custom_oids:
-
:oid: 2.5.4.15 :short_name: businessCategory :long_name: Business Category
-
:oid: 1.3.6.1.4.1.311.60.2.1.2 :short_name: jurisdictionOfIncorporationStateOrProvinceName
certificate_authorities:
test_ca:
ca_cert:
cert: spec/fixtures/test_ca.cer
key: spec/fixtures/test_ca.key
ocsp_cert:
pkcs12: spec/fixtures/test_ca_ocsp.p12
password: r509
crl_cert:
pkcs12: spec/fixtures/test_ca_crl.p12
password: r509
ocsp_chain: spec/fixtures/test_ca_ocsp_chain.txt
ocsp_start_skew_seconds: 3600
ocsp_validity_hours: 168
crl_list_file: spec/fixtures/test_ca_crl_list.txt
crl_number_file: spec/fixtures/test_ca_crl_number.txt
crl_validity_hours: 168
crl_md: SHA256
profiles:
server:
basic_constraints:
:ca: false
:critical: true
key_usage:
:critical: false
:value:
- digitalSignature
- keyEncipherment
extended_key_usage:
:critical: false
:value:
- serverAuth
subject_item_policy:
CN:
:policy: required
O:
:policy: required
OU:
:policy: optional
ST:
:policy: required
C:
:policy: required
L:
:policy: match
:value: My Locality Requirement
authority_info_access:
:critical: true
:ocsp_location:
- :type: URI
:value: http://ocsp.domain.com
:ca_issuers_location:
- :type: URI
:value: http://domain.com/ca.html
crl_distribution_points:
:value:
- :type: URI
:value: http://crl.domain.com/test_ca.crl
default_md: SHA256
allowed_mds:
- SHA256
- SHA512
client:
basic_constraints:
:ca: false
key_usage:
:value:
- digitalSignature
- keyEncipherment
extended_key_usage:
:value:
- clientAuth
authority_info_access:
:critical: true
:ocsp_location:
- :type: URI
:value: http://ocsp.domain.com
:ca_issuers_location:
- :type: URI
:value: http://domain.com/ca.html
crl_distribution_points:
:value:
- :type: URI
:value: http://crl.domain.com/test_ca.crl
default_md: SHA256
allowed_mds:
- SHA256
- SHA512
email:
basic_constraints:
:ca: false
key_usage:
:value:
- digitalSignature
- keyEncipherment
extended_key_usage:
:value:
- emailProtection
authority_info_access:
:critical: true
:ocsp_location:
- :type: URI
:value: http://ocsp.domain.com
:ca_issuers_location:
- :type: URI
:value: http://domain.com/ca.html
crl_distribution_points:
:value:
- :type: URI
:value: http://crl.domain.com/test_ca.crl
default_md: SHA256
allowed_mds:
- SHA256
- SHA512
clientserver:
basic_constraints:
:ca: false
key_usage:
:value:
- digitalSignature
- keyEncipherment
extended_key_usage:
:value:
- serverAuth
- clientAuth
authority_info_access:
:critical: true
:ocsp_location:
- :type: URI
:value: http://ocsp.domain.com
:ca_issuers_location:
- :type: URI
:value: http://domain.com/ca.html
crl_distribution_points:
:value:
- :type: URI
:value: http://crl.domain.com/test_ca.crl
default_md: SHA256
allowed_mds:
- SHA256
- SHA512
codesigning:
basic_constraints:
:ca: false
key_usage:
:value:
- digitalSignature
extended_key_usage:
:value:
- codeSigning
authority_info_access:
:critical: true
:ocsp_location:
- :type: URI
:value: http://ocsp.domain.com
:ca_issuers_location:
- :type: URI
:value: http://domain.com/ca.html
crl_distribution_points:
:value:
- :type: URI
:value: http://crl.domain.com/test_ca.crl
default_md: SHA256
allowed_mds:
- SHA256
- SHA512
timestamping:
basic_constraints:
:ca: false
key_usage:
:value:
- digitalSignature
extended_key_usage:
:value:
- timeStamping
authority_info_access:
:critical: true
:ocsp_location:
- :type: URI
:value: http://ocsp.domain.com
:ca_issuers_location:
- :type: URI
:value: http://domain.com/ca.html
crl_distribution_points:
:value:
- :type: URI
:value: http://crl.domain.com/test_ca.crl
default_md: SHA256
allowed_mds:
- SHA256
- SHA512
subroot:
basic_constraints:
:ca: true
:path_length: 0
key_usage:
:value:
- keyCertSign
- cRLSign
certificate_policies:
- :policy_identifier: 2.16.840.1.99999.21.234
:cps_uris:
- http://example.com/cps
- http://haha.com
:user_notices:
- :explicit_text: this is a great thing
:organization: my org
:notice_numbers: '1,2,3'
- :policy_identifier: 2.16.840.1.99999.21.235
:cps_uris:
- http://example.com/cps2
:user_notices:
- :explicit_text: this is a bad thing
:organization: another org
:notice_numbers: '3,2,1'
- :explicit_text: another user notice
inhibit_any_policy:
:value: 0
policy_constraints:
:require_explicit_policy: 0
:inhibit_policy_mapping: 0
name_constraints:
:critical: true
:permitted:
- :type: IP
:value: 192.168.0.0/255.255.0.0
- :type: dirName
:value:
:CN: myCN
:O: Org
:excluded:
- :type: email
:value: domain.com
- :type: URI
:value: .net
- :type: DNS
:value: test.us
authority_info_access:
:critical: true
:ocsp_location:
- :type: URI
:value: http://ocsp.domain.com
:ca_issuers_location:
- :type: URI
:value: http://domain.com/ca.html
crl_distribution_points:
:value:
- :type: URI
:value: http://crl.domain.com/test_ca.crl
default_md: SHA256
allowed_mds:
- SHA256
- SHA512
ocsp_delegate:
basic_constraints:
:ca: false
key_usage:
:value:
- digitalSignature
extended_key_usage:
:value:
- OCSPSigning
crl_distribution_points:
:value:
- :type: URI
:value: http://crl.domain.com/test_ca.crl
ocsp_no_check:
:critical: false
:value: true
default_md: SHA256
allowed_mds:
- SHA256
- SHA512