Text file src/github.com/letsencrypt/boulder/test/cert-ceremonies/root-ceremony-rsa.yaml

Documentation: github.com/letsencrypt/boulder/test/cert-ceremonies

     1ceremony-type: root
     2pkcs11:
     3    module: /usr/lib/softhsm/libsofthsm2.so
     4    pin: 1234
     5    store-key-in-slot: {{ .SlotID }}
     6    store-key-with-label: root signing key (rsa)
     7key:
     8    type: rsa
     9    rsa-mod-length: 4096
    10outputs:
    11    public-key-path: /hierarchy/root-signing-pub-rsa.pem
    12    certificate-path: /hierarchy/root-cert-rsa.pem
    13certificate-profile:
    14    signature-algorithm: SHA256WithRSA
    15    common-name: CA root (RSA)
    16    organization: good guys
    17    country: US
    18    not-before: 2020-01-01 12:00:00
    19    not-after: 2040-01-01 12:00:00
    20    key-usages:
    21        - Cert Sign
    22        - CRL Sign
    23skip-lints:
    24   # Our roots don't sign OCSP, so they don't need the Digital Signature KU.
    25   - n_ca_digital_signature_not_set

View as plain text