Provided by: pki-tps_10.6.0-1ubuntu2_all 
NAME
pki-tps-connector - PKI TPS Connector Configuration
LOCATION
/var/lib/pki/<instance>/conf/tps/CS.cfg
DESCRIPTION
TPS connector provides a mechanism for TPS to communicate with other PKI subsystems.
There are three supported connector types: CA, KRA, and TKS. The connectors are defined
using properties in the TPS configuration file.
CA CONNECTOR
A CA connector is defined using properties that begin with tps.connector.ca<n> where n is
a positive integer indicating the ID of the CA connector.
tps.connector.ca<n>.enable
This property contains a boolean value indicating whether the connector is enabled.
tps.connector.ca<n>.host
In no-failover configuration, the property contains the hostname of the CA.
In failover configuration, the property contains a list of hostnames and port numbers of
the CA subsystems. The format is hostname:port separated by spaces.
tps.connector.ca<n>.port
In no-failover configuration, the property contains the port number of the CA.
tps.connector.ca<n>.nickName
This property contains the nickname of the TPS subsystem certificate for SSL client
authentication to the CA.
tps.connector.ca<n>.minHttpConns
This property contains the minimum number of HTTP connections.
tps.connector.ca<n>.maxHttpConns
This property contains the maximum number of HTTP connections.
tps.connector.ca<n>.uri.<op>
This property contains the URI to contact CA for the operation <op>. Example ops:
enrollment, renewal, revoke, unrevoke, getcert.
tps.connector.ca<n>.timeout
This property contains the connection timeout.
tps.connCAList
This property is used for Revocation Routing. It contains a list of ordered ca id's
separated by ',' that the revocation attempt should be made to. Example:
tps.connCAList=ca1,ca2
tps.connector.ca<n>.caNickname
This property is used for Revocation Routing. It contains the nickname of the CA signing
certificate that represents this ca<n>.
tps.connector.ca<n>.caSKI
This property is used for Revocation Routing . It contains the Subject Key Identifier of
the CA signing certificate of this ca<n>. This value is automatically calculated by TPS
once and should not need handling by the administrator.
KRA CONNECTOR
A KRA connector is defined using properties that begin with tps.connector.kra<n> where n
is a positive integer indicating the ID of the KRA connector.
tps.connector.kra<n>.enable
This property contains a boolean value indicating whether the connector is enabled.
tps.connector.kra<n>.host
In no-failover configuration, the property contains the hostname of the KRA.
In failover configuration, the property contains a list of hostnames and port numbers of
the KRA subsystems. The format is hostname:port separated by spaces.
tps.connector.kra<n>.port
In no-failover configuration, the property contains the port number of the KRA.
tps.connector.kra<n>.nickName
This property contains the nickname of the TPS subsystem certificate for SSL client
authentication to the KRA.
tps.connector.kra<n>.minHttpConns
This property contains the minimum number of HTTP connections.
tps.connector.kra<n>.maxHttpConns
This property contains the maximum number of HTTP connections.
tps.connector.kra<n>.uri.<op>
This property contains the URI to contact KRA for the operation <op>. Example ops:
GenerateKeyPair, TokenKeyRecovery.
tps.connector.kra<n>.timeout
This property contains the connection timeout.
TKS CONNECTOR
A TKS connector is defined using properties that begin with tps.connector.tks<n> where n
is a positive integer indicating the ID of the TKS connector.
tps.connector.tks<n>.enable
This property contains a boolean value indicating whether the connector is enabled.
tps.connector.tks<n>.host
In no-failover configuration, the property contains the hostname of the TKS.
In failover configuration, the property contains a list of hostnames and port numbers of
the TKS subsystems. The format is hostname:port separated by spaces.
tps.connector.tks<n>.port
In no-failover configuration, the property contains the port number of the TKS.
tps.connector.tks<n>.nickName
This property contains the nickname of the TPS subsystem certificate for SSL client
authentication to the TKS.
tps.connector.tks<n>.minHttpConns
This property contains the minimum number of HTTP connections.
tps.connector.tks<n>.maxHttpConns
This property contains the maximum number of HTTP connections.
tps.connector.tks<n>.uri.<op>
This property contains the URI to contact TKS for the operation <op>. Example ops:
computeRandomData, computeSessionKey, createKeySetData, encryptData.
tps.connector.tks<n>.timeout
This property contains the connection timeout.
tps.connector.tks<n>.generateHostChallenge
This property contains a boolean value indicating whether to generate host challenge.
tps.connector.tks<n>.serverKeygen
This property contains a boolean value indicating whether to generate keys on server side.
tps.connector.tks<n>.keySet
This property contains the key set to be used on TKS.
tps.connector.tks<n>.tksSharedSymKeyName
This property contains the shared secret key name.
EXAMPLE
tps.connector.ca1.enable=true
tps.connector.ca1.host=server.example.com
tps.connector.ca1.port=8443
tps.connector.ca1.minHttpConns=1
tps.connector.ca1.maxHttpConns=15
tps.connector.ca1.nickName=subsystemCert cert-pki-tomcat TPS
tps.connector.ca1.timeout=30
tps.connector.ca1.uri.enrollment=/ca/ee/ca/profileSubmitSSLClient
tps.connector.ca1.uri.renewal=/ca/ee/ca/profileSubmitSSLClient
tps.connector.ca1.uri.revoke=/ca/ee/subsystem/ca/doRevoke
tps.connector.ca1.uri.unrevoke=/ca/ee/subsystem/ca/doUnrevoke
# in case of Revocation Routing
# note that caSKI is automatically calculated by TPS
tps.connCAList=ca1,ca2
tps.connector.ca1.caNickname=caSigningCert cert-pki-tomcat CA
tps.connector.ca1.caSKI=hAzNarQMlzit4BymAlbduZMwVCc
# ca2 connector in case of Revocation Routing
tps.connector.ca2.<etc.>
tps.connector.kra1.enable=true
tps.connector.kra1.host=server.example.com
tps.connector.kra1.port=8443
tps.connector.kra1.minHttpConns=1
tps.connector.kra1.maxHttpConns=15
tps.connector.kra1.nickName=subsystemCert cert-pki-tomcat TPS
tps.connector.kra1.timeout=30
tps.connector.kra1.uri.GenerateKeyPair=/kra/agent/kra/GenerateKeyPair
tps.connector.kra1.uri.TokenKeyRecovery=/kra/agent/kra/TokenKeyRecovery
tps.connector.tks1.enable=true
tps.connector.tks1.host=server.example.com
tps.connector.tks1.port=8443
tps.connector.tks1.minHttpConns=1
tps.connector.tks1.maxHttpConns=15
tps.connector.tks1.nickName=subsystemCert cert-pki-tomcat TPS
tps.connector.tks1.timeout=30
tps.connector.tks1.generateHostChallenge=true
tps.connector.tks1.serverKeygen=false
tps.connector.tks1.keySet=defKeySet
tps.connector.tks1.tksSharedSymKeyName=sharedSecret
tps.connector.tks1.uri.computeRandomData=/tks/agent/tks/computeRandomData
tps.connector.tks1.uri.computeSessionKey=/tks/agent/tks/computeSessionKey
tps.connector.tks1.uri.createKeySetData=/tks/agent/tks/createKeySetData
tps.connector.tks1.uri.encryptData=/tks/agent/tks/encryptData
AUTHORS
Dogtag Team <pki-devel@redhat.com>.
COPYRIGHT
Copyright (c) 2014 Red Hat, Inc. This is licensed under the GNU General Public License,
version 2 (GPLv2). A copy of this license is available at http://www.gnu.org/licenses/old-
licenses/gpl-2.0.txt.