The domain.xml File
107
registry. The security domain service in Certificate System manages both the registration of PKI
services for Certificate System subsystems and a set of shared trust policies.
The registry provides a complete view of all PKI services provided by the subsystems within that
domain. Each Certificate System subsystem must be either a host or a member of a security domain.
A CA subsystem is the only subsystem which can host a security domain. The security domain shares
the CA internal database for privileged user and group information to determine which users can
update the security domain, register new PKI services, and issue certificates.
4.4.1. The domain.xml File
The security domain registry is an XML file,
domain.xml
, which is hosted on a designated CA.
The
domain.xml
file is created when the CA is configured as the security domain host, and every
subsystem which is added to the domain is added as an entry to the registry. The
domain.xml
file
looks like the following example:
<?xml version="1.0" encoding="UTF-8"?>
<DomainInfo><Name>Example Domain</Name>
<KRAList>
<KRA>
<SubsystemName>rhpki-kra</SubsystemName>
<Host>server.example.com</Host>
<SecurePort>10443</SecurePort>
<DomainManager>false</DomainManager>
<Clone>false</Clone>
</KRA>
<SubsystemCount>1</SubsystemCount>
</KRAList>
<TPSList>
<SubsystemCount>0</SubsystemCount>
</TPSList>
<OCSPList>
<OCSP>
<SubsystemName>rhpki-ocsp</SubsystemName>
<Host>server.example.com</Host>
<SecurePort>11443</SecurePort>
<DomainManager>false</DomainManager>
<Clone>false</Clone>
</OCSP>
<SubsystemCount>1</SubsystemCount>
</OCSPList>
<RAList>
<SubsystemCount>0</SubsystemCount>
</RAList>
<TKSList>
<TKS>
<SubsystemName>rhpki-tks</SubsystemName>
<Host>server.example.com</Host>
<SecurePort>13443</SecurePort>
<DomainManager>false</DomainManager>
<Clone>false</Clone>
</TKS>
<SubsystemCount>1</SubsystemCount>
</TKSList>
Содержание CERTIFICATE SYSTEM 7.2 - MIGRATION GUIDE
Страница 36: ...Chapter 1 Overview 16 Figure 1 4 Certificate System Architecture ...
Страница 144: ...124 ...
Страница 160: ...140 ...
Страница 208: ...188 ...
Страница 210: ...190 ...
Страница 256: ...236 ...
Страница 282: ...Chapter 12 Certificate Profiles 262 Parameter IssuerName_n IssuerType_n ...
Страница 285: ...Freshest CRL Extension Default 265 Parameter PointName_n PointIssuerName_n ...
Страница 335: ...Configuring Mappers 315 Figure 14 9 Selecting a New Mapper Type 6 Edit the mapper instance and click OK ...
Страница 362: ...342 ...
Страница 376: ...356 ...
Страница 436: ...416 ...
Страница 490: ...470 ...
Страница 504: ...484 ...