ceremony-type: root pkcs11: module: /usr/lib/softhsm/libsofthsm2.so pin: 1234 store-key-in-slot: {{ .SlotID }} store-key-with-label: root signing key (ecdsa) key: type: ecdsa ecdsa-curve: P-384 outputs: public-key-path: /hierarchy/root-signing-pub-ecdsa.pem certificate-path: /hierarchy/root-cert-ecdsa.pem certificate-profile: signature-algorithm: ECDSAWithSHA384 common-name: CA root (ECDSA) organization: good guys country: US not-before: 2020-01-01 12:00:00 not-after: 2040-01-01 12:00:00 key-usages: - Cert Sign - CRL Sign skip-lints: # Our roots don't sign OCSP, so they don't need the Digital Signature KU. - n_ca_digital_signature_not_set