pubd's default configuration file is the system rpki.conf file. Start pubd
with "-c filename" to choose a different configuration file. All options are
in the "[pubd]" section. BPKI certificates and keys may be either DER or PEM
format.
MySQL database name for pubd.
sql-database = ${myrpki::pubd_sql_database}
MySQL user name for pubd.
sql-username = ${myrpki::pubd_sql_username}
MySQL password for pubd.
sql-password = ${myrpki::pubd_sql_password}
Root of directory tree where pubd should write out published data. You need to
configure this, and the configuration should match up with the directory where
you point rsyncd. Neither pubd nor rsyncd much cares -where- you tell them to
put this stuff, the important thing is that the rsync URIs in generated
certificates match up with the published objects so that relying parties can
find and verify rpkid's published outputs.
publication-base = ${myrpki::publication_base_directory}
Host on which pubd should listen for HTTP service requests.
server-host = ${myrpki::pubd_server_host}
Port on which pubd should listen for HTTP service requests.
server-port = ${myrpki::pubd_server_port}
Where pubd should look for the BPKI trust anchor. All BPKI certificate
verification within pubd traces back to this trust anchor. Don't change this
unless you really know what you are doing.
bpki-ta = ${myrpki::bpki_servers_directory}/ca.cer
Where pubd should look for its own BPKI EE certificate. Don't change this
unless you really know what you are doing.
pubd-cert = ${myrpki::bpki_servers_directory}/pubd.cer
Where pubd should look for the private key corresponding to its own BPKI EE
certificate. Don't change this unless you really know what you are doing.
pubd-key = ${myrpki::bpki_servers_directory}/pubd.key
Where pubd should look for the back-end control client's BPKI EE certificate.
Don't change this unless you really know what you are doing.
irbe-cert = ${myrpki::bpki_servers_directory}/irbe.cer
