API tools faq
paste
Advertisement
Guest User

/usr/share/pki/ca/profiles/ca/caIPAserviceCert.cfg

a guest
May 10th, 2016
118
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.17 KB | None | 0 0
raw download clone embed print report
  1. desc=This certificate profile is for enrolling server certificates with IPA-RA agent authentication.
  2. visible=false
  3. enable=true
  4. enableBy=admin
  5. auth.instance_id=raCertAuth
  6. name=IPA-RA Agent-Authenticated Server Certificate Enrollment
  7. input.list=i1,i2
  8. input.i1.class_id=certReqInputImpl
  9. input.i2.class_id=submitterInfoInputImpl
  10. output.list=o1
  11. output.o1.class_id=certOutputImpl
  12. policyset.list=serverCertSet
  13. policyset.serverCertSet.list=1,2,3,4,5,6,7,8
  14. policyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl
  15. policyset.serverCertSet.1.constraint.name=Subject Name Constraint
  16. policyset.serverCertSet.1.constraint.params.pattern=CN=[^,]+,.+
  17. policyset.serverCertSet.1.constraint.params.accept=true
  18. policyset.serverCertSet.1.default.class_id=subjectNameDefaultImpl
  19. policyset.serverCertSet.1.default.name=Subject Name Default
  20. policyset.serverCertSet.1.default.params.name=CN=$request.req_subject_name.cn$, OU=pki-ipa, O=IPA
  21. policyset.serverCertSet.2.constraint.class_id=validityConstraintImpl
  22. policyset.serverCertSet.2.constraint.name=Validity Constraint
  23. policyset.serverCertSet.2.constraint.params.range=740
  24. policyset.serverCertSet.2.constraint.params.notBeforeCheck=false
  25. policyset.serverCertSet.2.constraint.params.notAfterCheck=false
  26. policyset.serverCertSet.2.default.class_id=validityDefaultImpl
  27. policyset.serverCertSet.2.default.name=Validity Default
  28. policyset.serverCertSet.2.default.params.range=731
  29. policyset.serverCertSet.2.default.params.startTime=0
  30. policyset.serverCertSet.3.constraint.class_id=keyConstraintImpl
  31. policyset.serverCertSet.3.constraint.name=Key Constraint
  32. policyset.serverCertSet.3.constraint.params.keyType=RSA
  33. policyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096
  34. policyset.serverCertSet.3.default.class_id=userKeyDefaultImpl
  35. policyset.serverCertSet.3.default.name=Key Default
  36. policyset.serverCertSet.4.constraint.class_id=noConstraintImpl
  37. policyset.serverCertSet.4.constraint.name=No Constraint
  38. policyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl
  39. policyset.serverCertSet.4.default.name=Authority Key Identifier Default
  40. policyset.serverCertSet.5.constraint.class_id=noConstraintImpl
  41. policyset.serverCertSet.5.constraint.name=No Constraint
  42. policyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl
  43. policyset.serverCertSet.5.default.name=AIA Extension Default
  44. policyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true
  45. policyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName
  46. policyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=
  47. policyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1
  48. policyset.serverCertSet.5.default.params.authInfoAccessCritical=false
  49. policyset.serverCertSet.5.default.params.authInfoAccessNumADs=1
  50. policyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl
  51. policyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint
  52. policyset.serverCertSet.6.constraint.params.keyUsageCritical=true
  53. policyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true
  54. policyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true
  55. policyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true
  56. policyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true
  57. policyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false
  58. policyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false
  59. policyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false
  60. policyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false
  61. policyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false
  62. policyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl
  63. policyset.serverCertSet.6.default.name=Key Usage Default
  64. policyset.serverCertSet.6.default.params.keyUsageCritical=true
  65. policyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true
  66. policyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true
  67. policyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true
  68. policyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true
  69. policyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false
  70. policyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false
  71. policyset.serverCertSet.6.default.params.keyUsageCrlSign=false
  72. policyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false
  73. policyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false
  74. policyset.serverCertSet.7.constraint.class_id=noConstraintImpl
  75. policyset.serverCertSet.7.constraint.name=No Constraint
  76. policyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl
  77. policyset.serverCertSet.7.default.name=Extended Key Usage Extension Default
  78. policyset.serverCertSet.7.default.params.exKeyUsageCritical=false
  79. policyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2
  80. policyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl
  81. policyset.serverCertSet.8.constraint.name=No Constraint
  82. policyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC
  83. policyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl
  84. policyset.serverCertSet.8.default.name=Signing Alg
  85. policyset.serverCertSet.8.default.params.signingAlg=-
  86. policyset.serverCertSet.9.constraint.class_id=noConstraintImpl
  87. policyset.serverCertSet.9.constraint.name=No Constraint
  88. policyset.serverCertSet.9.default.class_id=crlDistributionPointsExtDefaultImpl
  89. policyset.serverCertSet.9.default.name=CRL Distribution Points Extension Default
  90. policyset.serverCertSet.9.default.params.crlDistPointsCritical=false
  91. policyset.serverCertSet.9.default.params.crlDistPointsNum=1
  92. policyset.serverCertSet.9.default.params.crlDistPointsEnable_0=true
  93. policyset.serverCertSet.9.default.params.crlDistPointsIssuerName_0=
  94. policyset.serverCertSet.9.default.params.crlDistPointsIssuerType_0=
  95. policyset.serverCertSet.9.default.params.crlDistPointsPointName_0=https://ipa.example.com/ipa/crl/MasterCRL.bin
  96. policyset.serverCertSet.9.default.params.crlDistPointsPointType_0=URIName
  97. policyset.serverCertSet.9.default.params.crlDistPointsReasons_0=
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!