecover=true >op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.wrap=false >op.enroll.userKeyTemporary.keyGen.auth.privateKeyAttrId=k0 >op.enroll.userKeyTemporary.keyGen.auth.privateKeyNumber=0 >op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.decrypt=false >op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.derive=false >op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.encrypt=false >op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.private=false >op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.sensitive=true >op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.sign=true >op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.signRecover=true >op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.token=true >op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.unwrap=false >op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.verify=true >op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.verifyRecover=true >op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.wrap=false >op.enroll.userKeyTemporary.keyGen.auth.publicKeyAttrId=k1 >op.enroll.userKeyTemporary.keyGen.auth.publicKeyNumber=1 >op.enroll.userKeyTemporary.keyGen.auth.revokeCert=true >op.enroll.userKeyTemporary.keyGen.encryption.ca.conn=ca1 >op.enroll.userKeyTemporary.keyGen.encryption.ca.profileId=caTempTokenUserEncryptionKeyEnrollment >op.enroll.userKeyTemporary.keyGen.encryption.certAttrId=c2 >op.enroll.userKeyTemporary.keyGen.encryption.certId=C2 >op.enroll.userKeyTemporary.keyGen.encryption.cuid_label=$cuid$ >op.enroll.userKeyTemporary.keyGen.encryption.keySize=1024 >op.enroll.userKeyTemporary.keyGen.encryption.keyUsage=0 >op.enroll.userKeyTemporary.keyGen.encryption.keyUser=0 >op.enroll.userKeyTemporary.keyGen.encryption.label=Privacy >op.enroll.userKeyTemporary.keyGen.encryption.overwrite=false >op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.decrypt=true >op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.derive=false >op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.encrypt=false >op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.private=true >op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.sensitive=true >op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.sign=false >op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.signRecover=false >op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.token=true >op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.unwrap=true >op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.verify=false >op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.verifyRecover=false >op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.wrap=false >op.enroll.userKeyTemporary.keyGen.encryption.privateKeyAttrId=k4 >op.enroll.userKeyTemporary.keyGen.encryption.privateKeyNumber=4 >op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.decrypt=false >op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.derive=false >op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.encrypt=true >op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.private=false >op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.sensitive=false >op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.sign=false >op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.signRecover=false >op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.token=true >op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.unwrap=false >op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.verify=false >op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.verifyRecover=false >op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.wrap=true >op.enroll.userKeyTemporary.keyGen.encryption.publicKeyAttrId=k5 >op.enroll.userKeyTemporary.keyGen.encryption.publicKeyNumber=5 >op.enroll.userKeyTemporary.keyGen.encryption.recovery.onHold.revokeCert=false >op.enroll.userKeyTemporary.keyGen.encryption.recovery.onHold.revokeCert.reason=0 >op.enroll.userKeyTemporary.keyGen.encryption.recovery.onHold.scheme=RecoverLast >op.enroll.userKeyTemporary.keyGen.encryption.revokeCert=true >op.enroll.userKeyTemporary.keyGen.encryption.serverKeygen.archive=true >op.enroll.userKeyTemporary.keyGen.encryption.serverKeygen.drm.conn=drm1 >op.enroll.userKeyTemporary.keyGen.encryption.serverKeygen.enable=true >op.enroll.userKeyTemporary.keyGen.keyType.num=2 >op.enroll.userKeyTemporary.keyGen.keyType.value.0=signing >op.enroll.userKeyTemporary.keyGen.keyType.value.1=encryption >op.enroll.userKeyTemporary.keyGen.recovery.onHold.keyType.num=2 >op.enroll.userKeyTemporary.keyGen.recovery.onHold.keyType.value.0=signing >op.enroll.userKeyTemporary.keyGen.recovery.onHold.keyType.value.1=encryption >op.enroll.userKeyTemporary.keyGen.signing.ca.conn=ca1 >op.enroll.userKeyTemporary.keyGen.signing.ca.profileId=caTempTokenUserSigningKeyEnrollment >op.enroll.userKeyTemporary.keyGen.signing.certAttrId=c1 >op.enroll.userKeyTemporary.keyGen.signing.certId=C1 >op.enroll.userKeyTemporary.keyGen.signing.cuid_label=$cuid$ >op.enroll.userKeyTemporary.keyGen.signing.keySize=1024 >op.enroll.userKeyTemporary.keyGen.signing.keyUsage=0 >op.enroll.userKeyTemporary.keyGen.signing.keyUser=0 >op.enroll.userKeyTemporary.keyGen.signing.label=Identification >op.enroll.userKeyTemporary.keyGen.signing.overwrite=false >op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.decrypt=false >op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.derive=false >op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.encrypt=false >op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.private=true >op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.sensitive=true >op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.sign=true >op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.signRecover=true >op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.token=true >op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.unwrap=false >op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.verify=false >op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.verifyRecover=false >op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.wrap=false >op.enroll.userKeyTemporary.keyGen.signing.privateKeyAttrId=k2 >op.enroll.userKeyTemporary.keyGen.signing.privateKeyNumber=2 >op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.decrypt=false >op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.derive=false >op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.encrypt=false >op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.private=false >op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.sensitive=false >op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.sign=false >op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.signRecover=false >op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.token=true >op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.unwrap=false >op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.verify=true >op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.verifyRecover=true >op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.wrap=false >op.enroll.userKeyTemporary.keyGen.signing.publicKeyAttrId=k3 >op.enroll.userKeyTemporary.keyGen.signing.publicKeyNumber=3 >op.enroll.userKeyTemporary.keyGen.signing.recovery.onHold.revokeCert=true >op.enroll.userKeyTemporary.keyGen.signing.recovery.onHold.revokeCert.reason=0 >op.enroll.userKeyTemporary.keyGen.signing.recovery.onHold.scheme=GenerateNewKey >op.enroll.userKeyTemporary.keyGen.signing.revokeCert=true >op.enroll.userKeyTemporary.keyGen.tokenName=$userid$'s AOL Key >op.enroll.userKeyTemporary.loginRequest.enable=true >op.enroll.userKeyTemporary.pinReset.enable=true >op.enroll.userKeyTemporary.pinReset.pin.maxLen=10 >op.enroll.userKeyTemporary.pinReset.pin.maxRetries=127 >op.enroll.userKeyTemporary.pinReset.pin.minLen=4 >op.enroll.userKeyTemporary.pkcs11obj.compress.enable=true >op.enroll.userKeyTemporary.pkcs11obj.enable=true >op.enroll.userKeyTemporary.tks.conn=tks1 >op.enroll.userKeyTemporary.update.applet.directory=/usr/share/rhpki/tps/applets >op.enroll.userKeyTemporary.update.applet.emptyToken.enable=true >op.enroll.userKeyTemporary.update.applet.enable=true >op.enroll.userKeyTemporary.update.applet.encryption=true >op.enroll.userKeyTemporary.update.applet.requiredVersion=1.3.44724DDE >op.enroll.userKeyTemporary.update.symmetricKeys.enable=false >op.enroll.userKeyTemporary.update.symmetricKeys.requiredVersion=1 >op.format._000=######################################### >op.format._001=# Format Operation For tokenKey >op.format._002=# >op.format._003=# op.format.tokenKey.update.applet.emptyToken.enable=false >op.format._004=# - update applet or not if token is empty >op.format._005=# >op.format._006=# - applicable to CoolKey >op.format._007=# - applicable to HouseKey >op.format._008=# - applicable to HouseKey with Legacy Applet >op.format._009=######################################### >op.format.allowUnknownToken=true >op.format.mapping.0.filter.appletMajorVersion= >op.format.mapping.0.filter.appletMinorVersion= >op.format.mapping.0.filter.tokenATR= >op.format.mapping.0.filter.tokenCUID.end= >op.format.mapping.0.filter.tokenCUID.start= >op.format.mapping.0.filter.tokenType= >op.format.mapping.0.target.tokenType=tokenKey >op.format.mapping.order=0 >op.format.tokenKey.auth.enable=true >op.format.tokenKey.auth.id=ldap1 >op.format.tokenKey.ca.conn=ca1 >op.format.tokenKey.issuerinfo.enable=true >op.format.tokenKey.issuerinfo.value=http://ra-m01.epki.sstest.office.aol.com:9000/cgi-bin/home/index.cgi >op.format.tokenKey.loginRequest.enable=true >op.format.tokenKey.revokeCert=true >op.format.tokenKey.tks.conn=tks1 >op.format.tokenKey.update.applet.directory=/usr/share/rhpki/tps/applets >op.format.tokenKey.update.applet.emptyToken.enable=true >op.format.tokenKey.update.applet.encryption=true >op.format.tokenKey.update.applet.requiredVersion=1.3.44724DDE >op.format.tokenKey.update.symmetricKeys.enable=false >op.format.tokenKey.update.symmetricKeys.requiredVersion=1 >op.pinReset._000=######################################### >op.pinReset._001=# Certificate Chain Imports >op.pinReset._002=# >op.pinReset._003=# op.enroll.certificates.num=1 >op.pinReset._004=# op.enroll.certificates.value.0=caCert >op.pinReset._005=# op.enroll.certificates.caCert.nickName=caCert0 rhpki-tps >op.pinReset._006=# op.enroll.certificates.caCert.certId=C5 >op.pinReset._007=# op.enroll.certificates.caCert.certAttrId=c5 >op.pinReset._008=# op.enroll.certificates.caCert.label=caCert Label >op.pinReset._009=######################################### >op.pinReset._010=######################################### >op.pinReset._011=# Pin Reset Operation For CoolKey >op.pinReset._012=# >op.pinReset._013=# op.pinReset.userKey.update.applet.emptyToken.enable=false >op.pinReset._014=# - update applet or not if token is empty >op.pinReset._015=# >op.pinReset._016=# - N/A for HouseKey >op.pinReset._017=# - N/A for HouseKey with Legacy Applet >op.pinReset._018=######################################### >op.pinReset.mapping.0.filter.appletMajorVersion= >op.pinReset.mapping.0.filter.appletMinorVersion= >op.pinReset.mapping.0.filter.tokenATR= >op.pinReset.mapping.0.filter.tokenCUID.end= >op.pinReset.mapping.0.filter.tokenCUID.start= >op.pinReset.mapping.0.filter.tokenType= >op.pinReset.mapping.0.target.tokenType=userKey >op.pinReset.mapping.order=0 >op.pinReset.userKey.auth.enable=true >op.pinReset.userKey.auth.id=ldap1 >op.pinReset.userKey.loginRequest.enable=true >op.pinReset.userKey.pinReset.pin.maxLen=10 >op.pinReset.userKey.pinReset.pin.minLen=4 >op.pinReset.userKey.tks.conn=tks1 >op.pinReset.userKey.update.applet.directory=/usr/share/rhpki/tps/applets >op.pinReset.userKey.update.applet.emptyToken.enable=true >op.pinReset.userKey.update.applet.enable=false >op.pinReset.userKey.update.applet.encryption=true >op.pinReset.userKey.update.applet.requiredVersion=1.3.44724DDE >op.pinReset.userKey.update.symmetricKeys.enable=false >op.pinReset.userKey.update.symmetricKeys.requiredVersion=1 >preop.ModulePanel.done=true >preop.SizePanel.done=true >preop.admincert.requestId.0=598 >preop.admincert.serialno.0=1312d20 >preop.ca.certchain=MIIH3wYJKoZIhvcNAQcCoIIH0DCCB8wCAQExADAPBgkqhkiG9w0BBwGgAgQAoIIHsDCCA8kwggKxoAMCAQICAQEwDQYJKoZIhvcNAQEFBQAwbDELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE0FtZXJpY2EgT25saW5lIEluYy4xPzA9BgNVBAMTNlN5c1NlY1Rlc3QgQW1lcmljYSBPbmxpbmUgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgMTAeFw0wNDEwMjYwNDAwMDBaFw0zNzEwMjYwNTAwMDBaMGwxCzAJBgNVBAYTAlVTMRwwGgYDVQQKExNBbWVyaWNhIE9ubGluZSBJbmMuMT8wPQYDVQQDEzZTeXNTZWNUZXN0IEFtZXJpY2EgT25saW5lIFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCy021xctM18G9FB4hwlTMn3dB5m9eHEwQzGRuId4J8JXS05CQvOLEj48u87uEaruFEG6vy1D1fsbhvYiHBlveu+9lZoRZozSlYsoXjc0TflsaKdE51eGsDIhc3k1s34IUAZLNu8F0UJexT4zhDD7LikidS8f2ftCW3Rf0T6VwC4BH/m4sSbijxi1geuyxypVhjqmOY6YkMo4ohm/Azh1vSAjPvzLpNyh3j9H+HQ4uV8Qm3aGT9lhfjQYfUsyjXfoxQL0Kk2HlcqBOxQedrc92LedHsiUjgXgPW2xiRDoAt3/RP3pxIMQYE/dsYKLhFygSH3ls35WgGl3G7e7F5yKk7AgMBAAGjdjB0MBEGCWCGSAGG+EIBAQQEAwIABzAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSNMF0qQq16Pl6PDQ2HweqepKc7LTAfBgNVHSMEGDAWgBSNMF0qQq16Pl6PDQ2HweqepKc7LTAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQEFBQADggEBACJQfV4VdJkdWG+ZJZVU1ya16eHfA2ZCaypBYMKOJYRQQKlsd1mob6eBcrMDM6xtWUB0KbicdlHswIAJhr15AFErP6P/vE9D8E1lthjgrXAPut0OhoVHW5OnNmMgdIiHs7+Y676ohzVkUM14PNt9FRM5h/mKMr9tpu5TCBpSHeihdmL9PIGxaGMRR5WArXFoHHakhFSHj/c4//mFB7eAMX9u2HSKMOh2QJfuaMydRgSwLyAA0Jv5sXbbThPYGkny52ujwbjHwMc0jVUAwlGsUUzJp7zW5AJzNVZI1gqnGCTw/5vkql0ZqdGNQuHnH5hzvOIjcvN2v2IRM74rdEAolBIwggPfMIICx6ADAgECAgEGMA0GCSqGSIb3DQEBBAUAMGwxCzAJBgNVBAYTAlVTMRwwGgYDVQQKExNBbWVyaWNhIE9ubGluZSBJbmMuMT8wPQYDVQQDEzZTeXNTZWNUZXN0IEFtZXJpY2EgT25saW5lIFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IDEwHhcNMDQxMTAxMTk1OTQyWhcNMzcxMDI0MTk1OTQyWjBnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWExDzANBgNVBAcTBkR1bGxlczEcMBoGA1UEChMTQW1lcmljYSBPbmxpbmUgSW5jLjEWMBQGA1UEAxMNQU9MIE1lbWJlciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMOn4ZwmmfFzwz29x58VWyf1LygyfO5Xsw7gcNFLwLILPi9LQpS4XhA8JyfUuoggQqyg+0h5hKcoXBxi66L5rm8PpWHyck7oG54RqeFjGLKG5Ho33pIpPDDe3aTynum90yQacPMRvJ3lx4Iz0Kk/6OyHfRvHlcupQ31S8tVPU7nTW+C2SVu+dyqLH8kp7WU8tlK/TxQ2ilnzr8YoSp40QKodpJ4IA7bGZQFh2Nzkc9ytfXqNLMZtPLa9/ImwPTXZmfAmVp+mwOBEqe4DnVPgK5QTEh78AvRsg/MMgb8DQ1nmxLPOaZpSgs2SDFbw3QIj7jKYmk8dsNT96z6lGKVTNVMCAwEAAaOBkDCBjTAdBgNVHQ4EFgQUKfxVDd50RgMX2fYo/xFo/utMABwwDgYDVR0PAQH/BAQDAgGGMBEGCWCGSAGG+EIBAQQEAwIGwDAfBgNVHSMEGDAWgBSNMF0qQq16Pl6PDQ2HweqepKc7LTAPBgNVHRMBAf8EBTADAQH/MBcGA1UdEQQQMA6BDGZsdW9AYW9sLm5ldDANBgkqhkiG9w0BAQQFAAOCAQEADEBPGdnY+E+VSm0MxVxQtY1mz16KvTjd/aW8biz7FOHrxrkEoLIyIcEDZ1NRB0csVR3pd5yrbAb6RnZqdSpRQRcemN5Ptbx9PpKw0XGQmPp+gFIqtSAO89clBV2Yc+aOaPtt5Mm+rDIPbgZGsPuDtBcGne9vQTAdqX9GWH+DfAK2Y7AUE25R66HsdzjqaWvEnh6ziq1XO6UPicNwU92T28F+jeYofLN/2KOFqjAS8/RIPwxaftKb45jMB6UIPCNJ8FDe/DHV/ugQJHZdAP2h6ScMKp+kEcC6hK9RKGuKS444jAo6UxbX7q+pTvY0eFBgauGVRWcDUEhaBsTxE7y6MzEA >preop.ca.list=Certificate Authority CS 72 - https://ca-da.epki.sstest.office.aol.com:443 >preop.ca.url=https://ca-da.epki.sstest.office.aol.com:443 >preop.cainfo.select=https://ca-da.epki.sstest.office.aol.com:443 >preop.cert._000=######################################### >preop.cert._001=# Installation configuration "preop" certs parameters >preop.cert._002=######################################### >preop.cert._003=#preop.cert.sslserver.type=local >preop.cert._004=#preop.cert.sslserver.cncomponent.override=false >preop.cert._005=#preop.cert.subsystem.type=local >preop.cert._006=#preop.cert.subsystem.cncomponent.override=true >preop.cert.list=sslserver,subsystem >preop.cert.sslserver.cert=MIID6DCCAtCgAwIBAgIEATEtHjANBgkqhkiG9w0BAQUFADBnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWExDzANBgNVBAcTBkR1bGxlczEcMBoGA1UEChMTQW1lcmljYSBPbmxpbmUgSW5jLjEWMBQGA1UEAxMNQU9MIE1lbWJlciBDQTAeFw0wNzA1MDMxMjQwNDhaFw0wOTA0MjIxMjQwNDhaMFUxDzANBgNVBAoTBkFPTFBLSTEWMBQGA1UECxMNcmhwa2ktdHBzOTAwMTEqMCgGA1UEAxMhcmEtbTAxLmVwa2kuc3N0ZXN0Lm9mZmljZS5hb2wuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3Bx1yjxK0CRthVuBlAjidJlDcQURI9XxdN6SOfjJLceeKqt0wzGFOFAQfouzlH4vyT179Fz23AgoQMwxa0wWcEiQgeM556FBjujhKsOtGQY5G80q8Axf0WG18tznUhpzA54VkC921eqU47eEHAFfOwat/iPilmqCuQxqBBEBXUXyFEcMKldioXTEeyjc1YhnCNIwqKeij/UTH39wryY3Z40oOAM6nVQFUA+vRGnKQrIhqaMoe3kozW7PxXt/alsjCTD7GK70y0gXBLtICa84KaKZh7MRpRihceJ/v042j/1We+3cSvxvmoPdsLj+taE2dFVQni9Kp9TepafTk+kdgQIDAQABo4GtMIGqMB8GA1UdIwQYMBaAFCn8VQ3edEYDF9n2KP8RaP7rTAAcME4GCCsGAQUFBwEBBEIwQDA+BggrBgEFBQcwAYYyaHR0cDovL2NhLWRhLmVwa2kuc3N0ZXN0Lm9mZmljZS5hb2wuY29tOjgwL2NhL29jc3AwDgYDVR0PAQH/BAQDAgTwMCcGA1UdJQQgMB4GCCsGAQUFBwMBBggrBgEFBQcDAgYIKwYBBQUHAwQwDQYJKoZIhvcNAQEFBQADggEBAJljM6F2qkhRRjCDyxxBZNM6CD+DKlJNJwhG/bEF7Ylqv/cqp8VfWjMyr9fNV3/4dgIc0uihtzyTqT97repWMpYYORJZl1MoLe2LLhecAYxeXcN9Fu6+UuEDsn6ZPhPx95s+wpFqCWIY6P5kufxFt8nD2JgJnOwIFNWNd3E04/f9g+f8/Sj0ckBTstRyUYG0WvAToLf22sl3Gzkh30tcG5Icsd/djRv5ydA+tqMCy9WX8cusy8uP5ubs7RN61ULinDylW56H0JUCt/T7v1KmjumKlbdYJY28P77BfcFa2gbrxUf4zQTQE28ai+WtlUs7o2UncFGYp3I+YT1yGrl8Ji4= >preop.cert.sslserver.certreq=MIICmjCCAYICAQAwVTEPMA0GA1UEChMGQU9MUEtJMRYwFAYDVQQLEw1yaHBraS10cHM5MDAxMSowKAYDVQQDEyFyYS1tMDEuZXBraS5zc3Rlc3Qub2ZmaWNlLmFvbC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDcHHXKPErQJG2FW4GUCOJ0mUNxBREj1fF03pI5+Mktx54qq3TDMYU4UBB+i7OUfi/JPXv0XPbcCChAzDFrTBZwSJCB4znnoUGO6OEqw60ZBjkbzSrwDF/RYbXy3OdSGnMDnhWQL3bV6pTjt4QcAV87Bq3+I+KWaoK5DGoEEQFdRfIURwwqV2KhdMR7KNzViGcI0jCop6KP9RMff3CvJjdnjSg4AzqdVAVQD69EacpCsiGpoyh7eSjNbs/Fe39qWyMJMPsYrvTLSBcEu0gJrzgpopmHsxGlGKFx4n+/TjaP/VZ77dxK/G+ag92wuP61oTZ0VVCeL0qn1N6lp9OT6R2BAgMBAAGgADANBgkqhkiG9w0BAQQFAAOCAQEAje/Rq+hHXVre690XaOsoThhtRjT2Xtq8FYzGO8yMYNDTp2N4+c1s0PtRl98HNqwWLi75ksoyC0Xg2C4sU8ERqyhc3wKyeHVk8jfbCXHwgkM5dLKJIlf+ErsAK4swzz+cmxsrtkGjD8gPLqlsZUDLMvIdFxfPbjiiyUVy//5UFOSzMFsuuHyflRBlnvTH1PNDacE6fxvtSKiB1dkeB7bKV7px2QmoaYho+4cJo1Qp/IHQbtmqWjeUlaHV1pRT5xlgJZcL0ZzsUaa9v93Ly0KYpCNh4ITFBiXgBsI3Cc5eMALEbkgC4kbEwK15Cz6lrJTFhYP7j/SvsWqOp+THPhlraw== >preop.cert.sslserver.defaultSigningAlgorithm=SHA1withRSA >preop.cert.sslserver.dn=CN=ra-m01.epki.sstest.office.aol.com, OU=rhpki-tps9001, O=AOLPKI >preop.cert.sslserver.enable=true >preop.cert.sslserver.keysize.customsize=2048 >preop.cert.sslserver.keysize.select=custom >preop.cert.sslserver.keysize.size=2048 >preop.cert.sslserver.keytype=rsa >preop.cert.sslserver.nickname=epki-core-tps:Server-Cert cert-rhpki-tps9001 >preop.cert.sslserver.profile=caInternalAuthServerCert >preop.cert.sslserver.subsystem=tps >preop.cert.sslserver.userfriendlyname=SSL Server Certificate >preop.cert.subsystem.cert=MIIDzDCCArSgAwIBAgIEATEtHzANBgkqhkiG9w0BAQUFADBnMQswCQYDVQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWExDzANBgNVBAcTBkR1bGxlczEcMBoGA1UEChMTQW1lcmljYSBPbmxpbmUgSW5jLjEWMBQGA1UEAxMNQU9MIE1lbWJlciBDQTAeFw0wNzA1MDMxMjQxMDBaFw0wOTA0MjIxMjQxMDBaME0xDzANBgNVBAoTBkFPTFBLSTEWMBQGA1UECxMNcmhwa2ktdHBzOTAwMTEiMCAGA1UEAxMZVFBTIFN1YnN5c3RlbSBDZXJ0aWZpY2F0ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAO1qSiWH1Vx/yipxz7Rbi2BoGmZCEn1FeCHe2jAezhhrlAGaRzkA1SELZd4T5JykSqZau/sSSY3g3wwlXU772aiX2c2DGfEEIeXHVemK2Wg0ht3SJa5NUdQIFxwqwCZ0seH7mYIwnw/Q/9pxen0PdtQk6CS5pxoqo5JCf0RVeo9zulFyduBTnTcPgERfsdH/HTr4Q7YAvorptOCUS0yOhUarH7U4+JvpB+2hut6ObdqaXznz1Mhs+u3Y7I6q/81ouqNmZwJIPU3f6Ss7NB3iWrRJiZVkCu1CBxCmZnTltr/6u8+nCnybO05h9TzdmN8hjVbrvRJNuAtAHZCUN/k+kWcCAwEAAaOBmTCBljAfBgNVHSMEGDAWgBQp/FUN3nRGAxfZ9ij/EWj+60wAHDBOBggrBgEFBQcBAQRCMEAwPgYIKwYBBQUHMAGGMmh0dHA6Ly9jYS1kYS5lcGtpLnNzdGVzdC5vZmZpY2UuYW9sLmNvbTo4MC9jYS9vY3NwMA4GA1UdDwEB/wQEAwIE8DATBgNVHSUEDDAKBggrBgEFBQcDAjANBgkqhkiG9w0BAQUFAAOCAQEAI1Oqabb/G7WE99/nrGGi8CxLehvMQZmk3JN9IirBdl60fjmodM6PYDECkzwB2qa6c4D9xNqibe+j+os6V0hcy1ceqi+zOldiPFip8INrOI5SGAU78PXRjqb+PAHNMd3jbbesJ2PxMa/PbRZn7wj6I499dfzSN0DTMQjbc/uHEGCyDYzZG5GThlm7Wx+mvZJnWjXSmWxw3gIg2AJvgmIhqGtLt7gdb8naXqnoeBKJRk7CNYI1hgdikMAWQXxZUS8k3N00aH+lMPJVFxmb7sDCD0jSlunDa2LALvP/uW3QAVoVITbCuEju0CjpOw5hL/KMAkGmK+8zmuvKX26lz68+sA== >preop.cert.subsystem.certreq=MIICkjCCAXoCAQAwTTEPMA0GA1UEChMGQU9MUEtJMRYwFAYDVQQLEw1yaHBraS10cHM5MDAxMSIwIAYDVQQDExlUUFMgU3Vic3lzdGVtIENlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7WpKJYfVXH/KKnHPtFuLYGgaZkISfUV4Id7aMB7OGGuUAZpHOQDVIQtl3hPknKRKplq7+xJJjeDfDCVdTvvZqJfZzYMZ8QQh5cdV6YrZaDSG3dIlrk1R1AgXHCrAJnSx4fuZgjCfD9D/2nF6fQ921CToJLmnGiqjkkJ/RFV6j3O6UXJ24FOdNw+ARF+x0f8dOvhDtgC+ium04JRLTI6FRqsftTj4m+kH7aG63o5t2ppfOfPUyGz67djsjqr/zWi6o2ZnAkg9Td/pKzs0HeJatEmJlWQK7UIHEKZmdOW2v/q7z6cKfJs7TmH1PN2Y3yGNVuu9Ek24C0AdkJQ3+T6RZwIDAQABoAAwDQYJKoZIhvcNAQEEBQADggEBANC1dtFdSaz2ykQ/Mf0HypwFRGcZRBU3MDg2aUosdWsCPpJEEiFNJgJm8jA8bUdr2UmXJOfpu5pFLIY0291q7S8bUcJeQuzUbkrs0j0T91eHQBmeEOi+CFW+c13b5zLvgNln7BYFUJ3E0fd5xddc6QKG7+XCPforB0Cu9T7hNp9/haQsPISS6Cb1pSLvlJpG1uMyimGZ0Shti8JNLo9ZSFYIw0YFDqcASixb3WP0bzudkLhB4esD9qJ6UgZzSCVZYWLtpkKie4Gp/qQ5dPQE0jRnG9MBMfNBBCtWN3mUKSViOgF63RFoCgVB8+dn9E7uTn27ZU2iiSjEQmyu1snbJk0= >preop.cert.subsystem.defaultSigningAlgorithm=SHA1withRSA >preop.cert.subsystem.dn=CN=TPS Subsystem Certificate, OU=rhpki-tps9001, O=AOLPKI >preop.cert.subsystem.enable=true >preop.cert.subsystem.keysize.customsize=2048 >preop.cert.subsystem.keysize.select=custom >preop.cert.subsystem.keysize.size=2048 >preop.cert.subsystem.keytype=rsa >preop.cert.subsystem.nickname=epki-core-tps:subsystemCert cert-rhpki-tps9001 >preop.cert.subsystem.profile=caInternalAuthSubsystemCert >preop.cert.subsystem.subsystem=tps >preop.cert.subsystem.userfriendlyname=Subsystem Certificate >preop.certenroll.useExternalCA=off >preop.configModules._000=######################################### >preop.configModules._001=# Installation configuration "preop" module parameters >preop.configModules._002=######################################### >preop.configModules.count=3 >preop.configModules.module0.commonName=NSS Internal PKCS #11 Module >preop.configModules.module0.imagePath=../img/clearpixel.gif >preop.configModules.module0.userFriendlyName=NSS Internal PKCS #11 Module >preop.configModules.module1.commonName=nfast >preop.configModules.module1.imagePath=../img/clearpixel.gif >preop.configModules.module1.userFriendlyName=nCipher's nFast Token Hardware Module >preop.configModules.module2.commonName=lunasa >preop.configModules.module2.imagePath=../img/clearpixel.gif >preop.configModules.module2.userFriendlyName=SafeNet's LunaSA Token Hardware Module >preop.database.basedn=o=CertificateServer >preop.database.binddn=cn=directory manager >preop.database.database=userRoot1 >preop.database.host=ra-m01.epki.sstest.office.aol.com >preop.database.port=41388 >preop.done.status=done >preop.keysize._000=######################################### >preop.keysize._001=# Installation configuration "preop" keysize parameters >preop.keysize._002=######################################### >preop.keysize.customsize=2048 >preop.keysize.select=custom >preop.keysize.size=2048 >preop.krainfo.keygen=keygen >preop.krainfo.select=https://drm-da.epki.sstest.office.aol.com:8100 >preop.module.token=epki-core-tps >preop.pin=TnXm3RTZaC0ca0qhDeGy >preop.securitydomain.ca0.host=ca-da.epki.sstest.office.aol.com >preop.securitydomain.ca0.secureport=443 >preop.securitydomain.ca0.subsystemname=Certificate Authority CS 72 >preop.securitydomain.kra0.host=drm-da.epki.sstest.office.aol.com >preop.securitydomain.kra0.secureport=8100 >preop.securitydomain.kra0.subsystemname=Data Recovery Manager CS72 >preop.securitydomain.name=AOLPKI >preop.securitydomain.tks0.host=tks-da.epki.sstest.office.aol.com >preop.securitydomain.tks0.secureport=8100 >preop.securitydomain.tks0.subsystemname=Token Key Service CS72 >preop.sessionID=-8651379196712087786 >preop.subsystem.name=Token Processing System CS72 >preop.tksinfo.select=https://tks-da.epki.sstest.office.aol.com:8100 >service.instanceDir=/opt/aolpki/rhpki-tps9001 >service.instanceID=rhpki-tps9001 >service.machineName=ra-m01.epki.sstest.office.aol.com >service.securePort=9001 >service.unsecurePort=9000 >tokendb._000=######################################### >tokendb._001=# tokendb.auditLog: >tokendb._002=# - audit log path >tokendb._003=# tokendb.host: >tokendb._004=# - tokendb host name >tokendb._005=# tokendb.port: >tokendb._006=# - tokendb port number >tokendb._007=# tokendb.bindDN: >tokendb._008=# - tokendb administration DN (i.e. cn=Directory Manager) >tokendb._009=# tokendb.bindPassPath: >tokendb._010=# - tokendb administration password file path >tokendb._011=# tokendb.templateDir >tokendb._012=# - directory where all the tokendb templates are located >tokendb._013=# tokendb.userBaseDN: >tokendb._014=# - directory base DN for users and groups >tokendb._015=# tokendb.baseDN: >tokendb._016=# - directory base DN for tokens >tokendb._017=# tokendb.activityBaseDN: >tokendb._018=# - directory base DN for activities >tokendb._019=# tokendb.indexTemplate=index.template >tokendb._020=# - index template >tokendb._021=# tokendb.newTemplate=new.template >tokendb._022=# - add template >tokendb._023=# tokendb.showTemplate=show.template >tokendb._024=# - show template >tokendb._025=# tokendb.errorTemplate=error.template >tokendb._026=# - error template >tokendb._027=# tokendb.searchTemplate=search.template >tokendb._028=# - search template >tokendb._029=# tokendb.searchResultTemplate=searchResults.template >tokendb._030=# - search result template >tokendb._031=# tokendb.editTemplate=edit.template >tokendb._032=# - edit template >tokendb._033=# tokendb.editResultTemplate=editResults.template >tokendb._034=# - edit result template >tokendb._035=# tokendb.addResultTemplate=addResults.template >tokendb._036=# - add result template >tokendb._037=# tokendb.deleteResultTemplate=deleteResults.template >tokendb._038=# - delete result template >tokendb._039=# tokendb.searchActivityTemplate=searchActivity.template >tokendb._040=# - search activity template >tokendb._041=# tokendb.searchActivityResultTemplate=searchActivityResults.template >tokendb._042=# - search activity result template >tokendb._043=# tokendb.showAdminTemplate=showAdmin.template >tokendb._044=# - show admin template >tokendb._045=# tokendb.editAdminTemplate=editAdmin.template >tokendb._046=# - edit admin template >tokendb._047=# tokendb.editAdminResultTemplate=editAdminResults.template >tokendb._048=# - edit admin result template >tokendb._049=# tokendb.searchAdminTemplate=searchAdmin.template >tokendb._050=# - search admin template >tokendb._051=# tokendb.searchAdminResultTemplate=searchAdminResults.template >tokendb._052=# - search admin result template >tokendb._053=# tokendb.defaultPolicy: >tokendb._054=# Supported Policy (Separated by ; [Semicolon]): >tokendb._055=# For example, PIN_RESET=YES|NO;RE_ENROLL=YES|NO >tokendb._056=# PIN_RESET=YES|NO >tokendb._057=# - If not present, pin reset by user is allowed. >tokendb._058=# - If present and agent change PIN_RESET from NO >tokendb._059=# to YES, user is allowed to do pin reset. This >tokendb._060=# policy will be changed back to NO after pin reset. >tokendb._061=# RE_ENROLL=YES|NO >tokendb._062=# - If not present, re-enrollment is allowed. >tokendb._063=# - If present, re-enrollment is allowed when RE_ENROLL >tokendb._064=# is set to YES. Otherwise, re-enrollment is not >tokendb._065=# allowed. >tokendb._066=######################################### >tokendb.activityBaseDN=ou=Activities,o=CertificateServer >tokendb.addResultTemplate=addResults.template >tokendb.auditLog=/opt/aolpki/rhpki-tps9001/rhpki-tps9001/logs/tokendb-audit.log >tokendb.baseDN=ou=Tokens,o=CertificateServer >tokendb.bindDN=cn=Directory Manager >tokendb.bindPassPath=/opt/aolpki/rhpki-tps9001/conf/password.conf >tokendb.certBaseDN=ou=Certificates,o=CertificateServer >tokendb.defaultPolicy=RE_ENROLL=YES,PIN_RESET=NO >tokendb.deleteResultTemplate=deleteResults.template >tokendb.deleteTemplate=delete.template >tokendb.doTokenConfirmTemplate=doTokenConfirm.template >tokendb.doTokenTemplate=doToken.template >tokendb.editAdminResultTemplate=editAdminResults.template >tokendb.editAdminTemplate=editAdmin.template >tokendb.editResultTemplate=editResults.template >tokendb.editTemplate=edit.template >tokendb.errorTemplate=error.template >tokendb.hostport=ra-m01.epki.sstest.office.aol.com:41388 >tokendb.indexAdminTemplate=indexAdmin.template >tokendb.indexTemplate=index.template >tokendb.newTemplate=new.template >tokendb.revokeTemplate=revoke.template >tokendb.searchActivityResultTemplate=searchActivityResults.template >tokendb.searchActivityTemplate=searchActivity.template >tokendb.searchAdminResultTemplate=searchAdminResults.template >tokendb.searchAdminTemplate=searchAdmin.template >tokendb.searchCertificateResultTemplate=searchCertificateResults.template >tokendb.searchCertificateTemplate=searchCertificate.template >tokendb.searchResultTemplate=searchResults.template >tokendb.searchTemplate=search.template >tokendb.showAdminTemplate=showAdmin.template >tokendb.showCertTemplate=showCert.template >tokendb.showTemplate=show.template >tokendb.ssl=false >tokendb.templateDir=/opt/aolpki/rhpki-tps9001/docroot/tus >tokendb.userBaseDN=ou=PrivilegedUsers,o=CertificateServer
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=157948">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 245790
: 157948