doc/doc.RPKI.CA.Configuration.rpkid


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82

****** ![rpkid] section ******

rpkid's default config file is the system rpkid.conf file. Start rpkid with -
c filename to choose a different config file. All options are in the section
[rpkid]. BPKI Certificates and keys may be in either DER or PEM format.

sql-database::

     MySQL database name for rpkid.

     Default: ${myrpki::rpkid_sql_database}

sql-username::

     MySQL user name for rpkid.

     Default: ${myrpki::rpkid_sql_username}

sql-password::

     MySQL password for rpkid.

     Default: ${myrpki::rpkid_sql_password}

server-host::

     Host on which rpkid should listen for HTTP service requests.

     Default: ${myrpki::rpkid_server_host}

server-port::

     Port on which rpkid should listen for HTTP service requests.

     Default: ${myrpki::rpkid_server_port}

irdb-url::

     HTTP service URL rpkid should use to contact irdbd. If irdbd is
     running on the same machine as rpkid, this can and probably should be
     a loopback URL, since nobody but rpkid needs to talk to irdbd.

     Default: http://${myrpki::irdbd_server_host}:${myrpki::
     irdbd_server_port}/

bpki-ta::

     Where rpkid should look for the BPKI trust anchor. All BPKI
     certificate verification within rpkid traces back to this trust
     anchor. Don't change this unless you really know what you are doing.

     Default: ${myrpki::bpki_servers_directory}/ca.cer

rpkid-cert::

     Where rpkid should look for its own BPKI EE certificate. Don't change
     this unless you really know what you are doing.

     Default: ${myrpki::bpki_servers_directory}/rpkid.cer

rpkid-key::

     Where rpkid should look for the private key corresponding to its own
     BPKI EE certificate. Don't change this unless you really know what
     you are doing.

     Default: ${myrpki::bpki_servers_directory}/rpkid.key

irdb-cert::

     Where rpkid should look for irdbd's BPKI EE certificate. Don't change
     this unless you really know what you are doing.

     Default: ${myrpki::bpki_servers_directory}/irdbd.cer

irbe-cert::

     Where rpkid should look for the back-end control client's BPKI EE
     certificate. Don't change this unless you really know what you are
     doing.

     Default: ${myrpki::bpki_servers_directory}/irbe.cer