Please review the attached patch which addresses the following ticket:
* PKI TRAC Ticket #1432 - Certificate nickname improvement
<https://fedorahosted.org/pki/ticket/432>
This was tested by successfully:
* creating a shared PKI instance containing a CA, KRA, OCSP, TKS, and TPS,
* creating a separated CA,
* creating a separated KRA,
* creating a separated OCSP,
* creating a separated TKS,
* creating a separated TPS, and
* installing a FreeIPA instance
Detailed contents of the nicknames as they appear in the NSS security
databases of both the shared PKI instance as well as each of the
separated PKI instances is detailed in the above ticket.
From 00d3bc11b4146eb23b48d7458ddef5501f40ca72 Mon Sep 17 00:00:00 2001
From: Matthew Harmsen <[email protected]>
Date: Thu, 2 Jun 2016 19:47:40 -0600
Subject: [PATCH] Certificate nickname improvement
- PKI TRAC Ticket #432 - Certificate nickname improvement
---
base/ca/shared/conf/CS.cfg | 20 ++++++-------
.../src/com/netscape/cmstools/KRATool.java | 2 +-
base/kra/shared/conf/CS.cfg | 16 +++++-----
base/ocsp/shared/conf/CS.cfg | 10 +++----
.../src/com/netscape/cmscore/security/SSLCert.java | 2 +-
.../cmscore/security/SSLSelfSignedCert.java | 2 +-
base/server/etc/default.cfg | 34 +++++++++++-----------
base/server/man/man5/pki_default.cfg.5 | 2 +-
base/server/tomcat7/conf/server.xml | 4 +--
base/server/tomcat8/conf/server.xml | 4 +--
base/tks/shared/conf/CS.cfg | 8 ++---
base/tps-client/apache/conf/nss.conf | 4 +--
base/tps-client/doc/CS.cfg | 10 +++----
base/tps-client/setup/create.pl | 2 +-
base/tps-client/src/engine/RA.cpp | 2 +-
base/tps/man/man5/pki-tps-connector.5 | 12 ++++----
base/tps/shared/conf/CS.cfg | 10 +++----
.../server/tps/cms/ConnectionManager.java | 2 +-
18 files changed, 73 insertions(+), 73 deletions(-)
diff --git a/base/ca/shared/conf/CS.cfg b/base/ca/shared/conf/CS.cfg
index 989a322..45c5857 100644
--- a/base/ca/shared/conf/CS.cfg
+++ b/base/ca/shared/conf/CS.cfg
@@ -14,7 +14,7 @@ pkicreate.tomcat_server_port=[TOMCAT_SERVER_PORT]
pkicreate.user=[PKI_USER]
pkicreate.arg11.group=[PKI_GROUP]
pkicreate.systemd.servicename=[PKI_SYSTEMD_SERVICENAME]
-pkiremove.cert.subsystem.nickname=subsystemCert cert-[PKI_INSTANCE_NAME]
+pkiremove.cert.subsystem.nickname=Subsystem Certificate for [PKI_INSTANCE_NAME]
installDate=[INSTALL_TIME]
preop.wizard.name=CA Setup Wizard
preop.product.name=CS
@@ -72,7 +72,7 @@ preop.cert.signing.dn=CN=Certificate Authority
preop.cert.signing.cncomponent.override=true
preop.cert.signing.keysize.size=2048
preop.cert.signing.keysize.custom_size=2048
-preop.cert.signing.nickname=caSigningCert cert-[PKI_INSTANCE_NAME]
+preop.cert.signing.nickname=CA Signing Certificate for [PKI_INSTANCE_NAME] CA
preop.cert.signing.profile=caCert.profile
preop.cert.signing.signing.required=true
preop.cert.signing.subsystem=ca
@@ -82,7 +82,7 @@ preop.cert.audit_signing.defaultSigningAlgorithm=SHA256withRSA
preop.cert.audit_signing.dn=CN=CA Audit Signing Certificate
preop.cert.audit_signing.keysize.custom_size=2048
preop.cert.audit_signing.keysize.size=2048
-preop.cert.audit_signing.nickname=auditSigningCert cert-[PKI_INSTANCE_NAME]
+preop.cert.audit_signing.nickname=Audit Signing Certificate for [PKI_INSTANCE_NAME] CA
preop.cert.audit_signing.profile=caAuditSigningCert.profile
preop.cert.audit_signing.signing.required=false
preop.cert.audit_signing.subsystem=ca
@@ -93,7 +93,7 @@ preop.cert.ocsp_signing.defaultSigningAlgorithm=SHA256withRSA
preop.cert.ocsp_signing.dn=CN=OCSP Signing Certificate
preop.cert.ocsp_signing.keysize.custom_size=2048
preop.cert.ocsp_signing.keysize.size=2048
-preop.cert.ocsp_signing.nickname=ocspSigningCert cert-[PKI_INSTANCE_NAME]
+preop.cert.ocsp_signing.nickname=OCSP Signing Certificate for [PKI_INSTANCE_NAME] CA
preop.cert.ocsp_signing.profile=caOCSPCert.profile
preop.cert.ocsp_signing.signing.required=true
preop.cert.ocsp_signing.subsystem=ca
@@ -115,7 +115,7 @@ preop.cert.subsystem.defaultSigningAlgorithm=SHA256withRSA
preop.cert.subsystem.dn=CN=CA Subsystem Certificate
preop.cert.subsystem.keysize.custom_size=2048
preop.cert.subsystem.keysize.size=2048
-preop.cert.subsystem.nickname=subsystemCert cert-[PKI_INSTANCE_NAME]
+preop.cert.subsystem.nickname=Subsystem Certificate for [PKI_INSTANCE_NAME]
preop.cert.subsystem.profile=subsystemCert.profile
preop.cert.subsystem.signing.required=false
preop.cert.subsystem.subsystem=ca
@@ -143,9 +143,9 @@ preop.name.caDN=CN=Certificate Authority
preop.name.sslDN=CN=[PKI_HOSTNAME]
preop.name.ocspDN=CN=OCSP Signing Certificate
preop.name.subsystemDN=CN=CA Subsystem Certificate
-preop.name.canickname=caSigningCert cert-[PKI_INSTANCE_NAME]
-preop.name.ocspnickname=ocspSigningCert cert-[PKI_INSTANCE_NAME]
-preop.name.subsystemnickname=subsystemCert cert-[PKI_INSTANCE_NAME]
+preop.name.canickname=CA Signing Certificate for [PKI_INSTANCE_NAME] CA
+preop.name.ocspnickname=OCSP Signing Certificate for [PKI_INSTANCE_NAME] CA
+preop.name.subsystemnickname=Subsystem Certificate for [PKI_INSTANCE_NAME]
preop.name.sslnickname=[PKI_SSL_SERVER_NICKNAME]
preop.subsystem.count=0
subsystem.count=0
@@ -659,7 +659,7 @@ ca.notification.requestInQ.emailTemplate=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_TYPE
ca.notification.requestInQ.enabled=false
ca.notification.requestInQ.recipientEmail=
ca.notification.requestInQ.senderEmail=
-ca.ocsp_signing.cacertnickname=ocspSigningCert cert-[PKI_INSTANCE_NAME]
+ca.ocsp_signing.cacertnickname=OCSP Signing Certificate for [PKI_INSTANCE_NAME] CA
ca.ocsp_signing.defaultSigningAlgorithm=SHA256withRSA
ca.ocsp_signing.tokenname=internal
ca.profiles.defaultSigningAlgsAllowed=SHA256withRSA,SHA1withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA256withEC,SHA1withEC,SHA384withEC,SHA512withEC
@@ -918,7 +918,7 @@ log.instance.SignedAudit.maxFileSize=2000
log.instance.SignedAudit.pluginName=file
log.instance.SignedAudit.rolloverInterval=2592000
log.instance.SignedAudit.signedAudit=_002=##
-log.instance.SignedAudit.signedAuditCertNickname=auditSigningCert cert-[PKI_INSTANCE_NAME]
+log.instance.SignedAudit.signedAuditCertNickname=Audit Signing Certificate for [PKI_INSTANCE_NAME] CA
log.instance.SignedAudit.type=signedAudit
log.instance.System._000=##
log.instance.System._001=## System Logging
diff --git a/base/java-tools/src/com/netscape/cmstools/KRATool.java b/base/java-tools/src/com/netscape/cmstools/KRATool.java
index 2cff383..2c088d7 100644
--- a/base/java-tools/src/com/netscape/cmstools/KRATool.java
+++ b/base/java-tools/src/com/netscape/cmstools/KRATool.java
@@ -610,7 +610,7 @@ public class KRATool {
private static final String SOURCE_STORAGE_CERT_NICKNAME_EXAMPLE = SOURCE_STORAGE_CERT_NICKNAME
+ " "
+ TIC
- + "storageCert cert-pki-kra"
+ + "Storage Certificate for pki-kra KRA"
+ TIC;
private static final String TARGET_STORAGE_CERTIFICATE_FILE = "-target_storage_certificate_file";
diff --git a/base/kra/shared/conf/CS.cfg b/base/kra/shared/conf/CS.cfg
index c597a94..622e818 100644
--- a/base/kra/shared/conf/CS.cfg
+++ b/base/kra/shared/conf/CS.cfg
@@ -13,7 +13,7 @@ pkicreate.tomcat_server_port=[TOMCAT_SERVER_PORT]
pkicreate.user=[PKI_USER]
pkicreate.group=[PKI_GROUP]
pkicreate.systemd.servicename=[PKI_SYSTEMD_SERVICENAME]
-pkiremove.cert.subsystem.nickname=subsystemCert cert-[PKI_INSTANCE_NAME]
+pkiremove.cert.subsystem.nickname=Subsystem Certificate for [PKI_INSTANCE_NAME]
installDate=[INSTALL_TIME]
preop.wizard.name=DRM Setup Wizard
preop.product.name=CS
@@ -61,7 +61,7 @@ preop.cert.audit_signing.defaultSigningAlgorithm=SHA256withRSA
preop.cert.audit_signing.dn=CN=DRM Audit Signing Certificate
preop.cert.audit_signing.keysize.custom_size=2048
preop.cert.audit_signing.keysize.size=2048
-preop.cert.audit_signing.nickname=auditSigningCert cert-[PKI_INSTANCE_NAME]
+preop.cert.audit_signing.nickname=Audit Signing Certificate for [PKI_INSTANCE_NAME] KRA
preop.cert.audit_signing.profile=caInternalAuthAuditSigningCert
preop.cert.audit_signing.signing.required=false
preop.cert.audit_signing.subsystem=kra
@@ -72,7 +72,7 @@ preop.cert.storage.defaultSigningAlgorithm=SHA256withRSA
preop.cert.storage.dn=CN=DRM Storage Certificate
preop.cert.storage.keysize.custom_size=2048
preop.cert.storage.keysize.size=2048
-preop.cert.storage.nickname=storageCert cert-[PKI_INSTANCE_NAME]
+preop.cert.storage.nickname=Storage Certificate for [PKI_INSTANCE_NAME] KRA
preop.cert.storage.profile=caInternalAuthDRMstorageCert
preop.cert.storage.signing.required=false
preop.cert.storage.subsystem=kra
@@ -83,7 +83,7 @@ preop.cert.transport.defaultSigningAlgorithm=SHA256withRSA
preop.cert.transport.dn=CN=DRM Transport Certificate
preop.cert.transport.keysize.custom_size=2048
preop.cert.transport.keysize.size=2048
-preop.cert.transport.nickname=transportCert cert-[PKI_INSTANCE_NAME]
+preop.cert.transport.nickname=Transport Certificate for [PKI_INSTANCE_NAME] KRA
preop.cert.transport.profile=caInternalAuthTransportCert
preop.cert.transport.signing.required=false
preop.cert.transport.subsystem=kra
@@ -105,7 +105,7 @@ preop.cert.subsystem.defaultSigningAlgorithm=SHA256withRSA
preop.cert.subsystem.dn=CN=DRM Subsystem Certificate
preop.cert.subsystem.keysize.custom_size=2048
preop.cert.subsystem.keysize.size=2048
-preop.cert.subsystem.nickname=subsystemCert cert-[PKI_INSTANCE_NAME]
+preop.cert.subsystem.nickname=Subsystem Certificate for [PKI_INSTANCE_NAME]
preop.cert.subsystem.profile=caInternalAuthSubsystemCert
preop.cert.subsystem.signing.required=false
preop.cert.subsystem.subsystem=kra
@@ -270,8 +270,8 @@ kra.recoveryAgentGroup=Data Recovery Manager Agents
kra.reqdbInc=20
kra.entropy.bitsperkeypair=0
kra.entropy.blockwarnms=0
-kra.storageUnit.nickName=storageCert cert-[PKI_INSTANCE_NAME]
-kra.transportUnit.nickName=transportCert cert-[PKI_INSTANCE_NAME]
+kra.storageUnit.nickName=Storage Certificate for [PKI_INSTANCE_NAME] KRA
+kra.transportUnit.nickName=Transport Certificate for [PKI_INSTANCE_NAME] KRA
log._000=##
log._001=## Logging
log._002=##
@@ -297,7 +297,7 @@ log.instance.SignedAudit.rolloverInterval=2592000
log.instance.SignedAudit.signedAudit:_000=##
log.instance.SignedAudit.signedAudit:_001=## Fill in the nickname of a trusted signing certificate to allow KRA audit logs to be signed
log.instance.SignedAudit.signedAudit:_002=##
-log.instance.SignedAudit.signedAuditCertNickname=auditSigningCert cert-[PKI_INSTANCE_NAME]
+log.instance.SignedAudit.signedAuditCertNickname=Audit Signing Certificate for [PKI_INSTANCE_NAME] KRA
log.instance.SignedAudit.type=signedAudit
log.instance.System._000=##
log.instance.System._001=## System Logging
diff --git a/base/ocsp/shared/conf/CS.cfg b/base/ocsp/shared/conf/CS.cfg
index fa50d48..cfb1fe8 100644
--- a/base/ocsp/shared/conf/CS.cfg
+++ b/base/ocsp/shared/conf/CS.cfg
@@ -14,7 +14,7 @@ pkicreate.tomcat_server_port=[TOMCAT_SERVER_PORT]
pkicreate.user=[PKI_USER]
pkicreate.group=[PKI_GROUP]
pkicreate.systemd.servicename=[PKI_SYSTEMD_SERVICENAME]
-pkiremove.cert.subsystem.nickname=subsystemCert cert-[PKI_INSTANCE_NAME]
+pkiremove.cert.subsystem.nickname=Subsystem Certificate for [PKI_INSTANCE_NAME]
installDate=[INSTALL_TIME]
cs.type=OCSP
admin.interface.uri=ocsp/admin/console/config/wizard
@@ -58,7 +58,7 @@ preop.cert.audit_signing.defaultSigningAlgorithm=SHA256withRSA
preop.cert.audit_signing.dn=CN=OCSP Audit Signing Certificate
preop.cert.audit_signing.keysize.custom_size=2048
preop.cert.audit_signing.keysize.size=2048
-preop.cert.audit_signing.nickname=auditSigningCert cert-[PKI_INSTANCE_NAME]
+preop.cert.audit_signing.nickname=Audit Signing Certificate for [PKI_INSTANCE_NAME] OCSP
preop.cert.audit_signing.profile=caInternalAuthAuditSigningCert
preop.cert.audit_signing.signing.required=false
preop.cert.audit_signing.subsystem=ocsp
@@ -69,7 +69,7 @@ preop.cert.signing.defaultSigningAlgorithm=SHA256withRSA
preop.cert.signing.dn=CN=OCSP Signing Certificate
preop.cert.signing.keysize.custom_size=2048
preop.cert.signing.keysize.size=2048
-preop.cert.signing.nickname=ocspSigningCert cert-[PKI_INSTANCE_NAME]
+preop.cert.signing.nickname=OCSP Signing Certificate for [PKI_INSTANCE_NAME] OCSP
preop.cert.signing.profile=caInternalAuthOCSPCert
preop.cert.signing.signing.required=true
preop.cert.signing.subsystem=ocsp
@@ -91,7 +91,7 @@ preop.cert.subsystem.defaultSigningAlgorithm=SHA256withRSA
preop.cert.subsystem.dn=CN=OCSP Subsystem Certificate
preop.cert.subsystem.keysize.custom_size=2048
preop.cert.subsystem.keysize.size=2048
-preop.cert.subsystem.nickname=subsystemCert cert-[PKI_INSTANCE_NAME]
+preop.cert.subsystem.nickname=Subsystem Certificate for [PKI_INSTANCE_NAME]
preop.cert.subsystem.profile=caInternalAuthSubsystemCert
preop.cert.subsystem.signing.required=false
preop.cert.subsystem.subsystem=ocsp
@@ -233,7 +233,7 @@ log.instance.SignedAudit.rolloverInterval=2592000
log.instance.SignedAudit.signedAudit:_000=##
log.instance.SignedAudit.signedAudit:_001=## Fill in the nickname of a trusted signing certificate to allow OCSP audit logs to be signed
log.instance.SignedAudit.signedAudit:_002=##
-log.instance.SignedAudit.signedAuditCertNickname=auditSigningCert cert-[PKI_INSTANCE_NAME]
+log.instance.SignedAudit.signedAuditCertNickname=Audit Signing Certificate for [PKI_INSTANCE_NAME] OCSP
log.instance.SignedAudit.type=signedAudit
log.instance.System._000=##
log.instance.System._001=## System Logging
diff --git a/base/server/cmscore/src/com/netscape/cmscore/security/SSLCert.java b/base/server/cmscore/src/com/netscape/cmscore/security/SSLCert.java
index 99b920c..a4d9556 100644
--- a/base/server/cmscore/src/com/netscape/cmscore/security/SSLCert.java
+++ b/base/server/cmscore/src/com/netscape/cmscore/security/SSLCert.java
@@ -84,7 +84,7 @@ public class SSLCert extends CertificateInfo {
if (name != null)
return name;
- return "Server-Cert " + instanceName;
+ return "Server Certificate " + instanceName;
}
/*
diff --git a/base/server/cmscore/src/com/netscape/cmscore/security/SSLSelfSignedCert.java b/base/server/cmscore/src/com/netscape/cmscore/security/SSLSelfSignedCert.java
index 8cee1d1..8c69b5b 100644
--- a/base/server/cmscore/src/com/netscape/cmscore/security/SSLSelfSignedCert.java
+++ b/base/server/cmscore/src/com/netscape/cmscore/security/SSLSelfSignedCert.java
@@ -76,7 +76,7 @@ public class SSLSelfSignedCert extends CertificateInfo {
if (name != null)
return name;
- return "Remote Admin Server-Cert " + instanceName;
+ return "Remote Admin Server Certificate " + instanceName;
}
/*
diff --git a/base/server/etc/default.cfg b/base/server/etc/default.cfg
index b2a2490..fe08dd0 100644
--- a/base/server/etc/default.cfg
+++ b/base/server/etc/default.cfg
@@ -121,13 +121,13 @@ pki_skip_sd_verify=False
pki_ssl_server_key_algorithm=SHA256withRSA
pki_ssl_server_key_size=2048
pki_ssl_server_key_type=rsa
-pki_ssl_server_nickname=Server-Cert cert-%(pki_instance_name)s
+pki_ssl_server_nickname=Server Certificate for %(pki_instance_name)s
pki_ssl_server_subject_dn=cn=%(pki_hostname)s,o=%(pki_security_domain_name)s
pki_ssl_server_token=Internal Key Storage Token
pki_subsystem_key_algorithm=SHA256withRSA
pki_subsystem_key_size=2048
pki_subsystem_key_type=rsa
-pki_subsystem_nickname=subsystemCert cert-%(pki_instance_name)s
+pki_subsystem_nickname=Subsystem Certificate for %(pki_instance_name)s
pki_subsystem_subject_dn=cn=Subsystem Certificate,o=%(pki_security_domain_name)s
pki_subsystem_token=Internal Key Storage Token
pki_theme_enable=True
@@ -369,7 +369,7 @@ pki_nuxwdog_client_jar=/usr/lib/java/nuxwdog.jar
pki_ca_signing_key_algorithm=SHA256withRSA
pki_ca_signing_key_size=2048
pki_ca_signing_key_type=rsa
-pki_ca_signing_nickname=caSigningCert cert-%(pki_instance_name)s CA
+pki_ca_signing_nickname=CA Signing Certificate for %(pki_instance_name)s CA
pki_ca_signing_signing_algorithm=SHA256withRSA
pki_ca_signing_subject_dn=cn=CA Signing Certificate,o=%(pki_security_domain_name)s
pki_ca_signing_token=Internal Key Storage Token
@@ -392,7 +392,7 @@ pki_import_admin_cert=False
pki_ocsp_signing_key_algorithm=SHA256withRSA
pki_ocsp_signing_key_size=2048
pki_ocsp_signing_key_type=rsa
-pki_ocsp_signing_nickname=ocspSigningCert cert-%(pki_instance_name)s CA
+pki_ocsp_signing_nickname=OCSP Signing Certificate for %(pki_instance_name)s CA
pki_ocsp_signing_signing_algorithm=SHA256withRSA
pki_ocsp_signing_subject_dn=cn=CA OCSP Signing Certificate,o=%(pki_security_domain_name)s
pki_ocsp_signing_token=Internal Key Storage Token
@@ -403,10 +403,10 @@ pki_subordinate_create_new_security_domain=False
pki_subordinate_security_domain_name=%(pki_dns_domainname)s Subordinate Security Domain
pki_admin_email=%(pki_admin_name)s@%(pki_dns_domainname)s
pki_admin_name=%(pki_admin_uid)s
-pki_admin_nickname=PKI Administrator for %(pki_dns_domainname)s
+pki_admin_nickname=PKI Administrator Certificate for %(pki_instance_name)s
pki_admin_subject_dn=cn=PKI Administrator,e=%(pki_admin_email)s,o=%(pki_security_domain_name)s
pki_admin_uid=caadmin
-pki_audit_signing_nickname=auditSigningCert cert-%(pki_instance_name)s CA
+pki_audit_signing_nickname=Audit Signing Certificate for %(pki_instance_name)s CA
pki_audit_signing_subject_dn=cn=CA Audit Signing Certificate,o=%(pki_security_domain_name)s
pki_ds_base_dn=o=%(pki_instance_name)s-CA
pki_ds_database=%(pki_instance_name)s-CA
@@ -474,23 +474,23 @@ pki_external_transport_cert_path=%(pki_instance_configuration_path)s/%(pki_subsy
pki_storage_key_algorithm=SHA256withRSA
pki_storage_key_size=2048
pki_storage_key_type=rsa
-pki_storage_nickname=storageCert cert-%(pki_instance_name)s KRA
+pki_storage_nickname=Storage Certificate for %(pki_instance_name)s KRA
pki_storage_signing_algorithm=SHA256withRSA
pki_storage_subject_dn=cn=DRM Storage Certificate,o=%(pki_security_domain_name)s
pki_storage_token=Internal Key Storage Token
pki_transport_key_algorithm=SHA256withRSA
pki_transport_key_size=2048
pki_transport_key_type=rsa
-pki_transport_nickname=transportCert cert-%(pki_instance_name)s KRA
+pki_transport_nickname=Transport Certificate for %(pki_instance_name)s KRA
pki_transport_signing_algorithm=SHA256withRSA
pki_transport_subject_dn=cn=DRM Transport Certificate,o=%(pki_security_domain_name)s
pki_transport_token=Internal Key Storage Token
pki_admin_email=%(pki_admin_name)s@%(pki_dns_domainname)s
pki_admin_name=%(pki_admin_uid)s
-pki_admin_nickname=PKI Administrator for %(pki_dns_domainname)s
+pki_admin_nickname=PKI Administrator Certificate for %(pki_instance_name)s
pki_admin_subject_dn=cn=PKI Administrator,e=%(pki_admin_email)s,o=%(pki_security_domain_name)s
pki_admin_uid=kraadmin
-pki_audit_signing_nickname=auditSigningCert cert-%(pki_instance_name)s KRA
+pki_audit_signing_nickname=Audit Signing Certificate for %(pki_instance_name)s KRA
pki_audit_signing_subject_dn=cn=KRA Audit Signing Certificate,o=%(pki_security_domain_name)s
pki_ds_base_dn=o=%(pki_instance_name)s-KRA
pki_ds_database=%(pki_instance_name)s-KRA
@@ -543,16 +543,16 @@ pki_external_subsystem_cert_path=%(pki_instance_configuration_path)s/%(pki_subsy
pki_ocsp_signing_key_algorithm=SHA256withRSA
pki_ocsp_signing_key_size=2048
pki_ocsp_signing_key_type=rsa
-pki_ocsp_signing_nickname=ocspSigningCert cert-%(pki_instance_name)s OCSP
+pki_ocsp_signing_nickname=OCSP Signing Certificate for %(pki_instance_name)s OCSP
pki_ocsp_signing_signing_algorithm=SHA256withRSA
pki_ocsp_signing_subject_dn=cn=OCSP Signing Certificate,o=%(pki_security_domain_name)s
pki_ocsp_signing_token=Internal Key Storage Token
pki_admin_email=%(pki_admin_name)s@%(pki_dns_domainname)s
pki_admin_name=%(pki_admin_uid)s
-pki_admin_nickname=PKI Administrator for %(pki_dns_domainname)s
+pki_admin_nickname=PKI Administrator Certificate for %(pki_instance_name)s
pki_admin_subject_dn=cn=PKI Administrator,e=%(pki_admin_email)s,o=%(pki_security_domain_name)s
pki_admin_uid=ocspadmin
-pki_audit_signing_nickname=auditSigningCert cert-%(pki_instance_name)s OCSP
+pki_audit_signing_nickname=Audit Signing Certificate for %(pki_instance_name)s OCSP
pki_audit_signing_subject_dn=cn=OCSP Audit Signing Certificate,o=%(pki_security_domain_name)s
pki_ds_base_dn=o=%(pki_instance_name)s-OCSP
pki_ds_database=%(pki_instance_name)s-OCSP
@@ -581,10 +581,10 @@ pki_share_dbuser_dn=uid=pkidbuser,ou=people,o=%(pki_instance_name)s-CA
pki_import_admin_cert=True
pki_admin_email=%(pki_admin_name)s@%(pki_dns_domainname)s
pki_admin_name=%(pki_admin_uid)s
-pki_admin_nickname=PKI Administrator for %(pki_dns_domainname)s
+pki_admin_nickname=PKI Administrator Certificate for %(pki_instance_name)s
pki_admin_subject_dn=cn=PKI Administrator,e=%(pki_admin_email)s,o=%(pki_security_domain_name)s
pki_admin_uid=tksadmin
-pki_audit_signing_nickname=auditSigningCert cert-%(pki_instance_name)s TKS
+pki_audit_signing_nickname=Audit Signing Certificate for %(pki_instance_name)s TKS
pki_audit_signing_subject_dn=cn=TKS Audit Signing Certificate,o=%(pki_security_domain_name)s
pki_ds_base_dn=o=%(pki_instance_name)s-TKS
pki_ds_database=%(pki_instance_name)s-TKS
@@ -603,10 +603,10 @@ pki_share_dbuser_dn=uid=pkidbuser,ou=people,o=%(pki_instance_name)s-CA
pki_import_admin_cert=True
pki_admin_email=%(pki_admin_name)s@%(pki_dns_domainname)s
pki_admin_name=%(pki_admin_uid)s
-pki_admin_nickname=PKI Administrator for %(pki_dns_domainname)s
+pki_admin_nickname=PKI Administrator Certificate for %(pki_instance_name)s
pki_admin_subject_dn=cn=PKI Administrator,e=%(pki_admin_email)s,o=%(pki_security_domain_name)s
pki_admin_uid=tpsadmin
-pki_audit_signing_nickname=auditSigningCert cert-%(pki_instance_name)s TPS
+pki_audit_signing_nickname=Audit Signing Certificate for %(pki_instance_name)s TPS
pki_audit_signing_subject_dn=cn=TPS Audit Signing Certificate,o=%(pki_security_domain_name)s
pki_ds_base_dn=o=%(pki_instance_name)s-TPS
pki_ds_database=%(pki_instance_name)s-TPS
diff --git a/base/server/man/man5/pki_default.cfg.5 b/base/server/man/man5/pki_default.cfg.5
index edb338e..2410c1e 100644
--- a/base/server/man/man5/pki_default.cfg.5
+++ b/base/server/man/man5/pki_default.cfg.5
@@ -39,7 +39,7 @@ customization.
.PP
There are a small number of bootstrap parameters which are passed in the configuration file by \fBpkispawn\fP. Other parameter's values can be interpolated tokens rather than explicit values. For example:
.PP
-\fBpki_ca_signing_nickname=caSigningCert cert-%(pki_instance_name)s CA\fP
+\fBpki_ca_signing_nickname=CA Signing Certificate for %(pki_instance_name)s CA\fP
.PP
This substitutes the value of pki_instance_name into the parameter value. It is possible to interpolate any non-password parameter within a section or in [DEFAULT]. Any parameter used in interpolation can \fBONLY\fP be overridden within the same section. So, for example, pki_instance_name should only be overridden in [DEFAULT]; otherwise, interpolations can fail.
.TP
diff --git a/base/server/tomcat7/conf/server.xml b/base/server/tomcat7/conf/server.xml
index eb4ef8e..212e0c6 100644
--- a/base/server/tomcat7/conf/server.xml
+++ b/base/server/tomcat7/conf/server.xml
@@ -174,7 +174,7 @@ Tomcat Port = [TOMCAT_SERVER_PORT] (for shutdown)
case of the same security domain.
In case of an ocsp signing certificate, one must import the cert
into the subsystem's nss db and set trust. e.g.:
- certutil -d . -A -n "ocspSigningCert cert-pki-ca" -t "C,," -a -i ocspCert.b64
+ certutil -d . -A -n "OCSP Signing Certificate for pki-ca CA" -t "C,," -a -i ocspCert.b64
ocspCacheSize - sets max cache entries
ocspMinCacheEntryDuration - sets minimum seconds to next fetch attempt
ocspMaxCacheEntryDuration - sets maximum seconds to next fetch attempt
@@ -191,7 +191,7 @@ Tomcat Port = [TOMCAT_SERVER_PORT] (for shutdown)
sslImplementationName="org.apache.tomcat.util.net.jss.JSSImplementation"
enableOCSP="false"
ocspResponderURL="http://[PKI_HOSTNAME]:9080/ca/ocsp";
- ocspResponderCertNickname="ocspSigningCert cert-pki-ca"
+ ocspResponderCertNickname="OCSP Signing Certificate for pki-ca CA"
ocspCacheSize="1000"
ocspMinCacheEntryDuration="60"
ocspMaxCacheEntryDuration="120"
diff --git a/base/server/tomcat8/conf/server.xml b/base/server/tomcat8/conf/server.xml
index 9148d15..1b0a6a6 100644
--- a/base/server/tomcat8/conf/server.xml
+++ b/base/server/tomcat8/conf/server.xml
@@ -193,7 +193,7 @@ Tomcat Port = [TOMCAT_SERVER_PORT] (for shutdown)
case of the same security domain.
In case of an ocsp signing certificate, one must import the cert
into the subsystem's nss db and set trust. e.g.:
- certutil -d . -A -n "ocspSigningCert cert-pki-ca" -t "C,," -a -i ocspCert.b64
+ certutil -d . -A -n "OCSP Signing Certificate for pki-ca CA" -t "C,," -a -i ocspCert.b64
ocspCacheSize - sets max cache entries
ocspMinCacheEntryDuration - sets minimum seconds to next fetch attempt
ocspMaxCacheEntryDuration - sets maximum seconds to next fetch attempt
@@ -216,7 +216,7 @@ Tomcat Port = [TOMCAT_SERVER_PORT] (for shutdown)
sslImplementationName="org.apache.tomcat.util.net.jss.JSSImplementation"
enableOCSP="false"
ocspResponderURL="http://[PKI_HOSTNAME]:9080/ca/ocsp";
- ocspResponderCertNickname="ocspSigningCert cert-pki-ca"
+ ocspResponderCertNickname="OCSP Signing Certificate for pki-ca CA"
ocspCacheSize="1000"
ocspMinCacheEntryDuration="60"
ocspMaxCacheEntryDuration="120"
diff --git a/base/tks/shared/conf/CS.cfg b/base/tks/shared/conf/CS.cfg
index 346cc58..5fcd9f4 100644
--- a/base/tks/shared/conf/CS.cfg
+++ b/base/tks/shared/conf/CS.cfg
@@ -14,7 +14,7 @@ pkicreate.tomcat_server_port=[TOMCAT_SERVER_PORT]
pkicreate.user=[PKI_USER]
pkicreate.group=[PKI_GROUP]
pkicreate.systemd.servicename=[PKI_SYSTEMD_SERVICENAME]
-pkiremove.cert.subsystem.nickname=subsystemCert cert-[PKI_INSTANCE_NAME]
+pkiremove.cert.subsystem.nickname=Subsystem Certificate for [PKI_INSTANCE_NAME]
installDate=[INSTALL_TIME]
cs.type=TKS
admin.interface.uri=tks/admin/console/config/wizard
@@ -43,7 +43,7 @@ preop.cert.audit_signing.defaultSigningAlgorithm=SHA256withRSA
preop.cert.audit_signing.dn=CN=TKS Audit Signing Certificate
preop.cert.audit_signing.keysize.custom_size=2048
preop.cert.audit_signing.keysize.size=2048
-preop.cert.audit_signing.nickname=auditSigningCert cert-[PKI_INSTANCE_NAME]
+preop.cert.audit_signing.nickname=Audit Signing Certificate for [PKI_INSTANCE_NAME] TKS
preop.cert.audit_signing.profile=caInternalAuthAuditSigningCert
preop.cert.audit_signing.signing.required=false
preop.cert.audit_signing.subsystem=tks
@@ -65,7 +65,7 @@ preop.cert.subsystem.defaultSigningAlgorithm=SHA256withRSA
preop.cert.subsystem.dn=CN=TKS Subsystem Certificate
preop.cert.subsystem.keysize.custom_size=2048
preop.cert.subsystem.keysize.size=2048
-preop.cert.subsystem.nickname=subsystemCert cert-[PKI_INSTANCE_NAME]
+preop.cert.subsystem.nickname=Subsystem Certificate for [PKI_INSTANCE_NAME]
preop.cert.subsystem.profile=caInternalAuthSubsystemCert
preop.cert.subsystem.signing.required=false
preop.cert.subsystem.subsystem=tks
@@ -225,7 +225,7 @@ log.instance.SignedAudit.rolloverInterval=2592000
log.instance.SignedAudit.signedAudit:_000=##
log.instance.SignedAudit.signedAudit:_001=## Fill in the nickname of a trusted signing certificate to allow TKS audit logs to be signed
log.instance.SignedAudit.signedAudit:_002=##
-log.instance.SignedAudit.signedAuditCertNickname=auditSigningCert cert-[PKI_INSTANCE_NAME]
+log.instance.SignedAudit.signedAuditCertNickname=Audit Signing Certificate for [PKI_INSTANCE_NAME] TKS
log.instance.SignedAudit.type=signedAudit
log.instance.System._000=##
log.instance.System._001=## System Logging
diff --git a/base/tps-client/apache/conf/nss.conf b/base/tps-client/apache/conf/nss.conf
index 2f7c4d9..da0f3c6 100644
--- a/base/tps-client/apache/conf/nss.conf
+++ b/base/tps-client/apache/conf/nss.conf
@@ -107,7 +107,7 @@ NSSProtocol SSLv3,TLSv1
# SSL Certificate Nickname:
# The nickname of the server certificate you are going to use.
-NSSNickname "Server-Cert cert-[PKI_INSTANCE_NAME]"
+NSSNickname "Server Certificate for [PKI_INSTANCE_NAME]"
# Server Certificate Database:
# The NSS security database directory that holds the certificates and
@@ -208,7 +208,7 @@ NSSProtocol SSLv3,TLSv1
# SSL Certificate Nickname:
# The nickname of the server certificate you are going to use.
-NSSNickname "Server-Cert cert-[PKI_INSTANCE_NAME]"
+NSSNickname "Server Certificate for [PKI_INSTANCE_NAME]"
# Server Certificate Database:
# The NSS security database directory that holds the certificates and
diff --git a/base/tps-client/doc/CS.cfg b/base/tps-client/doc/CS.cfg
index 6903a4b..6dea43f 100644
--- a/base/tps-client/doc/CS.cfg
+++ b/base/tps-client/doc/CS.cfg
@@ -10,7 +10,7 @@ pkicreate.non_clientauth_secure_port=[NON_CLIENTAUTH_SECURE_PORT]
pkicreate.unsecure_port=[PKI_UNSECURE_PORT]
pkicreate.user=[PKI_USER]
pkicreate.group=[PKI_GROUP]
-pkiremove.cert.subsystem.nickname=subsystemCert cert-[PKI_INSTANCE_NAME]
+pkiremove.cert.subsystem.nickname=Subsystem Certificate for [PKI_INSTANCE_NAME]
cs.type=TPS
selftests._000=##
selftests._001=## Self Tests
@@ -101,7 +101,7 @@ logging.audit.filename=[PKI_INSTANCE_PATH]/logs/tps-audit.log
logging.audit.signedAuditFilename=[PKI_INSTANCE_PATH]/logs/signedAudit/tps_audit
logging.audit.level=10
logging.audit.logSigning=false
-logging.audit.signedAuditCertNickname=auditSigningCert cert-[PKI_INSTANCE_NAME]
+logging.audit.signedAuditCertNickname=Audit Signing Certificate for [PKI_INSTANCE_NAME] TPS
logging.audit.selected.events=AUTHZ_SUCCESS,AUTHZ_FAIL,AUTH_FAIL,AUTH_SUCCESS,ROLE_ASSUME,ENROLLMENT,PIN_RESET,FORMAT,CONFIG,CONFIG_ROLE,CONFIG_TOKEN,CONFIG_PROFILE,CONFIG_AUDIT,APPLET_UPGRADE,KEY_CHANGEOVER,RENEWAL,CIMC_CERT_VERIFICATION
logging.audit.selectable.events=AUTHZ_SUCCESS,AUTHZ_FAIL,AUTH_FAIL,AUTH_SUCCESS,ROLE_ASSUME,ENROLLMENT,PIN_RESET,FORMAT,CONFIG,CONFIG_ROLE,CONFIG_TOKEN,CONFIG_PROFILE,CONFIG_AUDIT,APPLET_UPGRADE,KEY_CHANGEOVER,RENEWAL,CIMC_CERT_VERIFICATION
logging.audit.nonselectable.events=AUDIT_LOG_STARTUP,AUDIT_LOG_SHUTDOWN,LOGGING_SIGNED_AUDIT_SIGNING
@@ -386,7 +386,7 @@ preop.cert.sslserver.dn=CN=[PKI_HOSTNAME], OU=[PKI_INSTANCE_NAME]
preop.cert.sslserver.keysize.customsize=2048
preop.cert.sslserver.keysize.size=2048
preop.cert.sslserver.keysize.select=default
-preop.cert.sslserver.nickname=Server-Cert cert-[PKI_INSTANCE_NAME]
+preop.cert.sslserver.nickname=Server Certificate for [PKI_INSTANCE_NAME]
preop.cert.sslserver.profile=caInternalAuthServerCert
preop.cert.sslserver.subsystem=tps
preop.cert._003=#preop.cert.sslserver.type=local
@@ -397,7 +397,7 @@ preop.cert.subsystem.dn=CN=TPS Subsystem Certificate, OU=[PKI_INSTANCE_NAME]
preop.cert.subsystem.keysize.customsize=2048
preop.cert.subsystem.keysize.size=2048
preop.cert.subsystem.keysize.select=default
-preop.cert.subsystem.nickname=subsystemCert cert-[PKI_INSTANCE_NAME]
+preop.cert.subsystem.nickname=Subsystem Certificate for [PKI_INSTANCE_NAME]
preop.cert.subsystem.profile=caInternalAuthSubsystemCert
preop.cert.subsystem.subsystem=tps
preop.cert._005=#preop.cert.subsystem.type=local
@@ -408,7 +408,7 @@ preop.cert.audit_signing.dn=CN=TPS Audit Signing Certificate, OU=[PKI_INSTANCE_N
preop.cert.audit_signing.keysize.customsize=2048
preop.cert.audit_signing.keysize.size=2048
preop.cert.audit_signing.keysize.select=default
-preop.cert.audit_signing.nickname=auditSigningCert cert-[PKI_INSTANCE_NAME]
+preop.cert.audit_signing.nickname=Audit Signing Certificate for [PKI_INSTANCE_NAME] TPS
preop.cert.audit_signing.profile=caInternalAuthAuditSigningCert
preop.cert.audit_signing.subsystem=tps
preop.cert._005=#preop.cert.audit_signing.type=local
diff --git a/base/tps-client/setup/create.pl b/base/tps-client/setup/create.pl
index 11efe36..8bacd3a 100755
--- a/base/tps-client/setup/create.pl
+++ b/base/tps-client/setup/create.pl
@@ -36,7 +36,7 @@ use FindBin;
my $hsm = ""; # hardware token label (i.e. 'nFast')
my $hsm_ca = ""; # hardware token label for CA certificate (i.e. 'nFast')
-my $nickName = "Server-Cert"; # nickname
+my $nickName = "Server Certificate"; # nickname
##############################################################
# Private
diff --git a/base/tps-client/src/engine/RA.cpp b/base/tps-client/src/engine/RA.cpp
index 82f53c1..62c3de8 100644
--- a/base/tps-client/src/engine/RA.cpp
+++ b/base/tps-client/src/engine/RA.cpp
@@ -271,7 +271,7 @@ int RA::InitializeSignedAudit()
if (IsTpsConfigured() && (m_audit_signed == true) && (m_audit_signing_key == NULL)) {
RA::Debug("RA:: InitializeSignedAudit", "signed audit is on... initializing signing key...");
// get audit signing cert
- const char *audit_signing_cert_nick = m_cfg->GetConfigAsString(CFG_AUDIT_SIGNING_CERT_NICK, "auditSigningCert cert-pki-tps");
+ const char *audit_signing_cert_nick = m_cfg->GetConfigAsString(CFG_AUDIT_SIGNING_CERT_NICK, "Audit Signing Certificate for pki-tps TPS");
char certNick[256];
PR_snprintf((char *)certNick, 256, audit_signing_cert_nick);
RA::Debug("RA:: InitializeSignedAudit", "got audit signing cert nickname: %s", certNick);
diff --git a/base/tps/man/man5/pki-tps-connector.5 b/base/tps/man/man5/pki-tps-connector.5
index 85b6792..d16a6d1 100644
--- a/base/tps/man/man5/pki-tps-connector.5
+++ b/base/tps/man/man5/pki-tps-connector.5
@@ -48,7 +48,7 @@ In no-failover configuration, the property contains the port number of the CA.
.SS tps.connector.ca<n>.nickName
-This property contains the nickname of the TPS subsystem certificate for SSL client
+This property contains the nickname of the TPS Subsystem Certificate for SSL client
authentication to the CA.
.SS tps.connector.ca<n>.minHttpConns
@@ -90,7 +90,7 @@ In no-failover configuration, the property contains the port number of the KRA.
.SS tps.connector.kra<n>.nickName
-This property contains the nickname of the TPS subsystem certificate for SSL client
+This property contains the nickname of the TPS Subsystem Certificate for SSL client
authentication to the KRA.
.SS tps.connector.kra<n>.minHttpConns
@@ -132,7 +132,7 @@ In no-failover configuration, the property contains the port number of the TKS.
.SS tps.connector.tks<n>.nickName
-This property contains the nickname of the TPS subsystem certificate for SSL client
+This property contains the nickname of the TPS Subsystem Certificate for SSL client
authentication to the TKS.
.SS tps.connector.tks<n>.minHttpConns
@@ -176,7 +176,7 @@ tps.connector.ca1.host=server.example.com
tps.connector.ca1.port=8443
tps.connector.ca1.minHttpConns=1
tps.connector.ca1.maxHttpConns=15
-tps.connector.ca1.nickName=subsystemCert cert-pki-tomcat TPS
+tps.connector.ca1.nickName=Subsystem Certificate for pki-tomcat
tps.connector.ca1.timeout=30
tps.connector.ca1.uri.enrollment=/ca/ee/ca/profileSubmitSSLClient
tps.connector.ca1.uri.renewal=/ca/ee/ca/profileSubmitSSLClient
@@ -188,7 +188,7 @@ tps.connector.kra1.host=server.example.com
tps.connector.kra1.port=8443
tps.connector.kra1.minHttpConns=1
tps.connector.kra1.maxHttpConns=15
-tps.connector.kra1.nickName=subsystemCert cert-pki-tomcat TPS
+tps.connector.kra1.nickName=Subsystem Certificate for pki-tomcat
tps.connector.kra1.timeout=30
tps.connector.kra1.uri.GenerateKeyPair=/kra/agent/kra/GenerateKeyPair
tps.connector.kra1.uri.TokenKeyRecovery=/kra/agent/kra/TokenKeyRecovery
@@ -198,7 +198,7 @@ tps.connector.tks1.host=server.example.com
tps.connector.tks1.port=8443
tps.connector.tks1.minHttpConns=1
tps.connector.tks1.maxHttpConns=15
-tps.connector.tks1.nickName=subsystemCert cert-pki-tomcat TPS
+tps.connector.tks1.nickName=Subsystem Certificate for pki-tomcat
tps.connector.tks1.timeout=30
tps.connector.tks1.generateHostChallenge=true
tps.connector.tks1.serverKeygen=false
diff --git a/base/tps/shared/conf/CS.cfg b/base/tps/shared/conf/CS.cfg
index 90d1747..d82bf31 100644
--- a/base/tps/shared/conf/CS.cfg
+++ b/base/tps/shared/conf/CS.cfg
@@ -70,7 +70,7 @@ auths.instance.ldap1.ldap.minConns=3
auths.instance.ldap1.ldap.ldapauth.authtype=BasicAuth
auths.instance.ldap1.ldap.ldapauth.bindDN=
auths.instance.ldap1.ldap.ldapauth.bindPWPrompt=ldap1
-auths.instance.ldap1.ldap.ldapauth.clientCertNickname=subsystemCert cert-[PKI_INSTANCE_NAME]
+auths.instance.ldap1.ldap.ldapauth.clientCertNickname=Subsystem Certificate for [PKI_INSTANCE_NAME]
auths.instance.ldap1.ldap.ldapconn.host=localhost
auths.instance.ldap1.ldap.ldapconn.port=389
auths.instance.ldap1.ldap.ldapconn.secureConn=false
@@ -226,7 +226,7 @@ log.instance.SignedAudit.rolloverInterval=2592000
log.instance.SignedAudit.signedAudit:_000=##
log.instance.SignedAudit.signedAudit:_001=## Fill in the nickname of a trusted signing certificate to allow TPS audit logs to be signed
log.instance.SignedAudit.signedAudit:_002=##
-log.instance.SignedAudit.signedAuditCertNickname=auditSigningCert cert-[PKI_INSTANCE_NAME]
+log.instance.SignedAudit.signedAuditCertNickname=Audit Signing Certificate for [PKI_INSTANCE_NAME] TPS
log.instance.SignedAudit.type=signedAudit
log.instance.System._000=##
log.instance.System._001=## System Logging
@@ -1573,7 +1573,7 @@ pkicreate.systemd.servicename=[PKI_SYSTEMD_SERVICENAME]
pkicreate.tomcat_server_port=[TOMCAT_SERVER_PORT]
pkicreate.unsecure_port=[PKI_UNSECURE_PORT]
pkicreate.user=[PKI_USER]
-pkiremove.cert.subsystem.nickname=subsystemCert cert-[PKI_INSTANCE_NAME]
+pkiremove.cert.subsystem.nickname=Subsystem Certificate for [PKI_INSTANCE_NAME]
preop.admincert.profile=caAdminCert
preop.admin.group=TPS Agents,TPS Operators,Administrators
preop.admin.name=Token Processing Service Manager Administrator
@@ -1588,7 +1588,7 @@ preop.cert.audit_signing.dn=CN=TPS Audit Signing Certificate
preop.cert.audit_signing.enable=true
preop.cert.audit_signing.keysize.custom_size=2048
preop.cert.audit_signing.keysize.size=2048
-preop.cert.audit_signing.nickname=auditSigningCert cert-[PKI_INSTANCE_NAME]
+preop.cert.audit_signing.nickname=Audit Signing Certificate for [PKI_INSTANCE_NAME] TPS
preop.cert.audit_signing.profile=caInternalAuthAuditSigningCert
preop.cert.audit_signing.signing.required=false
preop.cert.audit_signing.subsystem=tps
@@ -1614,7 +1614,7 @@ preop.cert.subsystem.dn=CN=TPS Subsystem Certificate
preop.cert.subsystem.enable=true
preop.cert.subsystem.keysize.custom_size=2048
preop.cert.subsystem.keysize.size=2048
-preop.cert.subsystem.nickname=subsystemCert cert-[PKI_INSTANCE_NAME]
+preop.cert.subsystem.nickname=Subsystem Certificate for [PKI_INSTANCE_NAME]
preop.cert.subsystem.profile=caInternalAuthSubsystemCert
preop.cert.subsystem.signing.required=false
preop.cert.subsystem.subsystem=tps
diff --git a/base/tps/src/org/dogtagpki/server/tps/cms/ConnectionManager.java b/base/tps/src/org/dogtagpki/server/tps/cms/ConnectionManager.java
index 692d4ba..02c17f0 100644
--- a/base/tps/src/org/dogtagpki/server/tps/cms/ConnectionManager.java
+++ b/base/tps/src/org/dogtagpki/server/tps/cms/ConnectionManager.java
@@ -81,7 +81,7 @@ public class ConnectionManager
* tps.connector.ca1.maxHttpConns=15
* tps.connector.ca1.host=host1.EXAMPLE.com:8445 host2.EXAMPLE.com:8445
* tps.connector.ca1.port=<port number; unused if for failover case>
- * tps.connector.ca1.nickName=subsystemCert cert-pki-tomcat TPS
+ * tps.connector.ca1.nickName=Subsystem Certificate for pki-tomcat
* tps.connector.ca1.timeout=30
* # In the example below,
* # "enrollment", "getcert", "renewal", "revoke", and "unrevoke"
--
2.5.5
_______________________________________________
Pki-devel mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/pki-devel
