boulder/test/config-next/ca.json

{
  "ca": {
    "serialPrefix": 255,
    "rsaProfile": "rsaEE",
    "ecdsaProfile": "ecdsaEE",
    "debugAddr": ":8001",
    "weakKeyDirectory": "test/example-weak-keys.json",
    "tls": {
      "caCertFile": "test/grpc-creds/minica.pem",
      "certFile": "test/grpc-creds/ca.boulder/cert.pem",
      "keyFile": "test/grpc-creds/ca.boulder/key.pem"
    },
    "saService": {
      "serverAddresses": ["sa.boulder:9095"],
      "timeout": "15s"
    },
    "grpcCA": {
      "address": ":9093",
      "maxConcurrentStreams": 2000,
      "clientNames": [
        "ra.boulder"
      ]
    },
    "grpcOCSPGenerator": {
      "address": ":9096",
      "clientNames": [
        "ocsp-updater.boulder"
      ]
    },
    "Issuers": [{
      "ConfigFile": "test/test-ca.key-pkcs11.json",
      "CertFile": "test/test-ca2.pem",
      "NumSessions": 2
    }, {
      "ConfigFile": "test/test-ca.key-pkcs11.json",
      "CertFile": "test/test-ca.pem",
      "NumSessions": 2
    }],
    "expiry": "2160h",
    "backdate": "1h",
    "lifespanOCSP": "96h",
    "maxNames": 100,
    "enableMustStaple": true,
    "hostnamePolicyFile": "test/hostname-policy.json",
    "enablePrecertificateFlow": true,
    "cfssl": {
      "signing": {
        "profiles": {
          "rsaEE": {
            "usages": [
              "digital signature",
              "key encipherment",
              "server auth",
              "client auth"
            ],
            "backdate": "1h",
            "ca_constraint": { "is_ca": false },
            "issuer_urls": [
              "http://boulder:4430/acme/issuer-cert"
            ],
            "ocsp_url": "http://127.0.0.1:4002/",
            "crl_url": "http://example.com/crl",
            "policies": [
              {
                "ID": "2.23.140.1.2.1"
              },
              {
                "ID": "1.2.3.4",
                "Qualifiers": [ {
                  "type": "id-qt-cps",
                  "value": "http://example.com/cps"
                }, {
                  "type": "id-qt-unotice",
                  "value": "Do What Thou Wilt"
                } ]
              }
            ],
            "expiry": "2160h",
            "CSRWhitelist": {
              "PublicKeyAlgorithm": true,
              "PublicKey": true,
              "SignatureAlgorithm": true
            },
            "ClientProvidesSerialNumbers": true,
            "allowed_extensions": [ "1.3.6.1.5.5.7.1.24" ]
          },
          "ecdsaEE": {
            "usages": [
              "digital signature",
              "server auth",
              "client auth"
            ],
            "backdate": "1h",
            "is_ca": false,
            "issuer_urls": [
              "http://127.0.0.1:4000/acme/issuer-cert"
            ],
            "ocsp_url": "http://127.0.0.1:4002/",
            "crl_url": "http://example.com/crl",
            "policies": [
              {
                "ID": "2.23.140.1.2.1"
              },
              {
                "ID": "1.2.3.4",
                "Qualifiers": [ {
                  "type": "id-qt-cps",
                  "value": "http://example.com/cps"
                }, {
                  "type": "id-qt-unotice",
                  "value": "Do What Thou Wilt"
                } ]
              }
            ],
            "expiry": "2160h",
            "CSRWhitelist": {
              "PublicKeyAlgorithm": true,
              "PublicKey": true,
              "SignatureAlgorithm": true
            },
            "ClientProvidesSerialNumbers": true,
            "allowed_extensions": [ "1.3.6.1.5.5.7.1.24" ]
          }
        },
        "default": {
          "usages": [
            "digital signature"
          ],
          "expiry": "8760h"
        }
      }
    },
    "maxConcurrentRPCServerRequests": 100000,
    "features": {
        "RPCHeadroom": true,
        "WildcardDomains": true,
        "EmbedSCTs": true
    }
  },

  "pa": {
    "challenges": {
      "http-01": true,
      "tls-sni-01": true,
      "dns-01": true
    }
  },

  "syslog": {
    "stdoutlevel": 6,
    "sysloglevel": 4
  }
}