blob: 74522c2f92f5a8c171d8f1a612dfbd2b8bf41854 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
|
****** ![pubd] section ******
pubd's default configuration file is the system rpki.conf file. Start pubd with
-c filename to choose a different configuration file. All options are in the
section [pubd]. BPKI certificates and keys may be either DER or PEM format.
sql-database::
MySQL database name for pubd.
Default: ${myrpki::pubd_sql_database}
sql-username::
MySQL user name for pubd.
Default: ${myrpki::pubd_sql_username}
sql-password::
MySQL password for pubd.
Default: ${myrpki::pubd_sql_password}
publication-base::
Root of directory tree where pubd should write out published data.
You need to configure this, and the configuration should match up
with the directory where you point rsyncd. Neither pubd nor rsyncd
much cares -where- you tell them to put this stuff, the important
thing is that the rsync URIs in generated certificates match up with
the published objects so that relying parties can find and verify
rpkid's published outputs.
Default: ${myrpki::publication_base_directory}
server-host::
Host on which pubd should listen for HTTP service requests.
Default: ${myrpki::pubd_server_host}
server-port::
Port on which pubd should listen for HTTP service requests.
Default: ${myrpki::pubd_server_port}
bpki-ta::
Where pubd should look for the BPKI trust anchor. All BPKI
certificate verification within pubd traces back to this trust
anchor. Don't change this unless you really know what you are doing.
Default: ${myrpki::bpki_servers_directory}/ca.cer
pubd-cert::
Where pubd should look for its own BPKI EE certificate. Don't change
this unless you really know what you are doing.
Default: ${myrpki::bpki_servers_directory}/pubd.cer
pubd-key::
Where pubd should look for the private key corresponding to its own
BPKI EE certificate. Don't change this unless you really know what
you are doing.
Default: ${myrpki::bpki_servers_directory}/pubd.key
irbe-cert::
Where pubd should look for the back-end control client's BPKI EE
certificate. Don't change this unless you really know what you are
doing.
Default: ${myrpki::bpki_servers_directory}/irbe.cer
|
