blob: b1c9e38e5e9a3539e5582a0001f33599c11c5d13 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
|
****** [rpkid] section ******
rpkid's default config file is the system rpki.conf file. Start rpkid with "-
c filename" to choose a different config file. All options are in the "[rpkid]"
section. BPKI Certificates and keys may be in either DER or PEM format.
***** sql-database *****
MySQL database name for rpkid.
sql-database = ${myrpki::rpkid_sql_database}
***** sql-username *****
MySQL user name for rpkid.
sql-username = ${myrpki::rpkid_sql_username}
***** sql-password *****
MySQL password for rpkid.
sql-password = ${myrpki::rpkid_sql_password}
***** server-host *****
Host on which rpkid should listen for HTTP service requests.
server-host = ${myrpki::rpkid_server_host}
***** server-port *****
Port on which rpkid should listen for HTTP service requests.
server-port = ${myrpki::rpkid_server_port}
***** irdb-url *****
HTTP service URL rpkid should use to contact irdbd. If irdbd is running on the
same machine as rpkid, this can and probably should be a loopback URL, since
nobody but rpkid needs to talk to irdbd.
irdb-url = http://${myrpki::irdbd_server_host}:${myrpki::irdbd_server_port}/
***** bpki-ta *****
Where rpkid should look for the BPKI trust anchor. All BPKI certificate
verification within rpkid traces back to this trust anchor. Don't change this
unless you really know what you are doing.
bpki-ta = ${myrpki::bpki_servers_directory}/ca.cer
***** rpkid-cert *****
Where rpkid should look for its own BPKI EE certificate. Don't change this
unless you really know what you are doing.
rpkid-cert = ${myrpki::bpki_servers_directory}/rpkid.cer
***** rpkid-key *****
Where rpkid should look for the private key corresponding to its own BPKI EE
certificate. Don't change this unless you really know what you are doing.
rpkid-key = ${myrpki::bpki_servers_directory}/rpkid.key
***** irdb-cert *****
Where rpkid should look for irdbd's BPKI EE certificate. Don't change this
unless you really know what you are doing.
irdb-cert = ${myrpki::bpki_servers_directory}/irdbd.cer
***** irbe-cert *****
Where rpkid should look for the back-end control client's BPKI EE certificate.
Don't change this unless you really know what you are doing.
irbe-cert = ${myrpki::bpki_servers_directory}/irbe.cer
|
