1{
2 "ca": {
3 "debugAddr": ":8001",
4 "tls": {
5 "caCertFile": "test/grpc-creds/minica.pem",
6 "certFile": "test/grpc-creds/ca.boulder/cert.pem",
7 "keyFile": "test/grpc-creds/ca.boulder/key.pem"
8 },
9 "hostnamePolicyFile": "test/hostname-policy.yaml",
10 "grpcCA": {
11 "maxConnectionAge": "30s",
12 "address": ":9093",
13 "services": {
14 "ca.CertificateAuthority": {
15 "clientNames": [
16 "ra.boulder"
17 ]
18 },
19 "ca.OCSPGenerator": {
20 "clientNames": [
21 "ra.boulder"
22 ]
23 },
24 "ca.CRLGenerator": {
25 "clientNames": [
26 "crl-updater.boulder"
27 ]
28 },
29 "grpc.health.v1.Health": {
30 "clientNames": [
31 "health-checker.boulder"
32 ]
33 }
34 }
35 },
36 "saService": {
37 "serverAddress": "sa.service.consul:9095",
38 "timeout": "15s",
39 "hostOverride": "sa.boulder"
40 },
41 "issuance": {
42 "profile": {
43 "allowMustStaple": true,
44 "allowCTPoison": true,
45 "allowSCTList": true,
46 "allowCommonName": true,
47 "policies": [
48 {
49 "oid": "2.23.140.1.2.1"
50 }
51 ],
52 "maxValidityPeriod": "7776000s",
53 "maxValidityBackdate": "1h5m"
54 },
55 "issuers": [
56 {
57 "useForRSALeaves": false,
58 "useForECDSALeaves": true,
59 "issuerURL": "http://127.0.0.1:4001/aia/issuer/5214744660557630",
60 "ocspURL": "http://127.0.0.1:4002/",
61 "location": {
62 "configFile": "/hierarchy/intermediate-signing-key-ecdsa.pkcs11.json",
63 "certFile": "/hierarchy/intermediate-cert-ecdsa-a.pem",
64 "numSessions": 2
65 }
66 },
67 {
68 "useForRSALeaves": true,
69 "useForECDSALeaves": true,
70 "issuerURL": "http://127.0.0.1:4001/aia/issuer/6605440498369741",
71 "ocspURL": "http://127.0.0.1:4002/",
72 "crlURL": "http://example.com/crl",
73 "location": {
74 "configFile": "test/test-ca.key-pkcs11.json",
75 "certFile": "/hierarchy/intermediate-cert-rsa-a.pem",
76 "numSessions": 2
77 }
78 },
79 {
80 "useForRSALeaves": false,
81 "useForECDSALeaves": false,
82 "issuerURL": "http://127.0.0.1:4001/aia/issuer/41127673797486028",
83 "ocspURL": "http://127.0.0.1:4002/",
84 "crlURL": "http://example.com/crl",
85 "location": {
86 "configFile": "test/test-ca.key-pkcs11.json",
87 "certFile": "/hierarchy/intermediate-cert-rsa-b.pem",
88 "numSessions": 2
89 }
90 }
91 ],
92 "ignoredLints": [
93 "n_subject_common_name_included"
94 ]
95 },
96 "expiry": "7776000s",
97 "backdate": "1h",
98 "serialPrefix": 255,
99 "maxNames": 100,
100 "lifespanOCSP": "96h",
101 "lifespanCRL": "216h",
102 "crldpBase": "http://c.boulder.test",
103 "goodkey": {
104 "weakKeyFile": "test/example-weak-keys.json",
105 "blockedKeyFile": "test/example-blocked-keys.yaml",
106 "fermatRounds": 100
107 },
108 "ocspLogMaxLength": 4000,
109 "ocspLogPeriod": "500ms",
110 "ecdsaAllowListFilename": "test/config/ecdsaAllowList.yml",
111 "features": {
112 "ROCSPStage7": true
113 }
114 },
115 "pa": {
116 "challenges": {
117 "http-01": true,
118 "dns-01": true,
119 "tls-alpn-01": true
120 }
121 },
122 "syslog": {
123 "stdoutlevel": 4,
124 "sysloglevel": 4
125 }
126}
View as plain text