summaryrefslogtreecommitdiffstats
path: root/pki/base/ca/shared/profiles/ca/caDualCert.cfg
blob: e85cbe00273f499a22aafe8b19c3ca0905fe8568 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168

desc=This certificate profile is for enrolling dual user certificates. It works only with Netscape 7.0 or later.
visible=true
enable=true
enableBy=admin
name=Manual User Signing & Encryption Certificates Enrollment
auth.class_id=
input.list=i1,i2,i3
input.i1.class_id=dualKeyGenInputImpl
input.i2.class_id=subjectNameInputImpl
input.i3.class_id=submitterInfoInputImpl
output.list=o1
output.o1.class_id=certOutputImpl
policyset.list=encryptionCertSet,signingCertSet
policyset.encryptionCertSet.list=1,2,3,4,5,6,7,8,9
policyset.encryptionCertSet.1.constraint.class_id=subjectNameConstraintImpl
policyset.encryptionCertSet.1.constraint.name=Subject Name Constraint
policyset.encryptionCertSet.1.constraint.params.pattern=UID=.*
policyset.encryptionCertSet.1.constraint.params.accept=true
policyset.encryptionCertSet.1.default.class_id=userSubjectNameDefaultImpl
policyset.encryptionCertSet.1.default.name=Subject Name Default
policyset.encryptionCertSet.1.default.params.name=
policyset.encryptionCertSet.2.constraint.class_id=validityConstraintImpl
policyset.encryptionCertSet.2.constraint.name=Validity Constraint
policyset.encryptionCertSet.2.constraint.params.range=365
policyset.encryptionCertSet.2.constraint.params.notBeforeCheck=false
policyset.encryptionCertSet.2.constraint.params.notAfterCheck=false
policyset.encryptionCertSet.2.default.class_id=validityDefaultImpl
policyset.encryptionCertSet.2.default.name=Validity Default
policyset.encryptionCertSet.2.default.params.range=180
policyset.encryptionCertSet.2.default.params.startTime=0
policyset.encryptionCertSet.3.constraint.class_id=keyConstraintImpl
policyset.encryptionCertSet.3.constraint.name=Key Constraint
policyset.encryptionCertSet.3.constraint.params.keyType=RSA
policyset.encryptionCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096
policyset.encryptionCertSet.3.default.class_id=userKeyDefaultImpl
policyset.encryptionCertSet.3.default.name=Key Default
policyset.encryptionCertSet.4.constraint.class_id=noConstraintImpl
policyset.encryptionCertSet.4.constraint.name=No Constraint
policyset.encryptionCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl
policyset.encryptionCertSet.4.default.name=Authority Key Identifier Default
policyset.encryptionCertSet.5.constraint.class_id=noConstraintImpl
policyset.encryptionCertSet.5.constraint.name=No Constraint
policyset.encryptionCertSet.5.default.class_id=authInfoAccessExtDefaultImpl
policyset.encryptionCertSet.5.default.name=AIA Extension Default
policyset.encryptionCertSet.5.default.params.authInfoAccessADEnable_0=true
policyset.encryptionCertSet.5.default.params.authInfoAccessADLocationType_0=URIName
policyset.encryptionCertSet.5.default.params.authInfoAccessADLocation_0=
policyset.encryptionCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1
policyset.encryptionCertSet.5.default.params.authInfoAccessCritical=false
policyset.encryptionCertSet.5.default.params.authInfoAccessNumADs=1
policyset.encryptionCertSet.6.constraint.class_id=keyUsageExtConstraintImpl
policyset.encryptionCertSet.6.constraint.name=Key Usage Extension Constraint
policyset.encryptionCertSet.6.constraint.params.keyUsageCritical=true
policyset.encryptionCertSet.6.constraint.params.keyUsageDigitalSignature=false
policyset.encryptionCertSet.6.constraint.params.keyUsageNonRepudiation=false
policyset.encryptionCertSet.6.constraint.params.keyUsageDataEncipherment=false
policyset.encryptionCertSet.6.constraint.params.keyUsageKeyEncipherment=true
policyset.encryptionCertSet.6.constraint.params.keyUsageKeyAgreement=false
policyset.encryptionCertSet.6.constraint.params.keyUsageKeyCertSign=false
policyset.encryptionCertSet.6.constraint.params.keyUsageCrlSign=false
policyset.encryptionCertSet.6.constraint.params.keyUsageEncipherOnly=false
policyset.encryptionCertSet.6.constraint.params.keyUsageDecipherOnly=false
policyset.encryptionCertSet.6.default.class_id=keyUsageExtDefaultImpl
policyset.encryptionCertSet.6.default.name=Key Usage Default
policyset.encryptionCertSet.6.default.params.keyUsageCritical=true
policyset.encryptionCertSet.6.default.params.keyUsageDigitalSignature=false
policyset.encryptionCertSet.6.default.params.keyUsageNonRepudiation=false
policyset.encryptionCertSet.6.default.params.keyUsageDataEncipherment=false
policyset.encryptionCertSet.6.default.params.keyUsageKeyEncipherment=true
policyset.encryptionCertSet.6.default.params.keyUsageKeyAgreement=false
policyset.encryptionCertSet.6.default.params.keyUsageKeyCertSign=false
policyset.encryptionCertSet.6.default.params.keyUsageCrlSign=false
policyset.encryptionCertSet.6.default.params.keyUsageEncipherOnly=false
policyset.encryptionCertSet.6.default.params.keyUsageDecipherOnly=false
policyset.encryptionCertSet.7.constraint.class_id=noConstraintImpl
policyset.encryptionCertSet.7.constraint.name=No Constraint
policyset.encryptionCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl
policyset.encryptionCertSet.7.default.name=Extended Key Usage Extension Default
policyset.encryptionCertSet.7.default.params.exKeyUsageCritical=false
policyset.encryptionCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4
policyset.encryptionCertSet.8.constraint.class_id=noConstraintImpl
policyset.encryptionCertSet.8.constraint.name=No Constraint
policyset.encryptionCertSet.8.default.class_id=subjectAltNameExtDefaultImpl
policyset.encryptionCertSet.8.default.name=Subject Alt Name Constraint
policyset.encryptionCertSet.8.default.params.subjAltNameExtCritical=false
policyset.encryptionCertSet.8.default.params.subjAltExtType_0=RFC822Name
policyset.encryptionCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$
policyset.encryptionCertSet.8.default.params.subjAltExtGNEnable_0=true
policyset.encryptionCertSet.8.default.params.subjAltNameNumGNs=1
policyset.encryptionCertSet.9.constraint.class_id=signingAlgConstraintImpl
policyset.encryptionCertSet.9.constraint.name=No Constraint
policyset.encryptionCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC
policyset.encryptionCertSet.9.default.class_id=signingAlgDefaultImpl
policyset.encryptionCertSet.9.default.name=Signing Alg
policyset.encryptionCertSet.9.default.params.signingAlg=-
policyset.signingCertSet.list=1,2,3,4,6,7,8,9
policyset.signingCertSet.1.constraint.class_id=subjectNameConstraintImpl
policyset.signingCertSet.1.constraint.name=Subject Name Constraint
policyset.signingCertSet.1.constraint.params.pattern=UID=.*
policyset.signingCertSet.1.constraint.params.accept=true
policyset.signingCertSet.1.default.class_id=userSubjectNameDefaultImpl
policyset.signingCertSet.1.default.name=Subject Name Default
policyset.signingCertSet.1.default.params.name=
policyset.signingCertSet.2.constraint.class_id=validityConstraintImpl
policyset.signingCertSet.2.constraint.name=Validity Constraint
policyset.signingCertSet.2.constraint.params.range=365
policyset.signingCertSet.2.constraint.params.notBeforeCheck=false
policyset.signingCertSet.2.constraint.params.notAfterCheck=false
policyset.signingCertSet.2.default.class_id=validityDefaultImpl
policyset.signingCertSet.2.default.name=Validity Default
policyset.signingCertSet.2.default.params.range=180
policyset.signingCertSet.2.default.params.startTime=60
policyset.signingCertSet.3.constraint.class_id=keyConstraintImpl
policyset.signingCertSet.3.constraint.name=Key Constraint
policyset.signingCertSet.3.constraint.params.keyType=RSA
policyset.signingCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096
policyset.signingCertSet.3.default.class_id=userKeyDefaultImpl
policyset.signingCertSet.3.default.name=Key Default
policyset.signingCertSet.4.constraint.class_id=noConstraintImpl
policyset.signingCertSet.4.constraint.name=No Constraint
policyset.signingCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl
policyset.signingCertSet.4.default.name=Authority Key Identifier Default
policyset.signingCertSet.6.constraint.class_id=keyUsageExtConstraintImpl
policyset.signingCertSet.6.constraint.name=Key Usage Extension Constraint
policyset.signingCertSet.6.constraint.params.keyUsageCritical=true
policyset.signingCertSet.6.constraint.params.keyUsageDigitalSignature=true
policyset.signingCertSet.6.constraint.params.keyUsageNonRepudiation=true
policyset.signingCertSet.6.constraint.params.keyUsageDataEncipherment=false
policyset.signingCertSet.6.constraint.params.keyUsageKeyEncipherment=false
policyset.signingCertSet.6.constraint.params.keyUsageKeyAgreement=false
policyset.signingCertSet.6.constraint.params.keyUsageKeyCertSign=false
policyset.signingCertSet.6.constraint.params.keyUsageCrlSign=false
policyset.signingCertSet.6.constraint.params.keyUsageEncipherOnly=false
policyset.signingCertSet.6.constraint.params.keyUsageDecipherOnly=false
policyset.signingCertSet.6.default.class_id=keyUsageExtDefaultImpl
policyset.signingCertSet.6.default.name=Key Usage Default
policyset.signingCertSet.6.default.params.keyUsageCritical=true
policyset.signingCertSet.6.default.params.keyUsageDigitalSignature=true
policyset.signingCertSet.6.default.params.keyUsageNonRepudiation=true
policyset.signingCertSet.6.default.params.keyUsageDataEncipherment=false
policyset.signingCertSet.6.default.params.keyUsageKeyEncipherment=false
policyset.signingCertSet.6.default.params.keyUsageKeyAgreement=false
policyset.signingCertSet.6.default.params.keyUsageKeyCertSign=false
policyset.signingCertSet.6.default.params.keyUsageCrlSign=false
policyset.signingCertSet.6.default.params.keyUsageEncipherOnly=false
policyset.signingCertSet.6.default.params.keyUsageDecipherOnly=false
policyset.signingCertSet.7.constraint.class_id=noConstraintImpl
policyset.signingCertSet.7.constraint.name=No Constraint
policyset.signingCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl
policyset.signingCertSet.7.default.name=Extended Key Usage Extension Default
policyset.signingCertSet.7.default.params.exKeyUsageCritical=false
policyset.signingCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4
policyset.signingCertSet.8.constraint.class_id=noConstraintImpl
policyset.signingCertSet.8.constraint.name=No Constraint
policyset.signingCertSet.8.default.class_id=subjectAltNameExtDefaultImpl
policyset.signingCertSet.8.default.name=Subject Alt Name Constraint
policyset.signingCertSet.8.default.params.subjAltNameExtCritical=false
policyset.signingCertSet.8.default.params.subjAltExtType_0=RFC822Name
policyset.signingCertSet.8.default.params.subjAltExtPattern_0=$request.requestor_email$
policyset.signingCertSet.8.default.params.subjAltExtGNEnable_0=true
policyset.signingCertSet.8.default.params.subjAltNameNumGNs=1
policyset.signingCertSet.9.constraint.class_id=signingAlgConstraintImpl
policyset.signingCertSet.9.constraint.name=No Constraint
policyset.signingCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC
policyset.signingCertSet.9.default.class_id=signingAlgDefaultImpl
policyset.signingCertSet.9.default.name=Signing Alg
policyset.signingCertSet.9.default.params.signingAlg=-
policyset.signingCertSet.9.default.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC
generated by cgit (git 2.34.1) at 2024-04-24 02:25:12 +0000