192 lines
5.1 KiB
JSON
192 lines
5.1 KiB
JSON
{
|
|
"ca": {
|
|
"debugAddr": ":8001",
|
|
"tls": {
|
|
"caCertFile": "test/certs/ipki/minica.pem",
|
|
"certFile": "test/certs/ipki/ca.boulder/cert.pem",
|
|
"keyFile": "test/certs/ipki/ca.boulder/key.pem"
|
|
},
|
|
"hostnamePolicyFile": "test/hostname-policy.yaml",
|
|
"grpcCA": {
|
|
"maxConnectionAge": "30s",
|
|
"address": ":9093",
|
|
"services": {
|
|
"ca.CertificateAuthority": {
|
|
"clientNames": [
|
|
"ra.boulder"
|
|
]
|
|
},
|
|
"ca.OCSPGenerator": {
|
|
"clientNames": [
|
|
"ra.boulder"
|
|
]
|
|
},
|
|
"ca.CRLGenerator": {
|
|
"clientNames": [
|
|
"crl-updater.boulder"
|
|
]
|
|
},
|
|
"grpc.health.v1.Health": {
|
|
"clientNames": [
|
|
"health-checker.boulder"
|
|
]
|
|
}
|
|
}
|
|
},
|
|
"sctService": {
|
|
"dnsAuthority": "consul.service.consul",
|
|
"srvLookup": {
|
|
"service": "ra-sct-provider",
|
|
"domain": "service.consul"
|
|
},
|
|
"timeout": "15s",
|
|
"noWaitForReady": true,
|
|
"hostOverride": "ra.boulder"
|
|
},
|
|
"saService": {
|
|
"dnsAuthority": "consul.service.consul",
|
|
"srvLookup": {
|
|
"service": "sa",
|
|
"domain": "service.consul"
|
|
},
|
|
"timeout": "15s",
|
|
"noWaitForReady": true,
|
|
"hostOverride": "sa.boulder"
|
|
},
|
|
"issuance": {
|
|
"defaultCertificateProfileName": "legacy",
|
|
"certProfiles": {
|
|
"legacy": {
|
|
"allowMustStaple": true,
|
|
"maxValidityPeriod": "7776000s",
|
|
"maxValidityBackdate": "1h5m",
|
|
"lintConfig": "test/config-next/zlint.toml",
|
|
"ignoredLints": [
|
|
"w_subject_common_name_included",
|
|
"w_ext_subject_key_identifier_not_recommended_subscriber"
|
|
]
|
|
},
|
|
"modern": {
|
|
"allowMustStaple": true,
|
|
"omitCommonName": true,
|
|
"omitKeyEncipherment": true,
|
|
"omitClientAuth": true,
|
|
"omitSKID": true,
|
|
"maxValidityPeriod": "583200s",
|
|
"maxValidityBackdate": "1h5m",
|
|
"lintConfig": "test/config-next/zlint.toml",
|
|
"ignoredLints": [
|
|
"w_ext_subject_key_identifier_missing_sub_cert"
|
|
]
|
|
},
|
|
"shortlived": {
|
|
"allowMustStaple": true,
|
|
"omitCommonName": true,
|
|
"omitKeyEncipherment": true,
|
|
"omitClientAuth": true,
|
|
"omitSKID": true,
|
|
"maxValidityPeriod": "160h",
|
|
"maxValidityBackdate": "1h5m",
|
|
"lintConfig": "test/config-next/zlint.toml",
|
|
"ignoredLints": [
|
|
"w_ext_subject_key_identifier_missing_sub_cert"
|
|
]
|
|
}
|
|
},
|
|
"crlProfile": {
|
|
"validityInterval": "216h",
|
|
"maxBackdate": "1h5m",
|
|
"lintConfig": "test/config/zlint.toml"
|
|
},
|
|
"issuers": [
|
|
{
|
|
"active": true,
|
|
"issuerURL": "http://ca.example.org:4502/int-ecdsa-a",
|
|
"ocspURL": "http://ca.example.org:4002/",
|
|
"crlURLBase": "http://ca.example.org:4501/lets-encrypt-crls/43104258997432926/",
|
|
"location": {
|
|
"configFile": "test/certs/webpki/int-ecdsa-a.pkcs11.json",
|
|
"certFile": "test/certs/webpki/int-ecdsa-a.cert.pem",
|
|
"numSessions": 2
|
|
}
|
|
},
|
|
{
|
|
"active": true,
|
|
"issuerURL": "http://ca.example.org:4502/int-ecdsa-b",
|
|
"ocspURL": "http://ca.example.org:4002/",
|
|
"crlURLBase": "http://ca.example.org:4501/lets-encrypt-crls/17302365692836921/",
|
|
"location": {
|
|
"configFile": "test/certs/webpki/int-ecdsa-b.pkcs11.json",
|
|
"certFile": "test/certs/webpki/int-ecdsa-b.cert.pem",
|
|
"numSessions": 2
|
|
}
|
|
},
|
|
{
|
|
"active": false,
|
|
"issuerURL": "http://ca.example.org:4502/int-ecdsa-c",
|
|
"ocspURL": "http://ca.example.org:4002/",
|
|
"crlURLBase": "http://ca.example.org:4501/lets-encrypt-crls/56560759852043581/",
|
|
"location": {
|
|
"configFile": "test/certs/webpki/int-ecdsa-c.pkcs11.json",
|
|
"certFile": "test/certs/webpki/int-ecdsa-c.cert.pem",
|
|
"numSessions": 2
|
|
}
|
|
},
|
|
{
|
|
"active": true,
|
|
"issuerURL": "http://ca.example.org:4502/int-rsa-a",
|
|
"ocspURL": "http://ca.example.org:4002/",
|
|
"crlURLBase": "http://ca.example.org:4501/lets-encrypt-crls/29947985078257530/",
|
|
"location": {
|
|
"configFile": "test/certs/webpki/int-rsa-a.pkcs11.json",
|
|
"certFile": "test/certs/webpki/int-rsa-a.cert.pem",
|
|
"numSessions": 2
|
|
}
|
|
},
|
|
{
|
|
"active": true,
|
|
"issuerURL": "http://ca.example.org:4502/int-rsa-b",
|
|
"ocspURL": "http://ca.example.org:4002/",
|
|
"crlURLBase": "http://ca.example.org:4501/lets-encrypt-crls/6762885421992935/",
|
|
"location": {
|
|
"configFile": "test/certs/webpki/int-rsa-b.pkcs11.json",
|
|
"certFile": "test/certs/webpki/int-rsa-b.cert.pem",
|
|
"numSessions": 2
|
|
}
|
|
},
|
|
{
|
|
"active": false,
|
|
"issuerURL": "http://ca.example.org:4502/int-rsa-c",
|
|
"ocspURL": "http://ca.example.org:4002/",
|
|
"crlURLBase": "http://ca.example.org:4501/lets-encrypt-crls/56183656833365902/",
|
|
"location": {
|
|
"configFile": "test/certs/webpki/int-rsa-c.pkcs11.json",
|
|
"certFile": "test/certs/webpki/int-rsa-c.cert.pem",
|
|
"numSessions": 2
|
|
}
|
|
}
|
|
]
|
|
},
|
|
"serialPrefix": 127,
|
|
"maxNames": 100,
|
|
"lifespanOCSP": "96h",
|
|
"goodkey": {
|
|
"fermatRounds": 100
|
|
},
|
|
"ocspLogMaxLength": 4000,
|
|
"ocspLogPeriod": "500ms",
|
|
"features": {}
|
|
},
|
|
"pa": {
|
|
"challenges": {
|
|
"http-01": true,
|
|
"dns-01": true,
|
|
"tls-alpn-01": true
|
|
}
|
|
},
|
|
"syslog": {
|
|
"stdoutlevel": 4,
|
|
"sysloglevel": 4
|
|
}
|
|
}
|