ansible-roles/roles/openxpki/templates/config.d/realm/profile/default.yaml.j2

key:
  alg:
    - rsa
    - ec
    - dsa

  enc:
    - aes256
    - _3des
    - idea

  generate: both

  rsa:
    key_length:
      - _1024
      - 2048
      - 4096

  ec:
    curve_name:
      - prime256v1
      - secp384r1
      - secp521r1

  dsa:
    key_length:
      - 2048
      - 4096

  validity:
    notafter: +01

digest: sha256
increasing_serials: 1
randomized_serial_bytes: 8

publish:
  - disk

extensions:
  copy: copy

  basic_constraints:
    critical: 1
    ca: 0

  subject_key_identifier:
    critical: 0
    hash: 1

  authority_key_identifier:
    critical: 0
    keyid:  1
    issuer: 1

  issuer_alt_name:
    critical: 0
    copy: 1

  crl_distribution_points:
    critical: 0
    uri:
      - {{ pki_base_url }}{{ (pki_base_url is search('/^')) | ternary('','/') }}pub/[% ISSUER.CN.0 %]/crl

  authority_info_access:
    critical: 0
    ca_issuers: {{ pki_base_url }}{{ (pki_base_url is search('/^')) | ternary('','/') }}pub/[% ISSUER.CN.0 %]/ca
    ocsp: {{ pki_base_url }}

  policy_identifier:
    critical: 0

  netscape:
    comment:
      critical: 0
      text: This is a generic certificate. Generated with OpenXPKI trustcenter software.
    certificate_type:
      critical: 0
      ssl_client: 0
      smime_client: 0
      object_signing: 0
      ssl_client_ca: 0
      smime_client_ca: 0
      object_signing_ca: 0

    cdp:
      critical: 0
      uri: {{ pki_base_url }}{{ (pki_base_url is search('/^')) | ternary('','/') }}pub/[% ISSUER.CN.0 %]/crl
      ca_uri: {{ pki_base_url }}{{ (pki_base_url is search('/^')) | ternary('','/') }}pub/[% ISSUER.CN.0 %]/crl
Update to 2020-04-14 5 years ago			`key:`
			`alg:`
			`- rsa`
			`- ec`
			`- dsa`

			`enc:`
			`- aes256`
			`- _3des`
			`- idea`

			`generate: both`

			`rsa:`
			`key_length:`
			`- _1024`
			`- 2048`
			`- 4096`

			`ec:`
			`curve_name:`
			`- prime256v1`
			`- secp384r1`
			`- secp521r1`

			`dsa:`
			`key_length:`
			`- 2048`
			`- 4096`

			`validity:`
			`notafter: +01`

			`digest: sha256`
			`increasing_serials: 1`
			`randomized_serial_bytes: 8`

			`publish:`
			`- disk`

			`extensions:`
			`copy: copy`

			`basic_constraints:`
			`critical: 1`
			`ca: 0`

			`subject_key_identifier:`
			`critical: 0`
			`hash: 1`

			`authority_key_identifier:`
			`critical: 0`
			`keyid: 1`
			`issuer: 1`

			`issuer_alt_name:`
			`critical: 0`
			`copy: 1`

			`crl_distribution_points:`
			`critical: 0`
			`uri:`
			`- {{ pki_base_url }}{{ (pki_base_url is search('/^')) \| ternary('','/') }}pub/[% ISSUER.CN.0 %]/crl`

			`authority_info_access:`
			`critical: 0`
			`ca_issuers: {{ pki_base_url }}{{ (pki_base_url is search('/^')) \| ternary('','/') }}pub/[% ISSUER.CN.0 %]/ca`
			`ocsp: {{ pki_base_url }}`

			`policy_identifier:`
			`critical: 0`

			`netscape:`
			`comment:`
			`critical: 0`
			`text: This is a generic certificate. Generated with OpenXPKI trustcenter software.`
			`certificate_type:`
			`critical: 0`
			`ssl_client: 0`
			`smime_client: 0`
			`object_signing: 0`
			`ssl_client_ca: 0`
			`smime_client_ca: 0`
			`object_signing_ca: 0`

			`cdp:`
			`critical: 0`
			`uri: {{ pki_base_url }}{{ (pki_base_url is search('/^')) \| ternary('','/') }}pub/[% ISSUER.CN.0 %]/crl`
			`ca_uri: {{ pki_base_url }}{{ (pki_base_url is search('/^')) \| ternary('','/') }}pub/[% ISSUER.CN.0 %]/crl`