.nh .TH pki-tps-connector 5 "April 22, 2014" PKI "PKI TPS Connector Configuration" .SH NAME .PP pki-tps-connector - PKI TPS Connector Configuration .SH LOCATION .PP /var/lib/pki/\fIinstance\fP/conf/tps/CS.cfg .SH DESCRIPTION .PP TPS connector provides a mechanism for TPS to communicate with other PKI subsystems. There are three supported connector types: CA, KRA, and TKS. The connectors are defined using properties in the TPS configuration file. .SH CA CONNECTOR .PP A CA connector is defined using properties that begin with tps.connector.ca<n> where n is a positive integer indicating the ID of the CA connector. .PP \fBtps.connector.ca<n>\&.enable\fP .br This property contains a boolean value indicating whether the connector is enabled. .PP \fBtps.connector.ca<n>\&.host\fP .br In no-failover configuration, the property contains the hostname of the CA. .PP In failover configuration, the property contains a list of hostnames and port numbers of the CA subsystems. The format is hostname:port separated by spaces. .PP \fBtps.connector.ca<n>\&.port\fP .br In no-failover configuration, the property contains the port number of the CA. .PP \fBtps.connector.ca<n>\&.nickName\fP .br This property contains the nickname of the TPS subsystem certificate for SSL client authentication to the CA. .PP \fBtps.connector.ca<n>\&.minHttpConns\fP .br This property contains the minimum number of HTTP connections. .PP \fBtps.connector.ca<n>\&.maxHttpConns\fP .br This property contains the maximum number of HTTP connections. .PP \fBtps.connector.ca<n>\&.uri.<op>\fP .br This property contains the URI to contact CA for the operation <op>\&. Example ops: enrollment, renewal, revoke, unrevoke, getcert. .PP \fBtps.connector.ca<n>\&.timeout\fP .br This property contains the connection timeout. .PP \fBtps.connCAList\fP .br This property is used for \fBRevocation Routing\fP\&. It contains a list of ordered ca id's separated by ',' that the revocation attempt should be made to. Example: tps.connCAList=ca1,ca2 .PP \fBtps.connector.ca<n>\&.caNickname\fP .br This property is used for \fBRevocation Routing\fP\&. It contains the nickname of the CA signing certificate that represents this ca<n>\&. .PP \fBtps.connector.ca<n>\&.caSKI\fP .br This property is used for \fBRevocation Routing\fP\&. It contains the Subject Key Identifier of the CA signing certificate of this ca<n>\&. This value is automatically calculated by TPS once and should not need handling by the administrator. .SH KRA CONNECTOR .PP A KRA connector is defined using properties that begin with tps.connector.kra<n> where n is a positive integer indicating the ID of the KRA connector. .PP \fBtps.connector.kra<n>\&.enable\fP .br This property contains a boolean value indicating whether the connector is enabled. .PP \fBtps.connector.kra<n>\&.host\fP .br In no-failover configuration, the property contains the hostname of the KRA. .PP In failover configuration, the property contains a list of hostnames and port numbers of the KRA subsystems. The format is hostname:port separated by spaces. .PP \fBtps.connector.kra<n>\&.port\fP .br In no-failover configuration, the property contains the port number of the KRA. .PP \fBtps.connector.kra<n>\&.nickName\fP .br This property contains the nickname of the TPS subsystem certificate for SSL client authentication to the KRA. .PP \fBtps.connector.kra<n>\&.minHttpConns\fP .br This property contains the minimum number of HTTP connections. .PP \fBtps.connector.kra<n>\&.maxHttpConns\fP .br This property contains the maximum number of HTTP connections. .PP \fBtps.connector.kra<n>\&.uri.<op>\fP .br This property contains the URI to contact KRA for the operation <op>\&. Example ops: GenerateKeyPair, TokenKeyRecovery. .PP \fBtps.connector.kra<n>\&.timeout\fP .br This property contains the connection timeout. .SH TKS CONNECTOR .PP A TKS connector is defined using properties that begin with tps.connector.tks<n> where n is a positive integer indicating the ID of the TKS connector. .PP \fBtps.connector.tks<n>\&.enable\fP .br This property contains a boolean value indicating whether the connector is enabled. .PP \fBtps.connector.tks<n>\&.host\fP .br In no-failover configuration, the property contains the hostname of the TKS. .PP In failover configuration, the property contains a list of hostnames and port numbers of the TKS subsystems. The format is hostname:port separated by spaces. .PP \fBtps.connector.tks<n>\&.port\fP .br In no-failover configuration, the property contains the port number of the TKS. .PP \fBtps.connector.tks<n>\&.nickName\fP .br This property contains the nickname of the TPS subsystem certificate for SSL client authentication to the TKS. .PP \fBtps.connector.tks<n>\&.minHttpConns\fP .br This property contains the minimum number of HTTP connections. .PP \fBtps.connector.tks<n>\&.maxHttpConns\fP .br This property contains the maximum number of HTTP connections. .PP \fBtps.connector.tks<n>\&.uri.<op>\fP .br This property contains the URI to contact TKS for the operation <op>\&. Example ops: computeRandomData, computeSessionKey, createKeySetData, encryptData. .PP \fBtps.connector.tks<n>\&.timeout\fP .br This property contains the connection timeout. .PP \fBtps.connector.tks<n>\&.generateHostChallenge\fP .br This property contains a boolean value indicating whether to generate host challenge. .PP \fBtps.connector.tks<n>\&.serverKeygen\fP .br This property contains a boolean value indicating whether to generate keys on server side. .PP \fBtps.connector.tks<n>\&.keySet\fP .br This property contains the key set to be used on TKS. .PP \fBtps.connector.tks<n>\&.tksSharedSymKeyName\fP .br This property contains the shared secret key name. .SH EXAMPLE .PP .RS .nf tps.connector.ca1.enable=true tps.connector.ca1.host=pki.example.com tps.connector.ca1.port=8443 tps.connector.ca1.minHttpConns=1 tps.connector.ca1.maxHttpConns=15 tps.connector.ca1.nickName=subsystemCert cert-pki-tomcat TPS tps.connector.ca1.timeout=30 tps.connector.ca1.uri.enrollment=/ca/ee/ca/profileSubmitSSLClient tps.connector.ca1.uri.renewal=/ca/ee/ca/profileSubmitSSLClient tps.connector.ca1.uri.revoke=/ca/ee/subsystem/ca/doRevoke tps.connector.ca1.uri.unrevoke=/ca/ee/subsystem/ca/doUnrevoke # in case of Revocation Routing # note that caSKI is automatically calculated by TPS tps.connCAList=ca1,ca2 tps.connector.ca1.caNickname=caSigningCert cert-pki-tomcat CA tps.connector.ca1.caSKI=hAzNarQMlzit4BymAlbduZMwVCc # ca2 connector in case of Revocation Routing tps.connector.ca2. tps.connector.kra1.enable=true tps.connector.kra1.host=pki.example.com tps.connector.kra1.port=8443 tps.connector.kra1.minHttpConns=1 tps.connector.kra1.maxHttpConns=15 tps.connector.kra1.nickName=subsystemCert cert-pki-tomcat TPS tps.connector.kra1.timeout=30 tps.connector.kra1.uri.GenerateKeyPair=/kra/agent/kra/GenerateKeyPair tps.connector.kra1.uri.TokenKeyRecovery=/kra/agent/kra/TokenKeyRecovery tps.connector.tks1.enable=true tps.connector.tks1.host=pki.example.com tps.connector.tks1.port=8443 tps.connector.tks1.minHttpConns=1 tps.connector.tks1.maxHttpConns=15 tps.connector.tks1.nickName=subsystemCert cert-pki-tomcat TPS tps.connector.tks1.timeout=30 tps.connector.tks1.generateHostChallenge=true tps.connector.tks1.serverKeygen=false tps.connector.tks1.keySet=defKeySet tps.connector.tks1.tksSharedSymKeyName=sharedSecret tps.connector.tks1.uri.computeRandomData=/tks/agent/tks/computeRandomData tps.connector.tks1.uri.computeSessionKey=/tks/agent/tks/computeSessionKey tps.connector.tks1.uri.createKeySetData=/tks/agent/tks/createKeySetData tps.connector.tks1.uri.encryptData=/tks/agent/tks/encryptData .fi .RE .SH AUTHORS .PP Dogtag PKI Team <devel@lists.dogtagpki.org>\&. .SH COPYRIGHT .PP Copyright (c) 2014 Red Hat, Inc. This is licensed under the GNU General Public License, version 2 (GPLv2). A copy of this license is available at http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.