diff options
| author | RPKI Documentation Robot <docbot@rpki.net> | 2013-06-04 03:00:25 +0000 |
|---|---|---|
| committer | RPKI Documentation Robot <docbot@rpki.net> | 2013-06-04 03:00:25 +0000 |
| commit | 2262ef7dae4eeeb21cd7c7eb11ded64212b88a0c (patch) | |
| tree | eee85a194243b7bd0884e41a4c5238f582f119f0 /doc/doc.RPKI.CA.Configuration.rootd | |
| parent | 81bf607697068896a7d872cb9ae62aa6cde7052d (diff) | |
Automatic pull of documentation from Wiki.
svn path=/trunk/; revision=5361
Diffstat (limited to 'doc/doc.RPKI.CA.Configuration.rootd')
| -rw-r--r-- | doc/doc.RPKI.CA.Configuration.rootd | 98 |
1 files changed, 48 insertions, 50 deletions
diff --git a/doc/doc.RPKI.CA.Configuration.rootd b/doc/doc.RPKI.CA.Configuration.rootd index 87a2290c..ebb93d71 100644 --- a/doc/doc.RPKI.CA.Configuration.rootd +++ b/doc/doc.RPKI.CA.Configuration.rootd @@ -22,126 +22,124 @@ rootd's default configuration file is the system rpki.conf file. Start rootd with -c filename to choose a different configuration file. All options are in the section [rootd]. Certificates and keys may be in either DER or PEM format. -bpki-ta:: +***** bpki-ta ***** - Where rootd should look for the BPKI trust anchor. All BPKI - certificate verification within rootd traces back to this trust - anchor. Don't change this unless you really know what you are doing. +Where rootd should look for the BPKI trust anchor. All BPKI certificate +verification within rootd traces back to this trust anchor. Don't change this +unless you really know what you are doing. bpki-ta = ${myrpki::bpki_servers_directory}/ca.cer -rootd-bpki-crl:: +***** rootd-bpki-crl ***** - BPKI CRL. Don't change this unless you really know what you are - doing. +BPKI CRL. Don't change this unless you really know what you are doing. rootd-bpki-crl = ${myrpki::bpki_servers_directory}/ca.crl -rootd-bpki-cert:: +***** rootd-bpki-cert ***** - rootd's own BPKI EE certificate. Don't change this unless you really - know what you are doing. +rootd's own BPKI EE certificate. Don't change this unless you really know what +you are doing. rootd-bpki-cert = ${myrpki::bpki_servers_directory}/rootd.cer -rootd-bpki-key:: +***** rootd-bpki-key ***** - Private key corresponding to rootd's own BPKI EE certificate. Don't - change this unless you really know what you are doing. +Private key corresponding to rootd's own BPKI EE certificate. Don't change this +unless you really know what you are doing. rootd-bpki-key = ${myrpki::bpki_servers_directory}/rootd.key -child-bpki-cert:: +***** child-bpki-cert ***** - BPKI certificate for rootd's one and only up-down child (RPKI engine - to which rootd issues an RPKI certificate). Don't change this unless - you really know what you are doing. +BPKI certificate for rootd's one and only up-down child (RPKI engine to which +rootd issues an RPKI certificate). Don't change this unless you really know +what you are doing. child-bpki-cert = ${myrpki::bpki_servers_directory}/child.cer -server-host:: +***** server-host ***** - Server host on which rootd should listen. +Server host on which rootd should listen. server-host = ${myrpki::rootd_server_host} -server-port:: +***** server-port ***** - Server port on which rootd should listen. +Server port on which rootd should listen. server-port = ${myrpki::rootd_server_port} -rpki-root-dir:: +***** rpki-root-dir ***** - Where rootd should write its output. Yes, rootd should be using pubd - instead of publishing directly, but it doesn't. This needs to match - pubd's configuration. +Where rootd should write its output. Yes, rootd should be using pubd instead of +publishing directly, but it doesn't. This needs to match pubd's configuration. rpki-root-dir = ${myrpki::publication_base_directory} -rpki-base-uri:: +***** rpki-base-uri ***** - rsync URI corresponding to directory containing rootd's outputs. +rsync URI corresponding to directory containing rootd's outputs. rpki-base-uri = rsync://${myrpki::publication_rsync_server}/${myrpki:: publication_rsync_module}/ -rpki-root-cert-uri:: +***** rpki-root-cert-uri ***** - rsync URI for rootd's root (self-signed) RPKI certificate. +rsync URI for rootd's root (self-signed) RPKI certificate. rpki-root-cert-uri = rsync://${myrpki::publication_rsync_server}/${myrpki:: publication_root_module}/root.cer -rpki-root-key:: +***** rpki-root-key ***** - Private key corresponding to rootd's root RPKI certificate. +Private key corresponding to rootd's root RPKI certificate. rpki-root-key = ${myrpki::bpki_servers_directory}/root.key -rpki-root-cert:: +***** rpki-root-cert ***** - Filename (as opposed to rsync URI) of rootd's root RPKI certificate. +Filename (as opposed to rsync URI) of rootd's root RPKI certificate. rpki-root-cert = ${myrpki::publication_root_cert_directory}/root.cer -rpki-subject-pkcs10:: +***** rpki-subject-pkcs10 ***** - Where rootd should stash a copy of the PKCS #10 request it gets from - its one (and only) child +Where rootd should stash a copy of the PKCS #10 request it gets from its one +(and only) child rpki-subject-pkcs10 = ${myrpki::bpki_servers_directory}/rootd.subject.pkcs10 -rpki-subject-lifetime:: +***** rpki-subject-lifetime ***** - Lifetime of the one and only RPKI certificate rootd issues. +Lifetime of the one and only RPKI certificate rootd issues. rpki-subject-lifetime = 30d -rpki-root-crl:: +***** rpki-root-crl ***** - Filename (relative to rootd-base-uri and rpki-root-dir) of the CRL - for rootd's root RPKI certificate. +Filename (relative to rootd-base-uri and rpki-root-dir) of the CRL for rootd's +root RPKI certificate. rpki-root-crl = root.crl -rpki-root-manifest:: +***** rpki-root-manifest ***** - Filename (relative to rootd-base-uri and rpki-root-dir) of the - manifest for rootd's root RPKI certificate. +Filename (relative to rootd-base-uri and rpki-root-dir) of the manifest for +rootd's root RPKI certificate. rpki-root-manifest = root.mft -rpki-class-name:: +***** rpki-class-name ***** - Up-down protocol class name for RPKI certificate rootd issues to its - one (and only) child. +Up-down protocol class name for RPKI certificate rootd issues to its one (and +only) child. rpki-class-name = ${myrpki::handle} -rpki-subject-cert:: +***** rpki-subject-cert ***** - Filename (relative to rootd-base-uri and rpki-root-dir) of the one - (and only) RPKI certificate rootd issues. +Filename (relative to rootd-base-uri and rpki-root-dir) of the one (and only) +RPKI certificate rootd issues. rpki-subject-cert = ${myrpki::handle}.cer |