KB Article #181199
What is the format of the vpublish.ini file?
PHPWord
Problem
What is the format of the vpublish.ini file mentioned in section “Upload CRL import configuration” of the VA admin guide?
Resolution
You can import a group of CRL import locations by using the button “Upload Config” on the CRL Import page. The details of the CRL locations are specified in a vpublish.ini file. This file originally was the configuration file of VA Publisher which was a separate product but now has been integrated into VA server.
The original vpublish.ini contained a lot more information than the parameters listed below but other fields don’t seem to be relevant in this context.
The import sections (INPUT_SECTION_<number>) can also be taken from the valicert.ini configuration file. All fields that are not used by the import functionality are ignored.
There are two sections in vpublish.ini which are relevant for importing CRL locations – the Master section and the Input section.
The Master (or global) section contains parameters used by all following Input sections. Some Master parameters may occur in an Input section too. These parameters override the Master section value. Otherwise, the Master section value applies globally to all input sections.
Input section parameters define the parameters needed for a CRL import location. There can be multiple input sections, depending on the number of CRL data sources you want to import.
Detailed description of parameters used by the “Upload Config” functionality:
Master section
|
Parameter |
Description |
Default value |
|
SCHEDULE_CRON_STRING |
Defines the CRON specifications for all input/output locations, but can be overwritten in individual sections Format is: • minutes: 1-60 • separator: space or tab • [hours] (1-24 or *) • separator: space or tab • daysofmonth: 1-31 or * • separator: space or tab • months: 1-12 or * • separator: space or tab • daysofweek: 0-6 or * • separator: space or tab • year: * |
None, optional |
|
NUM_INPUT_LOCATIONS |
Number of input sections in the ini file. Create an input section for each source of revocation data |
1, mandatory |
|
READ_TIME_OUT |
Number of seconds to wait when reading data from an HTTP source |
60, optional |
|
NETWORK_TIMEOUT |
Connection timeout in seconds for HTTP location |
20, optional |
|
RETRY_COUNT |
Number of times the VA Publisher attempts to retry on failed fetch or publish |
3, optiomal |
|
RETRY_FREQUENCY |
Time interval in minutes between error retries |
5, optional |
Input section
Parameter | Description | Default value |
[INPUT_SECTION_n] | Each input to VA Publisher requires an input section in the ini file. This variable is the name of the Input section. Allowable values of n are positive integers. | None, mandatory |
LOCATION | Location from where revocation data is fetched, specified as a URLs. The general format for this variable includes the nine parameters listed in the following table. | None, mandatory |
SCHEDULE_CRON_STRING | If present, overrides value in Master section. | None, optional |
READ_TIME_OUT | Number of seconds to wait when reading data from an HTTP source | 60, optional |
NETWORK_TIMEOUT | Connection timeout in seconds for HTTP location | 20, optional |
RETRY_COUNT | Number of times the VA Publisher attempts to retry on failed fetch or publish | 3, optional |
RETRY_FREQUENCY | Time interval in minutes between error retries | 5, optional |
URL Parameters for the input LOCATION variable
Parameter | Description |
format | Format of data fetched from this location: • CRL • PKCS7 |
encoding | Encoding of the data fetched form this location: • DER • HEX • BASE64 |
protocol | Protocol for data fetched from this location: • HTTP • HTTPS • LDAP • FTP • FTPS • FILE |
userid | User ID to authenticate to an LDAP database to fetch data (for LDAP only) |
password | Password to authenticate to an LDAP database to fetch data (for LDAP only) |
host | Host for this location |
port | Port for this location. Common values: 80 for HTTP, 443 for HTTPS, 3089 for LDAP |
location | Location from where the revocation data is fetched LDAP—the CA DN HTTP/S—the file location FILE—the full file path |
attribute | The LDAP attribute for the LDAP protocol (for LDAP only) |
Note: This is a technical description of the parameters, not all combinations will work. Please stay with the details you see in the example below or the values you find in valicert.ini.
Example of file that can be used to import CRL locations:
[VAPUBLISHER]
SCHEDULE_CRON_STRING=0 12 * * * *
NUM_INPUT_LOCATIONS=3
READ_TIME_OUT=400
NETWORK_TIMEOUT=500
RETRY_COUNT=5
RETRY_FREQUENCY=10
[INPUT_SECTION_1]
LOCATION=CRL;binary;https://crl.gds.disa.mil/getcrl?DOD%20ID%20CA-33
[INPUT_SECTION_2]
LOCATION=CRL;binary;https://crl.gds.disa.mil/getcrl?DOD%20ID%20CA-34
READ_TIME_OUT=600
NETWORK_TIMEOUT=300
[INPUT_SECTION_3]
LOCATION=CRL;DER;ldaps://crl.chamb.disa.mil:636/CN=DOD EMAIL CA-42,ou=PKI,ou=DoD,o=U.S. Government,c=US?certificateRevocationList;binary
SCHEDULE_CRON_STRING=0 0,4,12,16,20 * * * *
RETRY_COUNT=3
RETRY_FREQUENCY=5