certificate_authorities: {

test_ca: {
  ca_cert: {
    cert: 'spec/fixtures/test_ca.cer',
    key: 'spec/fixtures/test_ca.key'
  },
  ocsp_cert: {
    pkcs12: 'spec/fixtures/test_ca_ocsp.p12',
    password: 'r509'
  },
  ocsp_location: ['http://ocsp.domain.com'],
  ca_issuers_location: ['http://domain.com/ca.html'],
  ocsp_chain: 'spec/fixtures/test_ca_ocsp_chain.txt',
  ocsp_start_skew_seconds: 3600,
  ocsp_validity_hours: 168,
  cdp_location: ['http://crl.domain.com/test_ca.crl'],
  crl_list: 'spec/fixtures/test_ca_crl_list.txt',
  crl_number: 'spec/fixtures/test_ca_crl_number.txt',
  crl_validity_hours: 168, #7 days
  message_digest: 'SHA1', #SHA1, SHA256, SHA512 supported. MD5 too, but you really shouldn't use that unless you have a good reason
  profiles: {
    server: {
      basic_constraints: {"ca" : false},
      key_usage: [digitalSignature,keyEncipherment],
      extended_key_usage: [serverAuth],
      subject_item_policy: {
        CN: "required",
        O:  "required",
        OU: "optional",
        ST: "required",
        C:  "required",
        L:  "required"
      }
    },
    client: {
      basic_constraints: {"ca" : false},
      key_usage: [digitalSignature,keyEncipherment],
      extended_key_usage: [clientAuth],
    },
    email: {
      basic_constraints: {"ca" : false},
      key_usage: [digitalSignature,keyEncipherment],
      extended_key_usage: [emailProtection],
    },
    clientserver: {
      basic_constraints:  {"ca" : false},
      key_usage: [digitalSignature,keyEncipherment],
      extended_key_usage: [serverAuth,clientAuth],
    },
    codesigning: {
      basic_constraints:  {"ca" : false},
      key_usage: [digitalSignature],
      extended_key_usage: [codeSigning],
    },
    timestamping: {
      basic_constraints:  {"ca" : false},
      key_usage: [digitalSignature],
      extended_key_usage: [timeStamping],
    },
    subroot: {
      basic_constraints:  {"ca" : true, "path_length" : 0},
      key_usage: [keyCertSign,cRLSign],
      extended_key_usage: [],
      certificate_policies: [
        { policy_identifier: "2.16.840.1.99999.21.234",
          cps_uris: ["http://example.com/cps","http://haha.com"],
          user_notices: [ { explicit_text: "this is a great thing", organization: "my org", notice_numbers: "1,2,3" } ]
        },
        { policy_identifier: "2.16.840.1.99999.21.235",
          cps_uris: ["http://example.com/cps2"],
          user_notices: [ { explicit_text: "this is a bad thing", organization: "another org", notice_numbers: "3,2,1" },{ explicit_text: "another user notice"} ]
        }
      ],
      inhibit_any_policy: 0,
      policy_constraints: { require_explicit_policy: 0, inhibit_policy_mapping: 0},
      name_constraints: {
        permitted: [
          {type: "IP", value: "192.168.0.0/255.255.0.0"},
          {type: "dirName", value: [['CN','myCN'],['O','Org']]}
        ],
        excluded: [
          {type: "email", value: "domain.com"},
          {type: "URI", value: ".net"},
          {type: "DNS", value: "test.us"}
        ]
      }
    },
    ocsp_delegate: {
      basic_constraints:  {"ca" : false},
      key_usage: [digitalSignature],
      extended_key_usage: [OCSPSigning],
      ocsp_no_check: true
    }
  }
}

}