Chapter 5. Using and Configuring the Token Management System: TPS, TKS, and Enterprise Security Client
132
Parameter
Description
• 5 - Cessation of operation.
• 6 - Certificate is on hold.
op.enroll.
tokenType
.keyGen.tokenName
The name of the token to use. The TPS can substitute some special strings. For example, if using
cuid
, the
tokenName
is substituted with the CUID
of the token; if using
uid
, the
tokenName
is substituted with the UID of the authenticating user.
op.enroll.
tokenType
.keyGen.keyType.num
The number of keys/certificates to be generated for the profile. The values are integers. The default is
2
.
op.enroll.
tokenType
.keyGen.keyType.value.
#
Specifies
keyType
. The default values are
signing|encryption
.
op.enroll.
tokenType
.keyGen.signing.keySize
Specifies the key size to use for key generation. The recommended setting is
2048
.
op.enroll.
tokenType
.keyGen.signing.label
The token label for the signing certificate. The valid values are
$pretty_cuid$
,
$cuid$
,
$msn$
,
$userid$
, and
$profileId$
. These variables
are replaced by the user-supplied information when the certificate is generated.
op.enroll.
tokenType
.keyGen.signing.cuid_label The CUID to show in the certificate.
op.enroll.
tokenType
.keyGen.signing.overwrite
Specifies if the TPS should overwrite the existing signing certificate. The valid values are
true|false
.
op.enroll.
tokenType
.keyGen.signing.ca.profileId The CA profile that should be used for creating the signing certificate. The default is
caTokenUserSigningKeyEnrollment
.
op.enroll.
tokenType
.keyGen.signing.ca.conn
The CA connection to use. The default value is
ca1
.
op.enroll.
tokenType
.keyGen.encryption.keySize The key size for the encryption key. The recommended setting is
2048
.
op.enroll.
tokenType
.keyGen.encryption.label
The token label for the encryption certificate. The valid values are
$pretty_cuid$
,
$cuid$
,
$msn$
,
$userid$
, and
$profileId$
. These
variables are replaced by the user-supplied information when the certificate is generated.
op.enroll.
tokenType
.keyGen.encryption.cuid_labelThe CUID to show in the certificate.
op.enroll.
tokenType
.keyGen.encryption.overwriteSpecifies if the encryption certificate on the token should be overwritten. The valid values are
true|false
.
op.enroll.
tokenType
.keyGen.encryption.ca.profileId
The CA profile to use for enrolling encryption certificates. The default value is
caTokenUserEncryptionKeyEnrollment
.
op.enroll.
tokenType
.keyGen.encryption.ca.conn The CA connection to use to generate encryption certs. The default value is
ca1
.
op.enroll.
tokenType
.update.applet.emptyToken.enable
Specifies whether TPS should upload an applet to the token when it does not have one. The valid values are
true|false
.
op.enroll.
tokenType
.update.applet.enable
Specifies if applet upgrade is turned on. The valid values are
true|false
.
op.enroll.
tokenType
.update.applet.requiredVersion
The version of the applet to use. It should be the file name of the applet without the
.ijc
extension.
op.enroll.
tokenType
.update.applet.directory
The local filesystem directory where the applets are located.
op.enroll.
tokenType
.update.symmetricKeys.enable
Specifies if the key changeover feature should be enabled. The valid values are
true|false
. When enabled, TPS checks to see the key version
sent by the token matches
symmetricKeys.requiredVersion
.
op.enroll.
tokenType
.update.symmetricKeys.requiredVersion
The required key version.
op.enroll.
tokenType
.loginRequest.enable
Specifies if the login request should be sent to the token. This parameter enables authentication. The valid values are
true|false
.
op.enroll.
tokenType
.pinReset.enable
Specifies if the token's PIN should be reset. The default value is
true
. The valid values are
true|false
.
op.enroll.
tokenType
.pinReset.pin.minLen
The minimum number of characters for the PIN.
op.enroll.
tokenType
.pinReset.pin.maxRetries
The maximum number of times PIN authentication can be attempted on the token before the key is locked. This value is set on the token when the
token is formatted.
op.enroll.
tokenType
.pinReset.pin.maxLen
The maximum number of characters for the PIN.
op.enroll.
tokenType
.tks.conn
The TKS connection to use.
op.enroll.
tokenType
.auth.id
The LDAP authentication instance to use. The default value is
ldap1
.
op.enroll.
tokenType
.auth.enable
Specifies whether to authenticate the user information. The valid values are
true|false
.
Table 5.2. Enrollment Operation Parameters
There are some parameters in the
CS.cfg
file that are set to configure signing and encryption
enrollment operations which should never be altered.
Summary of Contents for CERTIFICATE SYSTEM 8.0 - ADMINISTRATION
Page 42: ...20 ...
Page 43: ...Part I Setting up Certificate Services ...
Page 44: ......
Page 190: ...168 ...
Page 208: ...186 ...
Page 223: ...Part II Additional Configuration to Manage CA Services ...
Page 224: ......
Page 256: ...234 ...
Page 270: ...248 ...
Page 280: ...258 ...
Page 292: ...270 ...
Page 293: ...Part III Managing the Subsystem Instances ...
Page 294: ......
Page 408: ...386 ...
Page 438: ...416 ...
Page 439: ...Part IV References ...
Page 440: ......
Page 503: ...Netscape Defined Certificate Extensions Reference 481 OID 2 16 840 1 113730 13 ...
Page 504: ...482 ...
Page 556: ...534 ...
Page 564: ...542 ...