Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- desc=This certificate profile is for enrolling server certificates with IPA-RA agent authentication.
- visible=false
- enable=true
- enableBy=admin
- auth.instance_id=raCertAuth
- name=IPA-RA Agent-Authenticated Server Certificate Enrollment
- input.list=i1,i2
- input.i1.class_id=certReqInputImpl
- input.i2.class_id=submitterInfoInputImpl
- output.list=o1
- output.o1.class_id=certOutputImpl
- policyset.list=serverCertSet
- policyset.serverCertSet.list=1,2,3,4,5,6,7,8
- policyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl
- policyset.serverCertSet.1.constraint.name=Subject Name Constraint
- policyset.serverCertSet.1.constraint.params.pattern=CN=[^,]+,.+
- policyset.serverCertSet.1.constraint.params.accept=true
- policyset.serverCertSet.1.default.class_id=subjectNameDefaultImpl
- policyset.serverCertSet.1.default.name=Subject Name Default
- policyset.serverCertSet.1.default.params.name=CN=$request.req_subject_name.cn$, OU=pki-ipa, O=IPA
- policyset.serverCertSet.2.constraint.class_id=validityConstraintImpl
- policyset.serverCertSet.2.constraint.name=Validity Constraint
- policyset.serverCertSet.2.constraint.params.range=740
- policyset.serverCertSet.2.constraint.params.notBeforeCheck=false
- policyset.serverCertSet.2.constraint.params.notAfterCheck=false
- policyset.serverCertSet.2.default.class_id=validityDefaultImpl
- policyset.serverCertSet.2.default.name=Validity Default
- policyset.serverCertSet.2.default.params.range=731
- policyset.serverCertSet.2.default.params.startTime=0
- policyset.serverCertSet.3.constraint.class_id=keyConstraintImpl
- policyset.serverCertSet.3.constraint.name=Key Constraint
- policyset.serverCertSet.3.constraint.params.keyType=RSA
- policyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096
- policyset.serverCertSet.3.default.class_id=userKeyDefaultImpl
- policyset.serverCertSet.3.default.name=Key Default
- policyset.serverCertSet.4.constraint.class_id=noConstraintImpl
- policyset.serverCertSet.4.constraint.name=No Constraint
- policyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl
- policyset.serverCertSet.4.default.name=Authority Key Identifier Default
- policyset.serverCertSet.5.constraint.class_id=noConstraintImpl
- policyset.serverCertSet.5.constraint.name=No Constraint
- policyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl
- policyset.serverCertSet.5.default.name=AIA Extension Default
- policyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true
- policyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName
- policyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=
- policyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1
- policyset.serverCertSet.5.default.params.authInfoAccessCritical=false
- policyset.serverCertSet.5.default.params.authInfoAccessNumADs=1
- policyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl
- policyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint
- policyset.serverCertSet.6.constraint.params.keyUsageCritical=true
- policyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true
- policyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true
- policyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true
- policyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true
- policyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false
- policyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false
- policyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false
- policyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false
- policyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false
- policyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl
- policyset.serverCertSet.6.default.name=Key Usage Default
- policyset.serverCertSet.6.default.params.keyUsageCritical=true
- policyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true
- policyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true
- policyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true
- policyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true
- policyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false
- policyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false
- policyset.serverCertSet.6.default.params.keyUsageCrlSign=false
- policyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false
- policyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false
- policyset.serverCertSet.7.constraint.class_id=noConstraintImpl
- policyset.serverCertSet.7.constraint.name=No Constraint
- policyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl
- policyset.serverCertSet.7.default.name=Extended Key Usage Extension Default
- policyset.serverCertSet.7.default.params.exKeyUsageCritical=false
- policyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2
- policyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl
- policyset.serverCertSet.8.constraint.name=No Constraint
- policyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC
- policyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl
- policyset.serverCertSet.8.default.name=Signing Alg
- policyset.serverCertSet.8.default.params.signingAlg=-
- policyset.serverCertSet.9.constraint.class_id=noConstraintImpl
- policyset.serverCertSet.9.constraint.name=No Constraint
- policyset.serverCertSet.9.default.class_id=crlDistributionPointsExtDefaultImpl
- policyset.serverCertSet.9.default.name=CRL Distribution Points Extension Default
- policyset.serverCertSet.9.default.params.crlDistPointsCritical=false
- policyset.serverCertSet.9.default.params.crlDistPointsNum=1
- policyset.serverCertSet.9.default.params.crlDistPointsEnable_0=true
- policyset.serverCertSet.9.default.params.crlDistPointsIssuerName_0=
- policyset.serverCertSet.9.default.params.crlDistPointsIssuerType_0=
- policyset.serverCertSet.9.default.params.crlDistPointsPointName_0=https://ipa.example.com/ipa/crl/MasterCRL.bin
- policyset.serverCertSet.9.default.params.crlDistPointsPointType_0=URIName
- policyset.serverCertSet.9.default.params.crlDistPointsReasons_0=
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement