summaryrefslogtreecommitdiffstats
path: root/pki/base/ca/shared/profiles/ca/caTokenMSLoginEnrollment.cfg
diff options
context:
space:
mode:
Diffstat (limited to 'pki/base/ca/shared/profiles/ca/caTokenMSLoginEnrollment.cfg')
-rw-r--r--pki/base/ca/shared/profiles/ca/caTokenMSLoginEnrollment.cfg171
1 files changed, 171 insertions, 0 deletions
diff --git a/pki/base/ca/shared/profiles/ca/caTokenMSLoginEnrollment.cfg b/pki/base/ca/shared/profiles/ca/caTokenMSLoginEnrollment.cfg
new file mode 100644
index 0000000..37c9af5
--- /dev/null
+++ b/pki/base/ca/shared/profiles/ca/caTokenMSLoginEnrollment.cfg
@@ -0,0 +1,171 @@
+desc=This profile is for enrolling MS Login Certificate
+enable=true
+enableBy=admin
+name=Token User MS Login Certificate Enrollment
+visible=false
+auth.instance_id=AgentCertAuth
+input.list=i1
+input.i1.class_id=nsNKeyCertReqInputImpl
+input.i1.name=nsNKeyCertReqInputImpl
+output.list=o1
+output.o1.class_id=nsNKeyOutputImpl
+output.o2.name=nsNKeyOutputImpl
+policyset.list=set1
+#policyset.set1.list=p2,p4,p5,p1,p6,p7,p8,p9,p12,p13,p14
+policyset.set1.list=p2,p4,p5,p1,p6,p8,p9,p12,p13,p14,p15
+policyset.set1.p1.constraint.class_id=noConstraintImpl
+policyset.set1.p1.constraint.name=No Constraint
+policyset.set1.p1.default.class_id=nsTokenUserKeySubjectNameDefaultImpl
+policyset.set1.p1.default.name=nsTokenUserKeySubjectNameDefault
+policyset.set1.p1.default.params.dnpattern=CN=uid=$request.uid$,E=$request.mail$, ou=$request.upn$, o=example
+#changed ldap.enable to true to support SMIME
+policyset.set1.p1.default.params.ldap.enable=true
+policyset.set1.p1.default.params.ldap.searchName=uid
+policyset.set1.p1.default.params.ldapStringAttributes=uid,mail,givenName,sn,upn
+policyset.set1.p1.default.params.ldap.basedn=ou=People,dc=example,dc=com
+policyset.set1.p1.default.params.ldap.maxConns=4
+policyset.set1.p1.default.params.ldap.minConns=1
+policyset.set1.p1.default.params.ldap.ldapconn.Version=2
+policyset.set1.p1.default.params.ldap.ldapconn.host=localhost.localdomain
+policyset.set1.p1.default.params.ldap.ldapconn.port=389
+policyset.set1.p1.default.params.ldap.ldapconn.secureConn=false
+policyset.set1.p2.constraint.class_id=noConstraintImpl
+policyset.set1.p2.constraint.name=No Constraint
+policyset.set1.p2.default.class_id=validityDefaultImpl
+policyset.set1.p2.default.name=Validity Default
+policyset.set1.p2.default.params.range=1825
+policyset.set1.p2.default.params.startTime=0
+policyset.set1.p4.constraint.class_id=noConstraintImpl
+policyset.set1.p4.constraint.name=No Constraint
+policyset.set1.p4.default.class_id=signingAlgDefaultImpl
+policyset.set1.p4.default.name=Signing Algorithm Default
+policyset.set1.p4.default.params.signingAlg=-
+policyset.set1.p5.constraint.class_id=noConstraintImpl
+policyset.set1.p5.constraint.name=No Constraint
+policyset.set1.p5.default.class_id=keyUsageExtDefaultImpl
+policyset.set1.p5.default.name=Key Usage Extension Default
+policyset.set1.p5.default.params.keyUsageCritical=true
+policyset.set1.p5.default.params.keyUsageCrlSign=false
+policyset.set1.p5.default.params.keyUsageDataEncipherment=false
+policyset.set1.p5.default.params.keyUsageDecipherOnly=false
+policyset.set1.p5.default.params.keyUsageDigitalSignature=true
+policyset.set1.p5.default.params.keyUsageEncipherOnly=false
+policyset.set1.p5.default.params.keyUsageKeyAgreement=false
+policyset.set1.p5.default.params.keyUsageKeyCertSign=false
+policyset.set1.p5.default.params.keyUsageKeyEncipherment=false
+policyset.set1.p5.default.params.keyUsageNonRepudiation=true
+policyset.set1.p6.constraint.class_id=noConstraintImpl
+policyset.set1.p6.constraint.name=No Constraint
+policyset.set1.p6.default.class_id=subjectAltNameExtDefaultImpl
+policyset.set1.p6.default.name=Subject Alternative Name Extension Default
+policyset.set1.p6.default.params.subjAltExtGNEnable_0=true
+policyset.set1.p6.default.params.subjAltExtGNEnable_1=true
+policyset.set1.p6.default.params.subjAltExtGNEnable_2=false
+policyset.set1.p6.default.params.subjAltExtGNEnable_3=false
+policyset.set1.p6.default.params.subjAltExtGNEnable_4=false
+policyset.set1.p6.default.params.subjAltExtPattern_0=$request.mail$
+policyset.set1.p6.default.params.subjAltExtPattern_1=(UTF8String)1.3.6.1.4.1.311.20.2.3,$request.upn$
+policyset.set1.p6.default.params.subjAltExtPattern_2=
+policyset.set1.p6.default.params.subjAltExtPattern_3=
+policyset.set1.p6.default.params.subjAltExtPattern_4=
+policyset.set1.p6.default.params.subjAltExtType_0=RFC822Name
+policyset.set1.p6.default.params.subjAltExtType_1=OtherName
+policyset.set1.p6.default.params.subjAltExtType_2=RFC822Name
+policyset.set1.p6.default.params.subjAltExtType_3=RFC822Name
+policyset.set1.p6.default.params.subjAltExtType_4=RFC822Name
+policyset.set1.p6.default.params.subjAltNameExtCritical=false
+policyset.set1.p6.default.params.subjAltNameNumGNs=2
+policyset.set1.p7.constraint.class_id=noConstraintImpl
+policyset.set1.p7.constraint.name=No Constraint
+policyset.set1.p7.default.class_id=certificatePoliciesExtDefaultImpl
+policyset.set1.p7.default.name=Certificate Policies Extension Default
+policyset.set1.p7.default.params.Critical=false
+policyset.set1.p7.default.params.PoliciesExt.num=5
+policyset.set1.p7.default.params.PoliciesExt.certPolicy0.enable=false
+policyset.set1.p7.default.params.PoliciesExt.certPolicy0.policyId=
+policyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.enable=true
+policyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.value=
+policyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.enable=false
+policyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.explicitText.value=
+policyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=
+policyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.organization=
+policyset.set1.p7.default.params.PoliciesExt.certPolicy1.enable=false
+policyset.set1.p7.default.params.PoliciesExt.certPolicy1.policyId=
+policyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.enable=false
+policyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.value=
+policyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.enable=false
+policyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.explicitText.value=
+ policyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=
+ policyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.organization=
+policyset.set1.p7.default.params.PoliciesExt.certPolicy2.enable=false
+policyset.set1.p7.default.params.PoliciesExt.certPolicy2.policyId=
+policyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.enable=false
+policyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.value=
+policyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.enable=false
+ policyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.explicitText.value=
+ policyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=
+ policyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.organization=
+policyset.set1.p7.default.params.PoliciesExt.certPolicy3.enable=false
+policyset.set1.p7.default.params.PoliciesExt.certPolicy3.policyId=
+policyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.enable=false
+policyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.value=
+policyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.enable=false
+policyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.explicitText.value=
+policyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=
+ policyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.organization=
+policyset.set1.p7.default.params.PoliciesExt.certPolicy4.enable=false
+policyset.set1.p7.default.params.PoliciesExt.certPolicy4.policyId=
+policyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.enable=false
+policyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.value=
+policyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.enable=false
+policyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.explicitText.value=
+policyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers=
+policyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.organization=
+policyset.set1.p8.constraint.class_id=noConstraintImpl
+policyset.set1.p8.constraint.name=No Constraint
+policyset.set1.p8.default.class_id=subjectKeyIdentifierExtDefaultImpl
+policyset.set1.p8.default.name=Subject Key Identifier Default
+policyset.set1.p9.constraint.class_id=noConstraintImpl
+policyset.set1.p9.constraint.name=No Constraint
+policyset.set1.p9.default.class_id=authorityKeyIdentifierExtDefaultImpl
+policyset.set1.p9.default.name=Authority Key Identifier Extension Default
+policyset.set1.p12.constraint.class_id=basicConstraintsExtConstraintImpl
+policyset.set1.p12.constraint.name=Basic Constraints Extension Constraint
+policyset.set1.p12.constraint.params.basicConstraintsCritical=-
+policyset.set1.p12.constraint.params.basicConstraintsIsCA=-
+policyset.set1.p12.constraint.params.basicConstraintsMaxPathLen=-1
+policyset.set1.p12.constraint.params.basicConstraintsMinPathLen=-1
+policyset.set1.p12.default.class_id=basicConstraintsExtDefaultImpl
+policyset.set1.p12.default.name=Basic Constraints Extension Default
+policyset.set1.p12.default.params.basicConstraintsCritical=false
+policyset.set1.p12.default.params.basicConstraintsIsCA=false
+policyset.set1.p12.default.params.basicConstraintsPathLen=-1
+policyset.set1.p13.constraint.class_id=noConstraintImpl
+policyset.set1.p13.constraint.name=No Constraint
+policyset.set1.p13.default.class_id=crlDistributionPointsExtDefaultImpl
+policyset.set1.p13.default.name=crlDistributionPointsExtDefaultImpl
+policyset.set1.p13.default.params.crlDistPointsCritical=false
+policyset.set1.p13.default.params.crlDistPointsNum=1
+policyset.set1.p13.default.params.crlDistPointsEnable_0=true
+policyset.set1.p13.default.params.crlDistPointsIssuerName_0=
+policyset.set1.p13.default.params.crlDistPointsIssuerType_0=
+policyset.set1.p13.default.params.crlDistPointsPointName_0=http://localhost.localdomain:9443/ca/ee/ca/getCRL?crlIssuingPoint=MasterCRL&op=getCRL
+policyset.set1.p13.default.params.crlDistPointsPointType_0=URIName
+policyset.set1.p13.default.params.crlDistPointsReasons_0=
+policyset.set1.p14.constraint.class_id=noConstraintImpl
+policyset.set1.p14.constraint.name=No Constraint
+policyset.set1.p14.default.class_id=authInfoAccessExtDefaultImpl
+policyset.set1.p14.default.name=AIA Extension Default
+policyset.set1.p14.default.params.authInfoAccessADEnable_0=true
+policyset.set1.p14.default.params.authInfoAccessADLocationType_0=URIName
+policyset.set1.p14.default.params.authInfoAccessADLocation_0=http://localhost.localdomain:9443/ca/ocsp
+policyset.set1.p14.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1
+policyset.set1.p14.default.params.authInfoAccessCritical=false
+policyset.set1.p14.default.params.authInfoAccessNumADs=1
+policyset.set1.p15.constraint.class_id=noConstraintImpl
+policyset.set1.p15.constraint.name=No Constraint
+policyset.set1.p15.default.class_id=extendedKeyUsageExtDefaultImpl
+policyset.set1.p15.default.name=Extended Key Usage Extension Default
+policyset.set1.p15.default.params.exKeyUsageCritical=false
+policyset.set1.p15.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.4.1.311.20.2.2
+