ca.cfg 文件

在线编辑

用途

ca.cfg 文件由 CA 节组成。 CA 节包含证书认证服务使用的公共 CA 信息,用于生成证书请求和证书撤销请求。

描述

对于 ca.cfg 文件中的每个 CA 节, acct.cfg 文件应包含等价的名称为 CA 的节。 ca.cfg 文件中的每个 CA 节名称都必须唯一。 必须至少存在一个名为 本地 的节。 不应该将任何节命名为 LDAP缺省值

示例

* Multiple components of the PKI implementation use this file for configuration
* information.
*
* algorithm      Defines the encryption algorithm used for CMP requests.
*                Supported values are RSA and DSA. The default is RSA.
*
* crl            Specifies the CA's root certificate file.
*
* dn             Defines the default Distinguished Name value for newly
*                created certificates. (Optional) Example:
*                dn = "c=US, o=ZZZ Corp., ou=Sales OEM, sp=Texas, l=Austin"
*
* keysize        Defines the minimum number of bits required when generating
*                an encryption/signing key. The default is 1024.
*
* program        Specifies the PKI service module file name.
*                (Required)
*
* retries        Defines the number of retry attempts when contacting a CA.
*                The default is 5.
*
* server         Defines the URL address of the CA server. Example:
*                "cmp:://9.53.149.39:1077".

* signinghash    Specifies the hash algorithm used to verify keys and to
*                perform trusted certificate signing when validating users.
*                Supported values are MD2, MD5, and SHA1. The default is MD5.
*
* trustedkey     Defines the keystore location containing the system-wide
*                trusted signing key used to sign/verify user certificates.
*
* url            Defines the default subject alternate name URI value to be
*                added to new certificates.
*
local:
      program = /usr/lib/security/pki/JSML
      trustedkey = file:/usr/lib/security/pki/trusted.p15
      server = "cmp://9.53.149.39:1077"
      crl = ldap://9.53.149.39/o=XYZ, c=us
      dn = "c=US, o=XYZ"
      url = "http://www.ibm.com/"
      algorithm = RSA
      keysize = 512
      retries = 5
      signinghash = MD5

文件

/usr/lib/security/pki/ca.cfg