forked from certnanny/sscep
-
Notifications
You must be signed in to change notification settings - Fork 2
/
sscep.conf
106 lines (78 loc) · 2.08 KB
/
sscep.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
#
# sscep.conf -- configuration file for SSCEP
#
# All configuration options are key-value pairs separated with one
# or more space characters:
#
# "Key" [spaces] "Value"
#
# Quotation marks are optional - they are needed only if the value contains
# space characters (space or tab). Quotation marks inside the value string
# must be escaped using a backslash:
#
# "Key" [spaces] "Value \"containing quotation marks\""
#
# Comment lines (lines starting with '#') and empty lines are discarded.
#
#
# Common options for all operations
#
# URL of the SCEP server.
URL http://localhost/cgi-bin/pkiclient.exe
# Use HTTP proxy server
#Proxy localhost:8080
# This is one is needed with all operations.
CACertFile ./ca.crt
# Possible values: yes or no.
Verbose no
Debug no
#
# Options for getca
#
# Some CAs require you to define this
#CAIdentifier "CA Identifier"
# Display fingerprint algorithm (md5/sha1)
FingerPrint md5
#
# Common options for enroll, getcert and getcrl
#
# Private key created with mkrequest
PrivateKeyFile ./local.key
# Where to write successfully enrolled certificate
LocalCertFile ./local.crt
# If your CA/RA uses a different certificates for encyption
# and signing, define this
#EncCertFile ./enc.crt
# PKCS#7 encryption/signing
# Note: this could be very misleading, current SCEP draft provides no
# mechanism to "negotiate" the algorithm - even if you send 3des, reply
# might be des.
# Encryption algorithm: des, 3des or blowfish. Default: des
#EncAlgorithm 3des
# Signature algorithm: md5 or sha1. Default: md5
#SigAlgorithm sha1
#
# Options for enroll
#
# Certificate request file created with mkrequest
CertReqFile ./local.csr
# Write optionally the selfsigned certificate in file
#SelfSignedFile ./selfsigned.crt
# Poll periodically for pending certificate (seconds)
PollInterval 60
# Maximum polling time
MaxPollTime 28800
# Maximum polling count
MaxPollCount 256
#
# Options for getcert
#
# Certificate serial number (decimal)
GetCertSerial 1
# Write certificate as
GetCertFile ./cert.crt
#
# Options for getcrl
#
# Write CRL as
GetCrlFile ./crl.crl