1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
|
desc=This profile is for enrolling Domain Controller Certificate
enable=true
enableBy=admin
name=Domain Controller
visible=true
auth.instance_id=AgentCertAuth
input.list=i1,i2,i3
input.i1.class_id=certReqInputImpl
input.i2.class_id=submitterInfoInputImpl
input.i3.class_id=genericInputImpl
input.i3.params.gi_display_name0=ccm
input.i3.params.gi_param_enable0=true
input.i3.params.gi_param_name0=ccm
input.i3.params.gi_display_name1=GUID
input.i3.params.gi_param_enable1=true
input.i3.params.gi_param_name1=GUID
input.i3.params.gi_num=2
output.list=o1,o2
output.o1.class_id=certOutputImpl
output.o2.class_id=pkcs7OutputImpl
policyset.list=set1
policyset.set1.list=p2,p4,p5,subj,p6,p8,p9,p12,eku,gen,crldp
policyset.set1.subj.constraint.class_id=noConstraintImpl
policyset.set1.subj.constraint.name=No Constraint
policyset.set1.subj.default.class_id=nsTokenUserKeySubjectNameDefaultImpl
policyset.set1.subj.default.name=nsTokenUserKeySubjectNameDefault
#policyset.set1.p1.default.params.dnpattern=UID=$request.uid$, E=$request.mail$, O=Token Key User
#policyset.set1.subj.default.params.dnpattern=CN=GEMSTAR,OU=Domain Controllers,DC=test,dc=local
policyset.set1.subj.default.params.dnpattern=CN=$request.ccm$
policyset.set1.subj.default.params.ldap.enable=false
policyset.set1.subj.default.params.ldap.searchName=uid
policyset.set1.subj.default.params.ldapStringAttributes=uid,mail
policyset.set1.subj.default.params.ldap.basedn=
policyset.set1.subj.default.params.ldap.maxConns=4
policyset.set1.subj.default.params.ldap.minConns=1
policyset.set1.subj.default.params.ldap.ldapconn.Version=2
policyset.set1.subj.default.params.ldap.ldapconn.host=
policyset.set1.subj.default.params.ldap.ldapconn.port=
policyset.set1.subj.default.params.ldap.ldapconn.secureConn=false
policyset.set1.p2.constraint.class_id=noConstraintImpl
policyset.set1.p2.constraint.name=No Constraint
policyset.set1.p2.default.class_id=validityDefaultImpl
policyset.set1.p2.default.name=Validity Default
policyset.set1.p2.default.params.range=1825
policyset.set1.p2.default.params.startTime=0
policyset.set1.p4.constraint.class_id=noConstraintImpl
policyset.set1.p4.constraint.name=No Constraint
policyset.set1.p4.default.class_id=signingAlgDefaultImpl
policyset.set1.p4.default.name=Signing Algorithm Default
policyset.set1.p4.default.params.signingAlg=-
policyset.set1.p5.constraint.class_id=noConstraintImpl
policyset.set1.p5.constraint.name=No Constraint
policyset.set1.p5.default.class_id=keyUsageExtDefaultImpl
policyset.set1.p5.default.name=Key Usage Extension Default
policyset.set1.p5.default.params.keyUsageCritical=true
policyset.set1.p5.default.params.keyUsageCrlSign=false
policyset.set1.p5.default.params.keyUsageDataEncipherment=false
policyset.set1.p5.default.params.keyUsageDecipherOnly=false
policyset.set1.p5.default.params.keyUsageDigitalSignature=true
policyset.set1.p5.default.params.keyUsageEncipherOnly=false
policyset.set1.p5.default.params.keyUsageKeyAgreement=false
policyset.set1.p5.default.params.keyUsageKeyCertSign=false
policyset.set1.p5.default.params.keyUsageKeyEncipherment=true
policyset.set1.p5.default.params.keyUsageNonRepudiation=false
policyset.set1.p6.constraint.class_id=noConstraintImpl
policyset.set1.p6.constraint.name=No Constraint
policyset.set1.p6.default.class_id=subjectAltNameExtDefaultImpl
policyset.set1.p6.default.name=Subject Alternative Name Extension Default
policyset.set1.p6.default.params.subjAltExtGNEnable_0=true
policyset.set1.p6.default.params.subjAltExtGNEnable_1=true
policyset.set1.p6.default.params.subjAltExtPattern_0=$request.ccm$
policyset.set1.p6.default.params.subjAltExtType_0=DNSName
policyset.set1.p6.default.params.subjAltExtPattern_1=(Any)1.3.6.1.4.1.311.25.1,0410$request.GUID$
policyset.set1.p6.default.params.subjAltExtType_1=OtherName
policyset.set1.p6.default.params.subjAltNameExtCritical=false
policyset.set1.p6.default.params.subjAltNameNumGNs=2
policyset.set1.5.constraint.class_id=noConstraintImpl
policyset.set1.5.constraint.name=No Constraint
policyset.set1.5.default.class_id=authInfoAccessExtDefaultImpl
policyset.set1.5.default.name=AIA Extension Default
policyset.set1.5.default.params.authInfoAccessADEnable_0=true
policyset.set1.5.default.params.authInfoAccessADLocationType_0=URIName
policyset.set1.5.default.params.authInfoAccessADLocation_0=http://localhost.localdomain:9180/ca/ee/ca/getCRL?crlIssuingPoint=MasterCRL&op=getCRL&crlDisplayType=cachedCRL&submit=Submit
policyset.set1.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.2
policyset.set1.5.default.params.authInfoAccessCritical=false
policyset.set1.5.default.params.authInfoAccessNumADs=1
policyset.set1.eku.constraint.class_id=noConstraintImpl
policyset.set1.eku.constraint.name=No Constraint
policyset.set1.eku.default.class_id=extendedKeyUsageExtDefaultImpl
policyset.set1.eku.default.name=Extended Key Usage Extension Default
policyset.set1.eku.default.params.exKeyUsageCritical=false
policyset.set1.eku.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2
policyset.set1.p8.constraint.class_id=noConstraintImpl
policyset.set1.p8.constraint.name=No Constraint
policyset.set1.p8.default.class_id=subjectKeyIdentifierExtDefaultImpl
policyset.set1.p8.default.name=Subject Key Identifier Default
policyset.set1.p9.constraint.class_id=noConstraintImpl
policyset.set1.p9.constraint.name=No Constraint
policyset.set1.p9.default.class_id=authorityKeyIdentifierExtDefaultImpl
policyset.set1.p9.default.name=Authority Key Identifier Extension Default
policyset.set1.p12.constraint.class_id=basicConstraintsExtConstraintImpl
policyset.set1.p12.constraint.name=Basic Constraints Extension Constraint
policyset.set1.p12.constraint.params.basicConstraintsCritical=-
policyset.set1.p12.constraint.params.basicConstraintsIsCA=-
policyset.set1.p12.constraint.params.basicConstraintsMaxPathLen=-1
policyset.set1.p12.constraint.params.basicConstraintsMinPathLen=-1
policyset.set1.p12.default.class_id=basicConstraintsExtDefaultImpl
policyset.set1.p12.default.name=Basic Constraints Extension Default
policyset.set1.p12.default.params.basicConstraintsCritical=false
policyset.set1.p12.default.params.basicConstraintsIsCA=false
policyset.set1.p12.default.params.basicConstraintsPathLen=-1
policyset.set1.crldp.constraint.class_id=noConstraintImpl
policyset.set1.crldp.constraint.name=No Constraint
policyset.set1.crldp.default.class_id=crlDistributionPointsExtDefaultImpl
policyset.set1.crldp.default.name=crlDistributionPointsExtDefaultImpl
policyset.set1.crldp.default.params.crlDistPointsCritical=false
policyset.set1.crldp.default.params.crlDistPointsNum=1
policyset.set1.crldp.default.params.crlDistPointsEnable_0=true
policyset.set1.crldp.default.params.crlDistPointsIssuerName_0=
policyset.set1.crldp.default.params.crlDistPointsIssuerType_0=
policyset.set1.crldp.default.params.crlDistPointsPointName_0=http://localhost.localdomain:9180/ca/ee/ca/getCRL?crlIssuingPoint=MasterCRL&op=getCRL&crlDisplayType=cachedCRL&submit=Submit
policyset.set1.crldp.default.params.crlDistPointsPointType_0=URIName
policyset.set1.crldp.default.params.crlDistPointsReasons_0=
policyset.set1.gen.constraint.class_id=noConstraintImpl
policyset.set1.gen.constraint.name=No Constraint
policyset.set1.gen.default.class_id=genericExtDefaultImpl
policyset.set1.gen.default.name=Generic Extension
#This is the Microsoft 'Certificate Template Name' Extensions. The Value is 'DomainController'
policyset.set1.gen.default.params.genericExtOID=1.3.6.1.4.1.311.20.2
policyset.set1.gen.default.params.genericExtData=1e200044006f006d00610069006e0043006f006e00740072006f006c006c00650072
|
