Ansible roles
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

60 lines
1.0 KiB

renewal:
notbefore: 000014
notafter: 0
revoke_on_replace:
reason_code: keyCompromise
delay_revocation_time: +000014
workflow:
type: certificate_enroll
param:
transaction_id: transaction_id
signer_cert: signer_cert
pkcs10: pkcs10
_url_params: url_params
key_size:
rsaEncryption: 1020-4096
hash_type:
- sha1
- sha256
- sha512
authorized_signer:
rule1:
subject: CN=.+:scepclient,.*
rule2:
subject: CN=.+:pkiclient,.*
policy:
allow_man_authen: 1
allow_anon_enroll: 0
allow_man_approv: 1
allow_eligibility_recheck: 0
approval_points: 1
max_active_certs: 1
allow_expired_signer: 0
auto_revoke_existing_certs: 1
allow_replace: 1
response:
getcacert_strip_root: 1
profile:
cert_profile: {{ item.0.scep.profile }}
cert_subject_style: enroll
profile_map:
pc-client: I18N_OPENXPKI_PROFILE_USER_AUTHENTICATION
hmac: "{{ item.0.scep.hmac | default(pki_scep_hmac) }}"
challenge:
value: "{{ item.0.scep.challenge | default(pki_scep_challenge) }}"
eligible:
renewal:
value: 1