raserver.conf.in

Perl写的CA认证程序

## Configuration File for RA Manager Utility
## (c) 1998 by Massimiliano Pala - All Rights Reserved

## LDAP Section:
## =============
##
## As this RA Server Manager has the need to interact with ldap server,
## it is important ( for administrative porpouses ) you can have
## privileged access to directory.

## LDAP Server Name
ldapserver @ldapurl@

## LDAP Port Number ( defaults to 389 )
ldapport @ldapport@

## LDAP Maximum number of records returned by a query
ldaplimit 100

## Now the LDAP default base dn
basedn "o=@org@, c=@country@"

## Let's define the privileged Account Allowed to Modify the LDAP entries
ldaproot "@ldaproot@"
ldappwd  "@ldaprootpwd@"

## Let's define some Directory Env
## supposed to find there the bin/, sbin/ directory
ldapbasedir "/usr/local/ldap"


## Crypto Section
## ==============
openssl    	"@OPENSSL@"
opensslEngine 	"@ENGINE@"
sslconfig  	"@raserver@/@OPENSSL_CFG_DIR@/openssl.cnf"
VerifyPath 	"@prefix@/bin/openca-verify"
SignPath   	"@prefix@/bin/openca-sign"
MakePath   	"@MAKE@"

## General Section
## ===============
ServerDir 	"@raserver@"
BaseDir 	"@raserver@"
SheetsDir	"sheets"
IncludeDir	"sheets/inc"
TextDir		"sheets/txt"

PublicDir 	"@pubweb@"

DBmodule 	"@dbmodule@"
RBAC 		"Off"
MaxReturnedItems 30

TempDir 	"@raserver@/tmp"

pendingrequestsheet "sheets/pending_reqs.html"
ViewRequestSheet "sheets/view_req.html"
ApproveRequestSheet "sheets/app_req.html"

approvedrequestsheet "sheets/approved_reqs.html"
ViewapprovedSheet "sheets/view_app.html"

archiviedrequestsheet "sheets/archivied_reqs.html"
ViewarchiviedSheet "sheets/view_arc.html"

deletedrequestsheet "sheets/deleted_reqs.html"
Viewdeletedsheet "sheets/view_del.html"

pendingcrrrequestsheet "sheets/pending_crr_reqs.html"
ViewCRRRequestSheet "sheets/view_crr_req.html"

certsrequestsheet "sheets/certslist.html"
BaseCertsList "sheets/issued_certs.html"
BaseSearchList 	"sheets/search_list.html"

ViewCertSheet "sheets/viewCert.html"
ValidCertSheet "sheets/viewValidCert.html"

CRLBaseSheet "sheets/issued_crls.html"
viewCrlSheet "sheets/view_crl.html"
RevPendform "forms/revpend.form"

addallcertssheet "sheets/add_all_certs.html"

ViewSignatureSheet 	"sheets/viewSignature.html"

GenRAServerDBSheet "sheets/genraserverdb.html"

RAChoiceBaseSheet "sheets/ra_choice.html"
RA "City Municipality" "Help Desk 1" "Help Desk 2"

RequestCertificateType "User Certificate" "Server Certificate" "CA Certificate"

## Certificates and CRLs Section
## =============================

CACertificate 	"@raserver@/cacert.pem"
CACertsDir 	"@raserver@"
CRLDir		"@raserver@/crl"

## Mail Section
## ============
##
## The RA Manager program needs to send an e-mail to each user when he
## certificate has been successuffly published. Because of this you
## have to configure the sendmail program to use the right server.
## Watch out for mail attacs. Secure yourself.

## Do you want to send mail when certificate is published ?
warnuser yes

## Now let's define the command line for the sendmail with right options
mailcommand 		"/usr/lib/sendmail -n -t -di "
mailsendername 		"Registration Authority"
mailsenderaddress 	"madwolf@openca.org"
basemailfile 		"certsMail.txt"

## Archivier Section
## =================
## The $dest and $orig will be replaced by the given values
## in the In/Out section and in the ExportDev/ImportDev keywords.
##
## For UnpackArchive the $orig is taken from the ImportDev
## and the $dest from the TmpCertsDir keyword.
##
## For CreateArchive the $dest is taken from the ExportDev
CreateArchive "@TAR@ cvfp $dest "
UnpackArchive "@TAR@ xvf $orig -C $dest"
TestArchive   "@TAR@ tvf $dest"

## In/Out Section
## ==============
##
## The used ExportDest and ImportOrig are files used to export and/or
## import archive of Certification Requests and Issued Certificates
## (it can be used a device as well such as /dev/fd0 on a Linux
## or, if you use it on a Solaris an you want to avoid disabling
## the volume manager, use the PreIOExec and PostIOExec with a
## sequence of volcheck/mount/etc... )
## ImportDev "/tmp/openca-outca.tar"
## ExportDev "/tmp/openca-inca.tar"
ImportDev "/dev/fd0"
ExportDev "/dev/fd0"

## Commands to be executed before and/or after the importing process
## or exporting process. You can Omit theese lines as if they are not
## present will be ignored. 
## You can use theese keywords to simply make a 'volcheck -v' or
## 'eject floppy' on Sun to easily manage theese operations. Please
## take note that you'll need to use a block device, such as
## /vol/dev/rdsk/...  *Actually not implemented*
PreIOExec "eject floppy"
PostIOExec "eject floppy"

## If you need a backup copy
ExportBackup "@raserver@/Backup"


##
## Revokation Requests Section
## ---------------------------

## Revocation Requests Dir
RevReqDir "@raserver@/crl/pending"

## revreq Section
AppRevSuccessPage "messages/apprevreq_success.html"
AppRevErrorPage "messages/apprevreq_error.html"
VerifyPath "@prefix@/bin/verify"