Difference between revisions of "Server Certificate Profile"

From Dogtag
Jump to: navigation, search
m
m (Replaced content with "This page has been moved to https://github.com/dogtagpki/pki/wiki/Server-Certificate-Profile.")
 
Line 1: Line 1:
= Overview =
+
This page has been moved to https://github.com/dogtagpki/pki/wiki/Server-Certificate-Profile.
 
 
<pre>
 
policyset.list=serverCertSet
 
policyset.serverCertSet.list=1,2,3,4,5,6,7,8,12
 
</pre>
 
 
 
= Subject Name Constraint and Default =
 
 
 
<pre>
 
policyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl
 
policyset.serverCertSet.1.constraint.name=Subject Name Constraint
 
policyset.serverCertSet.1.constraint.params.pattern=.*CN=.*
 
policyset.serverCertSet.1.constraint.params.accept=true
 
policyset.serverCertSet.1.default.class_id=userSubjectNameDefaultImpl
 
policyset.serverCertSet.1.default.name=Subject Name Default
 
policyset.serverCertSet.1.default.params.name=
 
</pre>
 
 
 
= Validity Constraint and Default =
 
 
 
<pre>
 
policyset.serverCertSet.2.constraint.class_id=validityConstraintImpl
 
policyset.serverCertSet.2.constraint.name=Validity Constraint
 
policyset.serverCertSet.2.constraint.params.range=720
 
policyset.serverCertSet.2.constraint.params.notBeforeCheck=false
 
policyset.serverCertSet.2.constraint.params.notAfterCheck=false
 
policyset.serverCertSet.2.default.class_id=validityDefaultImpl
 
policyset.serverCertSet.2.default.name=Validity Default
 
policyset.serverCertSet.2.default.params.range=720
 
policyset.serverCertSet.2.default.params.startTime=0
 
</pre>
 
 
 
= Key Constraint and Default =
 
 
 
<pre>
 
policyset.serverCertSet.3.constraint.class_id=keyConstraintImpl
 
policyset.serverCertSet.3.constraint.name=Key Constraint
 
policyset.serverCertSet.3.constraint.params.keyType=RSA
 
policyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096
 
policyset.serverCertSet.3.default.class_id=userKeyDefaultImpl
 
policyset.serverCertSet.3.default.name=Key Default
 
</pre>
 
 
 
= Authority Key Identifier Default =
 
 
 
<pre>
 
policyset.serverCertSet.4.constraint.class_id=noConstraintImpl
 
policyset.serverCertSet.4.constraint.name=No Constraint
 
policyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl
 
policyset.serverCertSet.4.default.name=Authority Key Identifier Default
 
</pre>
 
 
 
= AIA Extension Default =
 
 
 
<pre>
 
policyset.serverCertSet.5.constraint.class_id=noConstraintImpl
 
policyset.serverCertSet.5.constraint.name=No Constraint
 
policyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl
 
policyset.serverCertSet.5.default.name=AIA Extension Default
 
policyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true
 
policyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName
 
policyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=
 
policyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1
 
policyset.serverCertSet.5.default.params.authInfoAccessCritical=false
 
policyset.serverCertSet.5.default.params.authInfoAccessNumADs=1
 
</pre>
 
 
 
= Key Usage Extension Constraint and Default =
 
 
 
<pre>
 
policyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl
 
policyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint
 
policyset.serverCertSet.6.constraint.params.keyUsageCritical=true
 
policyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true
 
policyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=false
 
policyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true
 
policyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true
 
policyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false
 
policyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false
 
policyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false
 
policyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false
 
policyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false
 
policyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl
 
policyset.serverCertSet.6.default.name=Key Usage Default
 
policyset.serverCertSet.6.default.params.keyUsageCritical=true
 
policyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true
 
policyset.serverCertSet.6.default.params.keyUsageNonRepudiation=false
 
policyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true
 
policyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true
 
policyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false
 
policyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false
 
policyset.serverCertSet.6.default.params.keyUsageCrlSign=false
 
policyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false
 
policyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false
 
</pre>
 
 
 
= Extended Key Usage Extension Default =
 
<pre>
 
policyset.serverCertSet.7.constraint.class_id=noConstraintImpl
 
policyset.serverCertSet.7.constraint.name=No Constraint
 
policyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl
 
policyset.serverCertSet.7.default.name=Extended Key Usage Extension Default
 
policyset.serverCertSet.7.default.params.exKeyUsageCritical=false
 
policyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2
 
</pre>
 
 
 
= Signing Algorithm Default =
 
 
 
<pre>
 
policyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl
 
policyset.serverCertSet.8.constraint.name=No Constraint
 
policyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC
 
policyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl
 
policyset.serverCertSet.8.default.name=Signing Alg
 
policyset.serverCertSet.8.default.params.signingAlg=-
 
</pre>
 
 
 
= Copy Common Name to Subject Alternative Name Extension =
 
 
 
<pre>
 
policyset.serverCertSet.12.constraint.class_id=noConstraintImpl
 
policyset.serverCertSet.12.constraint.name=No Constraint
 
policyset.serverCertSet.12.default.class_id=commonNameToSANDefaultImpl
 
policyset.serverCertSet.12.default.name=Copy Common Name to Subject Alternative Name Extension
 
</pre>
 
 
 
= See Also =
 
 
 
* [https://github.com/dogtagpki/pki/wiki/Certificate-Profile-Constraints Certificate Profile Constraints]
 

Latest revision as of 03:00, 4 August 2022

This page has been moved to https://github.com/dogtagpki/pki/wiki/Server-Certificate-Profile.