diff options
Diffstat (limited to 'pki/base/ca/shared/profiles')
35 files changed, 3568 insertions, 0 deletions
diff --git a/pki/base/ca/shared/profiles/ca/DomainController.cfg b/pki/base/ca/shared/profiles/ca/DomainController.cfg new file mode 100644 index 000000000..3a7663046 --- /dev/null +++ b/pki/base/ca/shared/profiles/ca/DomainController.cfg @@ -0,0 +1,130 @@ +desc=This profile is for enrolling Domain Controller Certificate +enable=true +enableBy=admin +name=Domain Controller +visible=true +auth.instance_id=AgentCertAuth +input.list=i1,i2,i3 +input.i1.class_id=certReqInputImpl +input.i2.class_id=submitterInfoInputImpl +input.i3.class_id=genericInputImpl +input.i3.params.gi_display_name0=ccm +input.i3.params.gi_param_enable0=true +input.i3.params.gi_param_name0=ccm +input.i3.params.gi_display_name1=GUID +input.i3.params.gi_param_enable1=true +input.i3.params.gi_param_name1=GUID +input.i3.params.gi_num=2 +output.list=o1,o2 +output.o1.class_id=certOutputImpl +output.o2.class_id=pkcs7OutputImpl +policyset.list=set1 +policyset.set1.list=p2,p4,p5,subj,p6,p8,p9,p12,eku,gen,crldp +policyset.set1.subj.constraint.class_id=noConstraintImpl +policyset.set1.subj.constraint.name=No Constraint +policyset.set1.subj.default.class_id=nsTokenUserKeySubjectNameDefaultImpl +policyset.set1.subj.default.name=nsTokenUserKeySubjectNameDefault +#policyset.set1.p1.default.params.dnpattern=UID=$request.uid$, E=$request.mail$, O=Token Key User +#policyset.set1.subj.default.params.dnpattern=CN=GEMSTAR,OU=Domain Controllers,DC=test,dc=local +policyset.set1.subj.default.params.dnpattern=CN=$request.ccm$ +policyset.set1.subj.default.params.ldap.enable=false +policyset.set1.subj.default.params.ldap.searchName=uid +policyset.set1.subj.default.params.ldapStringAttributes=uid,mail +policyset.set1.subj.default.params.ldap.basedn= +policyset.set1.subj.default.params.ldap.maxConns=4 +policyset.set1.subj.default.params.ldap.minConns=1 +policyset.set1.subj.default.params.ldap.ldapconn.Version=2 +policyset.set1.subj.default.params.ldap.ldapconn.host= +policyset.set1.subj.default.params.ldap.ldapconn.port= +policyset.set1.subj.default.params.ldap.ldapconn.secureConn=false +policyset.set1.p2.constraint.class_id=noConstraintImpl +policyset.set1.p2.constraint.name=No Constraint +policyset.set1.p2.default.class_id=validityDefaultImpl +policyset.set1.p2.default.name=Validity Default +policyset.set1.p2.default.params.range=1825 +policyset.set1.p2.default.params.startTime=0 +policyset.set1.p4.constraint.class_id=noConstraintImpl +policyset.set1.p4.constraint.name=No Constraint +policyset.set1.p4.default.class_id=signingAlgDefaultImpl +policyset.set1.p4.default.name=Signing Algorithm Default +policyset.set1.p4.default.params.signingAlg=- +policyset.set1.p5.constraint.class_id=noConstraintImpl +policyset.set1.p5.constraint.name=No Constraint +policyset.set1.p5.default.class_id=keyUsageExtDefaultImpl +policyset.set1.p5.default.name=Key Usage Extension Default +policyset.set1.p5.default.params.keyUsageCritical=true +policyset.set1.p5.default.params.keyUsageCrlSign=false +policyset.set1.p5.default.params.keyUsageDataEncipherment=false +policyset.set1.p5.default.params.keyUsageDecipherOnly=false +policyset.set1.p5.default.params.keyUsageDigitalSignature=true +policyset.set1.p5.default.params.keyUsageEncipherOnly=false +policyset.set1.p5.default.params.keyUsageKeyAgreement=false +policyset.set1.p5.default.params.keyUsageKeyCertSign=false +policyset.set1.p5.default.params.keyUsageKeyEncipherment=true +policyset.set1.p5.default.params.keyUsageNonRepudiation=false +policyset.set1.p6.constraint.class_id=noConstraintImpl +policyset.set1.p6.constraint.name=No Constraint +policyset.set1.p6.default.class_id=subjectAltNameExtDefaultImpl +policyset.set1.p6.default.name=Subject Alternative Name Extension Default +policyset.set1.p6.default.params.subjAltExtGNEnable_0=true +policyset.set1.p6.default.params.subjAltExtGNEnable_1=true +policyset.set1.p6.default.params.subjAltExtPattern_0=$request.ccm$ +policyset.set1.p6.default.params.subjAltExtType_0=DNSName +policyset.set1.p6.default.params.subjAltExtPattern_1=(Any)1.3.6.1.4.1.311.25.1,0410$request.GUID$ +policyset.set1.p6.default.params.subjAltExtType_1=OtherName +policyset.set1.p6.default.params.subjAltNameExtCritical=false +policyset.set1.p6.default.params.subjAltNameNumGNs=2 +policyset.set1.5.constraint.class_id=noConstraintImpl +policyset.set1.5.constraint.name=No Constraint +policyset.set1.5.default.class_id=authInfoAccessExtDefaultImpl +policyset.set1.5.default.name=AIA Extension Default +policyset.set1.5.default.params.authInfoAccessADEnable_0=true +policyset.set1.5.default.params.authInfoAccessADLocationType_0=URIName +policyset.set1.5.default.params.authInfoAccessADLocation_0=http://air.sfbay.redhat.com:9080/ca/ee/ca/getCRL?crlIssuingPoint=MasterCRL&op=getCRL&crlDisplayType=cachedCRL&submit=Submit +policyset.set1.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.2 +policyset.set1.5.default.params.authInfoAccessCritical=false +policyset.set1.5.default.params.authInfoAccessNumADs=1 +policyset.set1.eku.constraint.class_id=noConstraintImpl +policyset.set1.eku.constraint.name=No Constraint +policyset.set1.eku.default.class_id=extendedKeyUsageExtDefaultImpl +policyset.set1.eku.default.name=Extended Key Usage Extension Default +policyset.set1.eku.default.params.exKeyUsageCritical=false +policyset.set1.eku.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2 +policyset.set1.p8.constraint.class_id=noConstraintImpl +policyset.set1.p8.constraint.name=No Constraint +policyset.set1.p8.default.class_id=subjectKeyIdentifierExtDefaultImpl +policyset.set1.p8.default.name=Subject Key Identifier Default +policyset.set1.p9.constraint.class_id=noConstraintImpl +policyset.set1.p9.constraint.name=No Constraint +policyset.set1.p9.default.class_id=authorityKeyIdentifierExtDefaultImpl +policyset.set1.p9.default.name=Authority Key Identifier Extension Default +policyset.set1.p12.constraint.class_id=basicConstraintsExtConstraintImpl +policyset.set1.p12.constraint.name=Basic Constraints Extension Constraint +policyset.set1.p12.constraint.params.basicConstraintsCritical=- +policyset.set1.p12.constraint.params.basicConstraintsIsCA=- +policyset.set1.p12.constraint.params.basicConstraintsMaxPathLen=-1 +policyset.set1.p12.constraint.params.basicConstraintsMinPathLen=-1 +policyset.set1.p12.default.class_id=basicConstraintsExtDefaultImpl +policyset.set1.p12.default.name=Basic Constraints Extension Default +policyset.set1.p12.default.params.basicConstraintsCritical=false +policyset.set1.p12.default.params.basicConstraintsIsCA=false +policyset.set1.p12.default.params.basicConstraintsPathLen=-1 +policyset.set1.crldp.constraint.class_id=noConstraintImpl +policyset.set1.crldp.constraint.name=No Constraint +policyset.set1.crldp.default.class_id=crlDistributionPointsExtDefaultImpl +policyset.set1.crldp.default.name=crlDistributionPointsExtDefaultImpl +policyset.set1.crldp.default.params.crlDistPointsCritical=false +policyset.set1.crldp.default.params.crlDistPointsNum=1 +policyset.set1.crldp.default.params.crlDistPointsEnable_0=true +policyset.set1.crldp.default.params.crlDistPointsIssuerName_0= +policyset.set1.crldp.default.params.crlDistPointsIssuerType_0= +policyset.set1.crldp.default.params.crlDistPointsPointName_0=http://air.sfbay.redhat.com:9080/ca/ee/ca/getCRL?crlIssuingPoint=MasterCRL&op=getCRL&crlDisplayType=cachedCRL&submit=Submit +policyset.set1.crldp.default.params.crlDistPointsPointType_0=URIName +policyset.set1.crldp.default.params.crlDistPointsReasons_0= +policyset.set1.gen.constraint.class_id=noConstraintImpl +policyset.set1.gen.constraint.name=No Constraint +policyset.set1.gen.default.class_id=genericExtDefaultImpl +policyset.set1.gen.default.name=Generic Extension +#This is the Microsoft 'Certificate Template Name' Extensions. The Value is 'DomainController' +policyset.set1.gen.default.params.genericExtOID=1.3.6.1.4.1.311.20.2 +policyset.set1.gen.default.params.genericExtData=1e200044006f006d00610069006e0043006f006e00740072006f006c006c00650072 diff --git a/pki/base/ca/shared/profiles/ca/caAdminCert.cfg b/pki/base/ca/shared/profiles/ca/caAdminCert.cfg new file mode 100644 index 000000000..db15fe83f --- /dev/null +++ b/pki/base/ca/shared/profiles/ca/caAdminCert.cfg @@ -0,0 +1,88 @@ +desc=This certificate profile is for enrolling Security Domain administrator's certificates with LDAP authentication against the internal LDAP database. +visible=false +enable=true +enableBy=admin +auth.instance_id=TokenAuth +authz.acl=group="Enterprise OCSP Administrators" || group="Enterprise RA Administrators" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators" +name=Security Domain Administrator Certificate Enrollment +input.list=i1,i2,i3 +input.i1.class_id=certReqInputImpl +input.i2.class_id=submitterInfoInputImpl +input.i3.class_id=subjectDNInputImpl +output.list=o1 +output.o1.class_id=certOutputImpl +policyset.list=adminCertSet +policyset.adminCertSet.list=1,2,3,4,5,6,7,8 +policyset.adminCertSet.1.constraint.class_id=subjectNameConstraintImpl +policyset.adminCertSet.1.constraint.name=Subject Name Constraint +policyset.adminCertSet.1.constraint.params.pattern=.* +policyset.adminCertSet.1.constraint.params.accept=true +policyset.adminCertSet.1.default.class_id=userSubjectNameDefaultImpl +policyset.adminCertSet.1.default.name=Subject Name Default +policyset.adminCertSet.1.default.params.name= +policyset.adminCertSet.2.constraint.class_id=validityConstraintImpl +policyset.adminCertSet.2.constraint.name=Validity Constraint +policyset.adminCertSet.2.constraint.params.range=365 +policyset.adminCertSet.2.constraint.params.notBeforeCheck=false +policyset.adminCertSet.2.constraint.params.notAfterCheck=false +policyset.adminCertSet.2.default.class_id=validityDefaultImpl +policyset.adminCertSet.2.default.name=Validity Default +policyset.adminCertSet.2.default.params.range=365 +policyset.adminCertSet.2.default.params.startTime=0 +policyset.adminCertSet.3.constraint.class_id=keyConstraintImpl +policyset.adminCertSet.3.constraint.name=Key Constraint +policyset.adminCertSet.3.constraint.params.keyType=- +policyset.adminCertSet.3.constraint.params.keyMinLength=256 +policyset.adminCertSet.3.constraint.params.keyMaxLength=4096 +policyset.adminCertSet.3.default.class_id=userKeyDefaultImpl +policyset.adminCertSet.3.default.name=Key Default +policyset.adminCertSet.4.constraint.class_id=noConstraintImpl +policyset.adminCertSet.4.constraint.name=No Constraint +policyset.adminCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl +policyset.adminCertSet.4.default.name=Authority Key Identifier Default +policyset.adminCertSet.5.constraint.class_id=noConstraintImpl +policyset.adminCertSet.5.constraint.name=No Constraint +policyset.adminCertSet.5.default.class_id=authInfoAccessExtDefaultImpl +policyset.adminCertSet.5.default.name=AIA Extension Default +policyset.adminCertSet.5.default.params.authInfoAccessADEnable_0=true +policyset.adminCertSet.5.default.params.authInfoAccessADLocationType_0=URIName +policyset.adminCertSet.5.default.params.authInfoAccessADLocation_0= +policyset.adminCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1 +policyset.adminCertSet.5.default.params.authInfoAccessCritical=false +policyset.adminCertSet.5.default.params.authInfoAccessNumADs=1 +policyset.adminCertSet.6.constraint.class_id=keyUsageExtConstraintImpl +policyset.adminCertSet.6.constraint.name=Key Usage Extension Constraint +policyset.adminCertSet.6.constraint.params.keyUsageCritical=true +policyset.adminCertSet.6.constraint.params.keyUsageDigitalSignature=true +policyset.adminCertSet.6.constraint.params.keyUsageNonRepudiation=true +policyset.adminCertSet.6.constraint.params.keyUsageDataEncipherment=true +policyset.adminCertSet.6.constraint.params.keyUsageKeyEncipherment=true +policyset.adminCertSet.6.constraint.params.keyUsageKeyAgreement=false +policyset.adminCertSet.6.constraint.params.keyUsageKeyCertSign=false +policyset.adminCertSet.6.constraint.params.keyUsageCrlSign=false +policyset.adminCertSet.6.constraint.params.keyUsageEncipherOnly=false +policyset.adminCertSet.6.constraint.params.keyUsageDecipherOnly=false +policyset.adminCertSet.6.default.class_id=keyUsageExtDefaultImpl +policyset.adminCertSet.6.default.name=Key Usage Default +policyset.adminCertSet.6.default.params.keyUsageCritical=true +policyset.adminCertSet.6.default.params.keyUsageDigitalSignature=true +policyset.adminCertSet.6.default.params.keyUsageNonRepudiation=true +policyset.adminCertSet.6.default.params.keyUsageDataEncipherment=true +policyset.adminCertSet.6.default.params.keyUsageKeyEncipherment=true +policyset.adminCertSet.6.default.params.keyUsageKeyAgreement=false +policyset.adminCertSet.6.default.params.keyUsageKeyCertSign=false +policyset.adminCertSet.6.default.params.keyUsageCrlSign=false +policyset.adminCertSet.6.default.params.keyUsageEncipherOnly=false +policyset.adminCertSet.6.default.params.keyUsageDecipherOnly=false +policyset.adminCertSet.7.constraint.class_id=noConstraintImpl +policyset.adminCertSet.7.constraint.name=No Constraint +policyset.adminCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl +policyset.adminCertSet.7.default.name=Extended Key Usage Extension Default +policyset.adminCertSet.7.default.params.exKeyUsageCritical=false +policyset.adminCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4 +policyset.adminCertSet.8.constraint.class_id=signingAlgConstraintImpl +policyset.adminCertSet.8.constraint.name=No Constraint +policyset.adminCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC +policyset.adminCertSet.8.default.class_id=signingAlgDefaultImpl +policyset.adminCertSet.8.default.name=Signing Alg +policyset.adminCertSet.8.default.params.signingAlg=- diff --git a/pki/base/ca/shared/profiles/ca/caAgentFileSigning.cfg b/pki/base/ca/shared/profiles/ca/caAgentFileSigning.cfg new file mode 100644 index 000000000..192756222 --- /dev/null +++ b/pki/base/ca/shared/profiles/ca/caAgentFileSigning.cfg @@ -0,0 +1,87 @@ +desc=This certificate profile is for file signing with agent authentication. +visible=true +enable=true +enableBy=admin +auth.instance_id=AgentCertAuth +name=Agent-Authenticated File Signing +input.list=i1,i2,i3 +input.i1.class_id=keyGenInputImpl +input.i2.class_id=fileSigningInputImpl +input.i3.class_id=submitterInfoInputImpl +output.list=o1 +output.o1.class_id=pkcs7OutputImpl +policyset.list=serverCertSet +policyset.serverCertSet.list=1,2,3,4,5,6,7,8 +policyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl +policyset.serverCertSet.1.constraint.name=Subject Name Constraint +policyset.serverCertSet.1.constraint.params.pattern=CN=.* +policyset.serverCertSet.1.constraint.params.accept=true +policyset.serverCertSet.1.default.class_id=subjectNameDefaultImpl +policyset.serverCertSet.1.default.name=Subject Name Default +policyset.serverCertSet.1.default.params.name=CN=(Name)$request.requestor_name$(Text)$request.file_signing_text$(Size)$request.file_signing_size$(DigestType)$request.file_signing_digest_type$(Digest)$request.file_signing_digest$ +policyset.serverCertSet.2.constraint.class_id=validityConstraintImpl +policyset.serverCertSet.2.constraint.name=Validity Constraint +policyset.serverCertSet.2.constraint.params.range=365 +policyset.serverCertSet.2.constraint.params.notBeforeCheck=false +policyset.serverCertSet.2.constraint.params.notAfterCheck=false +policyset.serverCertSet.2.default.class_id=validityDefaultImpl +policyset.serverCertSet.2.default.name=Validity Default +policyset.serverCertSet.2.default.params.range=180 +policyset.serverCertSet.2.default.params.startTime=0 +policyset.serverCertSet.3.constraint.class_id=keyConstraintImpl +policyset.serverCertSet.3.constraint.name=Key Constraint +policyset.serverCertSet.3.constraint.params.keyType=- +policyset.serverCertSet.3.constraint.params.keyMinLength=256 +policyset.serverCertSet.3.constraint.params.keyMaxLength=4096 +policyset.serverCertSet.3.default.class_id=userKeyDefaultImpl +policyset.serverCertSet.3.default.name=Key Default +policyset.serverCertSet.4.constraint.class_id=noConstraintImpl +policyset.serverCertSet.4.constraint.name=No Constraint +policyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl +policyset.serverCertSet.4.default.name=Authority Key Identifier Default +policyset.serverCertSet.5.constraint.class_id=noConstraintImpl +policyset.serverCertSet.5.constraint.name=No Constraint +policyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl +policyset.serverCertSet.5.default.name=AIA Extension Default +policyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true +policyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName +policyset.serverCertSet.5.default.params.authInfoAccessADLocation_0= +policyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1 +policyset.serverCertSet.5.default.params.authInfoAccessCritical=false +policyset.serverCertSet.5.default.params.authInfoAccessNumADs=1 +policyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl +policyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint +policyset.serverCertSet.6.constraint.params.keyUsageCritical=true +policyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true +policyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true +policyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true +policyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true +policyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false +policyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false +policyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false +policyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false +policyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false +policyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl +policyset.serverCertSet.6.default.name=Key Usage Default +policyset.serverCertSet.6.default.params.keyUsageCritical=true +policyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true +policyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true +policyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true +policyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true +policyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false +policyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false +policyset.serverCertSet.6.default.params.keyUsageCrlSign=false +policyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false +policyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false +policyset.serverCertSet.7.constraint.class_id=noConstraintImpl +policyset.serverCertSet.7.constraint.name=No Constraint +policyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl +policyset.serverCertSet.7.default.name=Extended Key Usage Extension Default +policyset.serverCertSet.7.default.params.exKeyUsageCritical=false +policyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1 +policyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl +policyset.serverCertSet.8.constraint.name=No Constraint +policyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC +policyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl +policyset.serverCertSet.8.default.name=Signing Alg +policyset.serverCertSet.8.default.params.signingAlg=- diff --git a/pki/base/ca/shared/profiles/ca/caAgentServerCert.cfg b/pki/base/ca/shared/profiles/ca/caAgentServerCert.cfg new file mode 100644 index 000000000..534becd63 --- /dev/null +++ b/pki/base/ca/shared/profiles/ca/caAgentServerCert.cfg @@ -0,0 +1,86 @@ +desc=This certificate profile is for enrolling server certificates with agent authentication. +visible=true +enable=true +enableBy=admin +auth.instance_id=AgentCertAuth +name=Agent-Authenticated Server Certificate Enrollment +input.list=i1,i2 +input.i1.class_id=certReqInputImpl +input.i2.class_id=submitterInfoInputImpl +output.list=o1 +output.o1.class_id=certOutputImpl +policyset.list=serverCertSet +policyset.serverCertSet.list=1,2,3,4,5,6,7,8 +policyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl +policyset.serverCertSet.1.constraint.name=Subject Name Constraint +policyset.serverCertSet.1.constraint.params.pattern=CN=.* +policyset.serverCertSet.1.constraint.params.accept=true +policyset.serverCertSet.1.default.class_id=userSubjectNameDefaultImpl +policyset.serverCertSet.1.default.name=Subject Name Default +policyset.serverCertSet.1.default.params.name= +policyset.serverCertSet.2.constraint.class_id=validityConstraintImpl +policyset.serverCertSet.2.constraint.name=Validity Constraint +policyset.serverCertSet.2.constraint.params.range=365 +policyset.serverCertSet.2.constraint.params.notBeforeCheck=false +policyset.serverCertSet.2.constraint.params.notAfterCheck=false +policyset.serverCertSet.2.default.class_id=validityDefaultImpl +policyset.serverCertSet.2.default.name=Validity Default +policyset.serverCertSet.2.default.params.range=180 +policyset.serverCertSet.2.default.params.startTime=0 +policyset.serverCertSet.3.constraint.class_id=keyConstraintImpl +policyset.serverCertSet.3.constraint.name=Key Constraint +policyset.serverCertSet.3.constraint.params.keyType=- +policyset.serverCertSet.3.constraint.params.keyMinLength=256 +policyset.serverCertSet.3.constraint.params.keyMaxLength=4096 +policyset.serverCertSet.3.default.class_id=userKeyDefaultImpl +policyset.serverCertSet.3.default.name=Key Default +policyset.serverCertSet.4.constraint.class_id=noConstraintImpl +policyset.serverCertSet.4.constraint.name=No Constraint +policyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl +policyset.serverCertSet.4.default.name=Authority Key Identifier Default +policyset.serverCertSet.5.constraint.class_id=noConstraintImpl +policyset.serverCertSet.5.constraint.name=No Constraint +policyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl +policyset.serverCertSet.5.default.name=AIA Extension Default +policyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true +policyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName +policyset.serverCertSet.5.default.params.authInfoAccessADLocation_0= +policyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1 +policyset.serverCertSet.5.default.params.authInfoAccessCritical=false +policyset.serverCertSet.5.default.params.authInfoAccessNumADs=1 +policyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl +policyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint +policyset.serverCertSet.6.constraint.params.keyUsageCritical=true +policyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true +policyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true +policyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true +policyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true +policyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false +policyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false +policyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false +policyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false +policyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false +policyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl +policyset.serverCertSet.6.default.name=Key Usage Default +policyset.serverCertSet.6.default.params.keyUsageCritical=true +policyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true +policyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true +policyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true +policyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true +policyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false +policyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false +policyset.serverCertSet.6.default.params.keyUsageCrlSign=false +policyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false +policyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false +policyset.serverCertSet.7.constraint.class_id=noConstraintImpl +policyset.serverCertSet.7.constraint.name=No Constraint +policyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl +policyset.serverCertSet.7.default.name=Extended Key Usage Extension Default +policyset.serverCertSet.7.default.params.exKeyUsageCritical=false +policyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1 +policyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl +policyset.serverCertSet.8.constraint.name=No Constraint +policyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC +policyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl +policyset.serverCertSet.8.default.name=Signing Alg +policyset.serverCertSet.8.default.params.signingAlg=- diff --git a/pki/base/ca/shared/profiles/ca/caCACert.cfg b/pki/base/ca/shared/profiles/ca/caCACert.cfg new file mode 100644 index 000000000..0af20356b --- /dev/null +++ b/pki/base/ca/shared/profiles/ca/caCACert.cfg @@ -0,0 +1,96 @@ +desc=This certificate profile is for enrolling Certificate Authority certificates. +visible=true +enable=true +enableBy=admin +auth.class_id= +name=Manual Certificate Manager Signing Certificate Enrollment +input.list=i1,i2 +input.i1.class_id=certReqInputImpl +input.i2.class_id=submitterInfoInputImpl +output.list=o1 +output.o1.class_id=certOutputImpl +policyset.list=caCertSet +policyset.caCertSet.list=1,2,3,4,5,6,8,9,10 +policyset.caCertSet.1.constraint.class_id=subjectNameConstraintImpl +policyset.caCertSet.1.constraint.name=Subject Name Constraint +policyset.caCertSet.1.constraint.params.pattern=CN=.* +policyset.caCertSet.1.constraint.params.accept=true +policyset.caCertSet.1.default.class_id=userSubjectNameDefaultImpl +policyset.caCertSet.1.default.name=Subject Name Default +policyset.caCertSet.1.default.params.name= +policyset.caCertSet.2.constraint.class_id=validityConstraintImpl +policyset.caCertSet.2.constraint.name=Validity Constraint +policyset.caCertSet.2.constraint.params.range=720 +policyset.caCertSet.2.constraint.params.notBeforeCheck=false +policyset.caCertSet.2.constraint.params.notAfterCheck=false +policyset.caCertSet.2.default.class_id=validityDefaultImpl +policyset.caCertSet.2.default.name=Validity Default +policyset.caCertSet.2.default.params.range=720 +policyset.caCertSet.2.default.params.startTime=0 +policyset.caCertSet.3.constraint.class_id=keyConstraintImpl +policyset.caCertSet.3.constraint.name=Key Constraint +policyset.caCertSet.3.constraint.params.keyType=- +policyset.caCertSet.3.constraint.params.keyMinLength=256 +policyset.caCertSet.3.constraint.params.keyMaxLength=4096 +policyset.caCertSet.3.default.class_id=userKeyDefaultImpl +policyset.caCertSet.3.default.name=Key Default +policyset.caCertSet.4.constraint.class_id=noConstraintImpl +policyset.caCertSet.4.constraint.name=No Constraint +policyset.caCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl +policyset.caCertSet.4.default.name=Authority Key Identifier Default +policyset.caCertSet.5.constraint.class_id=basicConstraintsExtConstraintImpl +policyset.caCertSet.5.constraint.name=Basic Constraint Extension Constraint +policyset.caCertSet.5.constraint.params.basicConstraintsCritical=true +policyset.caCertSet.5.constraint.params.basicConstraintsIsCA=true +policyset.caCertSet.5.constraint.params.basicConstraintsMinPathLen=-1 +policyset.caCertSet.5.constraint.params.basicConstraintsMaxPathLen=-1 +policyset.caCertSet.5.default.class_id=basicConstraintsExtDefaultImpl +policyset.caCertSet.5.default.name=Basic Constraints Extension Default +policyset.caCertSet.5.default.params.basicConstraintsCritical=true +policyset.caCertSet.5.default.params.basicConstraintsIsCA=true +policyset.caCertSet.5.default.params.basicConstraintsPathLen=-1 +policyset.caCertSet.6.constraint.class_id=keyUsageExtConstraintImpl +policyset.caCertSet.6.constraint.name=Key Usage Extension Constraint +policyset.caCertSet.6.constraint.params.keyUsageCritical=true +policyset.caCertSet.6.constraint.params.keyUsageDigitalSignature=true +policyset.caCertSet.6.constraint.params.keyUsageNonRepudiation=true +policyset.caCertSet.6.constraint.params.keyUsageDataEncipherment=false +policyset.caCertSet.6.constraint.params.keyUsageKeyEncipherment=false +policyset.caCertSet.6.constraint.params.keyUsageKeyAgreement=false +policyset.caCertSet.6.constraint.params.keyUsageKeyCertSign=true +policyset.caCertSet.6.constraint.params.keyUsageCrlSign=true +policyset.caCertSet.6.constraint.params.keyUsageEncipherOnly=false +policyset.caCertSet.6.constraint.params.keyUsageDecipherOnly=false +policyset.caCertSet.6.default.class_id=keyUsageExtDefaultImpl +policyset.caCertSet.6.default.name=Key Usage Default +policyset.caCertSet.6.default.params.keyUsageCritical=true +policyset.caCertSet.6.default.params.keyUsageDigitalSignature=true +policyset.caCertSet.6.default.params.keyUsageNonRepudiation=true +policyset.caCertSet.6.default.params.keyUsageDataEncipherment=false +policyset.caCertSet.6.default.params.keyUsageKeyEncipherment=false +policyset.caCertSet.6.default.params.keyUsageKeyAgreement=false +policyset.caCertSet.6.default.params.keyUsageKeyCertSign=true +policyset.caCertSet.6.default.params.keyUsageCrlSign=true +policyset.caCertSet.6.default.params.keyUsageEncipherOnly=false +policyset.caCertSet.6.default.params.keyUsageDecipherOnly=false +policyset.caCertSet.8.constraint.class_id=noConstraintImpl +policyset.caCertSet.8.constraint.name=No Constraint +policyset.caCertSet.8.default.class_id=subjectKeyIdentifierExtDefaultImpl +policyset.caCertSet.8.default.name=Subject Key Identifier Extension Default +policyset.caCertSet.8.default.params.critical=false +policyset.caCertSet.9.constraint.class_id=signingAlgConstraintImpl +policyset.caCertSet.9.constraint.name=No Constraint +policyset.caCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC +policyset.caCertSet.9.default.class_id=signingAlgDefaultImpl +policyset.caCertSet.9.default.name=Signing Alg +policyset.caCertSet.9.default.params.signingAlg=- +policyset.caCertSet.10.constraint.class_id=noConstraintImpl +policyset.caCertSet.10.constraint.name=No Constraint +policyset.caCertSet.10.default.class_id=authInfoAccessExtDefaultImpl +policyset.caCertSet.10.default.name=AIA Extension Default +policyset.caCertSet.10.default.params.authInfoAccessADEnable_0=true +policyset.caCertSet.10.default.params.authInfoAccessADLocationType_0=URIName +policyset.caCertSet.10.default.params.authInfoAccessADLocation_0= +policyset.caCertSet.10.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1 +policyset.caCertSet.10.default.params.authInfoAccessCritical=false +policyset.caCertSet.10.default.params.authInfoAccessNumADs=1 diff --git a/pki/base/ca/shared/profiles/ca/caCMCUserCert.cfg b/pki/base/ca/shared/profiles/ca/caCMCUserCert.cfg new file mode 100644 index 000000000..8b6936e06 --- /dev/null +++ b/pki/base/ca/shared/profiles/ca/caCMCUserCert.cfg @@ -0,0 +1,86 @@ +desc=This certificate profile is for enrolling user certificates by using the CMC certificate request with CMC Signature authentication. +visible=true +enable=true +enableBy=admin +auth.instance_id=CMCAuth +name=Signed CMC-Authenticated User Certificate Enrollment +input.list=i1,i2 +input.i1.class_id=cmcCertReqInputImpl +input.i2.class_id=submitterInfoInputImpl +output.list=o1 +output.o1.class_id=certOutputImpl +policyset.list=cmcUserCertSet +policyset.cmcUserCertSet.list=1,2,3,4,5,6,7,8 +policyset.cmcUserCertSet.1.constraint.class_id=subjectNameConstraintImpl +policyset.cmcUserCertSet.1.constraint.name=Subject Name Constraint +policyset.cmcUserCertSet.1.constraint.params.pattern=.* +policyset.cmcUserCertSet.1.constraint.params.accept=true +policyset.cmcUserCertSet.1.default.class_id=userSubjectNameDefaultImpl +policyset.cmcUserCertSet.1.default.name=Subject Name Default +policyset.cmcUserCertSet.1.default.params.name= +policyset.cmcUserCertSet.2.constraint.class_id=validityConstraintImpl +policyset.cmcUserCertSet.2.constraint.name=Validity Constraint +policyset.cmcUserCertSet.2.constraint.params.range=365 +policyset.cmcUserCertSet.2.constraint.params.notBeforeCheck=false +policyset.cmcUserCertSet.2.constraint.params.notAfterCheck=false +policyset.cmcUserCertSet.2.default.class_id=validityDefaultImpl +policyset.cmcUserCertSet.2.default.name=Validity Default +policyset.cmcUserCertSet.2.default.params.range=180 +policyset.cmcUserCertSet.2.default.params.startTime=0 +policyset.cmcUserCertSet.3.constraint.class_id=keyConstraintImpl +policyset.cmcUserCertSet.3.constraint.name=Key Constraint +policyset.cmcUserCertSet.3.constraint.params.keyType=- +policyset.cmcUserCertSet.3.constraint.params.keyMinLength=256 +policyset.cmcUserCertSet.3.constraint.params.keyMaxLength=4096 +policyset.cmcUserCertSet.3.default.class_id=userKeyDefaultImpl +policyset.cmcUserCertSet.3.default.name=Key Default +policyset.cmcUserCertSet.4.constraint.class_id=noConstraintImpl +policyset.cmcUserCertSet.4.constraint.name=No Constraint +policyset.cmcUserCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl +policyset.cmcUserCertSet.4.default.name=Authority Key Identifier Default +policyset.cmcUserCertSet.5.constraint.class_id=noConstraintImpl +policyset.cmcUserCertSet.5.constraint.name=No Constraint +policyset.cmcUserCertSet.5.default.class_id=authInfoAccessExtDefaultImpl +policyset.cmcUserCertSet.5.default.name=AIA Extension Default +policyset.cmcUserCertSet.5.default.params.authInfoAccessADEnable_0=true +policyset.cmcUserCertSet.5.default.params.authInfoAccessADLocationType_0=URIName +policyset.cmcUserCertSet.5.default.params.authInfoAccessADLocation_0= +policyset.cmcUserCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1 +policyset.cmcUserCertSet.5.default.params.authInfoAccessCritical=false +policyset.cmcUserCertSet.5.default.params.authInfoAccessNumADs=1 +policyset.cmcUserCertSet.6.constraint.class_id=keyUsageExtConstraintImpl +policyset.cmcUserCertSet.6.constraint.name=Key Usage Extension Constraint +policyset.cmcUserCertSet.6.constraint.params.keyUsageCritical=true +policyset.cmcUserCertSet.6.constraint.params.keyUsageDigitalSignature=true +policyset.cmcUserCertSet.6.constraint.params.keyUsageNonRepudiation=true +policyset.cmcUserCertSet.6.constraint.params.keyUsageDataEncipherment=false +policyset.cmcUserCertSet.6.constraint.params.keyUsageKeyEncipherment=true +policyset.cmcUserCertSet.6.constraint.params.keyUsageKeyAgreement=false +policyset.cmcUserCertSet.6.constraint.params.keyUsageKeyCertSign=false +policyset.cmcUserCertSet.6.constraint.params.keyUsageCrlSign=false +policyset.cmcUserCertSet.6.constraint.params.keyUsageEncipherOnly=false +policyset.cmcUserCertSet.6.constraint.params.keyUsageDecipherOnly=false +policyset.cmcUserCertSet.6.default.class_id=keyUsageExtDefaultImpl +policyset.cmcUserCertSet.6.default.name=Key Usage Default +policyset.cmcUserCertSet.6.default.params.keyUsageCritical=true +policyset.cmcUserCertSet.6.default.params.keyUsageDigitalSignature=true +policyset.cmcUserCertSet.6.default.params.keyUsageNonRepudiation=true +policyset.cmcUserCertSet.6.default.params.keyUsageDataEncipherment=false +policyset.cmcUserCertSet.6.default.params.keyUsageKeyEncipherment=true +policyset.cmcUserCertSet.6.default.params.keyUsageKeyAgreement=false +policyset.cmcUserCertSet.6.default.params.keyUsageKeyCertSign=false +policyset.cmcUserCertSet.6.default.params.keyUsageCrlSign=false +policyset.cmcUserCertSet.6.default.params.keyUsageEncipherOnly=false +policyset.cmcUserCertSet.6.default.params.keyUsageDecipherOnly=false +policyset.cmcUserCertSet.7.constraint.class_id=noConstraintImpl +policyset.cmcUserCertSet.7.constraint.name=No Constraint +policyset.cmcUserCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl +policyset.cmcUserCertSet.7.default.name=Extended Key Usage Extension Default +policyset.cmcUserCertSet.7.default.params.exKeyUsageCritical=false +policyset.cmcUserCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4 +policyset.cmcUserCertSet.8.constraint.class_id=signingAlgConstraintImpl +policyset.cmcUserCertSet.8.constraint.name=No Constraint +policyset.cmcUserCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC +policyset.cmcUserCertSet.8.default.class_id=signingAlgDefaultImpl +policyset.cmcUserCertSet.8.default.name=Signing Alg +policyset.cmcUserCertSet.8.default.params.signingAlg=- diff --git a/pki/base/ca/shared/profiles/ca/caDirUserCert.cfg b/pki/base/ca/shared/profiles/ca/caDirUserCert.cfg new file mode 100644 index 000000000..3806d0b21 --- /dev/null +++ b/pki/base/ca/shared/profiles/ca/caDirUserCert.cfg @@ -0,0 +1,94 @@ +desc=This certificate profile is for enrolling user certificates with directory-based authentication. +visible=true +enable=true +enableBy=admin +name=Directory-Authenticated User Dual-Use Certificate Enrollment +auth.instance_id=UserDirEnrollment +input.list=i1 +input.i1.class_id=keyGenInputImpl +output.list=o1 +output.o1.class_id=certOutputImpl +policyset.list=userCertSet +policyset.userCertSet.list=1,2,3,4,5,6,7,8,9 +policyset.userCertSet.1.constraint.class_id=subjectNameConstraintImpl +policyset.userCertSet.1.constraint.name=Subject Name Constraint +policyset.userCertSet.1.constraint.params.pattern=UID=.* +policyset.userCertSet.1.constraint.params.accept=true +policyset.userCertSet.1.default.class_id=authTokenSubjectNameDefaultImpl +policyset.userCertSet.1.default.name=Subject Name Default +policyset.userCertSet.1.default.params.name= +policyset.userCertSet.2.constraint.class_id=validityConstraintImpl +policyset.userCertSet.2.constraint.name=Validity Constraint +policyset.userCertSet.2.constraint.params.range=365 +policyset.userCertSet.2.constraint.params.notBeforeCheck=false +policyset.userCertSet.2.constraint.params.notAfterCheck=false +policyset.userCertSet.2.default.class_id=validityDefaultImpl +policyset.userCertSet.2.default.name=Validity Default +policyset.userCertSet.2.default.params.range=180 +policyset.userCertSet.2.default.params.startTime=0 +policyset.userCertSet.3.constraint.class_id=keyConstraintImpl +policyset.userCertSet.3.constraint.name=Key Constraint +policyset.userCertSet.3.constraint.params.keyType=- +policyset.userCertSet.3.constraint.params.keyMinLength=256 +policyset.userCertSet.3.constraint.params.keyMaxLength=4096 +policyset.userCertSet.3.default.class_id=userKeyDefaultImpl +policyset.userCertSet.3.default.name=Key Default +policyset.userCertSet.4.constraint.class_id=noConstraintImpl +policyset.userCertSet.4.constraint.name=No Constraint +policyset.userCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl +policyset.userCertSet.4.default.name=Authority Key Identifier Default +policyset.userCertSet.5.constraint.class_id=noConstraintImpl +policyset.userCertSet.5.constraint.name=No Constraint +policyset.userCertSet.5.default.class_id=authInfoAccessExtDefaultImpl +policyset.userCertSet.5.default.name=AIA Extension Default +policyset.userCertSet.5.default.params.authInfoAccessADEnable_0=true +policyset.userCertSet.5.default.params.authInfoAccessADLocationType_0=URIName +policyset.userCertSet.5.default.params.authInfoAccessADLocation_0= +policyset.userCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1 +policyset.userCertSet.5.default.params.authInfoAccessCritical=false +policyset.userCertSet.5.default.params.authInfoAccessNumADs=1 +policyset.userCertSet.6.constraint.class_id=keyUsageExtConstraintImpl +policyset.userCertSet.6.constraint.name=Key Usage Extension Constraint +policyset.userCertSet.6.constraint.params.keyUsageCritical=true +policyset.userCertSet.6.constraint.params.keyUsageDigitalSignature=true +policyset.userCertSet.6.constraint.params.keyUsageNonRepudiation=true +policyset.userCertSet.6.constraint.params.keyUsageDataEncipherment=false +policyset.userCertSet.6.constraint.params.keyUsageKeyEncipherment=true +policyset.userCertSet.6.constraint.params.keyUsageKeyAgreement=false +policyset.userCertSet.6.constraint.params.keyUsageKeyCertSign=false +policyset.userCertSet.6.constraint.params.keyUsageCrlSign=false +policyset.userCertSet.6.constraint.params.keyUsageEncipherOnly=false +policyset.userCertSet.6.constraint.params.keyUsageDecipherOnly=false +policyset.userCertSet.6.default.class_id=keyUsageExtDefaultImpl +policyset.userCertSet.6.default.name=Key Usage Default +policyset.userCertSet.6.default.params.keyUsageCritical=true +policyset.userCertSet.6.default.params.keyUsageDigitalSignature=true +policyset.userCertSet.6.default.params.keyUsageNonRepudiation=true +policyset.userCertSet.6.default.params.keyUsageDataEncipherment=false +policyset.userCertSet.6.default.params.keyUsageKeyEncipherment=true +policyset.userCertSet.6.default.params.keyUsageKeyAgreement=false +policyset.userCertSet.6.default.params.keyUsageKeyCertSign=false +policyset.userCertSet.6.default.params.keyUsageCrlSign=false +policyset.userCertSet.6.default.params.keyUsageEncipherOnly=false +policyset.userCertSet.6.default.params.keyUsageDecipherOnly=false +policyset.userCertSet.7.constraint.class_id=noConstraintImpl +policyset.userCertSet.7.constraint.name=No Constraint +policyset.userCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl +policyset.userCertSet.7.default.name=Extended Key Usage Extension Default +policyset.userCertSet.7.default.params.exKeyUsageCritical=false +policyset.userCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4 +policyset.userCertSet.8.constraint.class_id=noConstraintImpl +policyset.userCertSet.8.constraint.name=No Constraint +policyset.userCertSet.8.default.class_id=subjectAltNameExtDefaultImpl +policyset.userCertSet.8.default.name=Subject Alt Name Constraint +policyset.userCertSet.8.default.params.subjAltNameExtCritical=false +policyset.userCertSet.8.default.params.subjAltExtType_0=RFC822Name +policyset.userCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$ +policyset.userCertSet.8.default.params.subjAltExtGNEnable_0=true +policyset.userCertSet.8.default.params.subjAltNameNumGNs=1 +policyset.userCertSet.9.constraint.class_id=signingAlgConstraintImpl +policyset.userCertSet.9.constraint.name=No Constraint +policyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC +policyset.userCertSet.9.default.class_id=signingAlgDefaultImpl +policyset.userCertSet.9.default.name=Signing Alg +policyset.userCertSet.9.default.params.signingAlg=- diff --git a/pki/base/ca/shared/profiles/ca/caDualCert.cfg b/pki/base/ca/shared/profiles/ca/caDualCert.cfg new file mode 100644 index 000000000..bd99199fa --- /dev/null +++ b/pki/base/ca/shared/profiles/ca/caDualCert.cfg @@ -0,0 +1,170 @@ +desc=This certificate profile is for enrolling dual user certificates. It works only with Netscape 7.0 or later. +visible=true +enable=true +enableBy=admin +name=Manual User Signing & Encryption Certificates Enrollment +auth.class_id= +input.list=i1,i2,i3 +input.i1.class_id=dualKeyGenInputImpl +input.i2.class_id=subjectNameInputImpl +input.i3.class_id=submitterInfoInputImpl +output.list=o1 +output.o1.class_id=certOutputImpl +policyset.list=encryptionCertSet,signingCertSet +policyset.encryptionCertSet.list=1,2,3,4,5,6,7,8,9 +policyset.encryptionCertSet.1.constraint.class_id=subjectNameConstraintImpl +policyset.encryptionCertSet.1.constraint.name=Subject Name Constraint +policyset.encryptionCertSet.1.constraint.params.pattern=UID=.* +policyset.encryptionCertSet.1.constraint.params.accept=true +policyset.encryptionCertSet.1.default.class_id=userSubjectNameDefaultImpl +policyset.encryptionCertSet.1.default.name=Subject Name Default +policyset.encryptionCertSet.1.default.params.name= +policyset.encryptionCertSet.2.constraint.class_id=validityConstraintImpl +policyset.encryptionCertSet.2.constraint.name=Validity Constraint +policyset.encryptionCertSet.2.constraint.params.range=365 +policyset.encryptionCertSet.2.constraint.params.notBeforeCheck=false +policyset.encryptionCertSet.2.constraint.params.notAfterCheck=false +policyset.encryptionCertSet.2.default.class_id=validityDefaultImpl +policyset.encryptionCertSet.2.default.name=Validity Default +policyset.encryptionCertSet.2.default.params.range=180 +policyset.encryptionCertSet.2.default.params.startTime=0 +policyset.encryptionCertSet.3.constraint.class_id=keyConstraintImpl +policyset.encryptionCertSet.3.constraint.name=Key Constraint +policyset.encryptionCertSet.3.constraint.params.keyType=- +policyset.encryptionCertSet.3.constraint.params.keyMinLength=256 +policyset.encryptionCertSet.3.constraint.params.keyMaxLength=4096 +policyset.encryptionCertSet.3.default.class_id=userKeyDefaultImpl +policyset.encryptionCertSet.3.default.name=Key Default +policyset.encryptionCertSet.4.constraint.class_id=noConstraintImpl +policyset.encryptionCertSet.4.constraint.name=No Constraint +policyset.encryptionCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl +policyset.encryptionCertSet.4.default.name=Authority Key Identifier Default +policyset.encryptionCertSet.5.constraint.class_id=noConstraintImpl +policyset.encryptionCertSet.5.constraint.name=No Constraint +policyset.encryptionCertSet.5.default.class_id=authInfoAccessExtDefaultImpl +policyset.encryptionCertSet.5.default.name=AIA Extension Default +policyset.encryptionCertSet.5.default.params.authInfoAccessADEnable_0=true +policyset.encryptionCertSet.5.default.params.authInfoAccessADLocationType_0=URIName +policyset.encryptionCertSet.5.default.params.authInfoAccessADLocation_0= +policyset.encryptionCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1 +policyset.encryptionCertSet.5.default.params.authInfoAccessCritical=false +policyset.encryptionCertSet.5.default.params.authInfoAccessNumADs=1 +policyset.encryptionCertSet.6.constraint.class_id=keyUsageExtConstraintImpl +policyset.encryptionCertSet.6.constraint.name=Key Usage Extension Constraint +policyset.encryptionCertSet.6.constraint.params.keyUsageCritical=true +policyset.encryptionCertSet.6.constraint.params.keyUsageDigitalSignature=false +policyset.encryptionCertSet.6.constraint.params.keyUsageNonRepudiation=false +policyset.encryptionCertSet.6.constraint.params.keyUsageDataEncipherment=false +policyset.encryptionCertSet.6.constraint.params.keyUsageKeyEncipherment=true +policyset.encryptionCertSet.6.constraint.params.keyUsageKeyAgreement=false +policyset.encryptionCertSet.6.constraint.params.keyUsageKeyCertSign=false +policyset.encryptionCertSet.6.constraint.params.keyUsageCrlSign=false +policyset.encryptionCertSet.6.constraint.params.keyUsageEncipherOnly=false +policyset.encryptionCertSet.6.constraint.params.keyUsageDecipherOnly=false +policyset.encryptionCertSet.6.default.class_id=keyUsageExtDefaultImpl +policyset.encryptionCertSet.6.default.name=Key Usage Default +policyset.encryptionCertSet.6.default.params.keyUsageCritical=true +policyset.encryptionCertSet.6.default.params.keyUsageDigitalSignature=false +policyset.encryptionCertSet.6.default.params.keyUsageNonRepudiation=false +policyset.encryptionCertSet.6.default.params.keyUsageDataEncipherment=false +policyset.encryptionCertSet.6.default.params.keyUsageKeyEncipherment=true +policyset.encryptionCertSet.6.default.params.keyUsageKeyAgreement=false +policyset.encryptionCertSet.6.default.params.keyUsageKeyCertSign=false +policyset.encryptionCertSet.6.default.params.keyUsageCrlSign=false +policyset.encryptionCertSet.6.default.params.keyUsageEncipherOnly=false +policyset.encryptionCertSet.6.default.params.keyUsageDecipherOnly=false +policyset.encryptionCertSet.7.constraint.class_id=noConstraintImpl +policyset.encryptionCertSet.7.constraint.name=No Constraint +policyset.encryptionCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl +policyset.encryptionCertSet.7.default.name=Extended Key Usage Extension Default +policyset.encryptionCertSet.7.default.params.exKeyUsageCritical=false +policyset.encryptionCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4 +policyset.encryptionCertSet.8.constraint.class_id=noConstraintImpl +policyset.encryptionCertSet.8.constraint.name=No Constraint +policyset.encryptionCertSet.8.default.class_id=subjectAltNameExtDefaultImpl +policyset.encryptionCertSet.8.default.name=Subject Alt Name Constraint +policyset.encryptionCertSet.8.default.params.subjAltNameExtCritical=false +policyset.encryptionCertSet.8.default.params.subjAltExtType_0=RFC822Name +policyset.encryptionCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$ +policyset.encryptionCertSet.8.default.params.subjAltExtGNEnable_0=true +policyset.encryptionCertSet.8.default.params.subjAltNameNumGNs=1 +policyset.encryptionCertSet.9.constraint.class_id=signingAlgConstraintImpl +policyset.encryptionCertSet.9.constraint.name=No Constraint +policyset.encryptionCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC +policyset.encryptionCertSet.9.default.class_id=signingAlgDefaultImpl +policyset.encryptionCertSet.9.default.name=Signing Alg +policyset.encryptionCertSet.9.default.params.signingAlg=- +policyset.signingCertSet.list=1,2,3,4,6,7,8,9 +policyset.signingCertSet.1.constraint.class_id=subjectNameConstraintImpl +policyset.signingCertSet.1.constraint.name=Subject Name Constraint +policyset.signingCertSet.1.constraint.params.pattern=UID=.* +policyset.signingCertSet.1.constraint.params.accept=true +policyset.signingCertSet.1.default.class_id=userSubjectNameDefaultImpl +policyset.signingCertSet.1.default.name=Subject Name Default +policyset.signingCertSet.1.default.params.name= +policyset.signingCertSet.2.constraint.class_id=validityConstraintImpl +policyset.signingCertSet.2.constraint.name=Validity Constraint +policyset.signingCertSet.2.constraint.params.range=365 +policyset.signingCertSet.2.constraint.params.notBeforeCheck=false +policyset.signingCertSet.2.constraint.params.notAfterCheck=false +policyset.signingCertSet.2.default.class_id=validityDefaultImpl +policyset.signingCertSet.2.default.name=Validity Default +policyset.signingCertSet.2.default.params.range=180 +policyset.signingCertSet.2.default.params.startTime=60 +policyset.signingCertSet.3.constraint.class_id=keyConstraintImpl +policyset.signingCertSet.3.constraint.name=Key Constraint +policyset.signingCertSet.3.constraint.params.keyType=RSA +policyset.signingCertSet.3.constraint.params.keyMinLength=512 +policyset.signingCertSet.3.constraint.params.keyMaxLength=4096 +policyset.signingCertSet.3.default.class_id=userKeyDefaultImpl +policyset.signingCertSet.3.default.name=Key Default +policyset.signingCertSet.4.constraint.class_id=noConstraintImpl +policyset.signingCertSet.4.constraint.name=No Constraint +policyset.signingCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl +policyset.signingCertSet.4.default.name=Authority Key Identifier Default +policyset.signingCertSet.6.constraint.class_id=keyUsageExtConstraintImpl +policyset.signingCertSet.6.constraint.name=Key Usage Extension Constraint +policyset.signingCertSet.6.constraint.params.keyUsageCritical=true +policyset.signingCertSet.6.constraint.params.keyUsageDigitalSignature=true +policyset.signingCertSet.6.constraint.params.keyUsageNonRepudiation=true +policyset.signingCertSet.6.constraint.params.keyUsageDataEncipherment=false +policyset.signingCertSet.6.constraint.params.keyUsageKeyEncipherment=false +policyset.signingCertSet.6.constraint.params.keyUsageKeyAgreement=false +policyset.signingCertSet.6.constraint.params.keyUsageKeyCertSign=false +policyset.signingCertSet.6.constraint.params.keyUsageCrlSign=false +policyset.signingCertSet.6.constraint.params.keyUsageEncipherOnly=false +policyset.signingCertSet.6.constraint.params.keyUsageDecipherOnly=false +policyset.signingCertSet.6.default.class_id=keyUsageExtDefaultImpl +policyset.signingCertSet.6.default.name=Key Usage Default +policyset.signingCertSet.6.default.params.keyUsageCritical=true +policyset.signingCertSet.6.default.params.keyUsageDigitalSignature=true +policyset.signingCertSet.6.default.params.keyUsageNonRepudiation=true +policyset.signingCertSet.6.default.params.keyUsageDataEncipherment=false +policyset.signingCertSet.6.default.params.keyUsageKeyEncipherment=false +policyset.signingCertSet.6.default.params.keyUsageKeyAgreement=false +policyset.signingCertSet.6.default.params.keyUsageKeyCertSign=false +policyset.signingCertSet.6.default.params.keyUsageCrlSign=false +policyset.signingCertSet.6.default.params.keyUsageEncipherOnly=false +policyset.signingCertSet.6.default.params.keyUsageDecipherOnly=false +policyset.signingCertSet.7.constraint.class_id=noConstraintImpl +policyset.signingCertSet.7.constraint.name=No Constraint +policyset.signingCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl +policyset.signingCertSet.7.default.name=Extended Key Usage Extension Default +policyset.signingCertSet.7.default.params.exKeyUsageCritical=false +policyset.signingCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4 +policyset.signingCertSet.8.constraint.class_id=noConstraintImpl +policyset.signingCertSet.8.constraint.name=No Constraint +policyset.signingCertSet.8.default.class_id=subjectAltNameExtDefaultImpl +policyset.signingCertSet.8.default.name=Subject Alt Name Constraint +policyset.signingCertSet.8.default.params.subjAltNameExtCritical=false +policyset.signingCertSet.8.default.params.subjAltExtType_0=RFC822Name +policyset.signingCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$ +policyset.signingCertSet.8.default.params.subjAltExtGNEnable_0=true +policyset.signingCertSet.8.default.params.subjAltNameNumGNs=1 +policyset.signingCertSet.9.constraint.class_id=signingAlgConstraintImpl +policyset.signingCertSet.9.constraint.name=No Constraint +policyset.signingCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA +policyset.signingCertSet.9.default.class_id=signingAlgDefaultImpl +policyset.signingCertSet.9.default.name=Signing Alg +policyset.signingCertSet.9.default.params.signingAlg=SHA1withRSA +policyset.signingCertSet.9.default.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA diff --git a/pki/base/ca/shared/profiles/ca/caDualRAuserCert.cfg b/pki/base/ca/shared/profiles/ca/caDualRAuserCert.cfg new file mode 100644 index 000000000..0f6036cf2 --- /dev/null +++ b/pki/base/ca/shared/profiles/ca/caDualRAuserCert.cfg @@ -0,0 +1,95 @@ +desc=This certificate profile is for enrolling user certificates with RA agent authentication. +visible=true +enable=true +enableBy=admin +auth.instance_id=raCertAuth +name=RA Agent-Authenticated User Certificate Enrollment +input.list=i1,i2 +input.i1.class_id=certReqInputImpl +input.i2.class_id=submitterInfoInputImpl +output.list=o1 +output.o1.class_id=certOutputImpl +policyset.list=userCertSet +policyset.userCertSet.list=1,2,3,4,5,6,7,8,9 +policyset.userCertSet.1.constraint.class_id=subjectNameConstraintImpl +policyset.userCertSet.1.constraint.name=Subject Name Constraint +policyset.userCertSet.1.constraint.params.pattern=.*UID=.* +policyset.userCertSet.1.constraint.params.accept=true +policyset.userCertSet.1.default.class_id=userSubjectNameDefaultImpl +policyset.userCertSet.1.default.name=Subject Name Default +policyset.userCertSet.1.default.params.name= +policyset.userCertSet.2.constraint.class_id=validityConstraintImpl +policyset.userCertSet.2.constraint.name=Validity Constraint +policyset.userCertSet.2.constraint.params.range=365 +policyset.userCertSet.2.constraint.params.notBeforeCheck=false +policyset.userCertSet.2.constraint.params.notAfterCheck=false +policyset.userCertSet.2.default.class_id=validityDefaultImpl +policyset.userCertSet.2.default.name=Validity Default +policyset.userCertSet.2.default.params.range=180 +policyset.userCertSet.2.default.params.startTime=0 +policyset.userCertSet.3.constraint.class_id=keyConstraintImpl +policyset.userCertSet.3.constraint.name=Key Constraint +policyset.userCertSet.3.constraint.params.keyType=- +policyset.userCertSet.3.constraint.params.keyMinLength=256 +policyset.userCertSet.3.constraint.params.keyMaxLength=4096 +policyset.userCertSet.3.default.class_id=userKeyDefaultImpl +policyset.userCertSet.3.default.name=Key Default +policyset.userCertSet.4.constraint.class_id=noConstraintImpl +policyset.userCertSet.4.constraint.name=No Constraint +policyset.userCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl +policyset.userCertSet.4.default.name=Authority Key Identifier Default +policyset.userCertSet.5.constraint.class_id=noConstraintImpl +policyset.userCertSet.5.constraint.name=No Constraint +policyset.userCertSet.5.default.class_id=authInfoAccessExtDefaultImpl +policyset.userCertSet.5.default.name=AIA Extension Default +policyset.userCertSet.5.default.params.authInfoAccessADEnable_0=true +policyset.userCertSet.5.default.params.authInfoAccessADLocationType_0=URIName +policyset.userCertSet.5.default.params.authInfoAccessADLocation_0= +policyset.userCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1 +policyset.userCertSet.5.default.params.authInfoAccessCritical=false +policyset.userCertSet.5.default.params.authInfoAccessNumADs=1 +policyset.userCertSet.6.constraint.class_id=keyUsageExtConstraintImpl +policyset.userCertSet.6.constraint.name=Key Usage Extension Constraint +policyset.userCertSet.6.constraint.params.keyUsageCritical=true +policyset.userCertSet.6.constraint.params.keyUsageDigitalSignature=true +policyset.userCertSet.6.constraint.params.keyUsageNonRepudiation=true +policyset.userCertSet.6.constraint.params.keyUsageDataEncipherment=false +policyset.userCertSet.6.constraint.params.keyUsageKeyEncipherment=true +policyset.userCertSet.6.constraint.params.keyUsageKeyAgreement=false +policyset.userCertSet.6.constraint.params.keyUsageKeyCertSign=false +policyset.userCertSet.6.constraint.params.keyUsageCrlSign=false +policyset.userCertSet.6.constraint.params.keyUsageEncipherOnly=false +policyset.userCertSet.6.constraint.params.keyUsageDecipherOnly=false +policyset.userCertSet.6.default.class_id=keyUsageExtDefaultImpl +policyset.userCertSet.6.default.name=Key Usage Default +policyset.userCertSet.6.default.params.keyUsageCritical=true +policyset.userCertSet.6.default.params.keyUsageDigitalSignature=true +policyset.userCertSet.6.default.params.keyUsageNonRepudiation=true +policyset.userCertSet.6.default.params.keyUsageDataEncipherment=false +policyset.userCertSet.6.default.params.keyUsageKeyEncipherment=true +policyset.userCertSet.6.default.params.keyUsageKeyAgreement=false +policyset.userCertSet.6.default.params.keyUsageKeyCertSign=false +policyset.userCertSet.6.default.params.keyUsageCrlSign=false +policyset.userCertSet.6.default.params.keyUsageEncipherOnly=false +policyset.userCertSet.6.default.params.keyUsageDecipherOnly=false +policyset.userCertSet.7.constraint.class_id=noConstraintImpl +policyset.userCertSet.7.constraint.name=No Constraint +policyset.userCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl +policyset.userCertSet.7.default.name=Extended Key Usage Extension Default +policyset.userCertSet.7.default.params.exKeyUsageCritical=false +policyset.userCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4 +policyset.userCertSet.8.constraint.class_id=noConstraintImpl +policyset.userCertSet.8.constraint.name=No Constraint +policyset.userCertSet.8.default.class_id=subjectAltNameExtDefaultImpl +policyset.userCertSet.8.default.name=Subject Alt Name Constraint +policyset.userCertSet.8.default.params.subjAltNameExtCritical=false +policyset.userCertSet.8.default.params.subjAltExtType_0=RFC822Name +policyset.userCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$ +policyset.userCertSet.8.default.params.subjAltExtGNEnable_0=true +policyset.userCertSet.8.default.params.subjAltNameNumGNs=1 +policyset.userCertSet.9.constraint.class_id=signingAlgConstraintImpl +policyset.userCertSet.9.constraint.name=No Constraint +policyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC +policyset.userCertSet.9.default.class_id=signingAlgDefaultImpl +policyset.userCertSet.9.default.name=Signing Alg +policyset.userCertSet.9.default.params.signingAlg=- diff --git a/pki/base/ca/shared/profiles/ca/caFullCMCUserCert.cfg b/pki/base/ca/shared/profiles/ca/caFullCMCUserCert.cfg new file mode 100644 index 000000000..11a5475ec --- /dev/null +++ b/pki/base/ca/shared/profiles/ca/caFullCMCUserCert.cfg @@ -0,0 +1,86 @@ +desc=This certificate profile is for enrolling user certificates by using the CMC certificate request with CMC Signature authentication. +enable=true +enableBy=admin +name=Signed CMC-Authenticated User Certificate Enrollment +visible=false +auth.instance_id=CMCAuth +input.list=i1,i2 +input.i1.class_id=cmcCertReqInputImpl +input.i2.class_id=submitterInfoInputImpl +output.list=o1 +output.o1.class_id=certOutputImpl +policyset.list=cmcUserCertSet +policyset.cmcUserCertSet.list=1,2,3,4,5,6,7,8 +policyset.cmcUserCertSet.1.constraint.class_id=subjectNameConstraintImpl +policyset.cmcUserCertSet.1.constraint.name=Subject Name Constraint +policyset.cmcUserCertSet.1.constraint.params.accept=true +policyset.cmcUserCertSet.1.constraint.params.pattern=.* +policyset.cmcUserCertSet.1.default.class_id=userSubjectNameDefaultImpl +policyset.cmcUserCertSet.1.default.name=Subject Name Default +policyset.cmcUserCertSet.1.default.params.name= +policyset.cmcUserCertSet.2.constraint.class_id=validityConstraintImpl +policyset.cmcUserCertSet.2.constraint.name=Validity Constraint +policyset.cmcUserCertSet.2.constraint.params.notAfterCheck=false +policyset.cmcUserCertSet.2.constraint.params.notBeforeCheck=false +policyset.cmcUserCertSet.2.constraint.params.range=365 +policyset.cmcUserCertSet.2.default.class_id=validityDefaultImpl +policyset.cmcUserCertSet.2.default.name=Validity Default +policyset.cmcUserCertSet.2.default.params.range=180 +policyset.cmcUserCertSet.2.default.params.startTime=0 +policyset.cmcUserCertSet.3.constraint.class_id=keyConstraintImpl +policyset.cmcUserCertSet.3.constraint.name=Key Constraint +policyset.cmcUserCertSet.3.constraint.params.keyMaxLength=4096 +policyset.cmcUserCertSet.3.constraint.params.keyMinLength=256 +policyset.cmcUserCertSet.3.constraint.params.keyType=- +policyset.cmcUserCertSet.3.default.class_id=userKeyDefaultImpl +policyset.cmcUserCertSet.3.default.name=Key Default +policyset.cmcUserCertSet.4.constraint.class_id=noConstraintImpl +policyset.cmcUserCertSet.4.constraint.name=No Constraint +policyset.cmcUserCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl +policyset.cmcUserCertSet.4.default.name=Authority Key Identifier Default +policyset.cmcUserCertSet.5.constraint.class_id=noConstraintImpl +policyset.cmcUserCertSet.5.constraint.name=No Constraint +policyset.cmcUserCertSet.5.default.class_id=authInfoAccessExtDefaultImpl +policyset.cmcUserCertSet.5.default.name=AIA Extension Default +policyset.cmcUserCertSet.5.default.params.authInfoAccessADEnable_0=true +policyset.cmcUserCertSet.5.default.params.authInfoAccessADLocationType_0=URIName +policyset.cmcUserCertSet.5.default.params.authInfoAccessADLocation_0= +policyset.cmcUserCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1 +policyset.cmcUserCertSet.5.default.params.authInfoAccessCritical=false +policyset.cmcUserCertSet.5.default.params.authInfoAccessNumADs=1 +policyset.cmcUserCertSet.6.constraint.class_id=keyUsageExtConstraintImpl +policyset.cmcUserCertSet.6.constraint.name=Key Usage Extension Constraint +policyset.cmcUserCertSet.6.constraint.params.keyUsageCritical=true +policyset.cmcUserCertSet.6.constraint.params.keyUsageCrlSign=false +policyset.cmcUserCertSet.6.constraint.params.keyUsageDataEncipherment=false +policyset.cmcUserCertSet.6.constraint.params.keyUsageDecipherOnly=false +policyset.cmcUserCertSet.6.constraint.params.keyUsageDigitalSignature=true +policyset.cmcUserCertSet.6.constraint.params.keyUsageEncipherOnly=false +policyset.cmcUserCertSet.6.constraint.params.keyUsageKeyAgreement=false +policyset.cmcUserCertSet.6.constraint.params.keyUsageKeyCertSign=false +policyset.cmcUserCertSet.6.constraint.params.keyUsageKeyEncipherment=true +policyset.cmcUserCertSet.6.constraint.params.keyUsageNonRepudiation=true +policyset.cmcUserCertSet.6.default.class_id=keyUsageExtDefaultImpl +policyset.cmcUserCertSet.6.default.name=Key Usage Default +policyset.cmcUserCertSet.6.default.params.keyUsageCritical=true +policyset.cmcUserCertSet.6.default.params.keyUsageCrlSign=false +policyset.cmcUserCertSet.6.default.params.keyUsageDataEncipherment=false +policyset.cmcUserCertSet.6.default.params.keyUsageDecipherOnly=false +policyset.cmcUserCertSet.6.default.params.keyUsageDigitalSignature=true +policyset.cmcUserCertSet.6.default.params.keyUsageEncipherOnly=false +policyset.cmcUserCertSet.6.default.params.keyUsageKeyAgreement=false +policyset.cmcUserCertSet.6.default.params.keyUsageKeyCertSign=false +policyset.cmcUserCertSet.6.default.params.keyUsageKeyEncipherment=true +policyset.cmcUserCertSet.6.default.params.keyUsageNonRepudiation=true +policyset.cmcUserCertSet.7.constraint.class_id=noConstraintImpl +policyset.cmcUserCertSet.7.constraint.name=No Constraint +policyset.cmcUserCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl +policyset.cmcUserCertSet.7.default.name=Extended Key Usage Extension Default +policyset.cmcUserCertSet.7.default.params.exKeyUsageCritical=false +policyset.cmcUserCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4 +policyset.cmcUserCertSet.8.constraint.class_id=signingAlgConstraintImpl +policyset.cmcUserCertSet.8.constraint.name=No Constraint +policyset.cmcUserCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC +policyset.cmcUserCertSet.8.default.class_id=signingAlgDefaultImpl +policyset.cmcUserCertSet.8.default.name=Signing Alg +policyset.cmcUserCertSet.8.default.params.signingAlg=- diff --git a/pki/base/ca/shared/profiles/ca/caInstallCACert.cfg b/pki/base/ca/shared/profiles/ca/caInstallCACert.cfg new file mode 100644 index 000000000..2f01ee306 --- /dev/null +++ b/pki/base/ca/shared/profiles/ca/caInstallCACert.cfg @@ -0,0 +1,97 @@ +desc=This certificate profile is for enrolling Security Domain Certificate Authority certificates. +visible=true +enable=true +enableBy=admin +auth.instance_id=TokenAuth +authz.acl=group="Enterprise OCSP Administrators" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators" +name=Manual Security Domain Certificate Authority Signing Certificate Enrollment +input.list=i1,i2 +input.i1.class_id=certReqInputImpl +input.i2.class_id=submitterInfoInputImpl +output.list=o1 +output.o1.class_id=certOutputImpl +policyset.list=caCertSet +policyset.caCertSet.list=1,2,3,4,5,6,8,9,10 +policyset.caCertSet.1.constraint.class_id=subjectNameConstraintImpl +policyset.caCertSet.1.constraint.name=Subject Name Constraint +policyset.caCertSet.1.constraint.params.pattern=CN=.* +policyset.caCertSet.1.constraint.params.accept=true +policyset.caCertSet.1.default.class_id=userSubjectNameDefaultImpl +policyset.caCertSet.1.default.name=Subject Name Default +policyset.caCertSet.1.default.params.name= +policyset.caCertSet.2.constraint.class_id=validityConstraintImpl +policyset.caCertSet.2.constraint.name=Validity Constraint +policyset.caCertSet.2.constraint.params.range=720 +policyset.caCertSet.2.constraint.params.notBeforeCheck=false +policyset.caCertSet.2.constraint.params.notAfterCheck=false +policyset.caCertSet.2.default.class_id=validityDefaultImpl +policyset.caCertSet.2.default.name=Validity Default +policyset.caCertSet.2.default.params.range=720 +policyset.caCertSet.2.default.params.startTime=0 +policyset.caCertSet.3.constraint.class_id=keyConstraintImpl +policyset.caCertSet.3.constraint.name=Key Constraint +policyset.caCertSet.3.constraint.params.keyType=- +policyset.caCertSet.3.constraint.params.keyMinLength=256 +policyset.caCertSet.3.constraint.params.keyMaxLength=4096 +policyset.caCertSet.3.default.class_id=userKeyDefaultImpl +policyset.caCertSet.3.default.name=Key Default +policyset.caCertSet.4.constraint.class_id=noConstraintImpl +policyset.caCertSet.4.constraint.name=No Constraint +policyset.caCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl +policyset.caCertSet.4.default.name=Authority Key Identifier Default +policyset.caCertSet.5.constraint.class_id=basicConstraintsExtConstraintImpl +policyset.caCertSet.5.constraint.name=Basic Constraint Extension Constraint +policyset.caCertSet.5.constraint.params.basicConstraintsCritical=true +policyset.caCertSet.5.constraint.params.basicConstraintsIsCA=true +policyset.caCertSet.5.constraint.params.basicConstraintsMinPathLen=-1 +policyset.caCertSet.5.constraint.params.basicConstraintsMaxPathLen=-1 +policyset.caCertSet.5.default.class_id=basicConstraintsExtDefaultImpl +policyset.caCertSet.5.default.name=Basic Constraints Extension Default +policyset.caCertSet.5.default.params.basicConstraintsCritical=true +policyset.caCertSet.5.default.params.basicConstraintsIsCA=true +policyset.caCertSet.5.default.params.basicConstraintsPathLen=-1 +policyset.caCertSet.6.constraint.class_id=keyUsageExtConstraintImpl +policyset.caCertSet.6.constraint.name=Key Usage Extension Constraint +policyset.caCertSet.6.constraint.params.keyUsageCritical=true +policyset.caCertSet.6.constraint.params.keyUsageDigitalSignature=true +policyset.caCertSet.6.constraint.params.keyUsageNonRepudiation=true +policyset.caCertSet.6.constraint.params.keyUsageDataEncipherment=false +policyset.caCertSet.6.constraint.params.keyUsageKeyEncipherment=false +policyset.caCertSet.6.constraint.params.keyUsageKeyAgreement=false +policyset.caCertSet.6.constraint.params.keyUsageKeyCertSign=true +policyset.caCertSet.6.constraint.params.keyUsageCrlSign=true +policyset.caCertSet.6.constraint.params.keyUsageEncipherOnly=false +policyset.caCertSet.6.constraint.params.keyUsageDecipherOnly=false +policyset.caCertSet.6.default.class_id=keyUsageExtDefaultImpl +policyset.caCertSet.6.default.name=Key Usage Default +policyset.caCertSet.6.default.params.keyUsageCritical=true +policyset.caCertSet.6.default.params.keyUsageDigitalSignature=true +policyset.caCertSet.6.default.params.keyUsageNonRepudiation=true +policyset.caCertSet.6.default.params.keyUsageDataEncipherment=false +policyset.caCertSet.6.default.params.keyUsageKeyEncipherment=false +policyset.caCertSet.6.default.params.keyUsageKeyAgreement=false +policyset.caCertSet.6.default.params.keyUsageKeyCertSign=true +policyset.caCertSet.6.default.params.keyUsageCrlSign=true +policyset.caCertSet.6.default.params.keyUsageEncipherOnly=false +policyset.caCertSet.6.default.params.keyUsageDecipherOnly=false +policyset.caCertSet.8.constraint.class_id=noConstraintImpl +policyset.caCertSet.8.constraint.name=No Constraint +policyset.caCertSet.8.default.class_id=subjectKeyIdentifierExtDefaultImpl +policyset.caCertSet.8.default.name=Subject Key Identifier Extension Default +policyset.caCertSet.8.default.params.critical=false +policyset.caCertSet.9.constraint.class_id=signingAlgConstraintImpl +policyset.caCertSet.9.constraint.name=No Constraint +policyset.caCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC +policyset.caCertSet.9.default.class_id=signingAlgDefaultImpl +policyset.caCertSet.9.default.name=Signing Alg +policyset.caCertSet.9.default.params.signingAlg=- +policyset.caCertSet.10.constraint.class_id=noConstraintImpl +policyset.caCertSet.10.constraint.name=No Constraint +policyset.caCertSet.10.default.class_id=authInfoAccessExtDefaultImpl +policyset.caCertSet.10.default.name=AIA Extension Default +policyset.caCertSet.10.default.params.authInfoAccessADEnable_0=true +policyset.caCertSet.10.default.params.authInfoAccessADLocationType_0=URIName +policyset.caCertSet.10.default.params.authInfoAccessADLocation_0= +policyset.caCertSet.10.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1 +policyset.caCertSet.10.default.params.authInfoAccessCritical=false +policyset.caCertSet.10.default.params.authInfoAccessNumADs=1 diff --git a/pki/base/ca/shared/profiles/ca/caInternalAuthDRMstorageCert.cfg b/pki/base/ca/shared/profiles/ca/caInternalAuthDRMstorageCert.cfg new file mode 100644 index 000000000..5702c7662 --- /dev/null +++ b/pki/base/ca/shared/profiles/ca/caInternalAuthDRMstorageCert.cfg @@ -0,0 +1,72 @@ +desc=This certificate profile is for enrolling Security Domain DRM storage certificates +visible=true +enable=true +enableBy=admin +auth.instance_id=TokenAuth +authz.acl=group="Enterprise OCSP Administrators" || group="Enterprise RA Administrators" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators" +name=Security Domain DRM storage Certificate Enrollment +input.list=i1,i2 +input.i1.class_id=certReqInputImpl +input.i2.class_id=submitterInfoInputImpl +output.list=o1 +output.o1.class_id=certOutputImpl +policyset.list=ocspCertSet +policyset.ocspCertSet.list=1,2,3,4,5,6,8,9 +policyset.ocspCertSet.1.constraint.class_id=subjectNameConstraintImpl +policyset.ocspCertSet.1.constraint.name=Subject Name Constraint +policyset.ocspCertSet.1.constraint.params.pattern=CN=.* +policyset.ocspCertSet.1.constraint.params.accept=true +policyset.ocspCertSet.1.default.class_id=userSubjectNameDefaultImpl +policyset.ocspCertSet.1.default.name=Subject Name Default +policyset.ocspCertSet.1.default.params.name= +policyset.ocspCertSet.2.constraint.class_id=validityConstraintImpl +policyset.ocspCertSet.2.constraint.name=Validity Constraint +policyset.ocspCertSet.2.constraint.params.range=720 +policyset.ocspCertSet.2.constraint.params.notBeforeCheck=false +policyset.ocspCertSet.2.constraint.params.notAfterCheck=false +policyset.ocspCertSet.2.default.class_id=validityDefaultImpl +policyset.ocspCertSet.2.default.name=Validity Default +policyset.ocspCertSet.2.default.params.range=720 +policyset.ocspCertSet.2.default.params.startTime=0 +policyset.ocspCertSet.3.constraint.class_id=keyConstraintImpl +policyset.ocspCertSet.3.constraint.name=Key Constraint +policyset.ocspCertSet.3.constraint.params.keyType=- +policyset.ocspCertSet.3.constraint.params.keyMinLength=256 +policyset.ocspCertSet.3.constraint.params.keyMaxLength=4096 +policyset.ocspCertSet.3.default.class_id=userKeyDefaultImpl +policyset.ocspCertSet.3.default.name=Key Default +policyset.ocspCertSet.4.constraint.class_id=noConstraintImpl +policyset.ocspCertSet.4.constraint.name=No Constraint +policyset.ocspCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl +policyset.ocspCertSet.4.default.name=Authority Key Identifier Default +policyset.ocspCertSet.5.constraint.class_id=noConstraintImpl +policyset.ocspCertSet.5.constraint.name=No Constraint +policyset.ocspCertSet.5.default.class_id=authInfoAccessExtDefaultImpl +policyset.ocspCertSet.5.default.name=AIA Extension Default +policyset.ocspCertSet.5.default.params.authInfoAccessADEnable_0=true +policyset.ocspCertSet.5.default.params.authInfoAccessADLocationType_0=URIName +policyset.ocspCertSet.5.default.params.authInfoAccessADLocation_0= +policyset.ocspCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1 +policyset.ocspCertSet.5.default.params.authInfoAccessCritical=false +policyset.ocspCertSet.5.default.params.authInfoAccessNumADs=1 +policyset.ocspCertSet.6.constraint.class_id=extendedKeyUsageExtConstraintImpl +policyset.ocspCertSet.6.constraint.name=Extended Key Usage Extension +policyset.ocspCertSet.6.constraint.params.exKeyUsageCritical=false +policyset.ocspCertSet.6.constraint.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.9 +policyset.ocspCertSet.6.default.class_id=extendedKeyUsageExtDefaultImpl +policyset.ocspCertSet.6.default.name=Extended Key Usage Default +policyset.ocspCertSet.6.default.params.exKeyUsageCritical=false +policyset.ocspCertSet.6.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.9 +policyset.ocspCertSet.8.constraint.class_id=extensionConstraintImpl +policyset.ocspCertSet.8.constraint.name=No Constraint +policyset.ocspCertSet.8.constraint.params.extCritical=false +policyset.ocspCertSet.8.constraint.params.extOID=1.3.6.1.5.5.7.48.1.5 +policyset.ocspCertSet.8.default.class_id=ocspNoCheckExtDefaultImpl +policyset.ocspCertSet.8.default.name=OCSP No Check Extension +policyset.ocspCertSet.8.default.params.ocspNoCheckCritical=false +policyset.ocspCertSet.9.constraint.class_id=signingAlgConstraintImpl +policyset.ocspCertSet.9.constraint.name=No Constraint +policyset.ocspCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC +policyset.ocspCertSet.9.default.class_id=signingAlgDefaultImpl +policyset.ocspCertSet.9.default.name=Signing Alg +policyset.ocspCertSet.9.default.params.signingAlg=- diff --git a/pki/base/ca/shared/profiles/ca/caInternalAuthOCSPCert.cfg b/pki/base/ca/shared/profiles/ca/caInternalAuthOCSPCert.cfg new file mode 100644 index 000000000..453d31e06 --- /dev/null +++ b/pki/base/ca/shared/profiles/ca/caInternalAuthOCSPCert.cfg @@ -0,0 +1,72 @@ +desc=This certificate profile is for enrolling Security Domain OCSP Manager certificates. +visible=true +enable=true +enableBy=admin +auth.instance_id=TokenAuth +authz.acl=group="Enterprise OCSP Administrators" || group="Enterprise RA Administrators" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators" +name=Security Domain OCSP Manager Signing Certificate Enrollment +input.list=i1,i2 +input.i1.class_id=certReqInputImpl +input.i2.class_id=submitterInfoInputImpl +output.list=o1 +output.o1.class_id=certOutputImpl +policyset.list=ocspCertSet +policyset.ocspCertSet.list=1,2,3,4,5,6,8,9 +policyset.ocspCertSet.1.constraint.class_id=subjectNameConstraintImpl +policyset.ocspCertSet.1.constraint.name=Subject Name Constraint +policyset.ocspCertSet.1.constraint.params.pattern=CN=.* +policyset.ocspCertSet.1.constraint.params.accept=true +policyset.ocspCertSet.1.default.class_id=userSubjectNameDefaultImpl +policyset.ocspCertSet.1.default.name=Subject Name Default +policyset.ocspCertSet.1.default.params.name= +policyset.ocspCertSet.2.constraint.class_id=validityConstraintImpl +policyset.ocspCertSet.2.constraint.name=Validity Constraint +policyset.ocspCertSet.2.constraint.params.range=720 +policyset.ocspCertSet.2.constraint.params.notBeforeCheck=false +policyset.ocspCertSet.2.constraint.params.notAfterCheck=false +policyset.ocspCertSet.2.default.class_id=validityDefaultImpl +policyset.ocspCertSet.2.default.name=Validity Default +policyset.ocspCertSet.2.default.params.range=720 +policyset.ocspCertSet.2.default.params.startTime=0 +policyset.ocspCertSet.3.constraint.class_id=keyConstraintImpl +policyset.ocspCertSet.3.constraint.name=Key Constraint +policyset.ocspCertSet.3.constraint.params.keyType=- +policyset.ocspCertSet.3.constraint.params.keyMinLength=256 +policyset.ocspCertSet.3.constraint.params.keyMaxLength=4096 +policyset.ocspCertSet.3.default.class_id=userKeyDefaultImpl +policyset.ocspCertSet.3.default.name=Key Default +policyset.ocspCertSet.4.constraint.class_id=noConstraintImpl +policyset.ocspCertSet.4.constraint.name=No Constraint +policyset.ocspCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl +policyset.ocspCertSet.4.default.name=Authority Key Identifier Default +policyset.ocspCertSet.5.constraint.class_id=noConstraintImpl +policyset.ocspCertSet.5.constraint.name=No Constraint +policyset.ocspCertSet.5.default.class_id=authInfoAccessExtDefaultImpl +policyset.ocspCertSet.5.default.name=AIA Extension Default +policyset.ocspCertSet.5.default.params.authInfoAccessADEnable_0=true +policyset.ocspCertSet.5.default.params.authInfoAccessADLocationType_0=URIName +policyset.ocspCertSet.5.default.params.authInfoAccessADLocation_0= +policyset.ocspCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1 +policyset.ocspCertSet.5.default.params.authInfoAccessCritical=false +policyset.ocspCertSet.5.default.params.authInfoAccessNumADs=1 +policyset.ocspCertSet.6.constraint.class_id=extendedKeyUsageExtConstraintImpl +policyset.ocspCertSet.6.constraint.name=Extended Key Usage Extension +policyset.ocspCertSet.6.constraint.params.exKeyUsageCritical=false +policyset.ocspCertSet.6.constraint.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.9 +policyset.ocspCertSet.6.default.class_id=extendedKeyUsageExtDefaultImpl +policyset.ocspCertSet.6.default.name=Extended Key Usage Default +policyset.ocspCertSet.6.default.params.exKeyUsageCritical=false +policyset.ocspCertSet.6.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.9 +policyset.ocspCertSet.8.constraint.class_id=extensionConstraintImpl +policyset.ocspCertSet.8.constraint.name=No Constraint +policyset.ocspCertSet.8.constraint.params.extCritical=false +policyset.ocspCertSet.8.constraint.params.extOID=1.3.6.1.5.5.7.48.1.5 +policyset.ocspCertSet.8.default.class_id=ocspNoCheckExtDefaultImpl +policyset.ocspCertSet.8.default.name=OCSP No Check Extension +policyset.ocspCertSet.8.default.params.ocspNoCheckCritical=false +policyset.ocspCertSet.9.constraint.class_id=signingAlgConstraintImpl +policyset.ocspCertSet.9.constraint.name=No Constraint +policyset.ocspCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC +policyset.ocspCertSet.9.default.class_id=signingAlgDefaultImpl +policyset.ocspCertSet.9.default.name=Signing Alg +policyset.ocspCertSet.9.default.params.signingAlg=- diff --git a/pki/base/ca/shared/profiles/ca/caInternalAuthServerCert.cfg b/pki/base/ca/shared/profiles/ca/caInternalAuthServerCert.cfg new file mode 100644 index 000000000..85aff8b4f --- /dev/null +++ b/pki/base/ca/shared/profiles/ca/caInternalAuthServerCert.cfg @@ -0,0 +1,87 @@ +desc=This certificate profile is for enrolling Security Domain server certificates. +visible=true +enable=true +enableBy=admin +auth.instance_id=TokenAuth +authz.acl=group="Enterprise OCSP Administrators" || group="Enterprise RA Administrators" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators" +name=Security Domain Server Certificate Enrollment +input.list=i1,i2 +input.i1.class_id=certReqInputImpl +input.i2.class_id=submitterInfoInputImpl +output.list=o1 +output.o1.class_id=certOutputImpl +policyset.list=serverCertSet +policyset.serverCertSet.list=1,2,3,4,5,6,7,8 +policyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl +policyset.serverCertSet.1.constraint.name=Subject Name Constraint +policyset.serverCertSet.1.constraint.params.pattern=CN=.* +policyset.serverCertSet.1.constraint.params.accept=true +policyset.serverCertSet.1.default.class_id=userSubjectNameDefaultImpl +policyset.serverCertSet.1.default.name=Subject Name Default +policyset.serverCertSet.1.default.params.name= +policyset.serverCertSet.2.constraint.class_id=validityConstraintImpl +policyset.serverCertSet.2.constraint.name=Validity Constraint +policyset.serverCertSet.2.constraint.params.range=720 +policyset.serverCertSet.2.constraint.params.notBeforeCheck=false +policyset.serverCertSet.2.constraint.params.notAfterCheck=false +policyset.serverCertSet.2.default.class_id=validityDefaultImpl +policyset.serverCertSet.2.default.name=Validity Default +policyset.serverCertSet.2.default.params.range=720 +policyset.serverCertSet.2.default.params.startTime=0 +policyset.serverCertSet.3.constraint.class_id=keyConstraintImpl +policyset.serverCertSet.3.constraint.name=Key Constraint +policyset.serverCertSet.3.constraint.params.keyType=- +policyset.serverCertSet.3.constraint.params.keyMinLength=256 +policyset.serverCertSet.3.constraint.params.keyMaxLength=4096 +policyset.serverCertSet.3.default.class_id=userKeyDefaultImpl +policyset.serverCertSet.3.default.name=Key Default +policyset.serverCertSet.4.constraint.class_id=noConstraintImpl +policyset.serverCertSet.4.constraint.name=No Constraint +policyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl +policyset.serverCertSet.4.default.name=Authority Key Identifier Default +policyset.serverCertSet.5.constraint.class_id=noConstraintImpl +policyset.serverCertSet.5.constraint.name=No Constraint +policyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl +policyset.serverCertSet.5.default.name=AIA Extension Default +policyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true +policyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName +policyset.serverCertSet.5.default.params.authInfoAccessADLocation_0= +policyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1 +policyset.serverCertSet.5.default.params.authInfoAccessCritical=false +policyset.serverCertSet.5.default.params.authInfoAccessNumADs=1 +policyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl +policyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint +policyset.serverCertSet.6.constraint.params.keyUsageCritical=true +policyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true +policyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true +policyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true +policyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true +policyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false +policyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false +policyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false +policyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false +policyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false +policyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl +policyset.serverCertSet.6.default.name=Key Usage Default +policyset.serverCertSet.6.default.params.keyUsageCritical=true +policyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true +policyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true +policyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true +policyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true +policyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false +policyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false +policyset.serverCertSet.6.default.params.keyUsageCrlSign=false +policyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false +policyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false +policyset.serverCertSet.7.constraint.class_id=noConstraintImpl +policyset.serverCertSet.7.constraint.name=No Constraint +policyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl +policyset.serverCertSet.7.default.name=Extended Key Usage Extension Default +policyset.serverCertSet.7.default.params.exKeyUsageCritical=false +policyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4 +policyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl +policyset.serverCertSet.8.constraint.name=No Constraint +policyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC +policyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl +policyset.serverCertSet.8.default.name=Signing Alg +policyset.serverCertSet.8.default.params.signingAlg=- diff --git a/pki/base/ca/shared/profiles/ca/caInternalAuthSubsystemCert.cfg b/pki/base/ca/shared/profiles/ca/caInternalAuthSubsystemCert.cfg new file mode 100644 index 000000000..95534a15a --- /dev/null +++ b/pki/base/ca/shared/profiles/ca/caInternalAuthSubsystemCert.cfg @@ -0,0 +1,89 @@ +desc=This certificate profile is for enrolling Security Domain subsystem certificates. +visible=true +enable=true +enableBy=admin +auth.instance_id=TokenAuth +authz.acl=group="Enterprise OCSP Administrators" || group="Enterprise RA Administrators" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators" +name=Security Domain Subsysem Certificate Enrollment +input.list=i1,i2 +input.i1.class_id=certReqInputImpl +input.i2.class_id=submitterInfoInputImpl +output.list=o1 +output.o1.class_id=certOutputImpl +updater.list=u1 +updater.u1.class_id=subsystemGroupUpdaterImpl +policyset.list=serverCertSet +policyset.serverCertSet.list=1,2,3,4,5,6,7,8 +policyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl +policyset.serverCertSet.1.constraint.name=Subject Name Constraint +policyset.serverCertSet.1.constraint.params.pattern=CN=.* +policyset.serverCertSet.1.constraint.params.accept=true +policyset.serverCertSet.1.default.class_id=userSubjectNameDefaultImpl +policyset.serverCertSet.1.default.name=Subject Name Default +policyset.serverCertSet.1.default.params.name= +policyset.serverCertSet.2.constraint.class_id=validityConstraintImpl +policyset.serverCertSet.2.constraint.name=Validity Constraint +policyset.serverCertSet.2.constraint.params.range=720 +policyset.serverCertSet.2.constraint.params.notBeforeCheck=false +policyset.serverCertSet.2.constraint.params.notAfterCheck=false +policyset.serverCertSet.2.default.class_id=validityDefaultImpl +policyset.serverCertSet.2.default.name=Validity Default +policyset.serverCertSet.2.default.params.range=720 +policyset.serverCertSet.2.default.params.startTime=0 +policyset.serverCertSet.3.constraint.class_id=keyConstraintImpl +policyset.serverCertSet.3.constraint.name=Key Constraint +policyset.serverCertSet.3.constraint.params.keyType=- +policyset.serverCertSet.3.constraint.params.keyMinLength=256 +policyset.serverCertSet.3.constraint.params.keyMaxLength=4096 +policyset.serverCertSet.3.default.class_id=userKeyDefaultImpl +policyset.serverCertSet.3.default.name=Key Default +policyset.serverCertSet.4.constraint.class_id=noConstraintImpl +policyset.serverCertSet.4.constraint.name=No Constraint +policyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl +policyset.serverCertSet.4.default.name=Authority Key Identifier Default +policyset.serverCertSet.5.constraint.class_id=noConstraintImpl +policyset.serverCertSet.5.constraint.name=No Constraint +policyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl +policyset.serverCertSet.5.default.name=AIA Extension Default +policyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true +policyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName +policyset.serverCertSet.5.default.params.authInfoAccessADLocation_0= +policyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1 +policyset.serverCertSet.5.default.params.authInfoAccessCritical=false +policyset.serverCertSet.5.default.params.authInfoAccessNumADs=1 +policyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl +policyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint +policyset.serverCertSet.6.constraint.params.keyUsageCritical=true +policyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true +policyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true +policyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true +policyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true +policyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false +policyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false +policyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false +policyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false +policyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false +policyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl +policyset.serverCertSet.6.default.name=Key Usage Default +policyset.serverCertSet.6.default.params.keyUsageCritical=true +policyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true +policyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true +policyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true +policyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true +policyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false +policyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false +policyset.serverCertSet.6.default.params.keyUsageCrlSign=false +policyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false +policyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false +policyset.serverCertSet.7.constraint.class_id=noConstraintImpl +policyset.serverCertSet.7.constraint.name=No Constraint +policyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl +policyset.serverCertSet.7.default.name=Extended Key Usage Extension Default +policyset.serverCertSet.7.default.params.exKeyUsageCritical=false +policyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2 +policyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl +policyset.serverCertSet.8.constraint.name=No Constraint +policyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC +policyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl +policyset.serverCertSet.8.default.name=Signing Alg +policyset.serverCertSet.8.default.params.signingAlg=- diff --git a/pki/base/ca/shared/profiles/ca/caInternalAuthTransportCert.cfg b/pki/base/ca/shared/profiles/ca/caInternalAuthTransportCert.cfg new file mode 100644 index 000000000..55896adb6 --- /dev/null +++ b/pki/base/ca/shared/profiles/ca/caInternalAuthTransportCert.cfg @@ -0,0 +1,81 @@ +desc=This certificate profile is for enrolling Security Domain Data Recovery Manager transport certificates. +visible=true +enable=true +enableBy=admin +auth.instance_id=TokenAuth +authz.acl=group="Enterprise OCSP Administrators" || group="Enterprise RA Administrators" || group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators" +name=Security Domain Data Recovery Manager Transport Certificate Enrollment +input.list=i1,i2 +input.i1.class_id=certReqInputImpl +input.i2.class_id=submitterInfoInputImpl +output.list=o1 +output.o1.class_id=certOutputImpl +policyset.list=transportCertSet +policyset.transportCertSet.list=1,2,3,4,5,6,8 +policyset.transportCertSet.1.constraint.class_id=subjectNameConstraintImpl +policyset.transportCertSet.1.constraint.name=Subject Name Constraint +policyset.transportCertSet.1.constraint.params.pattern=CN=.* +policyset.transportCertSet.1.constraint.params.accept=true +policyset.transportCertSet.1.default.class_id=userSubjectNameDefaultImpl +policyset.transportCertSet.1.default.name=Subject Name Default +policyset.transportCertSet.1.default.params.name= +policyset.transportCertSet.2.constraint.class_id=validityConstraintImpl +policyset.transportCertSet.2.constraint.name=Validity Constraint +policyset.transportCertSet.2.constraint.params.range=720 +policyset.transportCertSet.2.constraint.params.notBeforeCheck=false +policyset.transportCertSet.2.constraint.params.notAfterCheck=false +policyset.transportCertSet.2.default.class_id=validityDefaultImpl +policyset.transportCertSet.2.default.name=Validity Default +policyset.transportCertSet.2.default.params.range=720 +policyset.transportCertSet.2.default.params.startTime=0 +policyset.transportCertSet.3.constraint.class_id=keyConstraintImpl +policyset.transportCertSet.3.constraint.name=Key Constraint +policyset.transportCertSet.3.constraint.params.keyType=- +policyset.transportCertSet.3.constraint.params.keyMinLength=256 +policyset.transportCertSet.3.constraint.params.keyMaxLength=4096 +policyset.transportCertSet.3.default.class_id=userKeyDefaultImpl +policyset.transportCertSet.3.default.name=Key Default +policyset.transportCertSet.4.constraint.class_id=noConstraintImpl +policyset.transportCertSet.4.constraint.name=No Constraint +policyset.transportCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl +policyset.transportCertSet.4.default.name=Authority Key Identifier Default +policyset.transportCertSet.5.constraint.class_id=noConstraintImpl +policyset.transportCertSet.5.constraint.name=No Constraint +policyset.transportCertSet.5.default.class_id=authInfoAccessExtDefaultImpl +policyset.transportCertSet.5.default.name=AIA Extension Default +policyset.transportCertSet.5.default.params.authInfoAccessADEnable_0=true +policyset.transportCertSet.5.default.params.authInfoAccessADLocationType_0=URIName +policyset.transportCertSet.5.default.params.authInfoAccessADLocation_0= +policyset.transportCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1 +policyset.transportCertSet.5.default.params.authInfoAccessCritical=false +policyset.transportCertSet.5.default.params.authInfoAccessNumADs=1 +policyset.transportCertSet.6.constraint.class_id=keyUsageExtConstraintImpl +policyset.transportCertSet.6.constraint.name=Key Usage Extension Constraint +policyset.transportCertSet.6.constraint.params.keyUsageCritical=true +policyset.transportCertSet.6.constraint.params.keyUsageDigitalSignature=true +policyset.transportCertSet.6.constraint.params.keyUsageNonRepudiation=true +policyset.transportCertSet.6.constraint.params.keyUsageDataEncipherment=true +policyset.transportCertSet.6.constraint.params.keyUsageKeyEncipherment=true +policyset.transportCertSet.6.constraint.params.keyUsageKeyAgreement=false +policyset.transportCertSet.6.constraint.params.keyUsageKeyCertSign=false +policyset.transportCertSet.6.constraint.params.keyUsageCrlSign=false +policyset.transportCertSet.6.constraint.params.keyUsageEncipherOnly=false +policyset.transportCertSet.6.constraint.params.keyUsageDecipherOnly=false +policyset.transportCertSet.6.default.class_id=keyUsageExtDefaultImpl +policyset.transportCertSet.6.default.name=Key Usage Default +policyset.transportCertSet.6.default.params.keyUsageCritical=true +policyset.transportCertSet.6.default.params.keyUsageDigitalSignature=true +policyset.transportCertSet.6.default.params.keyUsageNonRepudiation=true +policyset.transportCertSet.6.default.params.keyUsageDataEncipherment=true +policyset.transportCertSet.6.default.params.keyUsageKeyEncipherment=true +policyset.transportCertSet.6.default.params.keyUsageKeyAgreement=false +policyset.transportCertSet.6.default.params.keyUsageKeyCertSign=false +policyset.transportCertSet.6.default.params.keyUsageCrlSign=false +policyset.transportCertSet.6.default.params.keyUsageEncipherOnly=false +policyset.transportCertSet.6.default.params.keyUsageDecipherOnly=false +policyset.transportCertSet.8.constraint.class_id=signingAlgConstraintImpl +policyset.transportCertSet.8.constraint.name=No Constraint +policyset.transportCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC +policyset.transportCertSet.8.default.class_id=signingAlgDefaultImpl +policyset.transportCertSet.8.default.name=Signing Alg +policyset.transportCertSet.8.default.params.signingAlg=- diff --git a/pki/base/ca/shared/profiles/ca/caOCSPCert.cfg b/pki/base/ca/shared/profiles/ca/caOCSPCert.cfg new file mode 100644 index 000000000..4f5204f1e --- /dev/null +++ b/pki/base/ca/shared/profiles/ca/caOCSPCert.cfg @@ -0,0 +1,71 @@ +desc=This certificate profile is for enrolling OCSP Manager certificates. +visible=true +enable=true +enableBy=admin +auth.class_id= +name=Manual OCSP Manager Signing Certificate Enrollment +input.list=i1,i2 +input.i1.class_id=certReqInputImpl +input.i2.class_id=submitterInfoInputImpl +output.list=o1 +output.o1.class_id=certOutputImpl +policyset.list=ocspCertSet +policyset.ocspCertSet.list=1,2,3,4,5,6,8,9 +policyset.ocspCertSet.1.constraint.class_id=subjectNameConstraintImpl +policyset.ocspCertSet.1.constraint.name=Subject Name Constraint +policyset.ocspCertSet.1.constraint.params.pattern=CN=.* +policyset.ocspCertSet.1.constraint.params.accept=true +policyset.ocspCertSet.1.default.class_id=userSubjectNameDefaultImpl +policyset.ocspCertSet.1.default.name=Subject Name Default +policyset.ocspCertSet.1.default.params.name= +policyset.ocspCertSet.2.constraint.class_id=validityConstraintImpl +policyset.ocspCertSet.2.constraint.name=Validity Constraint +policyset.ocspCertSet.2.constraint.params.range=720 +policyset.ocspCertSet.2.constraint.params.notBeforeCheck=false +policyset.ocspCertSet.2.constraint.params.notAfterCheck=false +policyset.ocspCertSet.2.default.class_id=validityDefaultImpl +policyset.ocspCertSet.2.default.name=Validity Default +policyset.ocspCertSet.2.default.params.range=720 +policyset.ocspCertSet.2.default.params.startTime=0 +policyset.ocspCertSet.3.constraint.class_id=keyConstraintImpl +policyset.ocspCertSet.3.constraint.name=Key Constraint +policyset.ocspCertSet.3.constraint.params.keyType=- +policyset.ocspCertSet.3.constraint.params.keyMinLength=256 +policyset.ocspCertSet.3.constraint.params.keyMaxLength=4096 +policyset.ocspCertSet.3.default.class_id=userKeyDefaultImpl +policyset.ocspCertSet.3.default.name=Key Default +policyset.ocspCertSet.4.constraint.class_id=noConstraintImpl +policyset.ocspCertSet.4.constraint.name=No Constraint +policyset.ocspCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl +policyset.ocspCertSet.4.default.name=Authority Key Identifier Default +policyset.ocspCertSet.5.constraint.class_id=noConstraintImpl +policyset.ocspCertSet.5.constraint.name=No Constraint +policyset.ocspCertSet.5.default.class_id=authInfoAccessExtDefaultImpl +policyset.ocspCertSet.5.default.name=AIA Extension Default +policyset.ocspCertSet.5.default.params.authInfoAccessADEnable_0=true +policyset.ocspCertSet.5.default.params.authInfoAccessADLocationType_0=URIName +policyset.ocspCertSet.5.default.params.authInfoAccessADLocation_0= +policyset.ocspCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1 +policyset.ocspCertSet.5.default.params.authInfoAccessCritical=false +policyset.ocspCertSet.5.default.params.authInfoAccessNumADs=1 +policyset.ocspCertSet.6.constraint.class_id=extendedKeyUsageExtConstraintImpl +policyset.ocspCertSet.6.constraint.name=Extended Key Usage Extension +policyset.ocspCertSet.6.constraint.params.exKeyUsageCritical=false +policyset.ocspCertSet.6.constraint.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.9 +policyset.ocspCertSet.6.default.class_id=extendedKeyUsageExtDefaultImpl +policyset.ocspCertSet.6.default.name=Extended Key Usage Default +policyset.ocspCertSet.6.default.params.exKeyUsageCritical=false +policyset.ocspCertSet.6.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.9 +policyset.ocspCertSet.8.constraint.class_id=extensionConstraintImpl +policyset.ocspCertSet.8.constraint.name=No Constraint +policyset.ocspCertSet.8.constraint.params.extCritical=false +policyset.ocspCertSet.8.constraint.params.extOID=1.3.6.1.5.5.7.48.1.5 +policyset.ocspCertSet.8.default.class_id=ocspNoCheckExtDefaultImpl +policyset.ocspCertSet.8.default.name=OCSP No Check Extension +policyset.ocspCertSet.8.default.params.ocspNoCheckCritical=false +policyset.ocspCertSet.9.constraint.class_id=signingAlgConstraintImpl +policyset.ocspCertSet.9.constraint.name=No Constraint +policyset.ocspCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC +policyset.ocspCertSet.9.default.class_id=signingAlgDefaultImpl +policyset.ocspCertSet.9.default.name=Signing Alg +policyset.ocspCertSet.9.default.params.signingAlg=- diff --git a/pki/base/ca/shared/profiles/ca/caOtherCert.cfg b/pki/base/ca/shared/profiles/ca/caOtherCert.cfg new file mode 100644 index 000000000..2abdc36f8 --- /dev/null +++ b/pki/base/ca/shared/profiles/ca/caOtherCert.cfg @@ -0,0 +1,86 @@ +desc=This certificate profile is for enrolling other certificates. +visible=true +enable=true +enableBy=admin +auth.class_id= +name=Other Certificate Enrollment +input.list=i1,i2 +input.i1.class_id=certReqInputImpl +input.i2.class_id=submitterInfoInputImpl +output.list=o1 +output.o1.class_id=certOutputImpl +policyset.list=otherCertSet +policyset.otherCertSet.list=1,2,3,4,5,6,7,8 +policyset.otherCertSet.1.constraint.class_id=subjectNameConstraintImpl +policyset.otherCertSet.1.constraint.name=Subject Name Constraint +policyset.otherCertSet.1.constraint.params.pattern=CN=.* +policyset.otherCertSet.1.constraint.params.accept=true +policyset.otherCertSet.1.default.class_id=userSubjectNameDefaultImpl +policyset.otherCertSet.1.default.name=Subject Name Default +policyset.otherCertSet.1.default.params.name= +policyset.otherCertSet.2.constraint.class_id=validityConstraintImpl +policyset.otherCertSet.2.constraint.name=Validity Constraint +policyset.otherCertSet.2.constraint.params.range=720 +policyset.otherCertSet.2.constraint.params.notBeforeCheck=false +policyset.otherCertSet.2.constraint.params.notAfterCheck=false +policyset.otherCertSet.2.default.class_id=validityDefaultImpl +policyset.otherCertSet.2.default.name=Validity Default +policyset.otherCertSet.2.default.params.range=720 +policyset.otherCertSet.2.default.params.startTime=0 +policyset.otherCertSet.3.constraint.class_id=keyConstraintImpl +policyset.otherCertSet.3.constraint.name=Key Constraint +policyset.otherCertSet.3.constraint.params.keyType=- +policyset.otherCertSet.3.constraint.params.keyMinLength=256 +policyset.otherCertSet.3.constraint.params.keyMaxLength=4096 +policyset.otherCertSet.3.default.class_id=userKeyDefaultImpl +policyset.otherCertSet.3.default.name=Key Default +policyset.otherCertSet.4.constraint.class_id=noConstraintImpl +policyset.otherCertSet.4.constraint.name=No Constraint +policyset.otherCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl +policyset.otherCertSet.4.default.name=Authority Key Identifier Default +policyset.otherCertSet.5.constraint.class_id=noConstraintImpl +policyset.otherCertSet.5.constraint.name=No Constraint +policyset.otherCertSet.5.default.class_id=authInfoAccessExtDefaultImpl +policyset.otherCertSet.5.default.name=AIA Extension Default +policyset.otherCertSet.5.default.params.authInfoAccessADEnable_0=true +policyset.otherCertSet.5.default.params.authInfoAccessADLocationType_0=URIName +policyset.otherCertSet.5.default.params.authInfoAccessADLocation_0= +policyset.otherCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1 +policyset.otherCertSet.5.default.params.authInfoAccessCritical=false +policyset.otherCertSet.5.default.params.authInfoAccessNumADs=1 +policyset.otherCertSet.6.constraint.class_id=keyUsageExtConstraintImpl +policyset.otherCertSet.6.constraint.name=Key Usage Extension Constraint +policyset.otherCertSet.6.constraint.params.keyUsageCritical=true +policyset.otherCertSet.6.constraint.params.keyUsageDigitalSignature=true +policyset.otherCertSet.6.constraint.params.keyUsageNonRepudiation=true +policyset.otherCertSet.6.constraint.params.keyUsageDataEncipherment=true +policyset.otherCertSet.6.constraint.params.keyUsageKeyEncipherment=true +policyset.otherCertSet.6.constraint.params.keyUsageKeyAgreement=false +policyset.otherCertSet.6.constraint.params.keyUsageKeyCertSign=false +policyset.otherCertSet.6.constraint.params.keyUsageCrlSign=false +policyset.otherCertSet.6.constraint.params.keyUsageEncipherOnly=false +policyset.otherCertSet.6.constraint.params.keyUsageDecipherOnly=false +policyset.otherCertSet.6.default.class_id=keyUsageExtDefaultImpl +policyset.otherCertSet.6.default.name=Key Usage Default +policyset.otherCertSet.6.default.params.keyUsageCritical=true +policyset.otherCertSet.6.default.params.keyUsageDigitalSignature=true +policyset.otherCertSet.6.default.params.keyUsageNonRepudiation=true +policyset.otherCertSet.6.default.params.keyUsageDataEncipherment=true +policyset.otherCertSet.6.default.params.keyUsageKeyEncipherment=true +policyset.otherCertSet.6.default.params.keyUsageKeyAgreement=false +policyset.otherCertSet.6.default.params.keyUsageKeyCertSign=false +policyset.otherCertSet.6.default.params.keyUsageCrlSign=false +policyset.otherCertSet.6.default.params.keyUsageEncipherOnly=false +policyset.otherCertSet.6.default.params.keyUsageDecipherOnly=false +policyset.otherCertSet.7.constraint.class_id=noConstraintImpl +policyset.otherCertSet.7.constraint.name=No Constraint +policyset.otherCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl +policyset.otherCertSet.7.default.name=Extended Key Usage Extension Default +policyset.otherCertSet.7.default.params.exKeyUsageCritical=false +policyset.otherCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1 +policyset.otherCertSet.8.constraint.class_id=signingAlgConstraintImpl +policyset.otherCertSet.8.constraint.name=No Constraint +policyset.otherCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC +policyset.otherCertSet.8.default.class_id=signingAlgDefaultImpl +policyset.otherCertSet.8.default.name=Signing Alg +policyset.otherCertSet.8.default.params.signingAlg=- diff --git a/pki/base/ca/shared/profiles/ca/caRACert.cfg b/pki/base/ca/shared/profiles/ca/caRACert.cfg new file mode 100644 index 000000000..4910bd4b7 --- /dev/null +++ b/pki/base/ca/shared/profiles/ca/caRACert.cfg @@ -0,0 +1,86 @@ +desc=This certificate profile is for enrolling Registration Manager certificates. +visible=true +enable=true +enableBy=admin +auth.class_id= +name=Manual Registration Manager Signing Certificate Enrollment +input.list=i1,i2 +input.i1.class_id=certReqInputImpl +input.i2.class_id=submitterInfoInputImpl +output.list=o1 +output.o1.class_id=certOutputImpl +policyset.list=raCertSet +policyset.raCertSet.list=1,2,3,4,5,6,7,8 +policyset.raCertSet.1.constraint.class_id=subjectNameConstraintImpl +policyset.raCertSet.1.constraint.name=Subject Name Constraint +policyset.raCertSet.1.constraint.params.pattern=CN=.* +policyset.raCertSet.1.constraint.params.accept=true +policyset.raCertSet.1.default.class_id=userSubjectNameDefaultImpl +policyset.raCertSet.1.default.name=Subject Name Default +policyset.raCertSet.1.default.params.name= +policyset.raCertSet.2.constraint.class_id=validityConstraintImpl +policyset.raCertSet.2.constraint.name=Validity Constraint +policyset.raCertSet.2.constraint.params.range=720 +policyset.raCertSet.2.constraint.params.notBeforeCheck=false +policyset.raCertSet.2.constraint.params.notAfterCheck=false +policyset.raCertSet.2.default.class_id=validityDefaultImpl +policyset.raCertSet.2.default.name=Validity Default +policyset.raCertSet.2.default.params.range=720 +policyset.raCertSet.2.default.params.startTime=0 +policyset.raCertSet.3.constraint.class_id=keyConstraintImpl +policyset.raCertSet.3.constraint.name=Key Constraint +policyset.raCertSet.3.constraint.params.keyType=- +policyset.raCertSet.3.constraint.params.keyMinLength=256 +policyset.raCertSet.3.constraint.params.keyMaxLength=4096 +policyset.raCertSet.3.default.class_id=userKeyDefaultImpl +policyset.raCertSet.3.default.name=Key Default +policyset.raCertSet.4.constraint.class_id=noConstraintImpl +policyset.raCertSet.4.constraint.name=No Constraint +policyset.raCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl +policyset.raCertSet.4.default.name=Authority Key Identifier Default +policyset.raCertSet.5.constraint.class_id=noConstraintImpl +policyset.raCertSet.5.constraint.name=No Constraint +policyset.raCertSet.5.default.class_id=authInfoAccessExtDefaultImpl +policyset.raCertSet.5.default.name=AIA Extension Default +policyset.raCertSet.5.default.params.authInfoAccessADEnable_0=true +policyset.raCertSet.5.default.params.authInfoAccessADLocationType_0=URIName +policyset.raCertSet.5.default.params.authInfoAccessADLocation_0= +policyset.raCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1 +policyset.raCertSet.5.default.params.authInfoAccessCritical=false +policyset.raCertSet.5.default.params.authInfoAccessNumADs=1 +policyset.raCertSet.6.constraint.class_id=keyUsageExtConstraintImpl +policyset.raCertSet.6.constraint.name=Key Usage Extension Constraint +policyset.raCertSet.6.constraint.params.keyUsageCritical=true +policyset.raCertSet.6.constraint.params.keyUsageDigitalSignature=true +policyset.raCertSet.6.constraint.params.keyUsageNonRepudiation=true +policyset.raCertSet.6.constraint.params.keyUsageDataEncipherment=false +policyset.raCertSet.6.constraint.params.keyUsageKeyEncipherment=false +policyset.raCertSet.6.constraint.params.keyUsageKeyAgreement=false +policyset.raCertSet.6.constraint.params.keyUsageKeyCertSign=false +policyset.raCertSet.6.constraint.params.keyUsageCrlSign=false +policyset.raCertSet.6.constraint.params.keyUsageEncipherOnly=false +policyset.raCertSet.6.constraint.params.keyUsageDecipherOnly=false +policyset.raCertSet.6.default.class_id=keyUsageExtDefaultImpl +policyset.raCertSet.6.default.name=Key Usage Default +policyset.raCertSet.6.default.params.keyUsageCritical=true +policyset.raCertSet.6.default.params.keyUsageDigitalSignature=true +policyset.raCertSet.6.default.params.keyUsageNonRepudiation=true +policyset.raCertSet.6.default.params.keyUsageDataEncipherment=false +policyset.raCertSet.6.default.params.keyUsageKeyEncipherment=false +policyset.raCertSet.6.default.params.keyUsageKeyAgreement=false +policyset.raCertSet.6.default.params.keyUsageKeyCertSign=false +policyset.raCertSet.6.default.params.keyUsageCrlSign=false +policyset.raCertSet.6.default.params.keyUsageEncipherOnly=false +policyset.raCertSet.6.default.params.keyUsageDecipherOnly=false +policyset.raCertSet.7.constraint.class_id=noConstraintImpl +policyset.raCertSet.7.constraint.name=No Constraint +policyset.raCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl +policyset.raCertSet.7.default.name=Extended Key Usage Extension Default +policyset.raCertSet.7.default.params.exKeyUsageCritical=false +policyset.raCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2 +policyset.raCertSet.8.constraint.class_id=signingAlgConstraintImpl +policyset.raCertSet.8.constraint.name=No Constraint +policyset.raCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC +policyset.raCertSet.8.default.class_id=signingAlgDefaultImpl +policyset.raCertSet.8.default.name=Signing Alg +policyset.raCertSet.8.default.params.signingAlg=- diff --git a/pki/base/ca/shared/profiles/ca/caRARouterCert.cfg b/pki/base/ca/shared/profiles/ca/caRARouterCert.cfg new file mode 100644 index 000000000..a6df27a6e --- /dev/null +++ b/pki/base/ca/shared/profiles/ca/caRARouterCert.cfg @@ -0,0 +1,86 @@ +desc=This certificate profile is for enrolling router certificates. +visible=true +enable=true +enableBy=admin +auth.instance_id=raCertAuth +name=RA Agent-Authenticated Router Certificate Enrollment +input.list=i1,i2 +input.i1.class_id=certReqInputImpl +input.i2.class_id=submitterInfoInputImpl +output.list=o1 +output.o1.class_id=certOutputImpl +policyset.list=serverCertSet +policyset.serverCertSet.list=1,2,3,4,5,6,7,8 +policyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl +policyset.serverCertSet.1.constraint.name=Subject Name Constraint +policyset.serverCertSet.1.constraint.params.pattern=.* +policyset.serverCertSet.1.constraint.params.accept=true +policyset.serverCertSet.1.default.class_id=userSubjectNameDefaultImpl +policyset.serverCertSet.1.default.name=Subject Name Default +policyset.serverCertSet.1.default.params.name= +policyset.serverCertSet.2.constraint.class_id=validityConstraintImpl +policyset.serverCertSet.2.constraint.name=Validity Constraint +policyset.serverCertSet.2.constraint.params.range=720 +policyset.serverCertSet.2.constraint.params.notBeforeCheck=false +policyset.serverCertSet.2.constraint.params.notAfterCheck=false +policyset.serverCertSet.2.default.class_id=validityDefaultImpl +policyset.serverCertSet.2.default.name=Validity Default +policyset.serverCertSet.2.default.params.range=720 +policyset.serverCertSet.2.default.params.startTime=0 +policyset.serverCertSet.3.constraint.class_id=keyConstraintImpl +policyset.serverCertSet.3.constraint.name=Key Constraint +policyset.serverCertSet.3.constraint.params.keyType=- +policyset.serverCertSet.3.constraint.params.keyMinLength=256 +policyset.serverCertSet.3.constraint.params.keyMaxLength=4096 +policyset.serverCertSet.3.default.class_id=userKeyDefaultImpl +policyset.serverCertSet.3.default.name=Key Default +policyset.serverCertSet.4.constraint.class_id=noConstraintImpl +policyset.serverCertSet.4.constraint.name=No Constraint +policyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl +policyset.serverCertSet.4.default.name=Authority Key Identifier Default +policyset.serverCertSet.5.constraint.class_id=noConstraintImpl +policyset.serverCertSet.5.constraint.name=No Constraint +policyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl +policyset.serverCertSet.5.default.name=AIA Extension Default +policyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true +policyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName +policyset.serverCertSet.5.default.params.authInfoAccessADLocation_0= +policyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1 +policyset.serverCertSet.5.default.params.authInfoAccessCritical=false +policyset.serverCertSet.5.default.params.authInfoAccessNumADs=1 +policyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl +policyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint +policyset.serverCertSet.6.constraint.params.keyUsageCritical=true +policyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true +policyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true +policyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=false +policyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true +policyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false +policyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false +policyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false +policyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false +policyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false +policyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl +policyset.serverCertSet.6.default.name=Key Usage Default +policyset.serverCertSet.6.default.params.keyUsageCritical=true +policyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true +policyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true +policyset.serverCertSet.6.default.params.keyUsageDataEncipherment=false +policyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true +policyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false +policyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false +policyset.serverCertSet.6.default.params.keyUsageCrlSign=false +policyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false +policyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false +policyset.serverCertSet.7.constraint.class_id=noConstraintImpl +policyset.serverCertSet.7.constraint.name=No Constraint +policyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl +policyset.serverCertSet.7.default.name=Extended Key Usage Extension Default +policyset.serverCertSet.7.default.params.exKeyUsageCritical=false +policyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4 +policyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl +policyset.serverCertSet.8.constraint.name=No Constraint +policyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC +policyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl +policyset.serverCertSet.8.default.name=Signing Alg +policyset.serverCertSet.8.default.params.signingAlg=- diff --git a/pki/base/ca/shared/profiles/ca/caRAagentCert.cfg b/pki/base/ca/shared/profiles/ca/caRAagentCert.cfg new file mode 100644 index 000000000..97d4c9821 --- /dev/null +++ b/pki/base/ca/shared/profiles/ca/caRAagentCert.cfg @@ -0,0 +1,96 @@ +desc=This certificate profile is for enrolling RA agent user certificates with RA agent authentication. +visible=true +enable=true +enableBy=admin +auth.instance_id=raCertAuth +name=RA Agent-Authenticated Agent User Certificate Enrollment +input.list=i1,i2,i3 +input.i1.class_id=certReqInputImpl +input.i2.class_id=submitterInfoInputImpl +input.i3.class_id=subjectDNInputImpl +output.list=o1 +output.o1.class_id=certOutputImpl +policyset.list=userCertSet +policyset.userCertSet.list=1,2,3,4,5,6,7,8,9 +policyset.userCertSet.1.constraint.class_id=subjectNameConstraintImpl +policyset.userCertSet.1.constraint.name=Subject Name Constraint +policyset.userCertSet.1.constraint.params.pattern=UID=.* +policyset.userCertSet.1.constraint.params.accept=true +policyset.userCertSet.1.default.class_id=userSubjectNameDefaultImpl +policyset.userCertSet.1.default.name=Subject Name Default +policyset.userCertSet.1.default.params.name= +policyset.userCertSet.2.constraint.class_id=validityConstraintImpl +policyset.userCertSet.2.constraint.name=Validity Constraint +policyset.userCertSet.2.constraint.params.range=365 +policyset.userCertSet.2.constraint.params.notBeforeCheck=false +policyset.userCertSet.2.constraint.params.notAfterCheck=false +policyset.userCertSet.2.default.class_id=validityDefaultImpl +policyset.userCertSet.2.default.name=Validity Default +policyset.userCertSet.2.default.params.range=180 +policyset.userCertSet.2.default.params.startTime=0 +policyset.userCertSet.3.constraint.class_id=keyConstraintImpl +policyset.userCertSet.3.constraint.name=Key Constraint +policyset.userCertSet.3.constraint.params.keyType=- +policyset.userCertSet.3.constraint.params.keyMinLength=256 +policyset.userCertSet.3.constraint.params.keyMaxLength=4096 +policyset.userCertSet.3.default.class_id=userKeyDefaultImpl +policyset.userCertSet.3.default.name=Key Default +policyset.userCertSet.4.constraint.class_id=noConstraintImpl +policyset.userCertSet.4.constraint.name=No Constraint +policyset.userCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl +policyset.userCertSet.4.default.name=Authority Key Identifier Default +policyset.userCertSet.5.constraint.class_id=noConstraintImpl +policyset.userCertSet.5.constraint.name=No Constraint +policyset.userCertSet.5.default.class_id=authInfoAccessExtDefaultImpl +policyset.userCertSet.5.default.name=AIA Extension Default +policyset.userCertSet.5.default.params.authInfoAccessADEnable_0=true +policyset.userCertSet.5.default.params.authInfoAccessADLocationType_0=URIName +policyset.userCertSet.5.default.params.authInfoAccessADLocation_0= +policyset.userCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1 +policyset.userCertSet.5.default.params.authInfoAccessCritical=false +policyset.userCertSet.5.default.params.authInfoAccessNumADs=1 +policyset.userCertSet.6.constraint.class_id=keyUsageExtConstraintImpl +policyset.userCertSet.6.constraint.name=Key Usage Extension Constraint +policyset.userCertSet.6.constraint.params.keyUsageCritical=true +policyset.userCertSet.6.constraint.params.keyUsageDigitalSignature=true +policyset.userCertSet.6.constraint.params.keyUsageNonRepudiation=true +policyset.userCertSet.6.constraint.params.keyUsageDataEncipherment=false +policyset.userCertSet.6.constraint.params.keyUsageKeyEncipherment=true +policyset.userCertSet.6.constraint.params.keyUsageKeyAgreement=false +policyset.userCertSet.6.constraint.params.keyUsageKeyCertSign=false +policyset.userCertSet.6.constraint.params.keyUsageCrlSign=false +policyset.userCertSet.6.constraint.params.keyUsageEncipherOnly=false +policyset.userCertSet.6.constraint.params.keyUsageDecipherOnly=false +policyset.userCertSet.6.default.class_id=keyUsageExtDefaultImpl +policyset.userCertSet.6.default.name=Key Usage Default +policyset.userCertSet.6.default.params.keyUsageCritical=true +policyset.userCertSet.6.default.params.keyUsageDigitalSignature=true +policyset.userCertSet.6.default.params.keyUsageNonRepudiation=true +policyset.userCertSet.6.default.params.keyUsageDataEncipherment=false +policyset.userCertSet.6.default.params.keyUsageKeyEncipherment=true +policyset.userCertSet.6.default.params.keyUsageKeyAgreement=false +policyset.userCertSet.6.default.params.keyUsageKeyCertSign=false +policyset.userCertSet.6.default.params.keyUsageCrlSign=false +policyset.userCertSet.6.default.params.keyUsageEncipherOnly=false +policyset.userCertSet.6.default.params.keyUsageDecipherOnly=false +policyset.userCertSet.7.constraint.class_id=noConstraintImpl +policyset.userCertSet.7.constraint.name=No Constraint +policyset.userCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl +policyset.userCertSet.7.default.name=Extended Key Usage Extension Default +policyset.userCertSet.7.default.params.exKeyUsageCritical=false +policyset.userCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4 +policyset.userCertSet.8.constraint.class_id=noConstraintImpl +policyset.userCertSet.8.constraint.name=No Constraint +policyset.userCertSet.8.default.class_id=subjectAltNameExtDefaultImpl +policyset.userCertSet.8.default.name=Subject Alt Name Constraint +policyset.userCertSet.8.default.params.subjAltNameExtCritical=false +policyset.userCertSet.8.default.params.subjAltExtType_0=RFC822Name +policyset.userCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$ +policyset.userCertSet.8.default.params.subjAltExtGNEnable_0=true +policyset.userCertSet.8.default.params.subjAltNameNumGNs=1 +policyset.userCertSet.9.constraint.class_id=signingAlgConstraintImpl +policyset.userCertSet.9.constraint.name=No Constraint +policyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC +policyset.userCertSet.9.default.class_id=signingAlgDefaultImpl +policyset.userCertSet.9.default.name=Signing Alg +policyset.userCertSet.9.default.params.signingAlg=- diff --git a/pki/base/ca/shared/profiles/ca/caRAserverCert.cfg b/pki/base/ca/shared/profiles/ca/caRAserverCert.cfg new file mode 100644 index 000000000..e139a193f --- /dev/null +++ b/pki/base/ca/shared/profiles/ca/caRAserverCert.cfg @@ -0,0 +1,86 @@ +desc=This certificate profile is for enrolling server certificates with RA agent authentication. +visible=true +enable=true +enableBy=admin +auth.instance_id=raCertAuth +name=RA Agent-Authenticated Server Certificate Enrollment +input.list=i1,i2 +input.i1.class_id=certReqInputImpl +input.i2.class_id=submitterInfoInputImpl +output.list=o1 +output.o1.class_id=certOutputImpl +policyset.list=serverCertSet +policyset.serverCertSet.list=1,2,3,4,5,6,7,8 +policyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl +policyset.serverCertSet.1.constraint.name=Subject Name Constraint +policyset.serverCertSet.1.constraint.params.pattern=CN=.* +policyset.serverCertSet.1.constraint.params.accept=true +policyset.serverCertSet.1.default.class_id=userSubjectNameDefaultImpl +policyset.serverCertSet.1.default.name=Subject Name Default +policyset.serverCertSet.1.default.params.name= +policyset.serverCertSet.2.constraint.class_id=validityConstraintImpl +policyset.serverCertSet.2.constraint.name=Validity Constraint +policyset.serverCertSet.2.constraint.params.range=365 +policyset.serverCertSet.2.constraint.params.notBeforeCheck=false +policyset.serverCertSet.2.constraint.params.notAfterCheck=false +policyset.serverCertSet.2.default.class_id=validityDefaultImpl +policyset.serverCertSet.2.default.name=Validity Default +policyset.serverCertSet.2.default.params.range=180 +policyset.serverCertSet.2.default.params.startTime=0 +policyset.serverCertSet.3.constraint.class_id=keyConstraintImpl +policyset.serverCertSet.3.constraint.name=Key Constraint +policyset.serverCertSet.3.constraint.params.keyType=- +policyset.serverCertSet.3.constraint.params.keyMinLength=256 +policyset.serverCertSet.3.constraint.params.keyMaxLength=4096 +policyset.serverCertSet.3.default.class_id=userKeyDefaultImpl +policyset.serverCertSet.3.default.name=Key Default +policyset.serverCertSet.4.constraint.class_id=noConstraintImpl +policyset.serverCertSet.4.constraint.name=No Constraint +policyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl +policyset.serverCertSet.4.default.name=Authority Key Identifier Default +policyset.serverCertSet.5.constraint.class_id=noConstraintImpl +policyset.serverCertSet.5.constraint.name=No Constraint +policyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl +policyset.serverCertSet.5.default.name=AIA Extension Default +policyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true +policyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName +policyset.serverCertSet.5.default.params.authInfoAccessADLocation_0= +policyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1 +policyset.serverCertSet.5.default.params.authInfoAccessCritical=false +policyset.serverCertSet.5.default.params.authInfoAccessNumADs=1 +policyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl +policyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint +policyset.serverCertSet.6.constraint.params.keyUsageCritical=true +policyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true +policyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true +policyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true +policyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true +policyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false +policyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false +policyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false +policyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false +policyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false +policyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl +policyset.serverCertSet.6.default.name=Key Usage Default +policyset.serverCertSet.6.default.params.keyUsageCritical=true +policyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true +policyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true +policyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true +policyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true +policyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false +policyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false +policyset.serverCertSet.6.default.params.keyUsageCrlSign=false +policyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false +policyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false +policyset.serverCertSet.7.constraint.class_id=noConstraintImpl +policyset.serverCertSet.7.constraint.name=No Constraint +policyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl +policyset.serverCertSet.7.default.name=Extended Key Usage Extension Default +policyset.serverCertSet.7.default.params.exKeyUsageCritical=false +policyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1 +policyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl +policyset.serverCertSet.8.constraint.name=No Constraint +policyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC +policyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl +policyset.serverCertSet.8.default.name=Signing Alg +policyset.serverCertSet.8.default.params.signingAlg=- diff --git a/pki/base/ca/shared/profiles/ca/caRouterCert.cfg b/pki/base/ca/shared/profiles/ca/caRouterCert.cfg new file mode 100644 index 000000000..d4f22ac16 --- /dev/null +++ b/pki/base/ca/shared/profiles/ca/caRouterCert.cfg @@ -0,0 +1,86 @@ +desc=This certificate profile is for enrolling router certificates. +visible=true +enable=true +enableBy=admin +auth.instance_id=flatFileAuth +name=One Time Pin Router Certificate Enrollment +input.list=i1,i2 +input.i1.class_id=certReqInputImpl +input.i2.class_id=submitterInfoInputImpl +output.list=o1 +output.o1.class_id=certOutputImpl +policyset.list=serverCertSet +policyset.serverCertSet.list=1,2,3,4,5,6,7,8 +policyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl +policyset.serverCertSet.1.constraint.name=Subject Name Constraint +policyset.serverCertSet.1.constraint.params.pattern=.* +policyset.serverCertSet.1.constraint.params.accept=true +policyset.serverCertSet.1.default.class_id=userSubjectNameDefaultImpl +policyset.serverCertSet.1.default.name=Subject Name Default +policyset.serverCertSet.1.default.params.name= +policyset.serverCertSet.2.constraint.class_id=validityConstraintImpl +policyset.serverCertSet.2.constraint.name=Validity Constraint +policyset.serverCertSet.2.constraint.params.range=720 +policyset.serverCertSet.2.constraint.params.notBeforeCheck=false +policyset.serverCertSet.2.constraint.params.notAfterCheck=false +policyset.serverCertSet.2.default.class_id=validityDefaultImpl +policyset.serverCertSet.2.default.name=Validity Default +policyset.serverCertSet.2.default.params.range=720 +policyset.serverCertSet.2.default.params.startTime=0 +policyset.serverCertSet.3.constraint.class_id=keyConstraintImpl +policyset.serverCertSet.3.constraint.name=Key Constraint +policyset.serverCertSet.3.constraint.params.keyType=- +policyset.serverCertSet.3.constraint.params.keyMinLength=256 +policyset.serverCertSet.3.constraint.params.keyMaxLength=4096 +policyset.serverCertSet.3.default.class_id=userKeyDefaultImpl +policyset.serverCertSet.3.default.name=Key Default +policyset.serverCertSet.4.constraint.class_id=noConstraintImpl +policyset.serverCertSet.4.constraint.name=No Constraint +policyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl +policyset.serverCertSet.4.default.name=Authority Key Identifier Default +policyset.serverCertSet.5.constraint.class_id=noConstraintImpl +policyset.serverCertSet.5.constraint.name=No Constraint +policyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl +policyset.serverCertSet.5.default.name=AIA Extension Default +policyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true +policyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName +policyset.serverCertSet.5.default.params.authInfoAccessADLocation_0= +policyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1 +policyset.serverCertSet.5.default.params.authInfoAccessCritical=false +policyset.serverCertSet.5.default.params.authInfoAccessNumADs=1 +policyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl +policyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint +policyset.serverCertSet.6.constraint.params.keyUsageCritical=true +policyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true +policyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true +policyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=false +policyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true +policyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false +policyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false +policyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false +policyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false +policyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false +policyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl +policyset.serverCertSet.6.default.name=Key Usage Default +policyset.serverCertSet.6.default.params.keyUsageCritical=true +policyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true +policyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true +policyset.serverCertSet.6.default.params.keyUsageDataEncipherment=false +policyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true +policyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false +policyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false +policyset.serverCertSet.6.default.params.keyUsageCrlSign=false +policyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false +policyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false +policyset.serverCertSet.7.constraint.class_id=noConstraintImpl +policyset.serverCertSet.7.constraint.name=No Constraint +policyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl +policyset.serverCertSet.7.default.name=Extended Key Usage Extension Default +policyset.serverCertSet.7.default.params.exKeyUsageCritical=false +policyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4 +policyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl +policyset.serverCertSet.8.constraint.name=No Constraint +policyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC +policyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl +policyset.serverCertSet.8.default.name=Signing Alg +policyset.serverCertSet.8.default.params.signingAlg=- diff --git a/pki/base/ca/shared/profiles/ca/caServerCert.cfg b/pki/base/ca/shared/profiles/ca/caServerCert.cfg new file mode 100644 index 000000000..7f971429b --- /dev/null +++ b/pki/base/ca/shared/profiles/ca/caServerCert.cfg @@ -0,0 +1,86 @@ +desc=This certificate profile is for enrolling server certificates. +visible=true +enable=true +enableBy=admin +auth.class_id= +name=Manual Server Certificate Enrollment +input.list=i1,i2 +input.i1.class_id=certReqInputImpl +input.i2.class_id=submitterInfoInputImpl +output.list=o1 +output.o1.class_id=certOutputImpl +policyset.list=serverCertSet +policyset.serverCertSet.list=1,2,3,4,5,6,7,8 +policyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl +policyset.serverCertSet.1.constraint.name=Subject Name Constraint +policyset.serverCertSet.1.constraint.params.pattern=.*CN=.* +policyset.serverCertSet.1.constraint.params.accept=true +policyset.serverCertSet.1.default.class_id=userSubjectNameDefaultImpl +policyset.serverCertSet.1.default.name=Subject Name Default +policyset.serverCertSet.1.default.params.name= +policyset.serverCertSet.2.constraint.class_id=validityConstraintImpl +policyset.serverCertSet.2.constraint.name=Validity Constraint +policyset.serverCertSet.2.constraint.params.range=720 +policyset.serverCertSet.2.constraint.params.notBeforeCheck=false +policyset.serverCertSet.2.constraint.params.notAfterCheck=false +policyset.serverCertSet.2.default.class_id=validityDefaultImpl +policyset.serverCertSet.2.default.name=Validity Default +policyset.serverCertSet.2.default.params.range=720 +policyset.serverCertSet.2.default.params.startTime=0 +policyset.serverCertSet.3.constraint.class_id=keyConstraintImpl +policyset.serverCertSet.3.constraint.name=Key Constraint +policyset.serverCertSet.3.constraint.params.keyType=- +policyset.serverCertSet.3.constraint.params.keyMinLength=256 +policyset.serverCertSet.3.constraint.params.keyMaxLength=4096 +policyset.serverCertSet.3.default.class_id=userKeyDefaultImpl +policyset.serverCertSet.3.default.name=Key Default +policyset.serverCertSet.4.constraint.class_id=noConstraintImpl +policyset.serverCertSet.4.constraint.name=No Constraint +policyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl +policyset.serverCertSet.4.default.name=Authority Key Identifier Default +policyset.serverCertSet.5.constraint.class_id=noConstraintImpl +policyset.serverCertSet.5.constraint.name=No Constraint +policyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl +policyset.serverCertSet.5.default.name=AIA Extension Default +policyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true +policyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName +policyset.serverCertSet.5.default.params.authInfoAccessADLocation_0= +policyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1 +policyset.serverCertSet.5.default.params.authInfoAccessCritical=false +policyset.serverCertSet.5.default.params.authInfoAccessNumADs=1 +policyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl +policyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint +policyset.serverCertSet.6.constraint.params.keyUsageCritical=true +policyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true +policyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true +policyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true +policyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true +policyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false +policyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false +policyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false +policyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false +policyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false +policyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl +policyset.serverCertSet.6.default.name=Key Usage Default +policyset.serverCertSet.6.default.params.keyUsageCritical=true +policyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true +policyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true +policyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true +policyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true +policyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false +policyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false +policyset.serverCertSet.6.default.params.keyUsageCrlSign=false +policyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false +policyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false +policyset.serverCertSet.7.constraint.class_id=noConstraintImpl +policyset.serverCertSet.7.constraint.name=No Constraint +policyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl +policyset.serverCertSet.7.default.name=Extended Key Usage Extension Default +policyset.serverCertSet.7.default.params.exKeyUsageCritical=false +policyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2 +policyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl +policyset.serverCertSet.8.constraint.name=No Constraint +policyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC +policyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl +policyset.serverCertSet.8.default.name=Signing Alg +policyset.serverCertSet.8.default.params.signingAlg=- diff --git a/pki/base/ca/shared/profiles/ca/caSignedLogCert.cfg b/pki/base/ca/shared/profiles/ca/caSignedLogCert.cfg new file mode 100644 index 000000000..00a35d386 --- /dev/null +++ b/pki/base/ca/shared/profiles/ca/caSignedLogCert.cfg @@ -0,0 +1,75 @@ +desc=This profile is for enrolling audit log signing certificates +visible=true +enable=true +enableBy=admin +auth.class_id= +name=Manual Log Signing Certificate Enrollment +input.list=i1,i2 +input.i1.class_id=certReqInputImpl +input.i2.class_id=submitterInfoInputImpl +output.list=o1 +output.o1.class_id=certOutputImpl +policyset.list=caLogSigningSet +policyset.caLogSigningSet.list=1,2,3,4,6,8,9 +policyset.caLogSigningSet.1.constraint.class_id=subjectNameConstraintImpl +policyset.caLogSigningSet.1.constraint.name=Subject Name Constraint +policyset.caLogSigningSet.1.constraint.params.pattern=CN=.* +policyset.caLogSigningSet.1.constraint.params.accept=true +policyset.caLogSigningSet.1.default.class_id=userSubjectNameDefaultImpl +policyset.caLogSigningSet.1.default.name=Subject Name Default +policyset.caLogSigningSet.1.default.params.name= +policyset.caLogSigningSet.2.constraint.class_id=validityConstraintImpl +policyset.caLogSigningSet.2.constraint.name=Validity Constraint +policyset.caLogSigningSet.2.constraint.params.range=365 +policyset.caLogSigningSet.2.constraint.params.notBeforeCheck=false +policyset.caLogSigningSet.2.constraint.params.notAfterCheck=false +policyset.caLogSigningSet.2.default.class_id=validityDefaultImpl +policyset.caLogSigningSet.2.default.name=Validity Default +policyset.caLogSigningSet.2.default.params.range=180 +policyset.caLogSigningSet.2.default.params.startTime=60 +policyset.caLogSigningSet.3.constraint.class_id=keyConstraintImpl +policyset.caLogSigningSet.3.constraint.name=Key Constraint +policyset.caLogSigningSet.3.constraint.params.keyType=- +policyset.caLogSigningSet.3.constraint.params.keyMinLength=256 +policyset.caLogSigningSet.3.constraint.params.keyMaxLength=4096 +policyset.caLogSigningSet.3.default.class_id=userKeyDefaultImpl +policyset.caLogSigningSet.3.default.name=Key Default +policyset.caLogSigningSet.4.constraint.class_id=noConstraintImpl +policyset.caLogSigningSet.4.constraint.name=No Constraint +policyset.caLogSigningSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl +policyset.caLogSigningSet.4.default.name=Authority Key Identifier Default +policyset.caLogSigningSet.6.constraint.class_id=keyUsageExtConstraintImpl +policyset.caLogSigningSet.6.constraint.name=Key Usage Extension Constraint +policyset.caLogSigningSet.6.constraint.params.keyUsageCritical=true +policyset.caLogSigningSet.6.constraint.params.keyUsageDigitalSignature=true +policyset.caLogSigningSet.6.constraint.params.keyUsageNonRepudiation=true +policyset.caLogSigningSet.6.constraint.params.keyUsageDataEncipherment=false +policyset.caLogSigningSet.6.constraint.params.keyUsageKeyEncipherment=false +policyset.caLogSigningSet.6.constraint.params.keyUsageKeyAgreement=false +policyset.caLogSigningSet.6.constraint.params.keyUsageKeyCertSign=false +policyset.caLogSigningSet.6.constraint.params.keyUsageCrlSign=false +policyset.caLogSigningSet.6.constraint.params.keyUsageEncipherOnly=false +policyset.caLogSigningSet.6.constraint.params.keyUsageDecipherOnly=false +policyset.caLogSigningSet.6.default.class_id=keyUsageExtDefaultImpl +policyset.caLogSigningSet.6.default.name=Key Usage Default +policyset.caLogSigningSet.6.default.params.keyUsageCritical=true +policyset.caLogSigningSet.6.default.params.keyUsageDigitalSignature=true +policyset.caLogSigningSet.6.default.params.keyUsageNonRepudiation=true +policyset.caLogSigningSet.6.default.params.keyUsageDataEncipherment=false +policyset.caLogSigningSet.6.default.params.keyUsageKeyEncipherment=false +policyset.caLogSigningSet.6.default.params.keyUsageKeyAgreement=false +policyset.caLogSigningSet.6.default.params.keyUsageKeyCertSign=false +policyset.caLogSigningSet.6.default.params.keyUsageCrlSign=false +policyset.caLogSigningSet.6.default.params.keyUsageEncipherOnly=false +policyset.caLogSigningSet.6.default.params.keyUsageDecipherOnly=false +policyset.caLogSigningSet.8.constraint.class_id=noConstraintImpl +policyset.caLogSigningSet.8.constraint.name=No Constraint +policyset.caLogSigningSet.8.default.class_id=subjectKeyIdentifierExtDefaultImpl +policyset.caLogSigningSet.8.default.name=Subject Key Identifier Extension Default +policyset.caLogSigningSet.8.default.params.critical=false +policyset.caLogSigningSet.9.constraint.class_id=signingAlgConstraintImpl +policyset.caLogSigningSet.9.constraint.name=No Constraint +policyset.caLogSigningSet.9.constraint.params.signingAlgsAllowed=MD5withRSA,MD2withRSA,SHA1withRSA,SHA256withRSA,SHA512withRSA,SHA1withDSA,SHA1withEC +policyset.caLogSigningSet.9.default.class_id=signingAlgDefaultImpl +policyset.caLogSigningSet.9.default.name=Signing Alg +policyset.caLogSigningSet.9.default.params.signingAlg=- diff --git a/pki/base/ca/shared/profiles/ca/caSimpleCMCUserCert.cfg b/pki/base/ca/shared/profiles/ca/caSimpleCMCUserCert.cfg new file mode 100644 index 000000000..91e34b8ab --- /dev/null +++ b/pki/base/ca/shared/profiles/ca/caSimpleCMCUserCert.cfg @@ -0,0 +1,85 @@ +desc=This certificate profile is for enrolling user certificates by using the CMC certificate request with CMC Signature authentication. +enable=true +enableBy=admin +name=Simple CMC Enrollment Request for User Certificate +visible=false +auth.instance_id= +input.list=i1 +input.i1.class_id=certReqInputImpl +output.list=o1 +output.o1.class_id=certOutputImpl +policyset.list=cmcUserCertSet +policyset.cmcUserCertSet.list=1,2,3,4,5,6,7,8 +policyset.cmcUserCertSet.1.constraint.class_id=subjectNameConstraintImpl +policyset.cmcUserCertSet.1.constraint.name=Subject Name Constraint +policyset.cmcUserCertSet.1.constraint.params.accept=true +policyset.cmcUserCertSet.1.constraint.params.pattern=.* +policyset.cmcUserCertSet.1.default.class_id=userSubjectNameDefaultImpl +policyset.cmcUserCertSet.1.default.name=Subject Name Default +policyset.cmcUserCertSet.1.default.params.name= +policyset.cmcUserCertSet.2.constraint.class_id=validityConstraintImpl +policyset.cmcUserCertSet.2.constraint.name=Validity Constraint +policyset.cmcUserCertSet.2.constraint.params.notAfterCheck=false +policyset.cmcUserCertSet.2.constraint.params.notBeforeCheck=false +policyset.cmcUserCertSet.2.constraint.params.range=365 +policyset.cmcUserCertSet.2.default.class_id=validityDefaultImpl +policyset.cmcUserCertSet.2.default.name=Validity Default +policyset.cmcUserCertSet.2.default.params.range=180 +policyset.cmcUserCertSet.2.default.params.startTime=0 +policyset.cmcUserCertSet.3.constraint.class_id=keyConstraintImpl +policyset.cmcUserCertSet.3.constraint.name=Key Constraint +policyset.cmcUserCertSet.3.constraint.params.keyMaxLength=4096 +policyset.cmcUserCertSet.3.constraint.params.keyMinLength=256 +policyset.cmcUserCertSet.3.constraint.params.keyType=- +policyset.cmcUserCertSet.3.default.class_id=userKeyDefaultImpl +policyset.cmcUserCertSet.3.default.name=Key Default +policyset.cmcUserCertSet.4.constraint.class_id=noConstraintImpl +policyset.cmcUserCertSet.4.constraint.name=No Constraint +policyset.cmcUserCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl +policyset.cmcUserCertSet.4.default.name=Authority Key Identifier Default +policyset.cmcUserCertSet.5.constraint.class_id=noConstraintImpl +policyset.cmcUserCertSet.5.constraint.name=No Constraint +policyset.cmcUserCertSet.5.default.class_id=authInfoAccessExtDefaultImpl +policyset.cmcUserCertSet.5.default.name=AIA Extension Default +policyset.cmcUserCertSet.5.default.params.authInfoAccessADEnable_0=true +policyset.cmcUserCertSet.5.default.params.authInfoAccessADLocationType_0=URIName +policyset.cmcUserCertSet.5.default.params.authInfoAccessADLocation_0= +policyset.cmcUserCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1 +policyset.cmcUserCertSet.5.default.params.authInfoAccessCritical=false +policyset.cmcUserCertSet.5.default.params.authInfoAccessNumADs=1 +policyset.cmcUserCertSet.6.constraint.class_id=keyUsageExtConstraintImpl +policyset.cmcUserCertSet.6.constraint.name=Key Usage Extension Constraint +policyset.cmcUserCertSet.6.constraint.params.keyUsageCritical=true +policyset.cmcUserCertSet.6.constraint.params.keyUsageCrlSign=false +policyset.cmcUserCertSet.6.constraint.params.keyUsageDataEncipherment=false +policyset.cmcUserCertSet.6.constraint.params.keyUsageDecipherOnly=false +policyset.cmcUserCertSet.6.constraint.params.keyUsageDigitalSignature=true +policyset.cmcUserCertSet.6.constraint.params.keyUsageEncipherOnly=false +policyset.cmcUserCertSet.6.constraint.params.keyUsageKeyAgreement=false +policyset.cmcUserCertSet.6.constraint.params.keyUsageKeyCertSign=false +policyset.cmcUserCertSet.6.constraint.params.keyUsageKeyEncipherment=true +policyset.cmcUserCertSet.6.constraint.params.keyUsageNonRepudiation=true +policyset.cmcUserCertSet.6.default.class_id=keyUsageExtDefaultImpl +policyset.cmcUserCertSet.6.default.name=Key Usage Default +policyset.cmcUserCertSet.6.default.params.keyUsageCritical=true +policyset.cmcUserCertSet.6.default.params.keyUsageCrlSign=false +policyset.cmcUserCertSet.6.default.params.keyUsageDataEncipherment=false +policyset.cmcUserCertSet.6.default.params.keyUsageDecipherOnly=false +policyset.cmcUserCertSet.6.default.params.keyUsageDigitalSignature=true +policyset.cmcUserCertSet.6.default.params.keyUsageEncipherOnly=false +policyset.cmcUserCertSet.6.default.params.keyUsageKeyAgreement=false +policyset.cmcUserCertSet.6.default.params.keyUsageKeyCertSign=false +policyset.cmcUserCertSet.6.default.params.keyUsageKeyEncipherment=true +policyset.cmcUserCertSet.6.default.params.keyUsageNonRepudiation=true +policyset.cmcUserCertSet.7.constraint.class_id=noConstraintImpl +policyset.cmcUserCertSet.7.constraint.name=No Constraint +policyset.cmcUserCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl +policyset.cmcUserCertSet.7.default.name=Extended Key Usage Extension Default +policyset.cmcUserCertSet.7.default.params.exKeyUsageCritical=false +policyset.cmcUserCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4 +policyset.cmcUserCertSet.8.constraint.class_id=signingAlgConstraintImpl +policyset.cmcUserCertSet.8.constraint.name=No Constraint +policyset.cmcUserCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC +policyset.cmcUserCertSet.8.default.class_id=signingAlgDefaultImpl +policyset.cmcUserCertSet.8.default.name=Signing Alg +policyset.cmcUserCertSet.8.default.params.signingAlg=- diff --git a/pki/base/ca/shared/profiles/ca/caTPSCert.cfg b/pki/base/ca/shared/profiles/ca/caTPSCert.cfg new file mode 100644 index 000000000..b2233a4e7 --- /dev/null +++ b/pki/base/ca/shared/profiles/ca/caTPSCert.cfg @@ -0,0 +1,86 @@ +desc=This certificate profile is for enrolling TPS server certificates. +visible=true +enable=true +enableBy=admin +auth.class_id= +name=Manual TPS Server Certificate Enrollment +input.list=i1,i2 +input.i1.class_id=certReqInputImpl +input.i2.class_id=submitterInfoInputImpl +output.list=o1 +output.o1.class_id=certOutputImpl +policyset.list=serverCertSet +policyset.serverCertSet.list=1,2,3,4,5,6,7,8 +policyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl +policyset.serverCertSet.1.constraint.name=Subject Name Constraint +policyset.serverCertSet.1.constraint.params.pattern=CN=.* +policyset.serverCertSet.1.constraint.params.accept=true +policyset.serverCertSet.1.default.class_id=userSubjectNameDefaultImpl +policyset.serverCertSet.1.default.name=Subject Name Default +policyset.serverCertSet.1.default.params.name= +policyset.serverCertSet.2.constraint.class_id=validityConstraintImpl +policyset.serverCertSet.2.constraint.name=Validity Constraint +policyset.serverCertSet.2.constraint.params.range=720 +policyset.serverCertSet.2.constraint.params.notBeforeCheck=false +policyset.serverCertSet.2.constraint.params.notAfterCheck=false +policyset.serverCertSet.2.default.class_id=validityDefaultImpl +policyset.serverCertSet.2.default.name=Validity Default +policyset.serverCertSet.2.default.params.range=720 +policyset.serverCertSet.2.default.params.startTime=0 +policyset.serverCertSet.3.constraint.class_id=keyConstraintImpl +policyset.serverCertSet.3.constraint.name=Key Constraint +policyset.serverCertSet.3.constraint.params.keyType=- +policyset.serverCertSet.3.constraint.params.keyMinLength=256 +policyset.serverCertSet.3.constraint.params.keyMaxLength=4096 +policyset.serverCertSet.3.default.class_id=userKeyDefaultImpl +policyset.serverCertSet.3.default.name=Key Default +policyset.serverCertSet.4.constraint.class_id=noConstraintImpl +policyset.serverCertSet.4.constraint.name=No Constraint +policyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl +policyset.serverCertSet.4.default.name=Authority Key Identifier Default +policyset.serverCertSet.5.constraint.class_id=noConstraintImpl +policyset.serverCertSet.5.constraint.name=No Constraint +policyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl +policyset.serverCertSet.5.default.name=AIA Extension Default +policyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true +policyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName +policyset.serverCertSet.5.default.params.authInfoAccessADLocation_0= +policyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1 +policyset.serverCertSet.5.default.params.authInfoAccessCritical=false +policyset.serverCertSet.5.default.params.authInfoAccessNumADs=1 +policyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl +policyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint +policyset.serverCertSet.6.constraint.params.keyUsageCritical=true +policyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true +policyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true +policyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true +policyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true +policyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false +policyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false +policyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false +policyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false +policyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false +policyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl +policyset.serverCertSet.6.default.name=Key Usage Default +policyset.serverCertSet.6.default.params.keyUsageCritical=true +policyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true +policyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true +policyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true +policyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true +policyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false +policyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false +policyset.serverCertSet.6.default.params.keyUsageCrlSign=false +policyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false +policyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false +policyset.serverCertSet.7.constraint.class_id=noConstraintImpl +policyset.serverCertSet.7.constraint.name=No Constraint +policyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl +policyset.serverCertSet.7.default.name=Extended Key Usage Extension Default +policyset.serverCertSet.7.default.params.exKeyUsageCritical=false +policyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4 +policyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl +policyset.serverCertSet.8.constraint.name=No Constraint +policyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC +policyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl +policyset.serverCertSet.8.default.name=Signing Alg +policyset.serverCertSet.8.default.params.signingAlg=- diff --git a/pki/base/ca/shared/profiles/ca/caTempTokenDeviceKeyEnrollment.cfg b/pki/base/ca/shared/profiles/ca/caTempTokenDeviceKeyEnrollment.cfg new file mode 100644 index 000000000..5d0c569fe --- /dev/null +++ b/pki/base/ca/shared/profiles/ca/caTempTokenDeviceKeyEnrollment.cfg @@ -0,0 +1,144 @@ +desc=This profile is for enrolling token device keys +enable=true +enableBy=admin +lastModified=1068835451090 +name=Temporary Device Certificate Enrollment +visible=true +auth.instance_id=AgentCertAuth +input.list=i1 +input.i1.class_id=nsHKeyCertReqInputImpl +input.i1.name=nsHKeyCertReqInputImpl +output.list=o1 +output.o1.class_id=nsNKeyOutputImpl +output.o2.name=nsNKeyOutputImpl +policyset.list=set1 +#policyset.set1.list=p2,p3,p4,p5,p1,p7,p8,p9,p12,p6 +policyset.set1.list=p2,p4,p5,p1,p8,p9,p12 +policyset.set1.p1.constraint.class_id=noConstraintImpl +policyset.set1.p1.constraint.name=No Constraint +policyset.set1.p1.default.class_id=nsTokenDeviceKeySubjectNameDefaultImpl +policyset.set1.p1.default.name=nsTokenDeviceKeySubjectNameDefault +policyset.set1.p1.default.params.dnpattern=UID=Token Key Device - $request.tokencuid$ +policyset.set1.p12.constraint.class_id=basicConstraintsExtConstraintImpl +policyset.set1.p12.constraint.name=Basic Constraints Extension Constraint +policyset.set1.p12.constraint.params.basicConstraintsCritical=- +policyset.set1.p12.constraint.params.basicConstraintsIsCA=- +policyset.set1.p12.constraint.params.basicConstraintsMaxPathLen=-1 +policyset.set1.p12.constraint.params.basicConstraintsMinPathLen=-1 +policyset.set1.p12.default.class_id=basicConstraintsExtDefaultImpl +policyset.set1.p12.default.name=Basic Constraints Extension Default +policyset.set1.p12.default.params.basicConstraintsCritical=false +policyset.set1.p12.default.params.basicConstraintsIsCA=false +policyset.set1.p12.default.params.basicConstraintsPathLen=-1 +policyset.set1.p2.constraint.class_id=noConstraintImpl +policyset.set1.p2.constraint.name=No Constraint +policyset.set1.p2.default.class_id=validityDefaultImpl +policyset.set1.p2.default.name=Validity Default +policyset.set1.p2.default.params.range=7 +policyset.set1.p2.default.params.startTime=0 +policyset.set1.p3.constraint.class_id=noConstraintImpl +policyset.set1.p3.constraint.name=No Constraint +policyset.set1.p3.default.class_id=crlDistributionPointsExtDefaultImpl +policyset.set1.p3.default.name=crlDistributionPointsExtDefaultImpl +policyset.set1.p3.default.params.crlDistPointsCritical=false +policyset.set1.p3.default.params.crlDistPointsNum=0 +policyset.set1.p3.default.params.crlDistPointsEnable_0=false +policyset.set1.p3.default.params.crlDistPointsIssuerName_0= +policyset.set1.p3.default.params.crlDistPointsIssuerType_0= +policyset.set1.p3.default.params.crlDistPointsPointName_0= +policyset.set1.p3.default.params.crlDistPointsPointType_0=URIName +policyset.set1.p3.default.params.crlDistPointsReasons_0= +policyset.set1.p4.constraint.class_id=noConstraintImpl +policyset.set1.p4.constraint.name=No Constraint +policyset.set1.p4.default.class_id=signingAlgDefaultImpl +policyset.set1.p4.default.name=Signing Algorithm Default +policyset.set1.p4.default.params.signingAlg=- +policyset.set1.p5.constraint.class_id=noConstraintImpl +policyset.set1.p5.constraint.name=No Constraint +policyset.set1.p5.default.class_id=keyUsageExtDefaultImpl +policyset.set1.p5.default.name=Key Usage Extension Default +policyset.set1.p5.default.params.keyUsageCritical=true +policyset.set1.p5.default.params.keyUsageCrlSign=false +policyset.set1.p5.default.params.keyUsageDataEncipherment=false +policyset.set1.p5.default.params.keyUsageDecipherOnly=false +policyset.set1.p5.default.params.keyUsageDigitalSignature=true +policyset.set1.p5.default.params.keyUsageEncipherOnly=false +policyset.set1.p5.default.params.keyUsageKeyAgreement=false +policyset.set1.p5.default.params.keyUsageKeyCertSign=false +policyset.set1.p5.default.params.keyUsageKeyEncipherment=false +policyset.set1.p5.default.params.keyUsageNonRepudiation=false +policyset.set1.p7.constraint.class_id=noConstraintImpl +policyset.set1.p7.constraint.name=No Constraint +policyset.set1.p7.default.class_id=certificatePoliciesExtDefaultImpl +policyset.set1.p7.default.name=Certificate Policies Extension Default +policyset.set1.p7.default.params.Critical=false +policyset.set1.p7.default.params.PoliciesExt.num=5 +policyset.set1.p7.default.params.PoliciesExt.certPolicy0.enable=false +policyset.set1.p7.default.params.PoliciesExt.certPolicy0.policyId= +policyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.enable=false +policyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.value= +policyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.enable=false +policyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.explicitText.value= +policyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers= +policyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.organization= +policyset.set1.p7.default.params.PoliciesExt.certPolicy1.enable=false +policyset.set1.p7.default.params.PoliciesExt.certPolicy1.policyId= +policyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.enable=false +policyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.value= +policyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.enable=false +policyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.explicitText.value= +policyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers= +policyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.organization= +policyset.set1.p7.default.params.PoliciesExt.certPolicy2.enable=false +policyset.set1.p7.default.params.PoliciesExt.certPolicy2.policyId= +policyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.enable=false +policyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.value= +policyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.enable=false +policyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.explicitText.value= +policyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers= +policyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.organization= +policyset.set1.p7.default.params.PoliciesExt.certPolicy3.enable=false +policyset.set1.p7.default.params.PoliciesExt.certPolicy3.policyId= +policyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.enable=false +policyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.value= +policyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.enable=false +policyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.explicitText.value= +policyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers= +policyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.organization= +policyset.set1.p7.default.params.PoliciesExt.certPolicy4.enable=false +policyset.set1.p7.default.params.PoliciesExt.certPolicy4.policyId= +policyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.enable=false +policyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.value= +policyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.enable=false +policyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.explicitText.value= +policyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers= +policyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.organization= +policyset.set1.p8.constraint.class_id=noConstraintImpl +policyset.set1.p8.constraint.name=No Constraint +policyset.set1.p8.default.class_id=subjectKeyIdentifierExtDefaultImpl +policyset.set1.p8.default.name=Subject Key Identifier Default +policyset.set1.p9.constraint.class_id=noConstraintImpl +policyset.set1.p9.constraint.name=No Constraint +policyset.set1.p9.default.class_id=authorityKeyIdentifierExtDefaultImpl +policyset.set1.p9.default.name=Authority Key Identifier Extension Default +policyset.set1.p6.constraint.class_id=noConstraintImpl +policyset.set1.p6.constraint.name=No Constraint +policyset.set1.p6.default.class_id=subjectAltNameExtDefaultImpl +policyset.set1.p6.default.name=Subject Alternative Name Extension Default +policyset.set1.p6.default.params.subjAltExtGNEnable_0=false +policyset.set1.p6.default.params.subjAltExtGNEnable_1=false +policyset.set1.p6.default.params.subjAltExtGNEnable_2=false +policyset.set1.p6.default.params.subjAltExtGNEnable_3=false +policyset.set1.p6.default.params.subjAltExtGNEnable_4=false +policyset.set1.p6.default.params.subjAltExtPattern_0= +policyset.set1.p6.default.params.subjAltExtPattern_1= +policyset.set1.p6.default.params.subjAltExtPattern_2= +policyset.set1.p6.default.params.subjAltExtPattern_3= +policyset.set1.p6.default.params.subjAltExtPattern_4= +policyset.set1.p6.default.params.subjAltExtType_0=OtherName +policyset.set1.p6.default.params.subjAltExtType_1=RFC822Name +policyset.set1.p6.default.params.subjAltExtType_2=RFC822Name +policyset.set1.p6.default.params.subjAltExtType_3=RFC822Name +policyset.set1.p6.default.params.subjAltExtType_4=RFC822Name +policyset.set1.p6.default.params.subjAltNameExtCritical=false +policyset.set1.p6.default.params.subjAltNameNumGNs=0 diff --git a/pki/base/ca/shared/profiles/ca/caTempTokenUserEncryptionKeyEnrollment.cfg b/pki/base/ca/shared/profiles/ca/caTempTokenUserEncryptionKeyEnrollment.cfg new file mode 100644 index 000000000..3d35c984a --- /dev/null +++ b/pki/base/ca/shared/profiles/ca/caTempTokenUserEncryptionKeyEnrollment.cfg @@ -0,0 +1,166 @@ +desc=This profile is for enrolling Token Encryption key +enable=true +enableBy=admin +name=Temporary Token User Encryption Certificate Enrollment +visible=true +auth.instance_id=AgentCertAuth +input.list=i1 +input.i1.class_id=nsNKeyCertReqInputImpl +input.i1.name=nsNKeyCertReqInputImpl +output.list=o1 +output.o1.class_id=nsNKeyOutputImpl +output.o2.name=nsNKeyOutputImpl +policyset.list=set1 +#policyset.set1.list=p2,p4,p5,p1,p6,p7,p8,p9,p12,p13,p14 +policyset.set1.list=p2,p4,p5,p1,p6,p8,p9,p12 +policyset.set1.p1.constraint.class_id=noConstraintImpl +policyset.set1.p1.constraint.name=No Constraint +policyset.set1.p1.default.class_id=nsTokenUserKeySubjectNameDefaultImpl +policyset.set1.p1.default.name=nsTokenUserKeySubjectNameDefault +#uncomment below to support SMIME +#policyset.set1.p1.default.params.dnpattern=UID=$request.uid$, E=$request.mail$, O=Token Key User +policyset.set1.p1.default.params.dnpattern=UID=$request.uid$, O=Token Key User +#changed ldap.enable to true to support SMIME +policyset.set1.p1.default.params.ldap.enable=false +policyset.set1.p1.default.params.ldap.searchName=uid +policyset.set1.p1.default.params.ldapStringAttributes=uid,mail +policyset.set1.p1.default.params.ldap.basedn= +policyset.set1.p1.default.params.ldap.maxConns=4 +policyset.set1.p1.default.params.ldap.minConns=1 +policyset.set1.p1.default.params.ldap.ldapconn.Version=2 +policyset.set1.p1.default.params.ldap.ldapconn.host= +policyset.set1.p1.default.params.ldap.ldapconn.port= +policyset.set1.p1.default.params.ldap.ldapconn.secureConn=false +policyset.set1.p2.constraint.class_id=noConstraintImpl +policyset.set1.p2.constraint.name=No Constraint +policyset.set1.p2.default.class_id=validityDefaultImpl +policyset.set1.p2.default.name=Validity Default +policyset.set1.p2.default.params.range=7 +policyset.set1.p2.default.params.startTime=0 +policyset.set1.p4.constraint.class_id=noConstraintImpl +policyset.set1.p4.constraint.name=No Constraint +policyset.set1.p4.default.class_id=signingAlgDefaultImpl +policyset.set1.p4.default.name=Signing Algorithm Default +policyset.set1.p4.default.params.signingAlg=- +policyset.set1.p5.constraint.class_id=noConstraintImpl +policyset.set1.p5.constraint.name=No Constraint +policyset.set1.p5.default.class_id=keyUsageExtDefaultImpl +policyset.set1.p5.default.name=Key Usage Extension Default +policyset.set1.p5.default.params.keyUsageCritical=true +policyset.set1.p5.default.params.keyUsageCrlSign=false +policyset.set1.p5.default.params.keyUsageDataEncipherment=false +policyset.set1.p5.default.params.keyUsageDecipherOnly=false +policyset.set1.p5.default.params.keyUsageDigitalSignature=false +policyset.set1.p5.default.params.keyUsageEncipherOnly=false +policyset.set1.p5.default.params.keyUsageKeyAgreement=false +policyset.set1.p5.default.params.keyUsageKeyCertSign=false +policyset.set1.p5.default.params.keyUsageKeyEncipherment=true +policyset.set1.p5.default.params.keyUsageNonRepudiation=false +policyset.set1.p6.constraint.class_id=noConstraintImpl +policyset.set1.p6.constraint.name=No Constraint +policyset.set1.p6.default.class_id=subjectAltNameExtDefaultImpl +policyset.set1.p6.default.name=Subject Alternative Name Extension Default +policyset.set1.p6.default.params.subjAltExtGNEnable_0=true +policyset.set1.p6.default.params.subjAltExtGNEnable_1=false +policyset.set1.p6.default.params.subjAltExtGNEnable_2=false +policyset.set1.p6.default.params.subjAltExtGNEnable_3=false +policyset.set1.p6.default.params.subjAltExtGNEnable_4=false +policyset.set1.p6.default.params.subjAltExtPattern_0=$request.mail$ +policyset.set1.p6.default.params.subjAltExtPattern_1= +policyset.set1.p6.default.params.subjAltExtPattern_2= +policyset.set1.p6.default.params.subjAltExtPattern_3= +policyset.set1.p6.default.params.subjAltExtPattern_4= +policyset.set1.p6.default.params.subjAltExtType_0=RFC822Name +policyset.set1.p6.default.params.subjAltExtType_1=OtherName +policyset.set1.p6.default.params.subjAltExtType_2=RFC822Name +policyset.set1.p6.default.params.subjAltExtType_3=RFC822Name +policyset.set1.p6.default.params.subjAltExtType_4=RFC822Name +policyset.set1.p6.default.params.subjAltNameExtCritical=false +policyset.set1.p6.default.params.subjAltNameNumGNs=1 +policyset.set1.p7.constraint.class_id=noConstraintImpl +policyset.set1.p7.constraint.name=No Constraint +policyset.set1.p7.default.class_id=certificatePoliciesExtDefaultImpl +policyset.set1.p7.default.name=Certificate Policies Extension Default +policyset.set1.p7.default.params.Critical=false +policyset.set1.p7.default.params.PoliciesExt.num=5 +policyset.set1.p7.default.params.PoliciesExt.certPolicy0.enable=false +policyset.set1.p7.default.params.PoliciesExt.certPolicy0.policyId= +policyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.enable=true +policyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.value= +policyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.enable=false +policyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.explicitText.value= +policyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers= +policyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.organization= +policyset.set1.p7.default.params.PoliciesExt.certPolicy1.enable=false +policyset.set1.p7.default.params.PoliciesExt.certPolicy1.policyId= +policyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.enable=false +policyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.value= +policyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.enable=false +policyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.explicitText.value= +policyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers= +policyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.organization= +policyset.set1.p7.default.params.PoliciesExt.certPolicy2.enable=false +policyset.set1.p7.default.params.PoliciesExt.certPolicy2.policyId= +policyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.enable=false +policyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.value= +policyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.enable=false +policyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.explicitText.value= +policyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers= +policyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.organization= +policyset.set1.p7.default.params.PoliciesExt.certPolicy3.enable=false +policyset.set1.p7.default.params.PoliciesExt.certPolicy3.policyId= +policyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.enable=false +policyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.value= +policyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.enable=false +policyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.explicitText.value= +policyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers= +policyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.organization= +policyset.set1.p7.default.params.PoliciesExt.certPolicy4.enable=false +policyset.set1.p7.default.params.PoliciesExt.certPolicy4.policyId= +policyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.enable=false +policyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.value= +policyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.enable=false +policyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.explicitText.value= +policyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers= +policyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.organization= +policyset.set1.p8.constraint.class_id=noConstraintImpl +policyset.set1.p8.constraint.name=No Constraint +policyset.set1.p8.default.class_id=subjectKeyIdentifierExtDefaultImpl +policyset.set1.p8.default.name=Subject Key Identifier Default +policyset.set1.p9.constraint.class_id=noConstraintImpl +policyset.set1.p9.constraint.name=No Constraint +policyset.set1.p9.default.class_id=authorityKeyIdentifierExtDefaultImpl +policyset.set1.p9.default.name=Authority Key Identifier Extension Default +policyset.set1.p12.constraint.class_id=basicConstraintsExtConstraintImpl +policyset.set1.p12.constraint.name=Basic Constraints Extension Constraint +policyset.set1.p12.constraint.params.basicConstraintsCritical=- +policyset.set1.p12.constraint.params.basicConstraintsIsCA=- +policyset.set1.p12.constraint.params.basicConstraintsMaxPathLen=-1 +policyset.set1.p12.constraint.params.basicConstraintsMinPathLen=-1 +policyset.set1.p12.default.class_id=basicConstraintsExtDefaultImpl +policyset.set1.p12.default.name=Basic Constraints Extension Default +policyset.set1.p12.default.params.basicConstraintsCritical=false +policyset.set1.p12.default.params.basicConstraintsIsCA=false +policyset.set1.p12.default.params.basicConstraintsPathLen=-1 +policyset.set1.p13.constraint.class_id=noConstraintImpl +policyset.set1.p13.constraint.name=No Constraint +policyset.set1.p13.default.class_id=crlDistributionPointsExtDefaultImpl +policyset.set1.p13.default.name=crlDistributionPointsExtDefaultImpl +policyset.set1.p13.default.params.crlDistPointsCritical=false +policyset.set1.p13.default.params.crlDistPointsNum=0 +policyset.set1.p13.default.params.crlDistPointsEnable_0=false +policyset.set1.p13.default.params.crlDistPointsIssuerName_0= +policyset.set1.p13.default.params.crlDistPointsIssuerType_0= +policyset.set1.p13.default.params.crlDistPointsPointName_0= +policyset.set1.p13.default.params.crlDistPointsPointType_0=URIName +policyset.set1.p13.default.params.crlDistPointsReasons_0= +policyset.set1.p14.constraint.class_id=noConstraintImpl +policyset.set1.p14.constraint.name=No Constraint +policyset.set1.p14.default.class_id=authInfoAccessExtDefaultImpl +policyset.set1.p14.default.name=AIA Extension Default +policyset.set1.p14.default.params.authInfoAccessADEnable_0=false +policyset.set1.p14.default.params.authInfoAccessADLocationType_0=URIName +policyset.set1.p14.default.params.authInfoAccessADLocation_0= +policyset.set1.p14.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1 +policyset.set1.p14.default.params.authInfoAccessCritical=false +policyset.set1.p14.default.params.authInfoAccessNumADs=0 diff --git a/pki/base/ca/shared/profiles/ca/caTempTokenUserSigningKeyEnrollment.cfg b/pki/base/ca/shared/profiles/ca/caTempTokenUserSigningKeyEnrollment.cfg new file mode 100644 index 000000000..538a17db3 --- /dev/null +++ b/pki/base/ca/shared/profiles/ca/caTempTokenUserSigningKeyEnrollment.cfg @@ -0,0 +1,166 @@ +desc=This profile is for enrolling Token Signing key +enable=true +enableBy=admin +name=Temporary Token User Signing Certificate Enrollment +visible=true +auth.instance_id=AgentCertAuth +input.list=i1 +input.i1.class_id=nsNKeyCertReqInputImpl +input.i1.name=nsNKeyCertReqInputImpl +output.list=o1 +output.o1.class_id=nsNKeyOutputImpl +output.o2.name=nsNKeyOutputImpl +policyset.list=set1 +#policyset.set1.list=p2,p4,p5,p1,p6,p7,p8,p9,p12,p13,p14 +policyset.set1.list=p2,p4,p5,p1,p6,p8,p9,p12 +policyset.set1.p1.constraint.class_id=noConstraintImpl +policyset.set1.p1.constraint.name=No Constraint +policyset.set1.p1.default.class_id=nsTokenUserKeySubjectNameDefaultImpl +policyset.set1.p1.default.name=nsTokenUserKeySubjectNameDefault +#uncomment below to support SMIME +#policyset.set1.p1.default.params.dnpattern=UID=$request.uid$, E=$request.mail$, O=Token Key User +policyset.set1.p1.default.params.dnpattern=UID=$request.uid$, O=Token Key User +#changed ldap.enable to true to support SMIME +policyset.set1.p1.default.params.ldap.enable=false +policyset.set1.p1.default.params.ldap.searchName=uid +policyset.set1.p1.default.params.ldapStringAttributes=uid,mail +policyset.set1.p1.default.params.ldap.basedn= +policyset.set1.p1.default.params.ldap.maxConns=4 +policyset.set1.p1.default.params.ldap.minConns=1 +policyset.set1.p1.default.params.ldap.ldapconn.Version=2 +policyset.set1.p1.default.params.ldap.ldapconn.host= +policyset.set1.p1.default.params.ldap.ldapconn.port= +policyset.set1.p1.default.params.ldap.ldapconn.secureConn=false +policyset.set1.p2.constraint.class_id=noConstraintImpl +policyset.set1.p2.constraint.name=No Constraint +policyset.set1.p2.default.class_id=validityDefaultImpl +policyset.set1.p2.default.name=Validity Default +policyset.set1.p2.default.params.range=7 +policyset.set1.p2.default.params.startTime=0 +policyset.set1.p4.constraint.class_id=noConstraintImpl +policyset.set1.p4.constraint.name=No Constraint +policyset.set1.p4.default.class_id=signingAlgDefaultImpl +policyset.set1.p4.default.name=Signing Algorithm Default +policyset.set1.p4.default.params.signingAlg=- +policyset.set1.p5.constraint.class_id=noConstraintImpl +policyset.set1.p5.constraint.name=No Constraint +policyset.set1.p5.default.class_id=keyUsageExtDefaultImpl +policyset.set1.p5.default.name=Key Usage Extension Default +policyset.set1.p5.default.params.keyUsageCritical=true +policyset.set1.p5.default.params.keyUsageCrlSign=false +policyset.set1.p5.default.params.keyUsageDataEncipherment=false +policyset.set1.p5.default.params.keyUsageDecipherOnly=false +policyset.set1.p5.default.params.keyUsageDigitalSignature=true +policyset.set1.p5.default.params.keyUsageEncipherOnly=false +policyset.set1.p5.default.params.keyUsageKeyAgreement=false +policyset.set1.p5.default.params.keyUsageKeyCertSign=false +policyset.set1.p5.default.params.keyUsageKeyEncipherment=false +policyset.set1.p5.default.params.keyUsageNonRepudiation=true +policyset.set1.p6.constraint.class_id=noConstraintImpl +policyset.set1.p6.constraint.name=No Constraint +policyset.set1.p6.default.class_id=subjectAltNameExtDefaultImpl +policyset.set1.p6.default.name=Subject Alternative Name Extension Default +policyset.set1.p6.default.params.subjAltExtGNEnable_0=true +policyset.set1.p6.default.params.subjAltExtGNEnable_1=false +policyset.set1.p6.default.params.subjAltExtGNEnable_2=false +policyset.set1.p6.default.params.subjAltExtGNEnable_3=false +policyset.set1.p6.default.params.subjAltExtGNEnable_4=false +policyset.set1.p6.default.params.subjAltExtPattern_0=$request.mail$ +policyset.set1.p6.default.params.subjAltExtPattern_1= +policyset.set1.p6.default.params.subjAltExtPattern_2= +policyset.set1.p6.default.params.subjAltExtPattern_3= +policyset.set1.p6.default.params.subjAltExtPattern_4= +policyset.set1.p6.default.params.subjAltExtType_0=RFC822Name +policyset.set1.p6.default.params.subjAltExtType_1=OtherName +policyset.set1.p6.default.params.subjAltExtType_2=RFC822Name +policyset.set1.p6.default.params.subjAltExtType_3=RFC822Name +policyset.set1.p6.default.params.subjAltExtType_4=RFC822Name +policyset.set1.p6.default.params.subjAltNameExtCritical=false +policyset.set1.p6.default.params.subjAltNameNumGNs=1 +policyset.set1.p7.constraint.class_id=noConstraintImpl +policyset.set1.p7.constraint.name=No Constraint +policyset.set1.p7.default.class_id=certificatePoliciesExtDefaultImpl +policyset.set1.p7.default.name=Certificate Policies Extension Default +policyset.set1.p7.default.params.Critical=false +policyset.set1.p7.default.params.PoliciesExt.num=5 +policyset.set1.p7.default.params.PoliciesExt.certPolicy0.enable=false +policyset.set1.p7.default.params.PoliciesExt.certPolicy0.policyId= +policyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.enable=true +policyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.value= +policyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.enable=false +policyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.explicitText.value= +policyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers= +policyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.organization= +policyset.set1.p7.default.params.PoliciesExt.certPolicy1.enable=false +policyset.set1.p7.default.params.PoliciesExt.certPolicy1.policyId= +policyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.enable=false +policyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.value= +policyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.enable=false +policyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.explicitText.value= +policyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers= +policyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.organization= +policyset.set1.p7.default.params.PoliciesExt.certPolicy2.enable=false +policyset.set1.p7.default.params.PoliciesExt.certPolicy2.policyId= +policyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.enable=false +policyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.value= +policyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.enable=false +policyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.explicitText.value= +policyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers= +policyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.organization= +policyset.set1.p7.default.params.PoliciesExt.certPolicy3.enable=false +policyset.set1.p7.default.params.PoliciesExt.certPolicy3.policyId= +policyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.enable=false +policyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.value= +policyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.enable=false +policyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.explicitText.value= +policyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers= +policyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.organization= +policyset.set1.p7.default.params.PoliciesExt.certPolicy4.enable=false +policyset.set1.p7.default.params.PoliciesExt.certPolicy4.policyId= +policyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.enable=false +policyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.value= +policyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.enable=false +policyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.explicitText.value= +policyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers= +policyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.organization= +policyset.set1.p8.constraint.class_id=noConstraintImpl +policyset.set1.p8.constraint.name=No Constraint +policyset.set1.p8.default.class_id=subjectKeyIdentifierExtDefaultImpl +policyset.set1.p8.default.name=Subject Key Identifier Default +policyset.set1.p9.constraint.class_id=noConstraintImpl +policyset.set1.p9.constraint.name=No Constraint +policyset.set1.p9.default.class_id=authorityKeyIdentifierExtDefaultImpl +policyset.set1.p9.default.name=Authority Key Identifier Extension Default +policyset.set1.p12.constraint.class_id=basicConstraintsExtConstraintImpl +policyset.set1.p12.constraint.name=Basic Constraints Extension Constraint +policyset.set1.p12.constraint.params.basicConstraintsCritical=- +policyset.set1.p12.constraint.params.basicConstraintsIsCA=- +policyset.set1.p12.constraint.params.basicConstraintsMaxPathLen=-1 +policyset.set1.p12.constraint.params.basicConstraintsMinPathLen=-1 +policyset.set1.p12.default.class_id=basicConstraintsExtDefaultImpl +policyset.set1.p12.default.name=Basic Constraints Extension Default +policyset.set1.p12.default.params.basicConstraintsCritical=false +policyset.set1.p12.default.params.basicConstraintsIsCA=false +policyset.set1.p12.default.params.basicConstraintsPathLen=-1 +policyset.set1.p13.constraint.class_id=noConstraintImpl +policyset.set1.p13.constraint.name=No Constraint +policyset.set1.p13.default.class_id=crlDistributionPointsExtDefaultImpl +policyset.set1.p13.default.name=crlDistributionPointsExtDefaultImpl +policyset.set1.p13.default.params.crlDistPointsCritical=false +policyset.set1.p13.default.params.crlDistPointsNum=0 +policyset.set1.p13.default.params.crlDistPointsEnable_0=false +policyset.set1.p13.default.params.crlDistPointsIssuerName_0= +policyset.set1.p13.default.params.crlDistPointsIssuerType_0= +policyset.set1.p13.default.params.crlDistPointsPointName_0= +policyset.set1.p13.default.params.crlDistPointsPointType_0=URIName +policyset.set1.p13.default.params.crlDistPointsReasons_0= +policyset.set1.p14.constraint.class_id=noConstraintImpl +policyset.set1.p14.constraint.name=No Constraint +policyset.set1.p14.default.class_id=authInfoAccessExtDefaultImpl +policyset.set1.p14.default.name=AIA Extension Default +policyset.set1.p14.default.params.authInfoAccessADEnable_0=false +policyset.set1.p14.default.params.authInfoAccessADLocationType_0=URIName +policyset.set1.p14.default.params.authInfoAccessADLocation_0= +policyset.set1.p14.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1 +policyset.set1.p14.default.params.authInfoAccessCritical=false +policyset.set1.p14.default.params.authInfoAccessNumADs=0 diff --git a/pki/base/ca/shared/profiles/ca/caTokenDeviceKeyEnrollment.cfg b/pki/base/ca/shared/profiles/ca/caTokenDeviceKeyEnrollment.cfg new file mode 100644 index 000000000..7eaf6f96f --- /dev/null +++ b/pki/base/ca/shared/profiles/ca/caTokenDeviceKeyEnrollment.cfg @@ -0,0 +1,143 @@ +desc=This profile is for enrolling token device keys +enable=true +enableBy=admin +lastModified=1068835451090 +name=Token Device Key Enrollment +visible=true +auth.instance_id=AgentCertAuth +input.list=i1 +input.i1.class_id=nsHKeyCertReqInputImpl +input.i1.name=nsHKeyCertReqInputImpl +output.list=o1 +output.o1.class_id=nsNKeyOutputImpl +output.o2.name=nsNKeyOutputImpl +policyset.list=set1 +#policyset.set1.list=p2,p3,p4,p5,p1,p7,p8,p9,p12,p6 +policyset.set1.list=p2,p4,p5,p1,p8,p9,p12 +policyset.set1.p1.constraint.class_id=noConstraintImpl +policyset.set1.p1.constraint.name=No Constraint +policyset.set1.p1.default.class_id=nsTokenDeviceKeySubjectNameDefaultImpl +policyset.set1.p1.default.name=nsTokenDeviceKeySubjectNameDefault +policyset.set1.p1.default.params.dnpattern=UID=Token Key Device - $request.tokencuid$ +policyset.set1.p12.constraint.class_id=basicConstraintsExtConstraintImpl +policyset.set1.p12.constraint.name=Basic Constraints Extension Constraint +policyset.set1.p12.constraint.params.basicConstraintsCritical=- +policyset.set1.p12.constraint.params.basicConstraintsIsCA=- +policyset.set1.p12.constraint.params.basicConstraintsMaxPathLen=-1 +policyset.set1.p12.constraint.params.basicConstraintsMinPathLen=-1 +policyset.set1.p12.default.class_id=basicConstraintsExtDefaultImpl +policyset.set1.p12.default.name=Basic Constraints Extension Default +policyset.set1.p12.default.params.basicConstraintsCritical=false +policyset.set1.p12.default.params.basicConstraintsIsCA=false +policyset.set1.p12.default.params.basicConstraintsPathLen=-1 +policyset.set1.p2.constraint.class_id=noConstraintImpl +policyset.set1.p2.constraint.name=No Constraint +policyset.set1.p2.default.class_id=validityDefaultImpl +policyset.set1.p2.default.name=Validity Default +policyset.set1.p2.default.params.range=1825 +policyset.set1.p2.default.params.startTime=0 +policyset.set1.p3.constraint.class_id=noConstraintImpl +policyset.set1.p3.constraint.name=No Constraint +policyset.set1.p3.default.class_id=crlDistributionPointsExtDefaultImpl +policyset.set1.p3.default.name=crlDistributionPointsExtDefaultImpl +policyset.set1.p3.default.params.crlDistPointsCritical=false +policyset.set1.p3.default.params.crlDistPointsNum=0 +policyset.set1.p3.default.params.crlDistPointsEnable_0=false +policyset.set1.p3.default.params.crlDistPointsIssuerName_0= +policyset.set1.p3.default.params.crlDistPointsIssuerType_0= +policyset.set1.p3.default.params.crlDistPointsPointName_0= +policyset.set1.p3.default.params.crlDistPointsPointType_0=URIName +policyset.set1.p3.default.params.crlDistPointsReasons_0= +policyset.set1.p4.constraint.class_id=noConstraintImpl +policyset.set1.p4.constraint.name=No Constraint +policyset.set1.p4.default.class_id=signingAlgDefaultImpl +policyset.set1.p4.default.name=Signing Algorithm Default +policyset.set1.p4.default.params.signingAlg=- +policyset.set1.p5.constraint.class_id=noConstraintImpl +policyset.set1.p5.constraint.name=No Constraint +policyset.set1.p5.default.class_id=keyUsageExtDefaultImpl +policyset.set1.p5.default.name=Key Usage Extension Default +policyset.set1.p5.default.params.keyUsageCritical=true +policyset.set1.p5.default.params.keyUsageCrlSign=false +policyset.set1.p5.default.params.keyUsageDataEncipherment=false +policyset.set1.p5.default.params.keyUsageDecipherOnly=false +policyset.set1.p5.default.params.keyUsageDigitalSignature=true +policyset.set1.p5.default.params.keyUsageEncipherOnly=false +policyset.set1.p5.default.params.keyUsageKeyAgreement=false +policyset.set1.p5.default.params.keyUsageKeyCertSign=false +policyset.set1.p5.default.params.keyUsageKeyEncipherment=false +policyset.set1.p5.default.params.keyUsageNonRepudiation=false +policyset.set1.p7.constraint.class_id=noConstraintImpl +policyset.set1.p7.constraint.name=No Constraint +policyset.set1.p7.default.class_id=certificatePoliciesExtDefaultImpl +policyset.set1.p7.default.name=Certificate Policies Extension Default +policyset.set1.p7.default.params.Critical=false +policyset.set1.p7.default.params.PoliciesExt.certPolicy0.enable=false +policyset.set1.p7.default.params.PoliciesExt.certPolicy0.policyId= +policyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.enable=false +policyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.value= +policyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.enable=false +policyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.explicitText.value= +policyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers= +policyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.organization= +policyset.set1.p7.default.params.PoliciesExt.certPolicy1.enable=false +policyset.set1.p7.default.params.PoliciesExt.certPolicy1.policyId= +policyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.enable=false +policyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.value= +policyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.enable=false +policyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.explicitText.value= +policyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers= +policyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.organization= +policyset.set1.p7.default.params.PoliciesExt.certPolicy2.enable=false +policyset.set1.p7.default.params.PoliciesExt.certPolicy2.policyId= +policyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.enable=false +policyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.value= +policyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.enable=false +policyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.explicitText.value= +policyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers= +policyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.organization= +policyset.set1.p7.default.params.PoliciesExt.certPolicy3.enable=false +policyset.set1.p7.default.params.PoliciesExt.certPolicy3.policyId= +policyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.enable=false +policyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.value= +policyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.enable=false +policyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.explicitText.value= +policyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers= +policyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.organization= +policyset.set1.p7.default.params.PoliciesExt.certPolicy4.enable=false +policyset.set1.p7.default.params.PoliciesExt.certPolicy4.policyId= +policyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.enable=false +policyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.value= +policyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.enable=false +policyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.explicitText.value= +policyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers= +policyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.organization= +policyset.set1.p8.constraint.class_id=noConstraintImpl +policyset.set1.p8.constraint.name=No Constraint +policyset.set1.p8.default.class_id=subjectKeyIdentifierExtDefaultImpl +policyset.set1.p8.default.name=Subject Key Identifier Default +policyset.set1.p9.constraint.class_id=noConstraintImpl +policyset.set1.p9.constraint.name=No Constraint +policyset.set1.p9.default.class_id=authorityKeyIdentifierExtDefaultImpl +policyset.set1.p9.default.name=Authority Key Identifier Extension Default +policyset.set1.p6.constraint.class_id=noConstraintImpl +policyset.set1.p6.constraint.name=No Constraint +policyset.set1.p6.default.class_id=subjectAltNameExtDefaultImpl +policyset.set1.p6.default.name=Subject Alternative Name Extension Default +policyset.set1.p6.default.params.subjAltExtGNEnable_0=false +policyset.set1.p6.default.params.subjAltExtGNEnable_1=false +policyset.set1.p6.default.params.subjAltExtGNEnable_2=false +policyset.set1.p6.default.params.subjAltExtGNEnable_3=false +policyset.set1.p6.default.params.subjAltExtGNEnable_4=false +policyset.set1.p6.default.params.subjAltExtPattern_0= +policyset.set1.p6.default.params.subjAltExtPattern_1= +policyset.set1.p6.default.params.subjAltExtPattern_2= +policyset.set1.p6.default.params.subjAltExtPattern_3= +policyset.set1.p6.default.params.subjAltExtPattern_4= +policyset.set1.p6.default.params.subjAltExtType_0=OtherName +policyset.set1.p6.default.params.subjAltExtType_1=RFC822Name +policyset.set1.p6.default.params.subjAltExtType_2=RFC822Name +policyset.set1.p6.default.params.subjAltExtType_3=RFC822Name +policyset.set1.p6.default.params.subjAltExtType_4=RFC822Name +policyset.set1.p6.default.params.subjAltNameExtCritical=false +policyset.set1.p6.default.params.subjAltNameNumGNs=0 diff --git a/pki/base/ca/shared/profiles/ca/caTokenUserEncryptionKeyEnrollment.cfg b/pki/base/ca/shared/profiles/ca/caTokenUserEncryptionKeyEnrollment.cfg new file mode 100644 index 000000000..724f3dc18 --- /dev/null +++ b/pki/base/ca/shared/profiles/ca/caTokenUserEncryptionKeyEnrollment.cfg @@ -0,0 +1,164 @@ +desc=This profile is for enrolling Token Encryption key +enable=true +enableBy=admin +name=Token User Encryption Certificate Enrollment +visible=true +auth.instance_id=AgentCertAuth +input.list=i1 +input.i1.class_id=nsNKeyCertReqInputImpl +input.i1.name=nsNKeyCertReqInputImpl +output.list=o1 +output.o1.class_id=nsNKeyOutputImpl +output.o2.name=nsNKeyOutputImpl +policyset.list=set1 +#policyset.set1.list=p2,p4,p5,p1,p6,p7,p8,p9,p12,p13,p14 +policyset.set1.list=p2,p4,p5,p1,p6,p8,p9,p12 +policyset.set1.p1.constraint.class_id=noConstraintImpl +policyset.set1.p1.constraint.name=No Constraint +policyset.set1.p1.default.class_id=nsTokenUserKeySubjectNameDefaultImpl +policyset.set1.p1.default.name=nsTokenUserKeySubjectNameDefault +policyset.set1.p1.default.params.dnpattern=UID=$request.uid$, O=Token Key User +#changed ldap.enable to true to support SMIME +policyset.set1.p1.default.params.ldap.enable=false +policyset.set1.p1.default.params.ldap.searchName=uid +policyset.set1.p1.default.params.ldapStringAttributes=uid,mail +policyset.set1.p1.default.params.ldap.basedn= +policyset.set1.p1.default.params.ldap.maxConns=4 +policyset.set1.p1.default.params.ldap.minConns=1 +policyset.set1.p1.default.params.ldap.ldapconn.Version=2 +policyset.set1.p1.default.params.ldap.ldapconn.host= +policyset.set1.p1.default.params.ldap.ldapconn.port= +policyset.set1.p1.default.params.ldap.ldapconn.secureConn=false +policyset.set1.p2.constraint.class_id=noConstraintImpl +policyset.set1.p2.constraint.name=No Constraint +policyset.set1.p2.default.class_id=validityDefaultImpl +policyset.set1.p2.default.name=Validity Default +policyset.set1.p2.default.params.range=1825 +policyset.set1.p2.default.params.startTime=0 +policyset.set1.p4.constraint.class_id=noConstraintImpl +policyset.set1.p4.constraint.name=No Constraint +policyset.set1.p4.default.class_id=signingAlgDefaultImpl +policyset.set1.p4.default.name=Signing Algorithm Default +policyset.set1.p4.default.params.signingAlg=- +policyset.set1.p5.constraint.class_id=noConstraintImpl +policyset.set1.p5.constraint.name=No Constraint +policyset.set1.p5.default.class_id=keyUsageExtDefaultImpl +policyset.set1.p5.default.name=Key Usage Extension Default +policyset.set1.p5.default.params.keyUsageCritical=true +policyset.set1.p5.default.params.keyUsageCrlSign=false +policyset.set1.p5.default.params.keyUsageDataEncipherment=false +policyset.set1.p5.default.params.keyUsageDecipherOnly=false +policyset.set1.p5.default.params.keyUsageDigitalSignature=false +policyset.set1.p5.default.params.keyUsageEncipherOnly=false +policyset.set1.p5.default.params.keyUsageKeyAgreement=false +policyset.set1.p5.default.params.keyUsageKeyCertSign=false +policyset.set1.p5.default.params.keyUsageKeyEncipherment=true +policyset.set1.p5.default.params.keyUsageNonRepudiation=false +policyset.set1.p6.constraint.class_id=noConstraintImpl +policyset.set1.p6.constraint.name=No Constraint +policyset.set1.p6.default.class_id=subjectAltNameExtDefaultImpl +policyset.set1.p6.default.name=Subject Alternative Name Extension Default +policyset.set1.p6.default.params.subjAltExtGNEnable_0=true +policyset.set1.p6.default.params.subjAltExtGNEnable_1=false +policyset.set1.p6.default.params.subjAltExtGNEnable_2=false +policyset.set1.p6.default.params.subjAltExtGNEnable_3=false +policyset.set1.p6.default.params.subjAltExtGNEnable_4=false +policyset.set1.p6.default.params.subjAltExtPattern_0=$request.mail$ +policyset.set1.p6.default.params.subjAltExtPattern_1= +policyset.set1.p6.default.params.subjAltExtPattern_2= +policyset.set1.p6.default.params.subjAltExtPattern_3= +policyset.set1.p6.default.params.subjAltExtPattern_4= +policyset.set1.p6.default.params.subjAltExtType_0=RFC822Name +policyset.set1.p6.default.params.subjAltExtType_1=OtherName +policyset.set1.p6.default.params.subjAltExtType_2=RFC822Name +policyset.set1.p6.default.params.subjAltExtType_3=RFC822Name +policyset.set1.p6.default.params.subjAltExtType_4=RFC822Name +policyset.set1.p6.default.params.subjAltNameExtCritical=false +policyset.set1.p6.default.params.subjAltNameNumGNs=1 +policyset.set1.p7.constraint.class_id=noConstraintImpl +policyset.set1.p7.constraint.name=No Constraint +policyset.set1.p7.default.class_id=certificatePoliciesExtDefaultImpl +policyset.set1.p7.default.name=Certificate Policies Extension Default +policyset.set1.p7.default.params.Critical=false +policyset.set1.p7.default.params.PoliciesExt.num=5 +policyset.set1.p7.default.params.PoliciesExt.certPolicy0.enable=false +policyset.set1.p7.default.params.PoliciesExt.certPolicy0.policyId= +policyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.enable=true +policyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.value= +policyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.enable=false +policyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.explicitText.value= +policyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers= +policyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.organization= +policyset.set1.p7.default.params.PoliciesExt.certPolicy1.enable=false +policyset.set1.p7.default.params.PoliciesExt.certPolicy1.policyId= +policyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.enable=false +policyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.value= +policyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.enable=false +policyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.explicitText.value= +policyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers= +policyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.organization= +policyset.set1.p7.default.params.PoliciesExt.certPolicy2.enable=false +policyset.set1.p7.default.params.PoliciesExt.certPolicy2.policyId= +policyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.enable=false +policyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.value= +policyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.enable=false +policyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.explicitText.value= +policyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers= +policyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.organization= +policyset.set1.p7.default.params.PoliciesExt.certPolicy3.enable=false +policyset.set1.p7.default.params.PoliciesExt.certPolicy3.policyId= +policyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.enable=false +policyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.value= +policyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.enable=false +policyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.explicitText.value= +policyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers= +policyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.organization= +policyset.set1.p7.default.params.PoliciesExt.certPolicy4.enable=false +policyset.set1.p7.default.params.PoliciesExt.certPolicy4.policyId= +policyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.enable=false +policyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.value= +policyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.enable=false +policyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.explicitText.value= +policyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers= +policyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.organization= +policyset.set1.p8.constraint.class_id=noConstraintImpl +policyset.set1.p8.constraint.name=No Constraint +policyset.set1.p8.default.class_id=subjectKeyIdentifierExtDefaultImpl +policyset.set1.p8.default.name=Subject Key Identifier Default +policyset.set1.p9.constraint.class_id=noConstraintImpl +policyset.set1.p9.constraint.name=No Constraint +policyset.set1.p9.default.class_id=authorityKeyIdentifierExtDefaultImpl +policyset.set1.p9.default.name=Authority Key Identifier Extension Default +policyset.set1.p12.constraint.class_id=basicConstraintsExtConstraintImpl +policyset.set1.p12.constraint.name=Basic Constraints Extension Constraint +policyset.set1.p12.constraint.params.basicConstraintsCritical=- +policyset.set1.p12.constraint.params.basicConstraintsIsCA=- +policyset.set1.p12.constraint.params.basicConstraintsMaxPathLen=-1 +policyset.set1.p12.constraint.params.basicConstraintsMinPathLen=-1 +policyset.set1.p12.default.class_id=basicConstraintsExtDefaultImpl +policyset.set1.p12.default.name=Basic Constraints Extension Default +policyset.set1.p12.default.params.basicConstraintsCritical=false +policyset.set1.p12.default.params.basicConstraintsIsCA=false +policyset.set1.p12.default.params.basicConstraintsPathLen=-1 +policyset.set1.p13.constraint.class_id=noConstraintImpl +policyset.set1.p13.constraint.name=No Constraint +policyset.set1.p13.default.class_id=crlDistributionPointsExtDefaultImpl +policyset.set1.p13.default.name=crlDistributionPointsExtDefaultImpl +policyset.set1.p13.default.params.crlDistPointsCritical=false +policyset.set1.p13.default.params.crlDistPointsNum=0 +policyset.set1.p13.default.params.crlDistPointsEnable_0=false +policyset.set1.p13.default.params.crlDistPointsIssuerName_0= +policyset.set1.p13.default.params.crlDistPointsIssuerType_0= +policyset.set1.p13.default.params.crlDistPointsPointName_0= +policyset.set1.p13.default.params.crlDistPointsPointType_0=URIName +policyset.set1.p13.default.params.crlDistPointsReasons_0= +policyset.set1.p14.constraint.class_id=noConstraintImpl +policyset.set1.p14.constraint.name=No Constraint +policyset.set1.p14.default.class_id=authInfoAccessExtDefaultImpl +policyset.set1.p14.default.name=AIA Extension Default +policyset.set1.p14.default.params.authInfoAccessADEnable_0=false +policyset.set1.p14.default.params.authInfoAccessADLocationType_0=URIName +policyset.set1.p14.default.params.authInfoAccessADLocation_0= +policyset.set1.p14.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1 +policyset.set1.p14.default.params.authInfoAccessCritical=false +policyset.set1.p14.default.params.authInfoAccessNumADs=0 diff --git a/pki/base/ca/shared/profiles/ca/caTokenUserSigningKeyEnrollment.cfg b/pki/base/ca/shared/profiles/ca/caTokenUserSigningKeyEnrollment.cfg new file mode 100644 index 000000000..9f9bf20c3 --- /dev/null +++ b/pki/base/ca/shared/profiles/ca/caTokenUserSigningKeyEnrollment.cfg @@ -0,0 +1,164 @@ +desc=This profile is for enrolling Token Signing key +enable=true +enableBy=admin +name=Token User Signing Certificate Enrollment +visible=true +auth.instance_id=AgentCertAuth +input.list=i1 +input.i1.class_id=nsNKeyCertReqInputImpl +input.i1.name=nsNKeyCertReqInputImpl +output.list=o1 +output.o1.class_id=nsNKeyOutputImpl +output.o2.name=nsNKeyOutputImpl +policyset.list=set1 +#policyset.set1.list=p2,p4,p5,p1,p6,p7,p8,p9,p12,p13,p14 +policyset.set1.list=p2,p4,p5,p1,p6,p8,p9,p12 +policyset.set1.p1.constraint.class_id=noConstraintImpl +policyset.set1.p1.constraint.name=No Constraint +policyset.set1.p1.default.class_id=nsTokenUserKeySubjectNameDefaultImpl +policyset.set1.p1.default.name=nsTokenUserKeySubjectNameDefault +policyset.set1.p1.default.params.dnpattern=UID=$request.uid$, O=Token Key User +#changed ldap.enable to true to support SMIME +policyset.set1.p1.default.params.ldap.enable=false +policyset.set1.p1.default.params.ldap.searchName=uid +policyset.set1.p1.default.params.ldapStringAttributes=uid,mail +policyset.set1.p1.default.params.ldap.basedn= +policyset.set1.p1.default.params.ldap.maxConns=4 +policyset.set1.p1.default.params.ldap.minConns=1 +policyset.set1.p1.default.params.ldap.ldapconn.Version=2 +policyset.set1.p1.default.params.ldap.ldapconn.host= +policyset.set1.p1.default.params.ldap.ldapconn.port= +policyset.set1.p1.default.params.ldap.ldapconn.secureConn=false +policyset.set1.p2.constraint.class_id=noConstraintImpl +policyset.set1.p2.constraint.name=No Constraint +policyset.set1.p2.default.class_id=validityDefaultImpl +policyset.set1.p2.default.name=Validity Default +policyset.set1.p2.default.params.range=1825 +policyset.set1.p2.default.params.startTime=0 +policyset.set1.p4.constraint.class_id=noConstraintImpl +policyset.set1.p4.constraint.name=No Constraint +policyset.set1.p4.default.class_id=signingAlgDefaultImpl +policyset.set1.p4.default.name=Signing Algorithm Default +policyset.set1.p4.default.params.signingAlg=- +policyset.set1.p5.constraint.class_id=noConstraintImpl +policyset.set1.p5.constraint.name=No Constraint +policyset.set1.p5.default.class_id=keyUsageExtDefaultImpl +policyset.set1.p5.default.name=Key Usage Extension Default +policyset.set1.p5.default.params.keyUsageCritical=true +policyset.set1.p5.default.params.keyUsageCrlSign=false +policyset.set1.p5.default.params.keyUsageDataEncipherment=false +policyset.set1.p5.default.params.keyUsageDecipherOnly=false +policyset.set1.p5.default.params.keyUsageDigitalSignature=true +policyset.set1.p5.default.params.keyUsageEncipherOnly=false +policyset.set1.p5.default.params.keyUsageKeyAgreement=false +policyset.set1.p5.default.params.keyUsageKeyCertSign=false +policyset.set1.p5.default.params.keyUsageKeyEncipherment=false +policyset.set1.p5.default.params.keyUsageNonRepudiation=true +policyset.set1.p6.constraint.class_id=noConstraintImpl +policyset.set1.p6.constraint.name=No Constraint +policyset.set1.p6.default.class_id=subjectAltNameExtDefaultImpl +policyset.set1.p6.default.name=Subject Alternative Name Extension Default +policyset.set1.p6.default.params.subjAltExtGNEnable_0=true +policyset.set1.p6.default.params.subjAltExtGNEnable_1=false +policyset.set1.p6.default.params.subjAltExtGNEnable_2=false +policyset.set1.p6.default.params.subjAltExtGNEnable_3=false +policyset.set1.p6.default.params.subjAltExtGNEnable_4=false +policyset.set1.p6.default.params.subjAltExtPattern_0=$request.mail$ +policyset.set1.p6.default.params.subjAltExtPattern_1= +policyset.set1.p6.default.params.subjAltExtPattern_2= +policyset.set1.p6.default.params.subjAltExtPattern_3= +policyset.set1.p6.default.params.subjAltExtPattern_4= +policyset.set1.p6.default.params.subjAltExtType_0=RFC822Name +policyset.set1.p6.default.params.subjAltExtType_1=OtherName +policyset.set1.p6.default.params.subjAltExtType_2=RFC822Name +policyset.set1.p6.default.params.subjAltExtType_3=RFC822Name +policyset.set1.p6.default.params.subjAltExtType_4=RFC822Name +policyset.set1.p6.default.params.subjAltNameExtCritical=false +policyset.set1.p6.default.params.subjAltNameNumGNs=1 +policyset.set1.p7.constraint.class_id=noConstraintImpl +policyset.set1.p7.constraint.name=No Constraint +policyset.set1.p7.default.class_id=certificatePoliciesExtDefaultImpl +policyset.set1.p7.default.name=Certificate Policies Extension Default +policyset.set1.p7.default.params.Critical=false +policyset.set1.p7.default.params.PoliciesExt.num=5 +policyset.set1.p7.default.params.PoliciesExt.certPolicy0.enable=false +policyset.set1.p7.default.params.PoliciesExt.certPolicy0.policyId= +policyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.enable=true +policyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.CPSURI.value= +policyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.enable=false +policyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.explicitText.value= +policyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers= +policyset.set1.p7.default.params.PoliciesExt.certPolicy0.PolicyQualifiers0.usernotice.noticeReference.organization= +policyset.set1.p7.default.params.PoliciesExt.certPolicy1.enable=false +policyset.set1.p7.default.params.PoliciesExt.certPolicy1.policyId= +policyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.enable=false +policyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.CPSURI.value= +policyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.enable=false +policyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.explicitText.value= +policyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers= +policyset.set1.p7.default.params.PoliciesExt.certPolicy1.PolicyQualifiers0.usernotice.noticeReference.organization= +policyset.set1.p7.default.params.PoliciesExt.certPolicy2.enable=false +policyset.set1.p7.default.params.PoliciesExt.certPolicy2.policyId= +policyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.enable=false +policyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.CPSURI.value= +policyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.enable=false +policyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.explicitText.value= +policyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers= +policyset.set1.p7.default.params.PoliciesExt.certPolicy2.PolicyQualifiers0.usernotice.noticeReference.organization= +policyset.set1.p7.default.params.PoliciesExt.certPolicy3.enable=false +policyset.set1.p7.default.params.PoliciesExt.certPolicy3.policyId= +policyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.enable=false +policyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.CPSURI.value= +policyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.enable=false +policyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.explicitText.value= +policyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers= +policyset.set1.p7.default.params.PoliciesExt.certPolicy3.PolicyQualifiers0.usernotice.noticeReference.organization= +policyset.set1.p7.default.params.PoliciesExt.certPolicy4.enable=false +policyset.set1.p7.default.params.PoliciesExt.certPolicy4.policyId= +policyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.enable=false +policyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.CPSURI.value= +policyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.enable=false +policyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.explicitText.value= +policyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.noticeNumbers= +policyset.set1.p7.default.params.PoliciesExt.certPolicy4.PolicyQualifiers0.usernotice.noticeReference.organization= +policyset.set1.p8.constraint.class_id=noConstraintImpl +policyset.set1.p8.constraint.name=No Constraint +policyset.set1.p8.default.class_id=subjectKeyIdentifierExtDefaultImpl +policyset.set1.p8.default.name=Subject Key Identifier Default +policyset.set1.p9.constraint.class_id=noConstraintImpl +policyset.set1.p9.constraint.name=No Constraint +policyset.set1.p9.default.class_id=authorityKeyIdentifierExtDefaultImpl +policyset.set1.p9.default.name=Authority Key Identifier Extension Default +policyset.set1.p12.constraint.class_id=basicConstraintsExtConstraintImpl +policyset.set1.p12.constraint.name=Basic Constraints Extension Constraint +policyset.set1.p12.constraint.params.basicConstraintsCritical=- +policyset.set1.p12.constraint.params.basicConstraintsIsCA=- +policyset.set1.p12.constraint.params.basicConstraintsMaxPathLen=-1 +policyset.set1.p12.constraint.params.basicConstraintsMinPathLen=-1 +policyset.set1.p12.default.class_id=basicConstraintsExtDefaultImpl +policyset.set1.p12.default.name=Basic Constraints Extension Default +policyset.set1.p12.default.params.basicConstraintsCritical=false +policyset.set1.p12.default.params.basicConstraintsIsCA=false +policyset.set1.p12.default.params.basicConstraintsPathLen=-1 +policyset.set1.p13.constraint.class_id=noConstraintImpl +policyset.set1.p13.constraint.name=No Constraint +policyset.set1.p13.default.class_id=crlDistributionPointsExtDefaultImpl +policyset.set1.p13.default.name=crlDistributionPointsExtDefaultImpl +policyset.set1.p13.default.params.crlDistPointsCritical=false +policyset.set1.p13.default.params.crlDistPointsNum=0 +policyset.set1.p13.default.params.crlDistPointsEnable_0=false +policyset.set1.p13.default.params.crlDistPointsIssuerName_0= +policyset.set1.p13.default.params.crlDistPointsIssuerType_0= +policyset.set1.p13.default.params.crlDistPointsPointName_0= +policyset.set1.p13.default.params.crlDistPointsPointType_0=URIName +policyset.set1.p13.default.params.crlDistPointsReasons_0= +policyset.set1.p14.constraint.class_id=noConstraintImpl +policyset.set1.p14.constraint.name=No Constraint +policyset.set1.p14.default.class_id=authInfoAccessExtDefaultImpl +policyset.set1.p14.default.name=AIA Extension Default +policyset.set1.p14.default.params.authInfoAccessADEnable_0=false +policyset.set1.p14.default.params.authInfoAccessADLocationType_0=URIName +policyset.set1.p14.default.params.authInfoAccessADLocation_0= +policyset.set1.p14.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1 +policyset.set1.p14.default.params.authInfoAccessCritical=false +policyset.set1.p14.default.params.authInfoAccessNumADs=0 diff --git a/pki/base/ca/shared/profiles/ca/caTransportCert.cfg b/pki/base/ca/shared/profiles/ca/caTransportCert.cfg new file mode 100644 index 000000000..a63e254c1 --- /dev/null +++ b/pki/base/ca/shared/profiles/ca/caTransportCert.cfg @@ -0,0 +1,80 @@ +desc=This certificate profile is for enrolling Data Recovery Manager transport certificates. +visible=true +enable=true +enableBy=admin +auth.class_id= +name=Manual Data Recovery Manager Transport Certificate Enrollment +input.list=i1,i2 +input.i1.class_id=certReqInputImpl +input.i2.class_id=submitterInfoInputImpl +output.list=o1 +output.o1.class_id=certOutputImpl +policyset.list=transportCertSet +policyset.transportCertSet.list=1,2,3,4,5,6,8 +policyset.transportCertSet.1.constraint.class_id=subjectNameConstraintImpl +policyset.transportCertSet.1.constraint.name=Subject Name Constraint +policyset.transportCertSet.1.constraint.params.pattern=CN=.* +policyset.transportCertSet.1.constraint.params.accept=true +policyset.transportCertSet.1.default.class_id=userSubjectNameDefaultImpl +policyset.transportCertSet.1.default.name=Subject Name Default +policyset.transportCertSet.1.default.params.name= +policyset.transportCertSet.2.constraint.class_id=validityConstraintImpl +policyset.transportCertSet.2.constraint.name=Validity Constraint +policyset.transportCertSet.2.constraint.params.range=720 +policyset.transportCertSet.2.constraint.params.notBeforeCheck=false +policyset.transportCertSet.2.constraint.params.notAfterCheck=false +policyset.transportCertSet.2.default.class_id=validityDefaultImpl +policyset.transportCertSet.2.default.name=Validity Default +policyset.transportCertSet.2.default.params.range=720 +policyset.transportCertSet.2.default.params.startTime=0 +policyset.transportCertSet.3.constraint.class_id=keyConstraintImpl +policyset.transportCertSet.3.constraint.name=Key Constraint +policyset.transportCertSet.3.constraint.params.keyType=- +policyset.transportCertSet.3.constraint.params.keyMinLength=256 +policyset.transportCertSet.3.constraint.params.keyMaxLength=4096 +policyset.transportCertSet.3.default.class_id=userKeyDefaultImpl +policyset.transportCertSet.3.default.name=Key Default +policyset.transportCertSet.4.constraint.class_id=noConstraintImpl +policyset.transportCertSet.4.constraint.name=No Constraint +policyset.transportCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl +policyset.transportCertSet.4.default.name=Authority Key Identifier Default +policyset.transportCertSet.5.constraint.class_id=noConstraintImpl +policyset.transportCertSet.5.constraint.name=No Constraint +policyset.transportCertSet.5.default.class_id=authInfoAccessExtDefaultImpl +policyset.transportCertSet.5.default.name=AIA Extension Default +policyset.transportCertSet.5.default.params.authInfoAccessADEnable_0=true +policyset.transportCertSet.5.default.params.authInfoAccessADLocationType_0=URIName +policyset.transportCertSet.5.default.params.authInfoAccessADLocation_0= +policyset.transportCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1 +policyset.transportCertSet.5.default.params.authInfoAccessCritical=false +policyset.transportCertSet.5.default.params.authInfoAccessNumADs=1 +policyset.transportCertSet.6.constraint.class_id=keyUsageExtConstraintImpl +policyset.transportCertSet.6.constraint.name=Key Usage Extension Constraint +policyset.transportCertSet.6.constraint.params.keyUsageCritical=true +policyset.transportCertSet.6.constraint.params.keyUsageDigitalSignature=true +policyset.transportCertSet.6.constraint.params.keyUsageNonRepudiation=true +policyset.transportCertSet.6.constraint.params.keyUsageDataEncipherment=true +policyset.transportCertSet.6.constraint.params.keyUsageKeyEncipherment=true +policyset.transportCertSet.6.constraint.params.keyUsageKeyAgreement=false +policyset.transportCertSet.6.constraint.params.keyUsageKeyCertSign=false +policyset.transportCertSet.6.constraint.params.keyUsageCrlSign=false +policyset.transportCertSet.6.constraint.params.keyUsageEncipherOnly=false +policyset.transportCertSet.6.constraint.params.keyUsageDecipherOnly=false +policyset.transportCertSet.6.default.class_id=keyUsageExtDefaultImpl +policyset.transportCertSet.6.default.name=Key Usage Default +policyset.transportCertSet.6.default.params.keyUsageCritical=true +policyset.transportCertSet.6.default.params.keyUsageDigitalSignature=true +policyset.transportCertSet.6.default.params.keyUsageNonRepudiation=true +policyset.transportCertSet.6.default.params.keyUsageDataEncipherment=true +policyset.transportCertSet.6.default.params.keyUsageKeyEncipherment=true +policyset.transportCertSet.6.default.params.keyUsageKeyAgreement=false +policyset.transportCertSet.6.default.params.keyUsageKeyCertSign=false +policyset.transportCertSet.6.default.params.keyUsageCrlSign=false +policyset.transportCertSet.6.default.params.keyUsageEncipherOnly=false +policyset.transportCertSet.6.default.params.keyUsageDecipherOnly=false +policyset.transportCertSet.8.constraint.class_id=signingAlgConstraintImpl +policyset.transportCertSet.8.constraint.name=No Constraint +policyset.transportCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC +policyset.transportCertSet.8.default.class_id=signingAlgDefaultImpl +policyset.transportCertSet.8.default.name=Signing Alg +policyset.transportCertSet.8.default.params.signingAlg=- diff --git a/pki/base/ca/shared/profiles/ca/caUserCert.cfg b/pki/base/ca/shared/profiles/ca/caUserCert.cfg new file mode 100644 index 000000000..bd5932a76 --- /dev/null +++ b/pki/base/ca/shared/profiles/ca/caUserCert.cfg @@ -0,0 +1,96 @@ +desc=This certificate profile is for enrolling user certificates. +visible=true +enable=true +enableBy=admin +name=Manual User Dual-Use Certificate Enrollment +auth.class_id= +input.list=i1,i2,i3 +input.i1.class_id=keyGenInputImpl +input.i2.class_id=subjectNameInputImpl +input.i3.class_id=submitterInfoInputImpl +output.list=o1 +output.o1.class_id=certOutputImpl +policyset.list=userCertSet +policyset.userCertSet.list=1,2,3,4,5,6,7,8,9 +policyset.userCertSet.1.constraint.class_id=subjectNameConstraintImpl +policyset.userCertSet.1.constraint.name=Subject Name Constraint +policyset.userCertSet.1.constraint.params.pattern=UID=.* +policyset.userCertSet.1.constraint.params.accept=true +policyset.userCertSet.1.default.class_id=userSubjectNameDefaultImpl +policyset.userCertSet.1.default.name=Subject Name Default +policyset.userCertSet.1.default.params.name= +policyset.userCertSet.2.constraint.class_id=validityConstraintImpl +policyset.userCertSet.2.constraint.name=Validity Constraint +policyset.userCertSet.2.constraint.params.range=365 +policyset.userCertSet.2.constraint.params.notBeforeCheck=false +policyset.userCertSet.2.constraint.params.notAfterCheck=false +policyset.userCertSet.2.default.class_id=validityDefaultImpl +policyset.userCertSet.2.default.name=Validity Default +policyset.userCertSet.2.default.params.range=180 +policyset.userCertSet.2.default.params.startTime=0 +policyset.userCertSet.3.constraint.class_id=keyConstraintImpl +policyset.userCertSet.3.constraint.name=Key Constraint +policyset.userCertSet.3.constraint.params.keyType=- +policyset.userCertSet.3.constraint.params.keyMinLength=256 +policyset.userCertSet.3.constraint.params.keyMaxLength=4096 +policyset.userCertSet.3.default.class_id=userKeyDefaultImpl +policyset.userCertSet.3.default.name=Key Default +policyset.userCertSet.4.constraint.class_id=noConstraintImpl +policyset.userCertSet.4.constraint.name=No Constraint +policyset.userCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl +policyset.userCertSet.4.default.name=Authority Key Identifier Default +policyset.userCertSet.5.constraint.class_id=noConstraintImpl +policyset.userCertSet.5.constraint.name=No Constraint +policyset.userCertSet.5.default.class_id=authInfoAccessExtDefaultImpl +policyset.userCertSet.5.default.name=AIA Extension Default +policyset.userCertSet.5.default.params.authInfoAccessADEnable_0=true +policyset.userCertSet.5.default.params.authInfoAccessADLocationType_0=URIName +policyset.userCertSet.5.default.params.authInfoAccessADLocation_0= +policyset.userCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1 +policyset.userCertSet.5.default.params.authInfoAccessCritical=false +policyset.userCertSet.5.default.params.authInfoAccessNumADs=1 +policyset.userCertSet.6.constraint.class_id=keyUsageExtConstraintImpl +policyset.userCertSet.6.constraint.name=Key Usage Extension Constraint +policyset.userCertSet.6.constraint.params.keyUsageCritical=true +policyset.userCertSet.6.constraint.params.keyUsageDigitalSignature=true +policyset.userCertSet.6.constraint.params.keyUsageNonRepudiation=true +policyset.userCertSet.6.constraint.params.keyUsageDataEncipherment=false +policyset.userCertSet.6.constraint.params.keyUsageKeyEncipherment=true +policyset.userCertSet.6.constraint.params.keyUsageKeyAgreement=false +policyset.userCertSet.6.constraint.params.keyUsageKeyCertSign=false +policyset.userCertSet.6.constraint.params.keyUsageCrlSign=false +policyset.userCertSet.6.constraint.params.keyUsageEncipherOnly=false +policyset.userCertSet.6.constraint.params.keyUsageDecipherOnly=false +policyset.userCertSet.6.default.class_id=keyUsageExtDefaultImpl +policyset.userCertSet.6.default.name=Key Usage Default +policyset.userCertSet.6.default.params.keyUsageCritical=true +policyset.userCertSet.6.default.params.keyUsageDigitalSignature=true +policyset.userCertSet.6.default.params.keyUsageNonRepudiation=true +policyset.userCertSet.6.default.params.keyUsageDataEncipherment=false +policyset.userCertSet.6.default.params.keyUsageKeyEncipherment=true +policyset.userCertSet.6.default.params.keyUsageKeyAgreement=false +policyset.userCertSet.6.default.params.keyUsageKeyCertSign=false +policyset.userCertSet.6.default.params.keyUsageCrlSign=false +policyset.userCertSet.6.default.params.keyUsageEncipherOnly=false +policyset.userCertSet.6.default.params.keyUsageDecipherOnly=false +policyset.userCertSet.7.constraint.class_id=noConstraintImpl +policyset.userCertSet.7.constraint.name=No Constraint +policyset.userCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl +policyset.userCertSet.7.default.name=Extended Key Usage Extension Default +policyset.userCertSet.7.default.params.exKeyUsageCritical=false +policyset.userCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4 +policyset.userCertSet.8.constraint.class_id=noConstraintImpl +policyset.userCertSet.8.constraint.name=No Constraint +policyset.userCertSet.8.default.class_id=subjectAltNameExtDefaultImpl +policyset.userCertSet.8.default.name=Subject Alt Name Constraint +policyset.userCertSet.8.default.params.subjAltNameExtCritical=false +policyset.userCertSet.8.default.params.subjAltExtType_0=RFC822Name +policyset.userCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$ +policyset.userCertSet.8.default.params.subjAltExtGNEnable_0=true +policyset.userCertSet.8.default.params.subjAltNameNumGNs=1 +policyset.userCertSet.9.constraint.class_id=signingAlgConstraintImpl +policyset.userCertSet.9.constraint.name=No Constraint +policyset.userCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC +policyset.userCertSet.9.default.class_id=signingAlgDefaultImpl +policyset.userCertSet.9.default.name=Signing Alg +policyset.userCertSet.9.default.params.signingAlg=- |