diff options
| author | Rob Austein <sra@hactrn.net> | 2016-07-28 21:03:09 -0400 |
|---|---|---|
| committer | Rob Austein <sra@hactrn.net> | 2016-07-28 21:03:09 -0400 |
| commit | 83fce9376139aac61522030ad4ff11cfe5de6139 (patch) | |
| tree | 1c6d9175e9bfdb33d6280d25228bc07742e0a9da /doc/17.RPKI.CA.Configuration.pubd.md | |
| parent | 794705b7cde7ab8eade9d38ddd15cfbf5de5ebd8 (diff) | |
Drop in documentation extracted from wiki.rpki.net. See README for details.
Diffstat (limited to 'doc/17.RPKI.CA.Configuration.pubd.md')
| -rw-r--r-- | doc/17.RPKI.CA.Configuration.pubd.md | 76 |
1 files changed, 76 insertions, 0 deletions
diff --git a/doc/17.RPKI.CA.Configuration.pubd.md b/doc/17.RPKI.CA.Configuration.pubd.md new file mode 100644 index 00000000..14366bda --- /dev/null +++ b/doc/17.RPKI.CA.Configuration.pubd.md @@ -0,0 +1,76 @@ +# [pubd] section + +pubd's default configuration file is the system `rpki.conf` file. Start pubd +with "`-c filename`" to choose a different configuration file. All options are +in the "`[pubd]`" section. BPKI certificates and keys may be either DER or PEM +format. + +## sql-database + +MySQL database name for pubd. + + sql-database = ${myrpki::pubd_sql_database} + +## sql-username + +MySQL user name for pubd. + + sql-username = ${myrpki::pubd_sql_username} + +## sql-password + +MySQL password for pubd. + + sql-password = ${myrpki::pubd_sql_password} + +## publication-base + +Root of directory tree where pubd should write out published data. You need to +configure this, and the configuration should match up with the directory where +you point rsyncd. Neither pubd nor rsyncd much cares -where- you tell them to +put this stuff, the important thing is that the rsync URIs in generated +certificates match up with the published objects so that relying parties can +find and verify rpkid's published outputs. + + publication-base = ${myrpki::publication_base_directory} + +## server-host + +Host on which pubd should listen for HTTP service requests. + + server-host = ${myrpki::pubd_server_host} + +## server-port + +Port on which pubd should listen for HTTP service requests. + + server-port = ${myrpki::pubd_server_port} + +## bpki-ta + +Where pubd should look for the BPKI trust anchor. All BPKI certificate +verification within pubd traces back to this trust anchor. Don't change this +unless you really know what you are doing. + + bpki-ta = ${myrpki::bpki_servers_directory}/ca.cer + +## pubd-cert + +Where pubd should look for its own BPKI EE certificate. Don't change this +unless you really know what you are doing. + + pubd-cert = ${myrpki::bpki_servers_directory}/pubd.cer + +## pubd-key + +Where pubd should look for the private key corresponding to its own BPKI EE +certificate. Don't change this unless you really know what you are doing. + + pubd-key = ${myrpki::bpki_servers_directory}/pubd.key + +## irbe-cert + +Where pubd should look for the back-end control client's BPKI EE certificate. +Don't change this unless you really know what you are doing. + + irbe-cert = ${myrpki::bpki_servers_directory}/irbe.cer |