上一主题: (可选)配置 SCARVES 以使用 OCSP下一主题: 启动和停止 SCARVES

在 CA APM 中使用智能卡身份验证为智能卡身份验证设置 CA APM配置 SCARVES示例 SCARVES 配置文件

示例 SCARVES 配置文件

以下代码示例代表 SCARVESconfig.xml 配置文件的一部分。 它定义了两个后台进程来使用一个 CRL 服务器和一个 LDAP 服务器验证智能卡。

虽然可以在两个选项同时存在的情况下配置 XML,但必须仅为 OCSP 或 CRL 启用配置属性。 

<?xml version="1.0" encoding="UTF-8"?>

<SmartCardService>
<trust-keystore>../keystores/daemontrust</trust-keystore>
<trust-keystore-pass>YEDZLwyEVTnCfzS+rYTfC41UWooJuIbJiHE+ZqKPvUY=</trust-keystore-pass>
<debug>0</debug>

<jvm-arg>-mx1024m</jvm-arg>

<Daemon name="daemon-crl-1" port="9999">
   <keystore>../keystores/daemoncert</keystore>
   <keystore-pass>YEDZLwyEVTnCfzS+rYTfC41UWooJuIbJiHE+ZqKPvUY=</keystore-pass>

   <crl>
    <crl-enabled>true</crl-enabled>
    <crl-dp>false</crl-dp>
    <crl-url />
    <crl-dir>../crls/daemon-crl</crl-dir>
    <crl-poll-int>600</crl-poll-int>
   </crl>
  <ldap>
    <ldap-enabled>true</ldap-enabled>
    <ldap-hostname>host1</ldap-hostname>
    <ldap-port>24000</ldap-port>
    <ldap-ssl>false</ldap-ssl>
    <ldap-base-dn>ou=people,dc=abc,dc=com</ldap-base-dn>
    <ldap-user-dn>uid=JDoe,ou=people,dc=abc,dc=com</ldap-user-dn>
    <ldap-user-pass>05V2irWZg8O39L6ANGic241UWi0JuIbJiHE+ZqKPvUY=</ldap-user-pass>
    <cert-uniqueid-field>subject</cert-uniqueid-field>
    <cert-uniqueid-regex>CN=\w*\.\w*\.(\d+),</cert-uniqueid-regex>
    <ldap-uniqueid-search-field>facsimileTelephoneNumber</ldap-uniqueid-search-field>
  </ldap>
</Daemon>

<Daemon name="daemon-ocsp-1" port="9998">
  <keystore>../keystores/daemoncert</keystore>
  <keystore-pass>YEDZLwyEVTnCfzS+rYTfC41UWooJuIbJiHE+ZqKPvUY=</keystore-pass>

  <ocsp>
    <ocsp-enabled>true</ocsp-enabled>
    <ocsp-aia>false</ocsp-aia>

    <ocsp-cert-alias>ocsp_qacle3</ocsp-cert-alias>

    <ocsp-url>http://qacle3:3501/responder</ocsp-url>
  </ocsp>
  <ldap>
    <ldap-enabled>true</ldap-enabled>
    <ldap-hostname>host1</ldap-hostname>
    <ldap-port>24001</ldap-port>
    <ldap-ssl>false</ldap-ssl>
    <ldap-base-dn>ou=people,dc=abc,dc=com</ldap-base-dn>
    <ldap-user-dn>uid=JDoe,ou=people,dc=abc,dc=com</ldap-user-dn>
    <ldap-user-pass>05V2irWBg8O39H6ANGic377UWooJuIbJiHE+ZqKPvUY=</ldap-user-pass>
    <cert-uniqueid-field>subject</cert-uniqueid-field>
    <cert-uniqueid-regex>CN=\w*\.\w*\.(\d+),</cert-uniqueid-regex>
    <ldap-uniqueid-search-field>facsimileTelephoneNumber</ldap-uniqueid-search-field>
    <ldap-cache-lifetime>300</ldap-cache-lifetime>
  </ldap>
</Daemon>

</SmartCardService>