|
The environment variables contained in pkiserv.envars and
their values are: - _PKISERV_CA_DOMAIN
- Specifies the CA domain. The first eight characters must be unique.
The first eight characters of the CA domain name are limited to the
following character set: alphanumeric characters (a-z, A-Z, 0-9)
and the hyphen (-). In addition, the first character
must not be a number or hyphen.
Example:_PKISERV_CA_DOMAIN=WebAppCA
- _PKISERV_CONFIG_PATH
- Specifies the path name for the directory
containing the configuration file, pkiserv.conf,
and the certificate template file, pkiserv.tmpl for
this CA domain. The default value (if you do not set the environment
variable) is /etc/pkiserv.
Guideline: Copy both of these files from the
install directory, /usr/lpp/pkiserv/samples,
before making any changes.
Note: Because the PKISERV CGIs run
in an IBM HTTP Server address
space, if the pkiserv.tmpl file is not in its
default location of /etc/pkiserv/pkiserv.tmpl,
you need to add the _PKISERV_CONFIG_PATH variable
to the IBM HTTP Server environment
variable file. - If you are using IBM® HTTP
Server V7.0, the environment variables are added to the configuration
files using the SetEnv directive.
- If you are using IBM HTTP
Server V5.3, the environment variables file is usually in /etc/httpd.envvars.
PKI Services uses two instances of the IBM HTTP
Server. If the two servers are using different environment variables
files, you must update both files.
- _PKISERV_EXIT
- Specifies the full path name for the installation-provided PKI
exit program that the PKI Services daemon invokes
to perform autorenew preprocessing or postprocessing. (This exit is
a UNIX-executable program or shell script.) If you do not define this
variable or if it contains a null value, the PKI autorenew exit processing
is disabled.
Note: The _PKISERV_EXIT environment variable
is also used by the PKI Services CGI scripts to specify an exit program
to be used by the Web application. The PKI Services CGI scripts
run in an IBM HTTP Server address
space, so you must specify the _PKISERV_EXIT environment
variable in the IBM HTTP Server environment
variables file. - If you are using IBM HTTP
Server V7.0, the environment variables are added to the configuration
files using the SetEnv Directive.
- If you are using IBM HTTP
Server V5.3, the environment variables file is usually /etc/httpd.envvars.
PKI Services uses two instances of the IBM HTTP Server. If
the two servers are using different environment variables files, you
must update both files.
- _PKISERV_MSG_LOGGING
- Values
include:
- STDOUT_LOGGING
- Indicates
writing all messages (verbose, diagnostic, informational, warning,
error, and severe) to STDOUT and additionally writing the error and
severe messages to STDERR. This is the default if the environment
variable is not set.
- STDERR_LOGGING
- Indicates
writing verbose, diagnostic, informational, and warning messages to
STDOUT and writing error and severe messages to STDERR.
- _PKISERV_MSG_LEVEL
- Specifies the subcomponent and message level
to log. Messages for a particular subcomponent are logged only if
the message level is greater than or equal to the specified level
for that subcomponent. You can use an asterisk (*)
to indicate all subcomponents. The subcomponent list consists of a
subcomponent name and a message level separated by a period (.).
For
example, the following sets the message level for all subcomponents
to log warning messages or higher. (This is the default setting.)
Example:_PKISERV_MSG_LEVEL=*.W
You
can specify multiple subcomponents by separating entries with a comma
(,). For example, the following indicates that all
subcomponents are set to message level W (warning) and that
the PKID subcomponent is set to message level D (diagnostic).
Example: _PKISERV_MSG_LEVEL=*.W,PKID.D
The
subcomponents are: Subcomponent |
Meaning |
---|
* |
The wildcard character (represents all subcomponents) |
CORE |
The core functions of PKI Services that are
not specific to the other subcomponents |
DB |
Activity related to the object store or issued
certificate list repositories |
LDAP |
LDAP posting operations |
PKID |
The PKI Services daemon
address setup and infrastructure |
POLICY |
Certificate creation and revocation policy processing |
SAF |
SAF key ring, OCEP, and R_datalib calls |
TPOLICY |
Trust policy plug-in processing |
The message levels are listed hierarchically: Debug level |
Meaning |
---|
S |
This indicates logging only severe messages. |
E |
This indicates logging severe and error messages. |
W |
This indicates logging severe, error, and warning
messages. This is the default message level for all subcomponents
if you do not set the environment variable. |
I |
This indicates logging severe, error, warning,
and informational messages. |
D |
This indicates logging severe, error, warning,
informational, and diagnostic messages. |
V |
This indicates logging all messages,
including verbose diagnostic messages. This is very verbose. Guideline: Do
not use V level unless IBM support
personnel instruct you to do so.
|
- _PKISERV_VARDIR
- Specifies the pathname for a directory in which PKI Services will
write persistent data. The maximum length of the pathname is 256 characters,
including the trailing /. The default value (if you
do not set the environment variable) is /var/pkiserv.
- _PKISERV_ENABLE_JSP
- Specifies whether you use the JSP interface and XML templates
for PKI Services Web
pages, or the REXX CGI execs and text templates. Set to TRUE to use
the JSP interface. The default (if you do not set the environment
variable) is to use the REXX CGI exec interface.
|