diff options
Diffstat (limited to 'doc/doc.RPKI.CA.Configuration.pubd')
| -rw-r--r-- | doc/doc.RPKI.CA.Configuration.pubd | 82 |
1 files changed, 53 insertions, 29 deletions
diff --git a/doc/doc.RPKI.CA.Configuration.pubd b/doc/doc.RPKI.CA.Configuration.pubd index a3f2f007..404bbfaa 100644 --- a/doc/doc.RPKI.CA.Configuration.pubd +++ b/doc/doc.RPKI.CA.Configuration.pubd @@ -1,52 +1,76 @@ -****** pubd.conf ****** - pubd's default configuration file is the system rpki.conf file. Start pubd with -"-c filename" to choose a different configuration file. All options are in the -section "[pubd]". Certificates and keys may be either DER or PEM format. +-c filename to choose a different configuration file. All options are in the +section [pubd]. BPKI certificates and keys may be either DER or PEM format. -Options: +sql-database:: -sql-username:: + MySQL database name for pubd. - Username to hand to MySQL when connecting to pubd's database. + Default: ${myrpki::pubd_sql_database} -sql-database:: +sql-username:: + + MySQL user name for pubd. - MySQL's database name for pubd's database. + Default: ${myrpki::pubd_sql_username} sql-password:: - Password to hand to MySQL when connecting to pubd's database. + MySQL password for pubd. -bpki-ta:: + Default: ${myrpki::pubd_sql_password} - Name of file containing master BPKI trust anchor for pubd. All BPKI - validation in pubd traces back to this trust anchor. +publication-base:: -irbe-cert:: + Root of directory tree where pubd should write out published data. + You need to configure this, and the configuration should match up + with the directory where you point rsyncd. Neither pubd nor rsyncd + much cares -where- you tell them to put this stuff, the important + thing is that the rsync URIs in generated certificates match up with + the published objects so that relying parties can find and verify + rpkid's published outputs. - Name of file containing BPKI certificate used by IRBE (rpkic, GUI) - when talking to pubd. + Default: ${myrpki::publication_base_directory} -pubd-cert:: +server-host:: - Name of file containing BPKI certificate used by pubd. + Host on which pubd should listen for HTTP service requests. -pubd-key:: + Default: ${myrpki::pubd_server_host} - Name of file containing RSA key corresponding to pubd-cert. +server-port:: -server-host:: + Port on which pubd should listen for HTTP service requests. - Hostname or IP address on which to listen for HTTP connections. - Default is the wildcard address (IPv4 0.0.0.0, IPv6 ::), which should - work in most cases. + Default: ${myrpki::pubd_server_port} -server-port:: +bpki-ta:: - TCP port on which to listen for HTTP connections. + Where pubd should look for the BPKI trust anchor. All BPKI + certificate verification within pubd traces back to this trust + anchor. Don't change this unless you really know what you are doing. -publication-base:: + Default: ${myrpki::bpki_servers_directory}/ca.cer + +pubd-cert:: + + Where pubd should look for its own BPKI EE certificate. Don't change + this unless you really know what you are doing. + + Default: ${myrpki::bpki_servers_directory}/pubd.cer + +pubd-key:: + + Where pubd should look for the private key corresponding to its own + BPKI EE certificate. Don't change this unless you really know what + you are doing. + + Default: ${myrpki::bpki_servers_directory}/pubd.key + +irbe-cert:: + + Where pubd should look for the back-end control client's BPKI EE + certificate. Don't change this unless you really know what you are + doing. - Path to base of filesystem tree where pubd should store publishable - objects. Default is publication/. + Default: ${myrpki::bpki_servers_directory}/irbe.cer |