--- custom_oids: - :oid: 2.5.4.15 :short_name: businessCategory :long_name: Business Category - :oid: 1.3.6.1.4.1.311.60.2.1.2 :short_name: jurisdictionOfIncorporationStateOrProvinceName certificate_authorities: test_ca: ca_cert: cert: spec/fixtures/test_ca.cer key: spec/fixtures/test_ca.key ocsp_cert: pkcs12: spec/fixtures/test_ca_ocsp.p12 password: r509 crl_cert: pkcs12: spec/fixtures/test_ca_crl.p12 password: r509 ocsp_chain: spec/fixtures/test_ca_ocsp_chain.txt ocsp_start_skew_seconds: 3600 ocsp_validity_hours: 168 crl_list_file: spec/fixtures/test_ca_crl_list.txt crl_number_file: spec/fixtures/test_ca_crl_number.txt crl_validity_hours: 168 crl_md: SHA256 profiles: server: basic_constraints: :ca: false :critical: true key_usage: :critical: false :value: - digitalSignature - keyEncipherment extended_key_usage: :critical: false :value: - serverAuth subject_item_policy: CN: :policy: required O: :policy: required OU: :policy: optional ST: :policy: required C: :policy: required L: :policy: match :value: My Locality Requirement authority_info_access: :critical: true :ocsp_location: - :type: URI :value: http://ocsp.domain.com :ca_issuers_location: - :type: URI :value: http://domain.com/ca.html crl_distribution_points: :value: - :type: URI :value: http://crl.domain.com/test_ca.crl default_md: SHA256 allowed_mds: - SHA256 - SHA512 client: basic_constraints: :ca: false key_usage: :value: - digitalSignature - keyEncipherment extended_key_usage: :value: - clientAuth authority_info_access: :critical: true :ocsp_location: - :type: URI :value: http://ocsp.domain.com :ca_issuers_location: - :type: URI :value: http://domain.com/ca.html crl_distribution_points: :value: - :type: URI :value: http://crl.domain.com/test_ca.crl default_md: SHA256 allowed_mds: - SHA256 - SHA512 email: basic_constraints: :ca: false key_usage: :value: - digitalSignature - keyEncipherment extended_key_usage: :value: - emailProtection authority_info_access: :critical: true :ocsp_location: - :type: URI :value: http://ocsp.domain.com :ca_issuers_location: - :type: URI :value: http://domain.com/ca.html crl_distribution_points: :value: - :type: URI :value: http://crl.domain.com/test_ca.crl default_md: SHA256 allowed_mds: - SHA256 - SHA512 clientserver: basic_constraints: :ca: false key_usage: :value: - digitalSignature - keyEncipherment extended_key_usage: :value: - serverAuth - clientAuth authority_info_access: :critical: true :ocsp_location: - :type: URI :value: http://ocsp.domain.com :ca_issuers_location: - :type: URI :value: http://domain.com/ca.html crl_distribution_points: :value: - :type: URI :value: http://crl.domain.com/test_ca.crl default_md: SHA256 allowed_mds: - SHA256 - SHA512 codesigning: basic_constraints: :ca: false key_usage: :value: - digitalSignature extended_key_usage: :value: - codeSigning authority_info_access: :critical: true :ocsp_location: - :type: URI :value: http://ocsp.domain.com :ca_issuers_location: - :type: URI :value: http://domain.com/ca.html crl_distribution_points: :value: - :type: URI :value: http://crl.domain.com/test_ca.crl default_md: SHA256 allowed_mds: - SHA256 - SHA512 timestamping: basic_constraints: :ca: false key_usage: :value: - digitalSignature extended_key_usage: :value: - timeStamping authority_info_access: :critical: true :ocsp_location: - :type: URI :value: http://ocsp.domain.com :ca_issuers_location: - :type: URI :value: http://domain.com/ca.html crl_distribution_points: :value: - :type: URI :value: http://crl.domain.com/test_ca.crl default_md: SHA256 allowed_mds: - SHA256 - SHA512 subroot: basic_constraints: :ca: true :path_length: 0 key_usage: :value: - keyCertSign - cRLSign certificate_policies: - :policy_identifier: 2.16.840.1.99999.21.234 :cps_uris: - http://example.com/cps - http://haha.com :user_notices: - :explicit_text: this is a great thing :organization: my org :notice_numbers: '1,2,3' - :policy_identifier: 2.16.840.1.99999.21.235 :cps_uris: - http://example.com/cps2 :user_notices: - :explicit_text: this is a bad thing :organization: another org :notice_numbers: '3,2,1' - :explicit_text: another user notice inhibit_any_policy: :value: 0 policy_constraints: :require_explicit_policy: 0 :inhibit_policy_mapping: 0 name_constraints: :critical: true :permitted: - :type: IP :value: 192.168.0.0/255.255.0.0 - :type: dirName :value: :CN: myCN :O: Org :excluded: - :type: email :value: domain.com - :type: URI :value: .net - :type: DNS :value: test.us authority_info_access: :critical: true :ocsp_location: - :type: URI :value: http://ocsp.domain.com :ca_issuers_location: - :type: URI :value: http://domain.com/ca.html crl_distribution_points: :value: - :type: URI :value: http://crl.domain.com/test_ca.crl default_md: SHA256 allowed_mds: - SHA256 - SHA512 ocsp_delegate: basic_constraints: :ca: false key_usage: :value: - digitalSignature extended_key_usage: :value: - OCSPSigning crl_distribution_points: :value: - :type: URI :value: http://crl.domain.com/test_ca.crl ocsp_no_check: :critical: false :value: true default_md: SHA256 allowed_mds: - SHA256 - SHA512