diff options
author | Remigiusz Janeczek <remigiusz.janeczek@nokia.com> | 2020-09-08 13:00:50 +0200 |
---|---|---|
committer | Remigiusz Janeczek <remigiusz.janeczek@nokia.com> | 2020-09-15 10:39:22 +0200 |
commit | ed6e62100249bf099ec8b90a8ad147532b40372b (patch) | |
tree | 20d17e40c15a5112f9ffdf3dfbf68bf338f6cf19 /kubernetes/contrib/components/ejbca/resources/certprofile_CUSTOM_ENDUSER-1834889499.xml | |
parent | 860e4d4c5f71a9bc9f70b7e1127f6a89ef209034 (diff) |
[CONTRIB] Adjust EJBCA to issue certificates usable by servers.
Add configuration to EJBCA that allows to create keystores with
extendedKeyUsage containing serverAuth.
Issue-ID: AAF-1121
Signed-off-by: Remigiusz Janeczek <remigiusz.janeczek@nokia.com>
Change-Id: I6fc1d228acb4edc089be11d66186cfb5006e9ad1
Diffstat (limited to 'kubernetes/contrib/components/ejbca/resources/certprofile_CUSTOM_ENDUSER-1834889499.xml')
-rw-r--r-- | kubernetes/contrib/components/ejbca/resources/certprofile_CUSTOM_ENDUSER-1834889499.xml | 595 |
1 files changed, 595 insertions, 0 deletions
diff --git a/kubernetes/contrib/components/ejbca/resources/certprofile_CUSTOM_ENDUSER-1834889499.xml b/kubernetes/contrib/components/ejbca/resources/certprofile_CUSTOM_ENDUSER-1834889499.xml new file mode 100644 index 0000000000..e163aed82a --- /dev/null +++ b/kubernetes/contrib/components/ejbca/resources/certprofile_CUSTOM_ENDUSER-1834889499.xml @@ -0,0 +1,595 @@ +<?xml version="1.0" encoding="UTF-8"?> +<java version="1.8.0_242" class="java.beans.XMLDecoder"> + <object class="java.util.LinkedHashMap"> + <void method="put"> + <string>version</string> + <float>46.0</float> + </void> + <void method="put"> + <string>type</string> + <int>1</int> + </void> + <void method="put"> + <string>certversion</string> + <string>X509v3</string> + </void> + <void method="put"> + <string>encodedvalidity</string> + <string>2y</string> + </void> + <void method="put"> + <string>usecertificatevalidityoffset</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>certificatevalidityoffset</string> + <string>-10m</string> + </void> + <void method="put"> + <string>useexpirationrestrictionforweekdays</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>expirationrestrictionforweekdaysbefore</string> + <boolean>true</boolean> + </void> + <void method="put"> + <string>expirationrestrictionweekdays</string> + <object class="java.util.ArrayList"> + <void method="add"> + <boolean>true</boolean> + </void> + <void method="add"> + <boolean>true</boolean> + </void> + <void method="add"> + <boolean>false</boolean> + </void> + <void method="add"> + <boolean>false</boolean> + </void> + <void method="add"> + <boolean>false</boolean> + </void> + <void method="add"> + <boolean>true</boolean> + </void> + <void method="add"> + <boolean>true</boolean> + </void> + </object> + </void> + <void method="put"> + <string>allowvalidityoverride</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>allowextensionoverride</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>allowdnoverride</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>allowdnoverridebyeei</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>allowbackdatedrevokation</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>usecertificatestorage</string> + <boolean>true</boolean> + </void> + <void method="put"> + <string>storecertificatedata</string> + <boolean>true</boolean> + </void> + <void method="put"> + <string>storesubjectaltname</string> + <boolean>true</boolean> + </void> + <void method="put"> + <string>usebasicconstrants</string> + <boolean>true</boolean> + </void> + <void method="put"> + <string>basicconstraintscritical</string> + <boolean>true</boolean> + </void> + <void method="put"> + <string>usesubjectkeyidentifier</string> + <boolean>true</boolean> + </void> + <void method="put"> + <string>subjectkeyidentifiercritical</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>useauthoritykeyidentifier</string> + <boolean>true</boolean> + </void> + <void method="put"> + <string>authoritykeyidentifiercritical</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>usesubjectalternativename</string> + <boolean>true</boolean> + </void> + <void method="put"> + <string>subjectalternativenamecritical</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>useissueralternativename</string> + <boolean>true</boolean> + </void> + <void method="put"> + <string>issueralternativenamecritical</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>usecrldistributionpoint</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>usedefaultcrldistributionpoint</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>crldistributionpointcritical</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>crldistributionpointuri</string> + <string></string> + </void> + <void method="put"> + <string>usefreshestcrl</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>usecadefinedfreshestcrl</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>freshestcrluri</string> + <string></string> + </void> + <void method="put"> + <string>crlissuer</string> + <string></string> + </void> + <void method="put"> + <string>usecertificatepolicies</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>certificatepoliciescritical</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>certificatepolicies</string> + <object class="java.util.ArrayList"/> + </void> + <void method="put"> + <string>availablekeyalgorithms</string> + <object class="java.util.ArrayList"> + <void method="add"> + <string>DSA</string> + </void> + <void method="add"> + <string>ECDSA</string> + </void> + <void method="add"> + <string>RSA</string> + </void> + </object> + </void> + <void method="put"> + <string>availableeccurves</string> + <object class="java.util.ArrayList"> + <void method="add"> + <string>ANY_EC_CURVE</string> + </void> + </object> + </void> + <void method="put"> + <string>availablebitlengths</string> + <object class="java.util.ArrayList"> + <void method="add"> + <int>0</int> + </void> + <void method="add"> + <int>192</int> + </void> + <void method="add"> + <int>224</int> + </void> + <void method="add"> + <int>239</int> + </void> + <void method="add"> + <int>256</int> + </void> + <void method="add"> + <int>384</int> + </void> + <void method="add"> + <int>512</int> + </void> + <void method="add"> + <int>521</int> + </void> + <void method="add"> + <int>1024</int> + </void> + <void method="add"> + <int>1536</int> + </void> + <void method="add"> + <int>2048</int> + </void> + <void method="add"> + <int>3072</int> + </void> + <void method="add"> + <int>4096</int> + </void> + <void method="add"> + <int>6144</int> + </void> + <void method="add"> + <int>8192</int> + </void> + </object> + </void> + <void method="put"> + <string>minimumavailablebitlength</string> + <int>0</int> + </void> + <void method="put"> + <string>maximumavailablebitlength</string> + <int>8192</int> + </void> + <void method="put"> + <string>signaturealgorithm</string> + <null/> + </void> + <void method="put"> + <string>usekeyusage</string> + <boolean>true</boolean> + </void> + <void method="put"> + <string>keyusage</string> + <object class="java.util.ArrayList"> + <void method="add"> + <boolean>true</boolean> + </void> + <void method="add"> + <boolean>true</boolean> + </void> + <void method="add"> + <boolean>true</boolean> + </void> + <void method="add"> + <boolean>false</boolean> + </void> + <void method="add"> + <boolean>false</boolean> + </void> + <void method="add"> + <boolean>false</boolean> + </void> + <void method="add"> + <boolean>false</boolean> + </void> + <void method="add"> + <boolean>false</boolean> + </void> + <void method="add"> + <boolean>false</boolean> + </void> + </object> + </void> + <void method="put"> + <string>allowkeyusageoverride</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>keyusagecritical</string> + <boolean>true</boolean> + </void> + <void method="put"> + <string>useextendedkeyusage</string> + <boolean>true</boolean> + </void> + <void method="put"> + <string>extendedkeyusage</string> + <object class="java.util.ArrayList"> + <void method="add"> + <string>1.3.6.1.5.5.7.3.2</string> + </void> + <void method="add"> + <string>1.3.6.1.5.5.7.3.4</string> + </void> + <void method="add"> + <string>1.3.6.1.5.5.7.3.1</string> + </void> + </object> + </void> + <void method="put"> + <string>extendedkeyusagecritical</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>usedocumenttypelist</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>documenttypelistcritical</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>documenttypelist</string> + <object class="java.util.ArrayList"/> + </void> + <void method="put"> + <string>availablecas</string> + <object class="java.util.ArrayList"> + <void method="add"> + <int>-1</int> + </void> + </object> + </void> + <void method="put"> + <string>usedpublishers</string> + <object class="java.util.ArrayList"/> + </void> + <void method="put"> + <string>useocspnocheck</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>useldapdnorder</string> + <boolean>true</boolean> + </void> + <void method="put"> + <string>usecustomdnorder</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>usemicrosofttemplate</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>microsofttemplate</string> + <string></string> + </void> + <void method="put"> + <string>usecardnumber</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>usecnpostfix</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>cnpostfix</string> + <string></string> + </void> + <void method="put"> + <string>usesubjectdnsubset</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>subjectdnsubset</string> + <object class="java.util.ArrayList"/> + </void> + <void method="put"> + <string>usesubjectaltnamesubset</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>subjectaltnamesubset</string> + <object class="java.util.ArrayList"/> + </void> + <void method="put"> + <string>usepathlengthconstraint</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>pathlengthconstraint</string> + <int>0</int> + </void> + <void method="put"> + <string>useqcstatement</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>usepkixqcsyntaxv2</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>useqcstatementcritical</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>useqcstatementraname</string> + <string></string> + </void> + <void method="put"> + <string>useqcsematicsid</string> + <string></string> + </void> + <void method="put"> + <string>useqcetsiqccompliance</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>useqcetsisignaturedevice</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>useqcetsivaluelimit</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>qcetsivaluelimit</string> + <int>0</int> + </void> + <void method="put"> + <string>qcetsivaluelimitexp</string> + <int>0</int> + </void> + <void method="put"> + <string>qcetsivaluelimitcurrency</string> + <string></string> + </void> + <void method="put"> + <string>useqcetsiretentionperiod</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>qcetsiretentionperiod</string> + <int>0</int> + </void> + <void method="put"> + <string>useqccustomstring</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>qccustomstringoid</string> + <string></string> + </void> + <void method="put"> + <string>qccustomstringtext</string> + <string></string> + </void> + <void method="put"> + <string>qcetsipds</string> + <null/> + </void> + <void method="put"> + <string>qcetsitype</string> + <null/> + </void> + <void method="put"> + <string>usecertificatetransparencyincerts</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>usecertificatetransparencyinocsp</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>usecertificatetransparencyinpublisher</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>usesubjectdirattributes</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>usenameconstraints</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>useauthorityinformationaccess</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>caissuers</string> + <object class="java.util.ArrayList"/> + </void> + <void method="put"> + <string>usedefaultcaissuer</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>usedefaultocspservicelocator</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>ocspservicelocatoruri</string> + <string></string> + </void> + <void method="put"> + <string>cvcaccessrights</string> + <int>3</int> + </void> + <void method="put"> + <string>usedcertificateextensions</string> + <object class="java.util.ArrayList"/> + </void> + <void method="put"> + <string>approvals</string> + <object class="java.util.LinkedHashMap"> + <void method="put"> + <object class="java.lang.Enum" method="valueOf"> + <class>org.cesecore.certificates.ca.ApprovalRequestType</class> + <string>REVOCATION</string> + </object> + <int>-1</int> + </void> + <void method="put"> + <object class="java.lang.Enum" method="valueOf"> + <class>org.cesecore.certificates.ca.ApprovalRequestType</class> + <string>KEYRECOVER</string> + </object> + <int>-1</int> + </void> + <void method="put"> + <object class="java.lang.Enum" method="valueOf"> + <class>org.cesecore.certificates.ca.ApprovalRequestType</class> + <string>ADDEDITENDENTITY</string> + </object> + <int>-1</int> + </void> + </object> + </void> + <void method="put"> + <string>useprivkeyusageperiodnotbefore</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>useprivkeyusageperiod</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>useprivkeyusageperiodnotafter</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>privkeyusageperiodstartoffset</string> + <long>0</long> + </void> + <void method="put"> + <string>privkeyusageperiodlength</string> + <long>63072000</long> + </void> + <void method="put"> + <string>usesingleactivecertificateconstraint</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>overridableextensionoids</string> + <object class="java.util.LinkedHashSet"/> + </void> + <void method="put"> + <string>nonoverridableextensionoids</string> + <object class="java.util.LinkedHashSet"/> + </void> + <void method="put"> + <string>allowcertsnoverride</string> + <boolean>false</boolean> + </void> + <void method="put"> + <string>usecustomdnorderldap</string> + <boolean>false</boolean> + </void> + </object> +</java> |