# The name of the file equals the name of the profile
label: I18N_OPENXPKI_UI_PROFILE_TLS_SERVER_LABEL

validity:
    notafter: +0006

style:
    00_basic_style:
        label: I18N_OPENXPKI_UI_PROFILE_BASIC_STYLE_LABEL
        description: I18N_OPENXPKI_UI_PROFILE_BASIC_STYLE_DESC
        ui:
            subject:
                - hostname
                - hostname2
                - port
            info:
                - requestor_gname
                - requestor_name
                - requestor_email
                - requestor_affiliation
                - comment

        subject:
            dn: CN=[% hostname.lower %][% IF port AND port != 443 %]:[% port %][% END %],{{ item.0.subj_suffix }}
            san:
              DNS:
                  - "[% hostname.lower %]"
                  - "[% FOREACH entry = hostname2 %][% entry.lower %] | [% END %]"

        metadata:
            requestor: "[% requestor_gname %] [% requestor_name %]"
            email: "[% requestor_email %]"
            entity: "[% hostname FILTER lower %]"


    05_advanced_style:
        label: I18N_OPENXPKI_UI_PROFILE_ADVANCED_STYLE_LABEL
        description: I18N_OPENXPKI_UI_PROFILE_ADVANCED_STYLE_DESC
        ui:
            subject:
                - cn
                - o
                - ou
                - dc
                - c
            san:
                - san_ipv4
                - san_dns
            info:
                - requestor_gname
                - requestor_name
                - requestor_email
                - requestor_affiliation
                - comment

        subject:
            dn: CN=[% CN %][% IF OU %][% FOREACH entry = OU %],OU=[% entry %][% END %][% END %][% IF O %],O=[% O %][% END %][% FOREACH entry = DC %],DC=[% entry %][% END %][% IF C %],C=[% C %][% END %]
            # no san definitions here as items from ui.san are directly written to the SAN

    enroll:
        subject:
            dn: CN=[% CN.0 %],{{ item.0.subj_suffix }}
            san:
                dns: "[% FOREACH entry = SAN_DNS %][% entry.lower %] | [% END %]"

        metadata:
            system_id: "[% data.cust_id %]"
            server_id: "[% data.server_id %]"
            entity: "[% CN.0 FILTER lower %]"

# Profile extensions - set 0/1 as needed
# Also see sections defined in default.yaml
extensions:
    key_usage:
        critical: 1
        digital_signature: 1
        non_repudiation:   0
        key_encipherment:  1
        data_encipherment: 0
        key_agreement:     1
        key_cert_sign:     0
        crl_sign:          0
        encipher_only:     0
        decipher_only:     0

    extended_key_usage:
        critical: 1
        # these are OIDs, some OIDs are known and have names
        client_auth:      0
        server_auth:      1
        email_protection: 0
        code_signing:     0
        time_stamping:    0
        ocsp_signing:     0


    # This is really outdated and should not be used unless really necessary
    netscape:
        comment:
            critical: 0
            text: This is a generic certificate. Generated with OpenXPKI trustcenter software.

        certificate_type:
            critical: 0
            ssl_client:        0
            smime_client:      0
            object_signing:    0
            ssl_client_ca:     0
            smime_client_ca:   0
            object_signing_ca: 0

        cdp:
            critical: 0
            uri: http://localhost/cacrl.crt
            ca_uri: http://localhost/cacrl.crt
     # end of netscape section

# end of extensions

# Define the input fields you used below here
#template: