diff options
| author | Rob Austein <sra@hactrn.net> | 2016-07-28 21:03:09 -0400 |
|---|---|---|
| committer | Rob Austein <sra@hactrn.net> | 2016-07-28 21:03:09 -0400 |
| commit | 83fce9376139aac61522030ad4ff11cfe5de6139 (patch) | |
| tree | 1c6d9175e9bfdb33d6280d25228bc07742e0a9da /doc/doc.RPKI.CA.Configuration.pubd | |
| parent | 794705b7cde7ab8eade9d38ddd15cfbf5de5ebd8 (diff) | |
Drop in documentation extracted from wiki.rpki.net. See README for details.
Diffstat (limited to 'doc/doc.RPKI.CA.Configuration.pubd')
| -rw-r--r-- | doc/doc.RPKI.CA.Configuration.pubd | 75 |
1 files changed, 0 insertions, 75 deletions
diff --git a/doc/doc.RPKI.CA.Configuration.pubd b/doc/doc.RPKI.CA.Configuration.pubd deleted file mode 100644 index 6dc7cb28..00000000 --- a/doc/doc.RPKI.CA.Configuration.pubd +++ /dev/null @@ -1,75 +0,0 @@ -****** [pubd] section ****** - -pubd's default configuration file is the system rpki.conf file. Start pubd with -"-c filename" to choose a different configuration file. All options are in the -"[pubd]" section. BPKI certificates and keys may be either DER or PEM format. - -***** sql-database ***** - -MySQL database name for pubd. - - sql-database = ${myrpki::pubd_sql_database} - -***** sql-username ***** - -MySQL user name for pubd. - - sql-username = ${myrpki::pubd_sql_username} - -***** sql-password ***** - -MySQL password for pubd. - - sql-password = ${myrpki::pubd_sql_password} - -***** publication-base ***** - -Root of directory tree where pubd should write out published data. You need to -configure this, and the configuration should match up with the directory where -you point rsyncd. Neither pubd nor rsyncd much cares -where- you tell them to -put this stuff, the important thing is that the rsync URIs in generated -certificates match up with the published objects so that relying parties can -find and verify rpkid's published outputs. - - publication-base = ${myrpki::publication_base_directory} - -***** server-host ***** - -Host on which pubd should listen for HTTP service requests. - - server-host = ${myrpki::pubd_server_host} - -***** server-port ***** - -Port on which pubd should listen for HTTP service requests. - - server-port = ${myrpki::pubd_server_port} - -***** bpki-ta ***** - -Where pubd should look for the BPKI trust anchor. All BPKI certificate -verification within pubd traces back to this trust anchor. Don't change this -unless you really know what you are doing. - - bpki-ta = ${myrpki::bpki_servers_directory}/ca.cer - -***** pubd-cert ***** - -Where pubd should look for its own BPKI EE certificate. Don't change this -unless you really know what you are doing. - - pubd-cert = ${myrpki::bpki_servers_directory}/pubd.cer - -***** pubd-key ***** - -Where pubd should look for the private key corresponding to its own BPKI EE -certificate. Don't change this unless you really know what you are doing. - - pubd-key = ${myrpki::bpki_servers_directory}/pubd.key - -***** irbe-cert ***** - -Where pubd should look for the back-end control client's BPKI EE certificate. -Don't change this unless you really know what you are doing. - - irbe-cert = ${myrpki::bpki_servers_directory}/irbe.cer |