/usr/share/pki/etc/pki.conf is in pki-base 10.6.0-1ubuntu2.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 | #
# default PKI configuration
#
# Java home
JAVA_HOME=/usr/share/pki/java-home
export JAVA_HOME
# JNI jar file location
JNI_JAR_DIR=/usr/share/java
export JNI_JAR_DIR
# PKI library
PKI_LIB=/usr/share/pki/lib
export PKI_LIB
# RESTEasy library
RESTEASY_LIB="/usr/share/java/"
export RESTEASY_LIB
# NSS database format
NSS_DEFAULT_DB_TYPE="sql"
export NSS_DEFAULT_DB_TYPE
# logging configuration location
PKI_LOGGING_CONFIG=/usr/share/pki/etc/logging.properties
export PKI_LOGGING_CONFIG
# PKI CLI options
PKI_CLI_OPTIONS=
export PKI_CLI_OPTIONS
# SSL version ranges
# Valid values: SSL_3_0, TLS_1_0, TLS_1_1, TLS_1_2
SSL_STREAM_VERSION_MIN="TLS_1_0"
export SSL_STREAM_VERSION_MIN
SSL_STREAM_VERSION_MAX="TLS_1_2"
export SSL_STREAM_VERSION_MAX
SSL_DATAGRAM_VERSION_MIN="TLS_1_1"
export SSL_DATAGRAM_VERSION_MIN
SSL_DATAGRAM_VERSION_MAX="TLS_1_2"
export SSL_DATAGRAM_VERSION_MAX
# SSL default ciphers
# This boolean parameter determines whether to enable default SSL ciphers.
SSL_DEFAULT_CIPHERS="true"
export SSL_DEFAULT_CIPHERS
# SSL ciphers
# This parameter lists SSL ciphers to enable/disable in addition to the default ciphers.
# The list contains IANA-registered cipher names or hex IDs separated by white spaces.
# https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-4
# To disable a cipher, specify a "-" sign in front of the cipher name or ID.
SSL_CIPHERS=""
export SSL_CIPHERS
# Key wrapping parameter set
# This parameter specifies the encryption and key wrapping algorithms to use
# when storing secrets in the KRA, or creating CRMF data using CRMFPopClient.
#
# Parameter sets are:
# O: (legacy, for interacting with pre-10.4 servers)
# Encryption Algorithm: DES3_CBC
# Padding: PKCS#1.5 Padding
# Key Wrapping: DES3_CBC_PAD
# 1: AES (default for 10.4+ servers)
# Encryption Algorithm: AES_128_CBC
# Padding: PKCS#1.5 Padding
# Key Wrapping: AES KeyWrap with Padding
KEY_WRAP_PARAMETER_SET=1
export KEY_WRAP_PARAMETER_SET
# Auto-enable subsystems
# This boolean parameter determines whether to automatically enable all
# subsystems on startup.
PKI_SERVER_AUTO_ENABLE_SUBSYSTEMS="true"
export PKI_SERVER_AUTO_ENABLE_SUBSYSTEMS
|