1ceremony-type: cross-certificate
2pkcs11:
3 module: /usr/lib/softhsm/libsofthsm2.so
4 pin: 1234
5 signing-key-slot: {{ .SlotID}}
6 signing-key-label: root signing key ({{ .RootAlgorithm }})
7inputs:
8 public-key-path: {{ .PublicKeyPath }}
9 issuer-certificate-path: {{ .IssuerCertPath }}
10 certificate-to-cross-sign-path: {{ .InputCertPath }}
11outputs:
12 certificate-path: {{ .OutputCertPath }}
13certificate-profile:
14 signature-algorithm: {{ .SigAlgorithm }}
15 common-name: {{ .CommonName }}
16 organization: good guys
17 country: US
18 not-before: 2020-01-01 12:00:00
19 not-after: 2040-01-01 12:00:00
20 crl-url: http://{{ .RootAlgorithm }}.example.com/crl
21 issuer-url: http://{{ .RootAlgorithm }}.example.com/cert
22 policies:
23 - oid: 2.23.140.1.2.1
24 key-usages:
25 - Digital Signature
26 - Cert Sign
27 - CRL Sign
28skip-lints:
29 # The extKeyUsage extension is required for intermediate certificates, but is
30 # optional for cross-signed certs which share a Subject DN and Public Key with
31 # a Root Certificate (BRs 7.1.2.2.g). This cert is a cross-sign.
32 - n_mp_allowed_eku
33 - n_sub_ca_eku_missing
View as plain text