# entries applicable to both keyclient and keyserver: ##################################################### keymgt_uri: https://pubcookie.example.edu:2222 ssl_key_file: /etc/pki/tls/private/localhost.key ssl_cert_file: /etc/pki/tls/certs/localhost.crt ssl_ca_file: /etc/pki/tls/certs/server-chain.crt # entries specific to keyserver only: # (uncomment, editing as needed) ##################################### ###################################### # ATTENTION: On the server, please make sure the file pointed to by the # 'ssl_key_file' statement is owned by the user running the web server # (e.g., 'apache' on Fedora). By default, that file may be owned by root # and read before httpd switches UIDs to 'apache', but then pubcookie's # 'index.cgi' script will not be able to read it ! ###################################### # login server config #login_uri: https://pubcookie.example.edu/login_demo/ #login_host: pubcookie.example.edu #enterprise_domain: .example.edu #logout_prog: /logout/index.cgi # keyserver config #keyserver_client_list: login.example.edu trusted.example.edu # the credential verifier used by the basic flavor #basic_verifier: alwaystrue # granting keypair: #granting_key_file: /etc/pki/tls/private/localhost.key #granting_cert_file: /etc/pki/tls/certs/localhost.crt # 1 is a good starting point #logging_level: 1 # site-specific policies #default_l_expire: 8h #form_expire_time: 120