uts-server/docs/configure.rst

Configuration Parameters

Section [ main ]

Main configuration section (mostly http configuration).

Parameter	Description	Example Value
access_control_allow_origin	Comma separated list of IP subnets to accept/deny Ex: -0.0.0.0/0,+192.168.0.0/16 (deny all accesses, only allow 192.168.0.0/16 subnet)	-0.0.0.0/0,+192.168/16
enable_keep_alive	Allows clients to reuse TCP connection for subsequent HTTP requests, which improves performance.	no
listening_ports	Comma-separated list of IP:port tuples to listen on. If the port is SSL, a letter s must be appended. Ex: listening_ports = 80,443s	127.0.0.1:2020
log_level	Loglevel (debug, info, notice, warn, err, emerg, crit)	info
num_threads	Number of worker threads.	50
request_timeout_ms	Timeout for network read and network write operations. In milliseconds.	30000
run_as_user	Switch to given user credentials after startup. Required to run on privileged ports as non root user.	uts-server
ssl_ca_file	Path to a .pem file containing trusted certificates. The file may contain more than one certificate.	/etc/uts-server/ca.pem
ssl_ca_path	Name of a directory containing trusted CA certificates.	/etc/ssl/ca/
ssl_certificate	Path to the SSL certificate file . PEM format must contain private key and certificate.	/etc/uts-server/cert.pem
ssl_cipher_list	See https://www.openssl.org/docs/manmaster/apps/ciphers.html for more detailed	ALL:!eNULL
ssl_default_verify_paths	Loads default trusted certificates locations set at OpenSSL compile time.	yes
ssl_protocol_version	Sets the minimal accepted version of SSL/TLS protocol according to the table: SSL2+SSL3+TLS1.0+TLS1.1+TLS1.2 -> 0 SSL3+TLS1.0+TLS1.1+TLS1.2 -> 1 TLS1.0+TLS1.1+TLS1.2 -> 2 TLS1.1+TLS1.2 -> 3 TLS1.2 -> 4	3
ssl_short_trust	Enables the use of short lived certificates	no
ssl_verify_depth	Sets maximum depth of certificate chain. If client's certificate chain is longer than the depth set here connection is refused.	9
ssl_verify_peer	Enable client's certificate verification by the server.	yes
tcp_nodelay	Enable TCP_NODELAY socket option on client connections.	0
throttle	Limit download speed for clients. Throttle is a comma-separated list of key=value pairs: * -> limit speed for all connections x.x.x.x/mask -> limit speed for specified subnet The value is a floating-point number of bytes per second, optionally followed by a k or m character meaning kilobytes and megabytes respectively. A limit of 0 means unlimited rate. Ex: throttle = *=1k,10.10.0.0/16=10m,10.20.0.0/16=0	*=0

Section [ oids ]

Section for declaring OID mapping. Just add <name> = <OID> pairs.

Parameter	Description	Example Value
tsa_policy1		1.2.3.4.1
tsa_policy2		1.2.3.4.5.6
tsa_policy3		1.2.3.4.5.7

Section [ tsa ]

Section defining which TSA section to use.

Parameter	Description	Example Value
default_tsa	Name of the TSA section to use as default.	tsa_config1

Section [ tsa_config1 ]

Example of Time-Stamp section configuration.

Parameter	Description	Example Value
accuracy	Time-Stamp accuracy. (optional)	secs:1, millisecs:500, microsecs:100
certs	Certificate chain to include in reply. (optional)	$dir/cacert.pem
clock_precision_digits	Number of decimals for Time-Stamp. (optional)	0
crypto_device	OpenSSL engine to use for signing.	builtin
default_policy	Policy if request did not specify it. (optional)	tsa_policy1
digests	Acceptable message digests. (mandatory)	md5, sha1
dir	TSA root directory.	/etc/uts-server/pki
ess_cert_id_chain	Must the ESS cert id chain be included? (optional, default: no)	no
ordering	Is ordering defined for timestamps? (optional, default: no)	yes
other_policies	Acceptable policies. (optional)	tsa_policy2, tsa_policy3
signer_cert	The TSA signing certificat. (optional)	$dir/tsacert.pem
signer_key	The TSA private key. (optional)	$dir/private/tsakey.pem
tsa_name	Must the TSA name be included in the reply? (optional, default: no)	yes

Full Configuration File

../conf/uts-server.cnf