Skip to content
GitLab
Explore
Sign in
Register
Commits on Source
150
a5fbfe8e
added tests for few bugzillas, tps-config, tps-activity CLIs and added .ide directory to .gitignore
Aug 15, 2018
121017d3
added CI jobs for tps-config, tps-activity and ca-bugzillas
Aug 15, 2018
e469e669
added BZ-1465103 automation and CI job
Aug 15, 2018
f28ab22c
removed references from Requirement doc string
Aug 16, 2018
25f3f07b
Removed redundant ConfigurationResponse.status
Aug 18, 2018
2671e91a
Refactored SystemConfigService.finalizeConfiguration() (part 1)
Aug 18, 2018
fa7f1440
Refactored SystemConfigService.finalizeConfiguration() (part 2)
Aug 18, 2018
86af43d8
Refactored SystemConfigService.setupDatabaseUser()
Aug 18, 2018
4d2034b3
Refactored SystemConfigService.setupSecurityDomain()
Aug 18, 2018
e841dc9e
Merge pull request #30 from ssidhaye/add-downstream-tests-to-upstream
Aug 19, 2018
2758de12
Added ca auth plugins job.
Aug 20, 2018
b307ed3c
Added pytest-ansible automation of pki securitydomain cli.
Aug 20, 2018
02abea43
Modified docstrings in the test_securitydomain.py file.
Aug 20, 2018
d7960b0f
Added job for securitydomain in .gitlab-ci.yml file.
Aug 20, 2018
d7976407
Added template in .gitlab-ci.yml file.
Aug 20, 2018
916d9bb8
Removed redundant ConfigurationUtils.loginToken()
Aug 20, 2018
3eb5e9e4
Merge pull request #27 from amolkahat/securitydomain
Aug 20, 2018
f7851b52
Merge pull request #29 from amolkahat/minor_canges
Aug 20, 2018
f8c9566b
Fixed admin cert encoding for external KRA/OCSP installation
Aug 20, 2018
13dfbee7
Added automation of pki pkcs12 CLI
Aug 21, 2018
38565440
Coverity "important" fixes for pki-core.
Aug 20, 2018
c1c2ff7a
Merge pull request #31 from amolkahat/pkcs12
Aug 21, 2018
a367a974
fix ldap create - use dscreate cli new python implementation instead of setup-ds.pl
Aug 21, 2018
274af0c7
Merge pull request #32 from bhavikbhavsar/fix_ldap_create
Aug 21, 2018
970bdb56
Fixed admin cert format in configuration response
Aug 21, 2018
3e39237a
Updated pki.nssdb to support multiple CSR delimiters types
Aug 22, 2018
de81164a
Removed default CSR paths
Aug 22, 2018
c1d00aae
Added support installing KRA/OCSP with existing CSRs
Aug 22, 2018
247a75f7
Fixed installation summary
Aug 23, 2018
3b4896a9
Added pexpect python module for pytest-ansible
Aug 27, 2018
2b006edb
Merge pull request #34 from bhavikbhavsar/banner-fix-01
Aug 27, 2018
477b5ef8
Fixed pki client-cert-import to accept PKCS #7 CA cert chain
Aug 27, 2018
4cb83960
Fixed NSSDatabase.add_cert()
Aug 27, 2018
ff41ed71
Added docs for installation with custom keys
Aug 27, 2018
2a989e0c
Fixed links in KRA and OCSP docs
Aug 27, 2018
5bb91c78
Renamed CA, KRA, OCSP docs
Aug 28, 2018
d6dc95b4
Changed installation config file.
Aug 28, 2018
af626954
server.postinst: Server migration has been moved to the systemd unit/initfile, drop it from here.
Aug 28, 2018
3af26a54
Fixed import_system_cert()
Aug 29, 2018
d10cb176
Added inline comments for clarity
Aug 29, 2018
a12dea71
Cleaned up log messages
Aug 29, 2018
8972b2a3
push downstream common library changes to updatream
Aug 29, 2018
a72c2bdf
Merge pull request #38 from ssidhaye/role-user-creation-changes
Aug 29, 2018
5d20a86f
Fixed the space in the token-label (#35)
Aug 29, 2018
6f7c0a53
Removed unused imports
Aug 29, 2018
ae857117
Removed unused private variables
Aug 29, 2018
60de49b1
Added pki-server ca, kra, ocsp cli jobs.
Aug 30, 2018
b8d6c6ce
Added pytest-ansible automation of following CLI:
Aug 30, 2018
15c341f3
Added pki-server cli automation Job.
Aug 30, 2018
b29fbe0b
Fixed pipeline failures in the .gitlab-ci.yml file.
Aug 30, 2018
f58f41ae
Added NSSDB variable in the constants file.
Aug 30, 2018
26d1a430
Minor changes in the CA role user creation.
Aug 30, 2018
16cba4b3
Changed value of NSSDB in the constants.py files.
Aug 30, 2018
b9318340
Merge pull request #36 from amolkahat/minor_changes
Aug 30, 2018
4bb725f4
Fixed the space in the token-label - Part 2 (#39)
Aug 30, 2018
288e9a4c
Renamed server NSS database parameters
Sep 04, 2018
0fc0ec4a
Moved server installation docs
Sep 04, 2018
58fca340
Merge pull request #33 from amolkahat/pki_server
Sep 05, 2018
c6f75cfc
Updated default key length in pki client-cert-request
Sep 05, 2018
a6d38628
Refactored PKCS10Client (part 1)
Sep 05, 2018
afda5498
Refactored PKCS10Client (part 2)
Sep 05, 2018
533a7878
Refactored JssSubsystem.getKeyPair()
Sep 05, 2018
b2fbf0d0
Refactored JssSubsystem.getECCKeyPair()
Sep 05, 2018
e1515dd0
Cleaned up CryptoUtil.generateRSAKeyPair()
Sep 05, 2018
4c203c47
Cleaned up CryptoUtil.generateECCKeyPair()
Sep 05, 2018
261222b3
ticket #2879 audit events for CA acting as TLS client
Sep 06, 2018
67bb08b6
Ticket2960 add SHA384 ciphers and cleanup profiles
Sep 06, 2018
30f0f07d
Fixed password generation in pkispawn
Sep 07, 2018
1ed4f712
Cleaned up log messages
Sep 07, 2018
8cbf8f74
Ticket3027 Disable TLS_RSA_* ciphers for HSM in FIPS mode
Sep 07, 2018
2f958743
Remove unnecessary casts
Sep 08, 2018
8472e3de
Added basic installation docs
Sep 10, 2018
95b1694e
Updated docs on installation with custom keys
Sep 10, 2018
fe1cca9b
Removing ipa-docker-test-runner tool and custom docker images (#45)
Sep 10, 2018
00348e53
Refactored SystemConfigService.backupKeys()
Sep 11, 2018
61839da5
Removed unused ConfigurationRequest.backupKeys
Sep 11, 2018
f7a036de
Removed SystemConfigService.getCertList()
Sep 11, 2018
329e340b
Fixed password handling in pki-server CLI
Sep 11, 2018
878cb08f
Reorganizing CI script for nightly (#47)
Sep 11, 2018
8b357e59
Added docs on installation with external certificates
Sep 11, 2018
d738cc6a
Refactored SystemConfigService.configureAdministrator() (part 1)
Sep 13, 2018
09581eea
Refactored SystemConfigService.configureAdministrator() (part 2)
Sep 13, 2018
17f0d4e2
Added SystemConfigService.configureCerts()
Sep 13, 2018
ef1fe72a
Ticket 2865 X500Name.directoryStringEncodingOrder overridden by CSR encoding
Sep 14, 2018
107a7cdb
Updated exception messages in DBSSession
Sep 18, 2018
3b012605
Merged SystemConfigService.handleCerts()
Sep 18, 2018
a6ad5514
Added SystemConfigService.authenticateRequest()
Sep 18, 2018
8fbb6d4e
Cleaned up password.conf creation
Sep 18, 2018
a418e088
Refactored generate_csr()
Sep 19, 2018
a8c55fde
Added token name fallback mechanism
Sep 19, 2018
17677ae4
Updated default token name
Sep 19, 2018
3a16e90f
Updated installation log messages
Sep 19, 2018
f3f16ca3
Fixed token name fallback for sslserver cert
Sep 19, 2018
fd985ade
Fixed examples in installation docs
Sep 18, 2018
3ccfeea1
Added docs on installation with HSM
Sep 18, 2018
adbeb1cb
Merge pull request #48 from mharmsen99/ticket-2865
Sep 19, 2018
d79a93b3
Updated installation loggers
Sep 20, 2018
9b402ff3
Refactored configuration.py
Sep 20, 2018
9f52807a
Removed references to Log4j
Sep 21, 2018
6e7567a9
Refactored serial number range parameters
Sep 21, 2018
50 additional commits have been omitted to prevent performance issues.
Show whitespace changes
Inline
Side-by-side
.gitignore
View file @
88d2d85d
...
...
@@ -6,3 +6,4 @@ MANIFEST
*.pyc
__pycache__
.pytest_cache/
.idea/
.travis.yml
View file @
88d2d85d
...
...
@@ -11,7 +11,7 @@ jobs:
# F27 Image
-
env
:
-
TASK="PKI Test on F27"
-
IMAGE=f27_106_46
-
BASE_IMAGE_VERSION=27
before_install
:
-
set -a && source travis/global_variables
-
echo -e $gerrit_ssh_key >> ~/.ssh/id_rsa && chmod 600 ~/.ssh/id_rsa
...
...
@@ -19,6 +19,7 @@ jobs:
-
travis/post-test-started.sh
install
:
-
travis/builder-init.sh
-
docker exec -i ${CONTAINER} ${SCRIPTDIR}/pki-init.sh
-
docker exec -i ${CONTAINER} ${SCRIPTDIR}/pki-build.sh
-
docker exec -i ${CONTAINER} ${SCRIPTDIR}/pki-install.sh
script
:
...
...
@@ -43,17 +44,24 @@ jobs:
-
env
:
-
TASK="IPA Test on F27"
-
IMAGE=f27_106_46
-
BASE_IMAGE_VERSION=27
before_install
:
-
set -a && source travis/global_variables
-
echo -e $gerrit_ssh_key >> ~/.ssh/id_rsa && chmod 600 ~/.ssh/id_rsa
-
touch ${LOGS}
install
:
# Setup the required build environment
-
travis/builder-init.sh
# Initialize PKI build env
-
docker exec -i ${CONTAINER} ${SCRIPTDIR}/pki-init.sh
# Trigger build process
-
docker exec -i ${CONTAINER} ${SCRIPTDIR}/pki-build.sh --with-pkgs=base,server,ca,kra
-
travis/ipa-init.sh
# Initialize IPA test environment
-
docker exec -i ${CONTAINER} ${SCRIPTDIR}/ipa-init.sh
# Install recently build Dogtag RPMS
-
docker exec -i ${CONTAINER} ${SCRIPTDIR}/pki-install.sh
script
:
-
travis_wait 20 travis
/ipa-test.sh
-
docker exec -i ${CONTAINER} ${SCRIPTDIR}
/ipa-test.sh
after_failure
:
-
travis/post-test-failed.sh
after_script
:
...
...
@@ -64,13 +72,14 @@ jobs:
# F28 image
-
env
:
-
TASK="PKI Test on F28"
-
IMAGE=f28_106_46
-
BASE_IMAGE_VERSION=28
before_install
:
-
set -a && source travis/global_variables
-
echo -e $gerrit_ssh_key >> ~/.ssh/id_rsa && chmod 600 ~/.ssh/id_rsa
-
touch ${LOGS}
install
:
-
travis/builder-init.sh
-
docker exec -i ${CONTAINER} ${SCRIPTDIR}/pki-init.sh
-
docker exec -i ${CONTAINER} ${SCRIPTDIR}/pki-build.sh
-
docker exec -i ${CONTAINER} ${SCRIPTDIR}/pki-install.sh
script
:
...
...
@@ -93,6 +102,33 @@ jobs:
-
docker kill ${CONTAINER}
-
docker rm ${CONTAINER}
-
env
:
-
TASK="IPA Test on F28"
-
BASE_IMAGE_VERSION=28
before_install
:
-
set -a && source travis/global_variables
-
echo -e $gerrit_ssh_key >> ~/.ssh/id_rsa && chmod 600 ~/.ssh/id_rsa
-
touch ${LOGS}
install
:
# Setup the required build environment
-
travis/builder-init.sh
# Initialize PKI build env
-
docker exec -i ${CONTAINER} ${SCRIPTDIR}/pki-init.sh
# Trigger build process
-
docker exec -i ${CONTAINER} ${SCRIPTDIR}/pki-build.sh --with-pkgs=base,server,ca,kra
# Initialize IPA test environment
-
docker exec -i ${CONTAINER} ${SCRIPTDIR}/ipa-init.sh
# Install recently build Dogtag RPMS
-
docker exec -i ${CONTAINER} ${SCRIPTDIR}/pki-install.sh
script
:
-
docker exec -i ${CONTAINER} ${SCRIPTDIR}/ipa-test.sh
after_failure
:
-
travis/post-test-failed.sh
after_script
:
-
cat ${LOGS}
-
docker kill ${CONTAINER}
-
docker rm ${CONTAINER}
-
stage
:
Verification Label
before_install
:
-
echo -e $gerrit_ssh_key >> ~/.ssh/id_rsa && chmod 600 ~/.ssh/id_rsa
...
...
base/ca/shared/conf/CS.cfg
View file @
88d2d85d
...
...
@@ -666,7 +666,7 @@ ca.notification.requestInQ.senderEmail=
ca.ocsp_signing.cacertnickname
=
ocspSigningCert cert-[PKI_INSTANCE_NAME]
ca.ocsp_signing.defaultSigningAlgorithm
=
SHA256withRSA
ca.ocsp_signing.tokenname
=
internal
ca.profiles.defaultSigningAlgsAllowed
=
SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withEC,SHA512withEC
ca.profiles.defaultSigningAlgsAllowed
=
SHA256withRSA,
SHA384withRSA,
SHA512withRSA,SHA256withEC,SHA384withEC,SHA512withEC
ca.publish.createOwnDNEntry
=
false
ca.publish.queue.enable
=
true
ca.publish.queue.maxNumberOfThreads
=
3
...
...
@@ -776,22 +776,22 @@ http.port=[PKI_UNSECURE_PORT]
dbs.enableSerialManagement
=
[PKI_ENABLE_RANDOM_SERIAL_NUMBERS]
dbs.enableRandomSerialNumbers
=
[PKI_ENABLE_RANDOM_SERIAL_NUMBERS]
dbs.randomSerialNumberCounter
=
0
dbs.beginRequestNumber
=
[pki_request_number_range_start]
dbs.endRequestNumber
=
[pki_request_number_range_end]
dbs.beginRequestNumber
=
1
dbs.endRequestNumber
=
10000000
dbs.requestIncrement
=
10000000
dbs.requestLowWaterMark
=
2000000
dbs.requestCloneTransferNumber
=
10000
dbs.requestDN
=
ou=ca, ou=requests
dbs.requestRangeDN
=
ou=requests, ou=ranges
dbs.beginSerialNumber
=
[pki_serial_number_range_start]
dbs.endSerialNumber
=
[pki_serial_number_range_end]
dbs.beginSerialNumber
=
1
dbs.endSerialNumber
=
10000000
dbs.serialIncrement
=
10000000
dbs.serialLowWaterMark
=
2000000
dbs.serialCloneTransferNumber
=
10000
dbs.serialDN
=
ou=certificateRepository, ou=ca
dbs.serialRangeDN
=
ou=certificateRepository, ou=ranges
dbs.beginReplicaNumber
=
[pki_replica_number_range_start]
dbs.endReplicaNumber
=
[pki_replica_number_range_end]
dbs.beginReplicaNumber
=
1
dbs.endReplicaNumber
=
100
dbs.replicaIncrement
=
100
dbs.replicaLowWaterMark
=
20
dbs.replicaCloneTransferNumber
=
5
...
...
@@ -905,11 +905,11 @@ log.instance.SignedAudit._001=## Signed Audit Logging
log.instance.SignedAudit._002
=
##
log.instance.SignedAudit._003=##
log.instance.SignedAudit._004
=
## Available Audit events:
log.instance.SignedAudit._005=## AUDIT_LOG_STARTUP,AUDIT_LOG_SHUTDOWN,ROLE_ASSUME,CONFIG_CERT_POLICY,CONFIG_CERT_PROFILE,CONFIG_CRL_PROFILE,CONFIG_OCSP_PROFILE,CONFIG_AUTH,CONFIG_ROLE,CONFIG_ACL,CONFIG_SIGNED_AUDIT,CONFIG_ENCRYPTION,CONFIG_TRUSTED_PUBLIC_KEY,CONFIG_DRM,SELFTESTS_EXECUTION,AUDIT_LOG_DELETE,LOG_PATH_CHANGE,LOG_EXPIRATION_CHANGE,PRIVATE_KEY_ARCHIVE_REQUEST,PRIVATE_KEY_ARCHIVE_REQUEST_PROCESSED,PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS,PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE,KEY_RECOVERY_REQUEST,KEY_RECOVERY_REQUEST_ASYNC,KEY_RECOVERY_AGENT_LOGIN,KEY_RECOVERY_REQUEST_PROCESSED,KEY_RECOVERY_REQUEST_PROCESSED_ASYNC,KEY_GEN_ASYMMETRIC,CERT_SIGNING_INFO,OCSP_SIGNING_INFO,CRL_SIGNING_INFO,NON_PROFILE_CERT_REQUEST,PROFILE_CERT_REQUEST,CERT_REQUEST_PROCESSED,CERT_STATUS_CHANGE_REQUEST,CERT_STATUS_CHANGE_REQUEST_PROCESSED,AUTHZ,INTER_BOUNDARY,AUTH,CERT_PROFILE_APPROVAL,PROOF_OF_POSSESSION,CMC_PROOF_OF_IDENTIFICATION,CMC_ID_POP_LINK_WITNESS,SCHEDULE_CRL_GENERATION,DELTA_CRL_GENERATION,DELTA_CRL_PUBLISHING,FULL_CRL_GENERATION,FULL_CRL_PUBLISHING,CRL_RETRIEVAL,CRL_VALIDATION,CMC_SIGNED_REQUEST_SIG_VERIFY,CMC_USER_SIGNED_REQUEST_SIG_VERIFY,CMC_REQUEST_RECEIVED,CMC_RESPONSE_SENT,SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_FAILURE,SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_SUCCESS,SERVER_SIDE_KEYGEN_REQUEST,COMPUTE_SESSION_KEY_REQUEST,COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS, COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE,DIVERSIFY_KEY_REQUEST,DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS, DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE,ENCRYPT_DATA_REQUEST,ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS,ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE,OCSP_GENERATION,COMPUTE_RANDOM_DATA_REQUEST,COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_SUCCESS,COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_FAILURE,CIMC_CERT_VERIFICATION,SECURITY_DOMAIN_UPDATE,CONFIG_SERIAL_NUMBER,AUTHORITY_CONFIG,ACCESS_SESSION_ESTABLISH,ACCESS_SESSION_TERMINATED,SECURITY_DATA_ARCHIVAL_REQUEST,RANDOM_GENERATION
log.instance.SignedAudit._005=## AUDIT_LOG_STARTUP,AUDIT_LOG_SHUTDOWN,ROLE_ASSUME,CONFIG_CERT_POLICY,CONFIG_CERT_PROFILE,CONFIG_CRL_PROFILE,CONFIG_OCSP_PROFILE,CONFIG_AUTH,CONFIG_ROLE,CONFIG_ACL,CONFIG_SIGNED_AUDIT,CONFIG_ENCRYPTION,CONFIG_TRUSTED_PUBLIC_KEY,CONFIG_DRM,SELFTESTS_EXECUTION,AUDIT_LOG_DELETE,LOG_PATH_CHANGE,LOG_EXPIRATION_CHANGE,PRIVATE_KEY_ARCHIVE_REQUEST,PRIVATE_KEY_ARCHIVE_REQUEST_PROCESSED,PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS,PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE,KEY_RECOVERY_REQUEST,KEY_RECOVERY_REQUEST_ASYNC,KEY_RECOVERY_AGENT_LOGIN,KEY_RECOVERY_REQUEST_PROCESSED,KEY_RECOVERY_REQUEST_PROCESSED_ASYNC,KEY_GEN_ASYMMETRIC,CERT_SIGNING_INFO,OCSP_SIGNING_INFO,CRL_SIGNING_INFO,NON_PROFILE_CERT_REQUEST,PROFILE_CERT_REQUEST,CERT_REQUEST_PROCESSED,CERT_STATUS_CHANGE_REQUEST,CERT_STATUS_CHANGE_REQUEST_PROCESSED,AUTHZ,INTER_BOUNDARY,AUTH,CERT_PROFILE_APPROVAL,PROOF_OF_POSSESSION,CMC_PROOF_OF_IDENTIFICATION,CMC_ID_POP_LINK_WITNESS,SCHEDULE_CRL_GENERATION,DELTA_CRL_GENERATION,DELTA_CRL_PUBLISHING,FULL_CRL_GENERATION,FULL_CRL_PUBLISHING,CRL_RETRIEVAL,CRL_VALIDATION,CMC_SIGNED_REQUEST_SIG_VERIFY,CMC_USER_SIGNED_REQUEST_SIG_VERIFY,CMC_REQUEST_RECEIVED,CMC_RESPONSE_SENT,SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_FAILURE,SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_SUCCESS,SERVER_SIDE_KEYGEN_REQUEST,COMPUTE_SESSION_KEY_REQUEST,COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS, COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE,DIVERSIFY_KEY_REQUEST,DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS, DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE,ENCRYPT_DATA_REQUEST,ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS,ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE,OCSP_GENERATION,COMPUTE_RANDOM_DATA_REQUEST,COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_SUCCESS,COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_FAILURE,CIMC_CERT_VERIFICATION,SECURITY_DOMAIN_UPDATE,CONFIG_SERIAL_NUMBER,AUTHORITY_CONFIG,ACCESS_SESSION_ESTABLISH,ACCESS_SESSION_TERMINATED,
CLIENT_ACCESS_SESSION_ESTABLISH,CLIENT_ACCESS_SESSION_TERMINATED,
SECURITY_DATA_ARCHIVAL_REQUEST,RANDOM_GENERATION
log.instance.SignedAudit._006
=
##
log.instance.SignedAudit.bufferSize=512
log.instance.SignedAudit.enable
=
true
log.instance.SignedAudit.events
=
ACCESS_SESSION_ESTABLISH,ACCESS_SESSION_TERMINATED,AUTH,AUTHZ,CERT_REQUEST_PROCESSED,CERT_SIGNING_INFO,CMC_SIGNED_REQUEST_SIG_VERIFY,CMC_USER_SIGNED_REQUEST_SIG_VERIFY,CMC_REQUEST_RECEIVED,CMC_RESPONSE_SENT,CONFIG_AUTH,CONFIG_CERT_PROFILE,CONFIG_ENCRYPTION,CONFIG_ROLE,CONFIG_SERIAL_NUMBER,CONFIG_SIGNED_AUDIT,CONFIG_TRUSTED_PUBLIC_KEY,CRL_SIGNING_INFO,DELTA_CRL_GENERATION,FULL_CRL_GENERATION,LOG_PATH_CHANGE,OCSP_GENERATION,OCSP_SIGNING_INFO,PROFILE_CERT_REQUEST,PROOF_OF_POSSESSION,RANDOM_GENERATION,ROLE_ASSUME,SECURITY_DOMAIN_UPDATE,SELFTESTS_EXECUTION,CERT_STATUS_CHANGE_REQUEST_PROCESSED,CERT_PROFILE_APPROVAL,CONFIG_CRL_PROFILE,CONFIG_OCSP_PROFILE,CONFIG_ACL,CONFIG_DRM,AUTHORITY_CONFIG
log.instance.SignedAudit.events
=
CLIENT_ACCESS_SESSION_ESTABLISH,CLIENT_ACCESS_SESSION_TERMINATED,
ACCESS_SESSION_ESTABLISH,ACCESS_SESSION_TERMINATED,AUTH,AUTHZ,CERT_REQUEST_PROCESSED,CERT_SIGNING_INFO,CMC_SIGNED_REQUEST_SIG_VERIFY,CMC_USER_SIGNED_REQUEST_SIG_VERIFY,CMC_REQUEST_RECEIVED,CMC_RESPONSE_SENT,CONFIG_AUTH,CONFIG_CERT_PROFILE,CONFIG_ENCRYPTION,CONFIG_ROLE,CONFIG_SERIAL_NUMBER,CONFIG_SIGNED_AUDIT,CONFIG_TRUSTED_PUBLIC_KEY,CRL_SIGNING_INFO,DELTA_CRL_GENERATION,FULL_CRL_GENERATION,LOG_PATH_CHANGE,OCSP_GENERATION,OCSP_SIGNING_INFO,PROFILE_CERT_REQUEST,PROOF_OF_POSSESSION,RANDOM_GENERATION,ROLE_ASSUME,SECURITY_DOMAIN_UPDATE,SELFTESTS_EXECUTION,CERT_STATUS_CHANGE_REQUEST_PROCESSED,CERT_PROFILE_APPROVAL,CONFIG_CRL_PROFILE,CONFIG_OCSP_PROFILE,CONFIG_ACL,CONFIG_DRM,AUTHORITY_CONFIG
log.instance.SignedAudit.filters.CMC_SIGNED_REQUEST_SIG_VERIFY
=
(Outcome=Failure)
log.instance.SignedAudit.filters.CMC_USER_SIGNED_REQUEST_SIG_VERIFY
=
(Outcome=Failure)
log.instance.SignedAudit.filters.DELTA_CRL_GENERATION
=
(Outcome=Failure)
...
...
base/ca/shared/conf/eccAdminCert.profile
View file @
88d2d85d
...
...
@@ -26,7 +26,7 @@ list=2,4,5,6,7
6.
default
.
params
.
keyUsageCritical
=
true
6.
default
.
params
.
keyUsageDigitalSignature
=
true
6.
default
.
params
.
keyUsageNonRepudiation
=
true
6.
default
.
params
.
keyUsageDataEncipherment
=
tru
e
6.
default
.
params
.
keyUsageDataEncipherment
=
fals
e
6.
default
.
params
.
keyUsageKeyEncipherment
=
false
6.
default
.
params
.
keyUsageKeyAgreement
=
true
6.
default
.
params
.
keyUsageKeyCertSign
=
false
...
...
base/ca/shared/conf/eccServerCert.profile
View file @
88d2d85d
...
...
@@ -6,7 +6,7 @@ name=All Purpose SSL server cert with ECC keys Profile
description
=
This
profile
creates
an
SSL
server
certificate
with
ECC
keys
that
is
valid
for
SSL
servers
profileIDMapping
=
caECServerCert
profileSetIDMapping
=
serverCertSet
list
=
2
,
4
,
5
,
6
,
7
list
=
2
,
4
,
5
,
6
,
7
,
8
2.
default
.
class
=
com
.
netscape
.
cms
.
profile
.
def
.
ValidityDefault
2.
default
.
name
=
Validity
Default
2.
default
.
params
.
range
=
720
...
...
@@ -37,3 +37,5 @@ list=2,4,5,6,7
7.
default
.
name
=
Extended
Key
Usage
Extension
Default
7.
default
.
params
.
exKeyUsageCritical
=
false
7.
default
.
params
.
exKeyUsageOIDs
=
1.3.6.1.5.5.7.3.1
8.
default
.
class
=
com
.
netscape
.
cms
.
profile
.
def
.
CommonNameToSANDefault
8.
default
.
name
=
copy
CN
to
SAN
Default
base/ca/shared/conf/rsaAdminCert.profile
View file @
88d2d85d
...
...
@@ -26,7 +26,7 @@ list=2,4,5,6,7
6.
default
.
params
.
keyUsageCritical
=
true
6.
default
.
params
.
keyUsageDigitalSignature
=
true
6.
default
.
params
.
keyUsageNonRepudiation
=
true
6.
default
.
params
.
keyUsageDataEncipherment
=
tru
e
6.
default
.
params
.
keyUsageDataEncipherment
=
fals
e
6.
default
.
params
.
keyUsageKeyEncipherment
=
true
6.
default
.
params
.
keyUsageKeyAgreement
=
false
6.
default
.
params
.
keyUsageKeyCertSign
=
false
...
...
base/ca/shared/profiles/ca/AdminCert.cfg
View file @
88d2d85d
...
...
@@ -53,7 +53,7 @@ policyset.adminCertSet.6.constraint.name=Key Usage Extension Constraint
policyset.adminCertSet.6.constraint.params.keyUsageCritical
=
true
policyset.adminCertSet.6.constraint.params.keyUsageDigitalSignature
=
true
policyset.adminCertSet.6.constraint.params.keyUsageNonRepudiation
=
true
policyset.adminCertSet.6.constraint.params.keyUsageDataEncipherment
=
tru
e
policyset.adminCertSet.6.constraint.params.keyUsageDataEncipherment
=
fals
e
policyset.adminCertSet.6.constraint.params.keyUsageKeyEncipherment
=
true
policyset.adminCertSet.6.constraint.params.keyUsageKeyAgreement
=
false
policyset.adminCertSet.6.constraint.params.keyUsageKeyCertSign
=
false
...
...
@@ -65,7 +65,7 @@ policyset.adminCertSet.6.default.name=Key Usage Default
policyset.adminCertSet.6.default.params.keyUsageCritical
=
true
policyset.adminCertSet.6.default.params.keyUsageDigitalSignature
=
true
policyset.adminCertSet.6.default.params.keyUsageNonRepudiation
=
true
policyset.adminCertSet.6.default.params.keyUsageDataEncipherment
=
tru
e
policyset.adminCertSet.6.default.params.keyUsageDataEncipherment
=
fals
e
policyset.adminCertSet.6.default.params.keyUsageKeyEncipherment
=
true
policyset.adminCertSet.6.default.params.keyUsageKeyAgreement
=
false
policyset.adminCertSet.6.default.params.keyUsageKeyCertSign
=
false
...
...
@@ -80,7 +80,7 @@ policyset.adminCertSet.7.default.params.exKeyUsageCritical=false
policyset.adminCertSet.7.default.params.exKeyUsageOIDs
=
1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4
policyset.adminCertSet.8.constraint.class_id
=
signingAlgConstraintImpl
policyset.adminCertSet.8.constraint.name
=
No Constraint
policyset.adminCertSet.8.constraint.params.signingAlgsAllowed
=
SHA1withRSA,SHA256withRSA,SHA512withRSA,
MD5withRSA,MD2withRSA,
SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC
policyset.adminCertSet.8.constraint.params.signingAlgsAllowed
=
SHA1withRSA,SHA256withRSA,SHA512withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC
policyset.adminCertSet.8.default.class_id
=
signingAlgDefaultImpl
policyset.adminCertSet.8.default.name
=
Signing Alg
policyset.adminCertSet.8.default.params.signingAlg
=
-
base/ca/shared/profiles/ca/ECAdminCert.cfg
View file @
88d2d85d
...
...
@@ -53,7 +53,7 @@ policyset.adminCertSet.6.constraint.name=Key Usage Extension Constraint
policyset.adminCertSet.6.constraint.params.keyUsageCritical
=
true
policyset.adminCertSet.6.constraint.params.keyUsageDigitalSignature
=
true
policyset.adminCertSet.6.constraint.params.keyUsageNonRepudiation
=
true
policyset.adminCertSet.6.constraint.params.keyUsageDataEncipherment
=
tru
e
policyset.adminCertSet.6.constraint.params.keyUsageDataEncipherment
=
fals
e
policyset.adminCertSet.6.constraint.params.keyUsageKeyEncipherment
=
false
policyset.adminCertSet.6.constraint.params.keyUsageKeyAgreement
=
true
policyset.adminCertSet.6.constraint.params.keyUsageKeyCertSign
=
false
...
...
@@ -65,7 +65,7 @@ policyset.adminCertSet.6.default.name=Key Usage Default
policyset.adminCertSet.6.default.params.keyUsageCritical
=
true
policyset.adminCertSet.6.default.params.keyUsageDigitalSignature
=
true
policyset.adminCertSet.6.default.params.keyUsageNonRepudiation
=
true
policyset.adminCertSet.6.default.params.keyUsageDataEncipherment
=
tru
e
policyset.adminCertSet.6.default.params.keyUsageDataEncipherment
=
fals
e
policyset.adminCertSet.6.default.params.keyUsageKeyEncipherment
=
false
policyset.adminCertSet.6.default.params.keyUsageKeyAgreement
=
true
policyset.adminCertSet.6.default.params.keyUsageKeyCertSign
=
false
...
...
base/ca/shared/profiles/ca/caAdminCert.cfg
View file @
88d2d85d
...
...
@@ -54,7 +54,7 @@ policyset.adminCertSet.6.constraint.name=Key Usage Extension Constraint
policyset.adminCertSet.6.constraint.params.keyUsageCritical
=
true
policyset.adminCertSet.6.constraint.params.keyUsageDigitalSignature
=
true
policyset.adminCertSet.6.constraint.params.keyUsageNonRepudiation
=
true
policyset.adminCertSet.6.constraint.params.keyUsageDataEncipherment
=
tru
e
policyset.adminCertSet.6.constraint.params.keyUsageDataEncipherment
=
fals
e
policyset.adminCertSet.6.constraint.params.keyUsageKeyEncipherment
=
true
policyset.adminCertSet.6.constraint.params.keyUsageKeyAgreement
=
false
policyset.adminCertSet.6.constraint.params.keyUsageKeyCertSign
=
false
...
...
@@ -66,7 +66,7 @@ policyset.adminCertSet.6.default.name=Key Usage Default
policyset.adminCertSet.6.default.params.keyUsageCritical
=
true
policyset.adminCertSet.6.default.params.keyUsageDigitalSignature
=
true
policyset.adminCertSet.6.default.params.keyUsageNonRepudiation
=
true
policyset.adminCertSet.6.default.params.keyUsageDataEncipherment
=
tru
e
policyset.adminCertSet.6.default.params.keyUsageDataEncipherment
=
fals
e
policyset.adminCertSet.6.default.params.keyUsageKeyEncipherment
=
true
policyset.adminCertSet.6.default.params.keyUsageKeyAgreement
=
false
policyset.adminCertSet.6.default.params.keyUsageKeyCertSign
=
false
...
...
base/ca/shared/profiles/ca/caAgentFileSigning.cfg
View file @
88d2d85d
...
...
@@ -80,7 +80,7 @@ policyset.serverCertSet.7.default.params.exKeyUsageCritical=false
policyset.serverCertSet.7.default.params.exKeyUsageOIDs
=
1.3.6.1.5.5.7.3.3
policyset.serverCertSet.8.constraint.class_id
=
signingAlgConstraintImpl
policyset.serverCertSet.8.constraint.name
=
No Constraint
policyset.serverCertSet.8.constraint.params.signingAlgsAllowed
=
SHA1withRSA,SHA256withRSA,SHA512withRSA,
MD5withRSA,MD2withRSA,
SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC
policyset.serverCertSet.8.constraint.params.signingAlgsAllowed
=
SHA1withRSA,SHA256withRSA,SHA512withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC
policyset.serverCertSet.8.default.class_id
=
signingAlgDefaultImpl
policyset.serverCertSet.8.default.name
=
Signing Alg
policyset.serverCertSet.8.default.params.signingAlg
=
-
base/ca/shared/profiles/ca/caCMCECUserCert.cfg
View file @
88d2d85d
...
...
@@ -52,7 +52,7 @@ policyset.cmcUserCertSet.6.constraint.name=Key Usage Extension Constraint
policyset.cmcUserCertSet.6.constraint.params.keyUsageCritical
=
true
policyset.cmcUserCertSet.6.constraint.params.keyUsageDigitalSignature
=
true
policyset.cmcUserCertSet.6.constraint.params.keyUsageNonRepudiation
=
true
policyset.cmcUserCertSet.6.constraint.params.keyUsageDataEncipherment
=
tru
e
policyset.cmcUserCertSet.6.constraint.params.keyUsageDataEncipherment
=
fals
e
policyset.cmcUserCertSet.6.constraint.params.keyUsageKeyEncipherment
=
false
policyset.cmcUserCertSet.6.constraint.params.keyUsageKeyAgreement
=
true
policyset.cmcUserCertSet.6.constraint.params.keyUsageKeyCertSign
=
false
...
...
@@ -64,7 +64,7 @@ policyset.cmcUserCertSet.6.default.name=Key Usage Default
policyset.cmcUserCertSet.6.default.params.keyUsageCritical
=
true
policyset.cmcUserCertSet.6.default.params.keyUsageDigitalSignature
=
true
policyset.cmcUserCertSet.6.default.params.keyUsageNonRepudiation
=
true
policyset.cmcUserCertSet.6.default.params.keyUsageDataEncipherment
=
tru
e
policyset.cmcUserCertSet.6.default.params.keyUsageDataEncipherment
=
fals
e
policyset.cmcUserCertSet.6.default.params.keyUsageKeyEncipherment
=
false
policyset.cmcUserCertSet.6.default.params.keyUsageKeyAgreement
=
true
policyset.cmcUserCertSet.6.default.params.keyUsageKeyCertSign
=
false
...
...
base/ca/shared/profiles/ca/caCMCECserverCert.cfg
View file @
88d2d85d
...
...
@@ -76,7 +76,7 @@ policyset.serverCertSet.7.constraint.name=No Constraint
policyset.serverCertSet.7.default.class_id
=
extendedKeyUsageExtDefaultImpl
policyset.serverCertSet.7.default.name
=
Extended Key Usage Extension Default
policyset.serverCertSet.7.default.params.exKeyUsageCritical
=
false
policyset.serverCertSet.7.default.params.exKeyUsageOIDs
=
1.3.6.1.5.5.7.3.1
,1.3.6.1.5.5.7.3.2
policyset.serverCertSet.7.default.params.exKeyUsageOIDs
=
1.3.6.1.5.5.7.3.1
policyset.serverCertSet.8.constraint.class_id
=
signingAlgConstraintImpl
policyset.serverCertSet.8.constraint.name
=
No Constraint
policyset.serverCertSet.8.constraint.params.signingAlgsAllowed
=
SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC
...
...
base/ca/shared/profiles/ca/caCMCUserCert.cfg
View file @
88d2d85d
desc
=
This certificate profile is for enrolling user certificates by using the CMC certificate request with CMC Signature authentication.
visible
=
tru
e
visible
=
fals
e
enable
=
true
enableBy
=
admin
auth.instance_id
=
CMCAuth
...
...
@@ -52,7 +52,7 @@ policyset.cmcUserCertSet.6.constraint.name=Key Usage Extension Constraint
policyset.cmcUserCertSet.6.constraint.params.keyUsageCritical
=
true
policyset.cmcUserCertSet.6.constraint.params.keyUsageDigitalSignature
=
true
policyset.cmcUserCertSet.6.constraint.params.keyUsageNonRepudiation
=
true
policyset.cmcUserCertSet.6.constraint.params.keyUsageDataEncipherment
=
tru
e
policyset.cmcUserCertSet.6.constraint.params.keyUsageDataEncipherment
=
fals
e
policyset.cmcUserCertSet.6.constraint.params.keyUsageKeyEncipherment
=
true
policyset.cmcUserCertSet.6.constraint.params.keyUsageKeyAgreement
=
false
policyset.cmcUserCertSet.6.constraint.params.keyUsageKeyCertSign
=
false
...
...
@@ -64,7 +64,7 @@ policyset.cmcUserCertSet.6.default.name=Key Usage Default
policyset.cmcUserCertSet.6.default.params.keyUsageCritical
=
true
policyset.cmcUserCertSet.6.default.params.keyUsageDigitalSignature
=
true
policyset.cmcUserCertSet.6.default.params.keyUsageNonRepudiation
=
true
policyset.cmcUserCertSet.6.default.params.keyUsageDataEncipherment
=
tru
e
policyset.cmcUserCertSet.6.default.params.keyUsageDataEncipherment
=
fals
e
policyset.cmcUserCertSet.6.default.params.keyUsageKeyEncipherment
=
true
policyset.cmcUserCertSet.6.default.params.keyUsageKeyAgreement
=
false
policyset.cmcUserCertSet.6.default.params.keyUsageKeyCertSign
=
false
...
...
base/ca/shared/profiles/ca/caCMCkraStorageCert.cfg
View file @
88d2d85d
...
...
@@ -10,7 +10,7 @@ input.i1.class_id=cmcCertReqInputImpl
output.list
=
o1
output.o1.class_id
=
certOutputImpl
policyset.list
=
drmStorageCertSet
policyset.drmStorageCertSet.list
=
1,2,3,4,5,6,
7,
9
policyset.drmStorageCertSet.list
=
1,2,3,4,5,6,9
policyset.drmStorageCertSet.1.constraint.class_id
=
subjectNameConstraintImpl
policyset.drmStorageCertSet.1.constraint.name
=
Subject Name Constraint
policyset.drmStorageCertSet.1.constraint.params.pattern
=
CN=.*
...
...
@@ -71,12 +71,6 @@ policyset.drmStorageCertSet.6.default.params.keyUsageKeyCertSign=false
policyset.drmStorageCertSet.6.default.params.keyUsageCrlSign
=
false
policyset.drmStorageCertSet.6.default.params.keyUsageEncipherOnly
=
false
policyset.drmStorageCertSet.6.default.params.keyUsageDecipherOnly
=
false
policyset.drmStorageCertSet.7.constraint.class_id
=
noConstraintImpl
policyset.drmStorageCertSet.7.constraint.name
=
No Constraint
policyset.drmStorageCertSet.7.default.class_id
=
extendedKeyUsageExtDefaultImpl
policyset.drmStorageCertSet.7.default.name
=
Extended Key Usage Extension Default
policyset.drmStorageCertSet.7.default.params.exKeyUsageCritical
=
false
policyset.drmStorageCertSet.7.default.params.exKeyUsageOIDs
=
1.3.6.1.5.5.7.3.2
policyset.drmStorageCertSet.9.constraint.class_id
=
signingAlgConstraintImpl
policyset.drmStorageCertSet.9.constraint.name
=
No Constraint
policyset.drmStorageCertSet.9.constraint.params.signingAlgsAllowed
=
SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC
...
...
base/ca/shared/profiles/ca/caCMCkraTransportCert.cfg
View file @
88d2d85d
...
...
@@ -10,7 +10,7 @@ input.i1.class_id=cmcCertReqInputImpl
output.list
=
o1
output.o1.class_id
=
certOutputImpl
policyset.list
=
transportCertSet
policyset.transportCertSet.list
=
1,2,3,4,5,6,
7,
8
policyset.transportCertSet.list
=
1,2,3,4,5,6,8
policyset.transportCertSet.1.constraint.class_id
=
subjectNameConstraintImpl
policyset.transportCertSet.1.constraint.name
=
Subject Name Constraint
policyset.transportCertSet.1.constraint.params.pattern
=
CN=.*
...
...
@@ -71,12 +71,6 @@ policyset.transportCertSet.6.default.params.keyUsageKeyCertSign=false
policyset.transportCertSet.6.default.params.keyUsageCrlSign
=
false
policyset.transportCertSet.6.default.params.keyUsageEncipherOnly
=
false
policyset.transportCertSet.6.default.params.keyUsageDecipherOnly
=
false
policyset.transportCertSet.7.constraint.class_id
=
noConstraintImpl
policyset.transportCertSet.7.constraint.name
=
No Constraint
policyset.transportCertSet.7.default.class_id
=
extendedKeyUsageExtDefaultImpl
policyset.transportCertSet.7.default.name
=
Extended Key Usage Extension Default
policyset.transportCertSet.7.default.params.exKeyUsageCritical
=
false
policyset.transportCertSet.7.default.params.exKeyUsageOIDs
=
1.3.6.1.5.5.7.3.2
policyset.transportCertSet.8.constraint.class_id
=
signingAlgConstraintImpl
policyset.transportCertSet.8.constraint.name
=
No Constraint
policyset.transportCertSet.8.constraint.params.signingAlgsAllowed
=
SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC
...
...
base/ca/shared/profiles/ca/caCMCserverCert.cfg
View file @
88d2d85d
...
...
@@ -76,7 +76,7 @@ policyset.serverCertSet.7.constraint.name=No Constraint
policyset.serverCertSet.7.default.class_id
=
extendedKeyUsageExtDefaultImpl
policyset.serverCertSet.7.default.name
=
Extended Key Usage Extension Default
policyset.serverCertSet.7.default.params.exKeyUsageCritical
=
false
policyset.serverCertSet.7.default.params.exKeyUsageOIDs
=
1.3.6.1.5.5.7.3.1
,1.3.6.1.5.5.7.3.2
policyset.serverCertSet.7.default.params.exKeyUsageOIDs
=
1.3.6.1.5.5.7.3.1
policyset.serverCertSet.8.constraint.class_id
=
signingAlgConstraintImpl
policyset.serverCertSet.8.constraint.name
=
No Constraint
policyset.serverCertSet.8.constraint.params.signingAlgsAllowed
=
SHA256withRSA,SHA512withRSA,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC
...
...
base/ca/shared/profiles/ca/caCrossSignedCACert.cfg
View file @
88d2d85d
...
...
@@ -76,7 +76,7 @@ policyset.caCertSet.8.default.name=Subject Key Identifier Extension Default
policyset.caCertSet.8.default.params.critical
=
false
policyset.caCertSet.9.constraint.class_id
=
signingAlgConstraintImpl
policyset.caCertSet.9.constraint.name
=
No Constraint
policyset.caCertSet.9.constraint.params.signingAlgsAllowed
=
SHA1withRSA,SHA256withRSA,SHA512withRSA,
MD5withRSA,MD2withRSA,
SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC
policyset.caCertSet.9.constraint.params.signingAlgsAllowed
=
SHA1withRSA,SHA256withRSA,SHA512withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC
policyset.caCertSet.9.default.class_id
=
signingAlgDefaultImpl
policyset.caCertSet.9.default.name
=
Signing Alg
policyset.caCertSet.9.default.params.signingAlg
=
-
...
...
base/ca/shared/profiles/ca/caDirBasedDualCert.cfg
View file @
88d2d85d
desc
=
This certificate profile is for enrolling dual user certificates. It works only with Netscape 7.0 or later.
visible
=
true
enable
=
tru
e
enable
=
fals
e
enableBy
=
admin
name
=
Directory-authenticated User Signing & Encryption Certificates Enrollment
auth.instance_id
=
UserDirEnrollment
...
...
@@ -89,7 +89,7 @@ policyset.encryptionCertSet.8.default.params.subjAltExtGNEnable_0=true
policyset.encryptionCertSet.8.default.params.subjAltNameNumGNs
=
1
policyset.encryptionCertSet.9.constraint.class_id
=
signingAlgConstraintImpl
policyset.encryptionCertSet.9.constraint.name
=
No Constraint
policyset.encryptionCertSet.9.constraint.params.signingAlgsAllowed
=
SHA1withRSA,SHA256withRSA,SHA384withRSA,SHA512withRSA,
MD5withRSA,MD2withRSA,
SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC
policyset.encryptionCertSet.9.constraint.params.signingAlgsAllowed
=
SHA1withRSA,SHA256withRSA,SHA384withRSA,SHA512withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC
policyset.encryptionCertSet.9.default.class_id
=
signingAlgDefaultImpl
policyset.encryptionCertSet.9.default.name
=
Signing Alg
policyset.encryptionCertSet.9.default.params.signingAlg
=
-
...
...
@@ -161,8 +161,8 @@ policyset.signingCertSet.8.default.params.subjAltExtGNEnable_0=true
policyset.signingCertSet.8.default.params.subjAltNameNumGNs
=
1
policyset.signingCertSet.9.constraint.class_id
=
signingAlgConstraintImpl
policyset.signingCertSet.9.constraint.name
=
No Constraint
policyset.signingCertSet.9.constraint.params.signingAlgsAllowed
=
SHA1withRSA,SHA256withRSA,SHA512withRSA,
MD5withRSA,MD2withRSA,
SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC
policyset.signingCertSet.9.constraint.params.signingAlgsAllowed
=
SHA1withRSA,SHA256withRSA,SHA512withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC
policyset.signingCertSet.9.default.class_id
=
signingAlgDefaultImpl
policyset.signingCertSet.9.default.name
=
Signing Alg
policyset.signingCertSet.9.default.params.signingAlg
=
-
policyset.signingCertSet.9.default.params.signingAlgsAllowed
=
SHA1withRSA,SHA256withRSA,SHA512withRSA,
MD5withRSA,MD2withRSA,
SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC
policyset.signingCertSet.9.default.params.signingAlgsAllowed
=
SHA1withRSA,SHA256withRSA,SHA512withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC
base/ca/shared/profiles/ca/caDirPinUserCert.cfg
View file @
88d2d85d
...
...
@@ -93,7 +93,7 @@ policyset.userCertSet.8.default.params.subjAltExtGNEnable_0=true
policyset.userCertSet.8.default.params.subjAltNameNumGNs
=
1
policyset.userCertSet.9.constraint.class_id
=
signingAlgConstraintImpl
policyset.userCertSet.9.constraint.name
=
No Constraint
policyset.userCertSet.9.constraint.params.signingAlgsAllowed
=
SHA1withRSA,SHA256withRSA,SHA512withRSA,
MD5withRSA,MD2withRSA,
SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC
policyset.userCertSet.9.constraint.params.signingAlgsAllowed
=
SHA1withRSA,SHA256withRSA,SHA512withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC
policyset.userCertSet.9.default.class_id
=
signingAlgDefaultImpl
policyset.userCertSet.9.default.name
=
Signing Alg
policyset.userCertSet.9.default.params.signingAlg
=
-
base/ca/shared/profiles/ca/caDirUserCert.cfg
View file @
88d2d85d
...
...
@@ -93,7 +93,7 @@ policyset.userCertSet.8.default.params.subjAltExtGNEnable_0=true
policyset.userCertSet.8.default.params.subjAltNameNumGNs
=
1
policyset.userCertSet.9.constraint.class_id
=
signingAlgConstraintImpl
policyset.userCertSet.9.constraint.name
=
No Constraint
policyset.userCertSet.9.constraint.params.signingAlgsAllowed
=
SHA1withRSA,SHA256withRSA,SHA512withRSA,
MD5withRSA,MD2withRSA,
SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC
policyset.userCertSet.9.constraint.params.signingAlgsAllowed
=
SHA1withRSA,SHA256withRSA,SHA512withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withRSA,SHA384withEC,SHA512withEC
policyset.userCertSet.9.default.class_id
=
signingAlgDefaultImpl
policyset.userCertSet.9.default.name
=
Signing Alg
policyset.userCertSet.9.default.params.signingAlg
=
-
Prev
1
2
3
4
5
…
20
Next