You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
60 lines
1.0 KiB
60 lines
1.0 KiB
renewal:
|
|
notbefore: 000014
|
|
notafter: 0
|
|
|
|
revoke_on_replace:
|
|
reason_code: keyCompromise
|
|
delay_revocation_time: +000014
|
|
|
|
|
|
workflow:
|
|
type: certificate_enroll
|
|
param:
|
|
transaction_id: transaction_id
|
|
signer_cert: signer_cert
|
|
pkcs10: pkcs10
|
|
_url_params: url_params
|
|
|
|
key_size:
|
|
rsaEncryption: 1020-4096
|
|
|
|
hash_type:
|
|
- sha1
|
|
- sha256
|
|
- sha512
|
|
|
|
authorized_signer:
|
|
rule1:
|
|
subject: CN=.+:scepclient,.*
|
|
rule2:
|
|
subject: CN=.+:pkiclient,.*
|
|
|
|
policy:
|
|
allow_man_authen: 1
|
|
allow_anon_enroll: 0
|
|
allow_man_approv: 1
|
|
allow_eligibility_recheck: 0
|
|
approval_points: 1
|
|
max_active_certs: 1
|
|
allow_expired_signer: 0
|
|
auto_revoke_existing_certs: 1
|
|
allow_replace: 1
|
|
|
|
response:
|
|
getcacert_strip_root: 1
|
|
|
|
profile:
|
|
cert_profile: {{ item.0.scep.profile }}
|
|
cert_subject_style: enroll
|
|
|
|
profile_map:
|
|
pc-client: I18N_OPENXPKI_PROFILE_USER_AUTHENTICATION
|
|
|
|
hmac: "{{ item.0.scep.hmac | default(pki_scep_hmac) }}"
|
|
|
|
challenge:
|
|
value: "{{ item.0.scep.challenge | default(pki_scep_challenge) }}"
|
|
|
|
eligible:
|
|
renewal:
|
|
value: 1
|
|
|