This patch is for https://fedorahosted.org/pki/ticket/1306 [RFE] Add
granularity to token termination in TPS
It
1. adds the missing parameters
2. adds a table for revocation code
thanks,
Christina
>From 63a58cf51ef2982e8a35eff1f98dd42453e5681e Mon Sep 17 00:00:00 2001
From: Christina Fu <[email protected]>
Date: Thu, 30 Jun 2016 14:03:24 -0700
Subject: [PATCH] Ticket #1306 config params: Add granularity to token
termination in TPS
This patch adds the missing configuration parameters that go with the
original bug. The code would take on defaults when these parameters are
missing, but putting them in the CS.cfg would make it easier for the
administrators.
---
base/tps/shared/conf/CS.cfg | 123 ++++++++++++++++++++++++++++++++++++++++++--
1 file changed, 119 insertions(+), 4 deletions(-)
diff --git a/base/tps/shared/conf/CS.cfg b/base/tps/shared/conf/CS.cfg
index 258d5a76c5ec8e392634f6075f32ae9baa68b290..4f2b3919cf73610ad1a8c8e8c1baf977fb117f6c 100644
--- a/base/tps/shared/conf/CS.cfg
+++ b/base/tps/shared/conf/CS.cfg
@@ -265,7 +265,20 @@ op.enroll._000=#########################################
op.enroll._001=# TPS Profiles
op.enroll._002=# - Operations
op.enroll._003=# <op> - operation; enroll,pinReset,format
-op.enroll._004=#########################################
+op.enroll._004=#
+op.enroll._005=# Revocation Reasons (revokeCert.reason) according to RFC 5280
+op.enroll._006=# unspecified (0)
+op.enroll._007=# keyCompromise (1)
+op.enroll._008=# CACompromise (2)
+op.enroll._009=# affiliationChanged (3)
+op.enroll._010=# superseded (4)
+op.enroll._011=# cessationOfOperation (5)
+op.enroll._012=# certificateHold (6)
+op.enroll._013=# removeFromCRL (8)
+op.enroll._014=# privilegeWithdrawn (9)
+op.enroll._015=# AACompromise (10)
+op.enroll._016=#
+op.enroll._017=#########################################
op.enroll.delegateIEtoken._000=#########################################
op.enroll.delegateIEtoken._001=# Enrollment for externalReg
op.enroll.delegateIEtoken._002=# ID, Encryption
@@ -326,12 +339,23 @@ op.enroll.delegateIEtoken.keyGen.authentication.publicKeyNumber=7
op.enroll.delegateIEtoken.keyGen.authentication.recovery.destroyed.revokeCert=false
op.enroll.delegateIEtoken.keyGen.authentication.recovery.destroyed.revokeCert.reason=0
op.enroll.delegateIEtoken.keyGen.authentication.recovery.destroyed.scheme=GenerateNewKey
+op.enroll.delegateIEtoken.keyGen.authentication.recovery.destroyed.holdRevocationUntilLastCredential=false
+op.enroll.delegateIEtoken.keyGen.authentication.recovery.destroyed.revokeExpiredCerts=false
op.enroll.delegateIEtoken.keyGen.authentication.recovery.keyCompromise.revokeCert=false
op.enroll.delegateIEtoken.keyGen.authentication.recovery.keyCompromise.revokeCert.reason=1
op.enroll.delegateIEtoken.keyGen.authentication.recovery.keyCompromise.scheme=GenerateNewKey
+op.enroll.delegateIEtoken.keyGen.authentication.recovery.keyCompromise.holdRevocationUntilLastCredential=false
+op.enroll.delegateIEtoken.keyGen.authentication.recovery.keyCompromise.revokeExpiredCerts=false
+op.enroll.delegateIEtoken.keyGen.authentication.recovery.terminated.revokeCert=true
+op.enroll.delegateIEtoken.keyGen.authentication.recovery.terminated.revokeCert.reason=1
+op.enroll.delegateIEtoken.keyGen.authentication.recovery.terminated.scheme=GenerateNewKey
+op.enroll.delegateIEtoken.keyGen.authentication.recovery.terminated.holdRevocationUntilLastCredential=false
+op.enroll.delegateIEtoken.keyGen.authentication.recovery.terminated.revokeExpiredCerts=false
op.enroll.delegateIEtoken.keyGen.authentication.recovery.onHold.revokeCert=false
op.enroll.delegateIEtoken.keyGen.authentication.recovery.onHold.revokeCert.reason=6
op.enroll.delegateIEtoken.keyGen.authentication.recovery.onHold.scheme=GenerateNewKey
+op.enroll.delegateIEtoken.keyGen.authentication.recovery.onHold.holdRevocationUntilLastCredential=false
+op.enroll.delegateIEtoken.keyGen.authentication.recovery.onHold.revokeExpiredCerts=false
op.enroll.delegateIEtoken.keyGen.authentication.serverKeygen.archive=false
op.enroll.delegateIEtoken.keyGen.authentication.serverKeygen.drm.conn=kra1
op.enroll.delegateIEtoken.keyGen.authentication.serverKeygen.enable=false
@@ -498,12 +522,23 @@ op.enroll.delegateISEtoken.keyGen.authentication.publicKeyNumber=7
op.enroll.delegateISEtoken.keyGen.authentication.recovery.destroyed.revokeCert=false
op.enroll.delegateISEtoken.keyGen.authentication.recovery.destroyed.revokeCert.reason=0
op.enroll.delegateISEtoken.keyGen.authentication.recovery.destroyed.scheme=GenerateNewKey
+op.enroll.delegateISEtoken.keyGen.authentication.recovery.destroyed.holdRevocationUntilLastCredential=false
+op.enroll.delegateISEtoken.keyGen.authentication.recovery.destroyed.revokeExpiredCerts=false
op.enroll.delegateISEtoken.keyGen.authentication.recovery.keyCompromise.revokeCert=false
op.enroll.delegateISEtoken.keyGen.authentication.recovery.keyCompromise.revokeCert.reason=1
op.enroll.delegateISEtoken.keyGen.authentication.recovery.keyCompromise.scheme=GenerateNewKey
+op.enroll.delegateISEtoken.keyGen.authentication.recovery.keyCompromise.holdRevocationUntilLastCredential=false
+op.enroll.delegateISEtoken.keyGen.authentication.recovery.keyCompromise.revokeExpiredCerts=false
+op.enroll.delegateISEtoken.keyGen.authentication.recovery.terminated.revokeCert=true
+op.enroll.delegateISEtoken.keyGen.authentication.recovery.terminated.revokeCert.reason=1
+op.enroll.delegateISEtoken.keyGen.authentication.recovery.terminated.scheme=GenerateNewKey
+op.enroll.delegateISEtoken.keyGen.authentication.recovery.terminated.holdRevocationUntilLastCredential=false
+op.enroll.delegateISEtoken.keyGen.authentication.recovery.terminated.revokeExpiredCerts=false
op.enroll.delegateISEtoken.keyGen.authentication.recovery.onHold.revokeCert=false
op.enroll.delegateISEtoken.keyGen.authentication.recovery.onHold.revokeCert.reason=6
op.enroll.delegateISEtoken.keyGen.authentication.recovery.onHold.scheme=GenerateNewKey
+op.enroll.delegateISEtoken.keyGen.authentication.recovery.onHold.holdRevocationUntilLastCredential=false
+op.enroll.delegateISEtoken.keyGen.authentication.recovery.onHold.revokeExpiredCerts=false
op.enroll.delegateISEtoken.keyGen.authentication.serverKeygen.archive=false
op.enroll.delegateISEtoken.keyGen.authentication.serverKeygen.drm.conn=kra1
op.enroll.delegateISEtoken.keyGen.authentication.serverKeygen.enable=false
@@ -554,12 +589,23 @@ op.enroll.delegateISEtoken.keyGen.encryption.publicKeyNumber=5
op.enroll.delegateISEtoken.keyGen.encryption.recovery.destroyed.revokeCert=false
op.enroll.delegateISEtoken.keyGen.encryption.recovery.destroyed.revokeCert.reason=0
op.enroll.delegateISEtoken.keyGen.encryption.recovery.destroyed.scheme=RecoverLast
+op.enroll.delegateISEtoken.keyGen.encryption.recovery.destroyed.holdRevocationUntilLastCredential=false
+op.enroll.delegateISEtoken.keyGen.encryption.recovery.destroyed.revokeExpiredCerts=false
op.enroll.delegateISEtoken.keyGen.encryption.recovery.keyCompromise.revokeCert=false
op.enroll.delegateISEtoken.keyGen.encryption.recovery.keyCompromise.revokeCert.reason=1
op.enroll.delegateISEtoken.keyGen.encryption.recovery.keyCompromise.scheme=GenerateNewKey
+op.enroll.delegateISEtoken.keyGen.encryption.recovery.keyCompromise.holdRevocationUntilLastCredential=false
+op.enroll.delegateISEtoken.keyGen.encryption.recovery.keyCompromise.revokeExpiredCerts=false
+op.enroll.delegateISEtoken.keyGen.encryption.recovery.terminated.revokeCert=true
+op.enroll.delegateISEtoken.keyGen.encryption.recovery.terminated.revokeCert.reason=1
+op.enroll.delegateISEtoken.keyGen.encryption.recovery.terminated.scheme=GenerateNewKey
+op.enroll.delegateISEtoken.keyGen.encryption.recovery.terminated.holdRevocationUntilLastCredential=false
+op.enroll.delegateISEtoken.keyGen.encryption.recovery.terminated.revokeExpiredCerts=false
op.enroll.delegateISEtoken.keyGen.encryption.recovery.onHold.revokeCert=false
op.enroll.delegateISEtoken.keyGen.encryption.recovery.onHold.revokeCert.reason=6
op.enroll.delegateISEtoken.keyGen.encryption.recovery.onHold.scheme=GenerateNewKey
+op.enroll.delegateISEtoken.keyGen.encryption.recovery.onHold.holdRevocationUntilLastCredential=false
+op.enroll.delegateISEtoken.keyGen.encryption.recovery.onHold.revokeExpiredCerts=false
op.enroll.delegateISEtoken.keyGen.encryption.serverKeygen.archive=true
op.enroll.delegateISEtoken.keyGen.encryption.serverKeygen.drm.conn=kra1
op.enroll.delegateISEtoken.keyGen.encryption.serverKeygen.enable=[SERVER_KEYGEN]
@@ -618,12 +664,23 @@ op.enroll.delegateISEtoken.keyGen.signing.publicKeyNumber=3
op.enroll.delegateISEtoken.keyGen.signing.recovery.destroyed.revokeCert=false
op.enroll.delegateISEtoken.keyGen.signing.recovery.destroyed.revokeCert.reason=0
op.enroll.delegateISEtoken.keyGen.signing.recovery.destroyed.scheme=GenerateNewKey
+op.enroll.delegateISEtoken.keyGen.signing.recovery.destroyed.holdRevocationUntilLastCredential=false
+op.enroll.delegateISEtoken.keyGen.signing.recovery.destroyed.revokeExpiredCerts=false
op.enroll.delegateISEtoken.keyGen.signing.recovery.keyCompromise.revokeCert=false
op.enroll.delegateISEtoken.keyGen.signing.recovery.keyCompromise.revokeCert.reason=1
op.enroll.delegateISEtoken.keyGen.signing.recovery.keyCompromise.scheme=GenerateNewKey
+op.enroll.delegateISEtoken.keyGen.signing.recovery.keyCompromise.holdRevocationUntilLastCredential=false
+op.enroll.delegateISEtoken.keyGen.signing.recovery.keyCompromise.revokeExpiredCerts=false
+op.enroll.delegateISEtoken.keyGen.signing.recovery.terminated.revokeCert=true
+op.enroll.delegateISEtoken.keyGen.signing.recovery.terminated.revokeCert.reason=1
+op.enroll.delegateISEtoken.keyGen.signing.recovery.terminated.scheme=GenerateNewKey
+op.enroll.delegateISEtoken.keyGen.signing.recovery.terminated.holdRevocationUntilLastCredential=false
+op.enroll.delegateISEtoken.keyGen.signing.recovery.terminated.revokeExpiredCerts=false
op.enroll.delegateISEtoken.keyGen.signing.recovery.onHold.revokeCert=false
op.enroll.delegateISEtoken.keyGen.signing.recovery.onHold.revokeCert.reason=6
op.enroll.delegateISEtoken.keyGen.signing.recovery.onHold.scheme=GenerateNewKey
+op.enroll.delegateISEtoken.keyGen.signing.recovery.onHold.holdRevocationUntilLastCredential=false
+op.enroll.delegateISEtoken.keyGen.signing.recovery.onHold.revokeExpiredCerts=false
op.enroll.delegateISEtoken.keyGen.signing.serverKeygen.archive=false
op.enroll.delegateISEtoken.keyGen.signing.serverKeygen.drm.conn=kra1
op.enroll.delegateISEtoken.keyGen.signing.serverKeygen.enable=false
@@ -743,11 +800,25 @@ op.enroll.externalRegAddToToken.keyGen.encryption.public.keyCapabilities.verify=
op.enroll.externalRegAddToToken.keyGen.encryption.public.keyCapabilities.verifyRecover=false
op.enroll.externalRegAddToToken.keyGen.encryption.public.keyCapabilities.wrap=true
op.enroll.externalRegAddToToken.keyGen.encryption.recovery.destroyed.revokeCert=false
+op.enroll.externalRegAddToToken.keyGen.encryption.recovery.destroyed.revokeCert.reason=0
+op.enroll.externalRegAddToToken.keyGen.encryption.recovery.destroyed.scheme=GenerateNewKey
+op.enroll.externalRegAddToToken.keyGen.encryption.recovery.destroyed.holdRevocationUntilLastCredential=false
+op.enroll.externalRegAddToToken.keyGen.encryption.recovery.destroyed.revokeExpiredCerts=false
op.enroll.externalRegAddToToken.keyGen.encryption.recovery.keyCompromise.revokeCert=false
+op.enroll.externalRegAddToToken.keyGen.encryption.recovery.keyCompromise.revokeCert.reason=1
+op.enroll.externalRegAddToToken.keyGen.encryption.recovery.keyCompromise.scheme=GenerateNewKey
+op.enroll.externalRegAddToToken.keyGen.encryption.recovery.keyCompromise.holdRevocationUntilLastCredential=false
+op.enroll.externalRegAddToToken.keyGen.encryption.recovery.keyCompromise.revokeExpiredCerts=false
+op.enroll.externalRegAddToToken.keyGen.encryption.recovery.terminated.revokeCert=true
+op.enroll.externalRegAddToToken.keyGen.encryption.recovery.terminated.revokeCert.reason=1
+op.enroll.externalRegAddToToken.keyGen.encryption.recovery.terminated.scheme=GenerateNewKey
+op.enroll.externalRegAddToToken.keyGen.encryption.recovery.terminated.holdRevocationUntilLastCredential=false
+op.enroll.externalRegAddToToken.keyGen.encryption.recovery.terminated.revokeExpiredCerts=false
op.enroll.externalRegAddToToken.keyGen.encryption.recovery.onHold.revokeCert=false
-op.enroll.externalRegAddToToken.keyGen.encryption.recovery.destroyed.revokeCert=false
-op.enroll.externalRegAddToToken.keyGen.encryption.recovery.keyCompromise.revokeCert=false
-op.enroll.externalRegAddToToken.keyGen.encryption.recovery.onHold.revokeCert=false
+op.enroll.externalRegAddToToken.keyGen.encryption.recovery.onHold.revokeCert.reason=6
+op.enroll.externalRegAddToToken.keyGen.encryption.recovery.onHold.scheme=GenerateNewKey
+op.enroll.externalRegAddToToken.keyGen.encryption.recovery.onHold.holdRevocationUntilLastCredential=false
+op.enroll.externalRegAddToToken.keyGen.encryption.recovery.onHold.revokeExpiredCerts=false
op.enroll.externalRegAddToToken.keyGen.encryption.serverKeygen.archive=true
op.enroll.externalRegAddToToken.keyGen.encryption.serverKeygen.drm.conn=kra1
op.enroll.externalRegAddToToken.keyGen.encryption.serverKeygen.enable=[SERVER_KEYGEN]
@@ -835,12 +906,23 @@ op.enroll.soKey.keyGen.encryption.publicKeyNumber=5
op.enroll.soKey.keyGen.encryption.recovery.destroyed.revokeCert=false
op.enroll.soKey.keyGen.encryption.recovery.destroyed.revokeCert.reason=0
op.enroll.soKey.keyGen.encryption.recovery.destroyed.scheme=RecoverLast
+op.enroll.soKey.keyGen.encryption.recovery.destroyed.holdRevocationUntilLastCredential=false
+op.enroll.soKey.keyGen.encryption.recovery.destroyed.revokeExpiredCerts=false
op.enroll.soKey.keyGen.encryption.recovery.keyCompromise.revokeCert.reason=1
op.enroll.soKey.keyGen.encryption.recovery.keyCompromise.revokeCert=true
op.enroll.soKey.keyGen.encryption.recovery.keyCompromise.scheme=GenerateNewKey
+op.enroll.soKey.keyGen.encryption.recovery.keyCompromise.holdRevocationUntilLastCredential=false
+op.enroll.soKey.keyGen.encryption.recovery.keyCompromise.revokeExpiredCerts=false
+op.enroll.soKey.keyGen.encryption.recovery.terminated.revokeCert.reason=1
+op.enroll.soKey.keyGen.encryption.recovery.terminated.revokeCert=true
+op.enroll.soKey.keyGen.encryption.recovery.terminated.scheme=GenerateNewKey
+op.enroll.soKey.keyGen.encryption.recovery.terminated.holdRevocationUntilLastCredential=false
+op.enroll.soKey.keyGen.encryption.recovery.terminated.revokeExpiredCerts=false
op.enroll.soKey.keyGen.encryption.recovery.onHold.revokeCert.reason=6
op.enroll.soKey.keyGen.encryption.recovery.onHold.revokeCert=true
op.enroll.soKey.keyGen.encryption.recovery.onHold.scheme=GenerateNewKey
+op.enroll.soKey.keyGen.encryption.recovery.onHold.holdRevocationUntilLastCredential=false
+op.enroll.soKey.keyGen.encryption.recovery.onHold.revokeExpiredCerts=false
op.enroll.soKey.keyGen.encryption.serverKeygen.archive=true
op.enroll.soKey.keyGen.encryption.serverKeygen.drm.conn=kra1
op.enroll.soKey.keyGen.encryption.serverKeygen.enable=[SERVER_KEYGEN]
@@ -897,12 +979,23 @@ op.enroll.soKey.keyGen.signing.publicKeyNumber=3
op.enroll.soKey.keyGen.signing.recovery.destroyed.revokeCert.reason=0
op.enroll.soKey.keyGen.signing.recovery.destroyed.revokeCert=true
op.enroll.soKey.keyGen.signing.recovery.destroyed.scheme=GenerateNewKey
+op.enroll.soKey.keyGen.signing.recovery.destroyed.holdRevocationUntilLastCredential=false
+op.enroll.soKey.keyGen.signing.recovery.destroyed.revokeExpiredCerts=false
op.enroll.soKey.keyGen.signing.recovery.keyCompromise.revokeCert.reason=1
op.enroll.soKey.keyGen.signing.recovery.keyCompromise.revokeCert=true
op.enroll.soKey.keyGen.signing.recovery.keyCompromise.scheme=GenerateNewKey
+op.enroll.soKey.keyGen.signing.recovery.keyCompromise.holdRevocationUntilLastCredential=false
+op.enroll.soKey.keyGen.signing.recovery.keyCompromise.revokeExpiredCerts=false
+op.enroll.soKey.keyGen.signing.recovery.terminated.revokeCert.reason=1
+op.enroll.soKey.keyGen.signing.recovery.terminated.revokeCert=true
+op.enroll.soKey.keyGen.signing.recovery.terminated.scheme=GenerateNewKey
+op.enroll.soKey.keyGen.signing.recovery.terminated.holdRevocationUntilLastCredential=false
+op.enroll.soKey.keyGen.signing.recovery.terminated.revokeExpiredCerts=false
op.enroll.soKey.keyGen.signing.recovery.onHold.revokeCert.reason=6
op.enroll.soKey.keyGen.signing.recovery.onHold.revokeCert=true
op.enroll.soKey.keyGen.signing.recovery.onHold.scheme=GenerateNewKey
+op.enroll.soKey.keyGen.signing.recovery.onHold.holdRevocationUntilLastCredential=false
+op.enroll.soKey.keyGen.signing.recovery.onHold.revokeExpiredCerts=false
op.enroll.soKey.keyGen.signing.serverKeygen.archive=false
op.enroll.soKey.keyGen.signing.serverKeygen.drm.conn=kra1
op.enroll.soKey.keyGen.signing.serverKeygen.enable=false
@@ -1137,12 +1230,23 @@ op.enroll.userKey.keyGen.encryption.publicKeyNumber=5
op.enroll.userKey.keyGen.encryption.recovery.destroyed.revokeCert=false
op.enroll.userKey.keyGen.encryption.recovery.destroyed.revokeCert.reason=0
op.enroll.userKey.keyGen.encryption.recovery.destroyed.scheme=RecoverLast
+op.enroll.userKey.keyGen.encryption.recovery.destroyed.holdRevocationUntilLastCredential=false
+op.enroll.userKey.keyGen.encryption.recovery.destroyed.revokeExpiredCerts=false
op.enroll.userKey.keyGen.encryption.recovery.keyCompromise.revokeCert.reason=1
op.enroll.userKey.keyGen.encryption.recovery.keyCompromise.revokeCert=true
op.enroll.userKey.keyGen.encryption.recovery.keyCompromise.scheme=GenerateNewKey
+op.enroll.userKey.keyGen.encryption.recovery.keyCompromise.holdRevocationUntilLastCredential=false
+op.enroll.userKey.keyGen.encryption.recovery.keyCompromise.revokeExpiredCerts=false
+op.enroll.userKey.keyGen.encryption.recovery.terminated.revokeCert.reason=1
+op.enroll.userKey.keyGen.encryption.recovery.terminated.revokeCert=true
+op.enroll.userKey.keyGen.encryption.recovery.terminated.scheme=GenerateNewKey
+op.enroll.userKey.keyGen.encryption.recovery.terminated.holdRevocationUntilLastCredential=false
+op.enroll.userKey.keyGen.encryption.recovery.terminated.revokeExpiredCerts=false
op.enroll.userKey.keyGen.encryption.recovery.onHold.revokeCert.reason=6
op.enroll.userKey.keyGen.encryption.recovery.onHold.revokeCert=true
op.enroll.userKey.keyGen.encryption.recovery.onHold.scheme=GenerateNewKey
+op.enroll.userKey.keyGen.encryption.recovery.onHold.holdRevocationUntilLastCredential=false
+op.enroll.userKey.keyGen.encryption.recovery.onHold.revokeExpiredCerts=false
op.enroll.userKey.keyGen.encryption.serverKeygen.archive=true
op.enroll.userKey.keyGen.encryption.serverKeygen.drm.conn=kra1
op.enroll.userKey.keyGen.encryption.serverKeygen.enable=[SERVER_KEYGEN]
@@ -1199,12 +1303,23 @@ op.enroll.userKey.keyGen.signing.publicKeyNumber=3
op.enroll.userKey.keyGen.signing.recovery.destroyed.revokeCert.reason=0
op.enroll.userKey.keyGen.signing.recovery.destroyed.revokeCert=true
op.enroll.userKey.keyGen.signing.recovery.destroyed.scheme=GenerateNewKey
+op.enroll.userKey.keyGen.signing.recovery.destroyed.holdRevocationUntilLastCredential=false
+op.enroll.userKey.keyGen.signing.recovery.destroyed.revokeExpiredCerts=false
op.enroll.userKey.keyGen.signing.recovery.keyCompromise.revokeCert.reason=1
op.enroll.userKey.keyGen.signing.recovery.keyCompromise.revokeCert=true
op.enroll.userKey.keyGen.signing.recovery.keyCompromise.scheme=GenerateNewKey
+op.enroll.userKey.keyGen.signing.recovery.keyCompromise.holdRevocationUntilLastCredential=false
+op.enroll.userKey.keyGen.signing.recovery.keyCompromise.revokeExpiredCerts=false
+op.enroll.userKey.keyGen.signing.recovery.terminated.revokeCert.reason=1
+op.enroll.userKey.keyGen.signing.recovery.terminated.revokeCert=true
+op.enroll.userKey.keyGen.signing.recovery.terminated.scheme=GenerateNewKey
+op.enroll.userKey.keyGen.signing.recovery.terminated.holdRevocationUntilLastCredential=false
+op.enroll.userKey.keyGen.signing.recovery.terminated.revokeExpiredCerts=false
op.enroll.userKey.keyGen.signing.recovery.onHold.revokeCert.reason=6
op.enroll.userKey.keyGen.signing.recovery.onHold.revokeCert=true
op.enroll.userKey.keyGen.signing.recovery.onHold.scheme=GenerateNewKey
+op.enroll.userKey.keyGen.signing.recovery.onHold.holdRevocationUntilLastCredential=false
+op.enroll.userKey.keyGen.signing.recovery.onHold.revokeExpiredCerts=false
op.enroll.userKey.keyGen.signing.serverKeygen.archive=false
op.enroll.userKey.keyGen.signing.serverKeygen.drm.conn=kra1
op.enroll.userKey.keyGen.signing.serverKeygen.enable=false
--
2.4.3
_______________________________________________
Pki-devel mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/pki-devel
