File: certomancer.yml

package info (click to toggle)
python-pyhanko-certvalidator 0.30.1-1
  • links: PTS, VCS
  • area: main
  • in suites: forky
  • size: 4,088 kB
  • sloc: python: 10,014; sh: 58; makefile: 4
file content (110 lines) | stat: -rw-r--r-- 2,884 bytes parent folder | download | duplicates (3) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
 
external-url-prefix: "http://ca.example.com"
keysets:
  testing-ca:
    path-prefix: keys
    keys:
      root:
        path: root.key.pem
      interm:
        path: interm.key.pem
      interm-ocsp:
        path: interm-ocsp.key.pem
      alice:
        path: alice.key.pem
      bob:
        path: bob.key.pem

pki-architectures:
  freshness-ca:
    keyset: testing-ca
    entity-defaults:
      country-name: XX
      organization-name: Testing Authority
    entities:
      root:
        common-name: Root CA
      interm:
        common-name: Intermediate CA
      interm-ocsp:
        common-name: Intermediate CA OCSP Responder
      alice:
        organizational-unit-name: People
        common-name: Alice
      bob:
        organizational-unit-name: People
        common-name: Bob
    certs:
      root:
        subject: root
        issuer: root
        validity:
          valid-from: "2000-01-01T00:00:00+0000"
          valid-to: "2500-01-01T00:00:00+0000"
        profiles:
          - id: simple-ca
            params:
              crl-repo: root
      interm:
        subject: interm
        issuer: root
        validity:
          valid-from: "2000-01-01T00:00:00+0000"
          valid-to: "2100-01-01T00:00:00+0000"
        profiles:
          - id: simple-ca
            params:
              crl-repo: interm
              ocsp-service: interm
              max-path-len: 0
      interm-revoked:
        subject: interm
        issuer: root
        validity:
          valid-from: "2000-01-01T00:00:00+0000"
          valid-to: "2100-01-01T00:00:00+0000"
        revocation:
          revoked-since: "2020-12-01T00:00:00+0000"
          reason: key_compromise
        profiles:
          - simple-ca
      interm-ocsp:
        issuer: interm
        issuer-cert: interm
        validity:
          valid-from: "2000-01-01T00:00:00+0000"
          valid-to: "2100-01-01T00:00:00+0000"
        profiles:
          - ocsp-responder
      alice:
        subject: alice
        issuer: interm
        issuer-cert: interm
        validity:
          valid-from: "2000-01-01T00:00:00+0000"
          valid-to: "2100-01-01T00:00:00+0000"
        revocation:
          revoked-since: "2020-12-01T00:00:00+0000"
          reason: key_compromise
        extensions:
          - id: key_usage
            critical: true
            smart-value:
              schema: key-usage
              params: [digital_signature]
    services:
      ocsp:
        interm:
          for-issuer: interm
          issuer-cert: interm
          responder-cert: interm-ocsp
          signing-key: interm-ocsp
      crl-repo:
        root:
          for-issuer: root
          signing-key: root
          simulated-update-schedule: "P10D"
        interm:
          for-issuer: interm
          signing-key: interm
          issuer-cert: interm
          simulated-update-schedule: "P10D"