|[Front page] [Index]|
Certifier Engine Configuration File
The adjustable parameters of the
engine.conf are the following:
The ODBC data source name of the database connection. When used outside the embedded Certifier Database, the value of this parameter needs to be the DSN of the appropriate database.
The address and the port that Certifier Engine listens to.
This parameter defines whether TLS is being used between Certifier Servers and Certifier Engine. For insecure configuration this is set to false.
The location of the PID files.
The maximum number of concurrent publishing attempts. If this limit is reached, the publication status of the oldest unpublished certificate is set as
failedand the certificate publication will not be automatically tried again. This limit does not concern CRL publishing.
CRL generation is usually quite fast (typically a couple of seconds), but with extremely large databases or overloaded systems it may require more time. Because of this, CRL generation is always started before the actual update time. This variable specifies the maximum advance time. The value is defined in seconds.
One of the certificate statuses in the system is
expired. A certificate is marked with this status after its validity period has ended. This status is used only as a method of optimization, as it divides the certificate set in the database and enables more efficient searches for valid certificates.
This status cannot feasibly be updated in real time, but is done in batches instead. This variable controls the period between the times that these batches are run. Usually the value is set to one hour or less. The shorter the period, the more accurate the
In some cases the actual CRL generation may be unnecessary. But even in those cases it might occasionally be useful to see the 'current' CRL. If the CRL update period is set to zero (meaning that the CRL distribution point is disabled), requesting the current CRL will generate a new CRL on the fly, with the validity period starting at the current time and ending after the value specified for
dynamic-crl-validity-period, which is given in seconds.
When several CAs in the system publish CRLs frequently, the size of Certifier Database can increase significantly. By defining
keep-old-crlsas false, CRLs are not stored in the database. The default value is true. Please note that non-repudiation may require storing CRLs in order to enable later verification of a signature.
[Front page] [Index]