# # Server Certificate # id=serverCert.profile name=All Purpose SSL server cert Profile description=This profile creates an SSL server certificate that is valid for SSL servers profileIDMapping=caServerCert profileSetIDMapping=serverCertSet list=2,4,5,6,7,8 2.default.class=com.netscape.cms.profile.def.ValidityDefault 2.default.name=Validity Default 2.default.params.range=720 2.default.params.startTime=0 4.default.class=com.netscape.cms.profile.def.AuthorityKeyIdentifierExtDefault 4.default.name=Authority Key Identifier Default 5.default.class=com.netscape.cms.profile.def.AuthInfoAccessExtDefault 5.default.name=AIA Extension Default 5.default.params.authInfoAccessADEnable_0=true 5.default.params.authInfoAccessADLocationType_0=URIName 5.default.params.authInfoAccessADLocation_0= 5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1 5.default.params.authInfoAccessCritical=false 5.default.params.authInfoAccessNumADs=1 6.default.class=com.netscape.cms.profile.def.KeyUsageExtDefault 6.default.name=Key Usage Default 6.default.params.keyUsageCritical=true 6.default.params.keyUsageDigitalSignature=true 6.default.params.keyUsageNonRepudiation=true 6.default.params.keyUsageDataEncipherment=true 6.default.params.keyUsageKeyEncipherment=true 6.default.params.keyUsageKeyAgreement=false 6.default.params.keyUsageKeyCertSign=false 6.default.params.keyUsageCrlSign=false 6.default.params.keyUsageEncipherOnly=false 6.default.params.keyUsageDecipherOnly=false 7.default.class=com.netscape.cms.profile.def.ExtendedKeyUsageExtDefault 7.default.name=Extended Key Usage Extension Default 7.default.params.exKeyUsageCritical=false 7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1 # allows SAN to be specified from client side # need to: # 1. add 8 to list above # 2. change below to reflect the number of general names, and # turn each corresponding subjAltExtPattern_ to true # 8.default.params.subjAltNameNumGNs 8.default.class=com.netscape.cms.profile.def.SubjectAltNameExtDefault 8.default.name=Subject Alternative Name Extension Default 8.default.params.subjAltExtGNEnable_0=true 8.default.params.subjAltExtPattern_0=$request.req_san_pattern_0$ 8.default.params.subjAltExtType_0=DNSName 8.default.params.subjAltExtGNEnable_1=true 8.default.params.subjAltExtPattern_1=$request.req_san_pattern_1$ 8.default.params.subjAltExtType_1=DNSName 8.default.params.subjAltExtGNEnable_2=true 8.default.params.subjAltExtPattern_2=$request.req_san_pattern_2$ 8.default.params.subjAltExtType_2=DNSName 8.default.params.subjAltExtGNEnable_3=true 8.default.params.subjAltExtPattern_3=$request.req_san_pattern_3$ 8.default.params.subjAltExtType_3=DNSName 8.default.params.subjAltExtType_4=OtherName 8.default.params.subjAltExtSource_4=UUID4 8.default.params.subjAltExtPattern_4=(IA5String)1.2.3.4,$server.source$ 8.default.params.subjAltExtGNEnable_4=true 8.default.params.subjAltExtType_5=DNSName 8.default.params.subjAltExtPattern_5=myhost.example.com 8.default.params.subjAltExtGNEnable_5=true 8.default.params.subjAltNameExtCritical=false 8.default.params.subjAltNameNumGNs=6