IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity
Files
1ebd819355206dc644350bb6cfb767e8fd2f615c
freeipa/install/share/caJarSigningCert.cfg.template
Rob Crittenden dfe9db5548 Add signing profile to CA installation so we can sign the firefox jar file. 
Use the requestId we get back from the CA when requesting the RA agent cert
and use that to issue the certificate rather than hardcoding 7.

This also adds some clean-up of file permissions and leaking fds
2009-05-04 16:54:42 -04:00

89 lines
5.2 KiB
Plaintext
Raw Blame History

desc=Jar Signing certificate to auto-configure Firefox
enable=true
enableBy=admin
lastModified=1239836280692
name=Manual Jar Signing Certificate Enrollment
visible=true
auth.class_id=
auth.instance_id=raCertAuth
input.list=i1,i2
input.i1.class_id=certReqInputImpl
input.i2.class_id=submitterInfoInputImpl
output.list=o1
output.o1.class_id=certOutputImpl
policyset.list=caJarSigningSet
policyset.caJarSigningSet.list=1,2,3,6,7,9
policyset.caJarSigningSet.1.constraint.class_id=subjectNameConstraintImpl
policyset.caJarSigningSet.1.constraint.name=Subject Name Constraint
policyset.caJarSigningSet.1.constraint.params.accept=true
policyset.caJarSigningSet.1.constraint.params.pattern=.*
policyset.caJarSigningSet.1.default.class_id=userSubjectNameDefaultImpl
policyset.caJarSigningSet.1.default.name=Subject Name Default
policyset.caJarSigningSet.1.default.params.name=
policyset.caJarSigningSet.2.constraint.class_id=validityConstraintImpl
policyset.caJarSigningSet.2.constraint.name=Validity Constraint
policyset.caJarSigningSet.2.constraint.params.notAfterCheck=false
policyset.caJarSigningSet.2.constraint.params.notBeforeCheck=false
policyset.caJarSigningSet.2.constraint.params.range=2922
policyset.caJarSigningSet.2.default.class_id=validityDefaultImpl
policyset.caJarSigningSet.2.default.name=Validity Default
policyset.caJarSigningSet.2.default.params.range=1461
policyset.caJarSigningSet.2.default.params.startTime=60
policyset.caJarSigningSet.3.constraint.class_id=keyConstraintImpl
policyset.caJarSigningSet.3.constraint.name=Key Constraint
policyset.caJarSigningSet.3.constraint.params.keyMaxLength=4096
policyset.caJarSigningSet.3.constraint.params.keyMinLength=1024
policyset.caJarSigningSet.3.constraint.params.keyType=-
policyset.caJarSigningSet.3.default.class_id=userKeyDefaultImpl
policyset.caJarSigningSet.3.default.name=Key Default
policyset.caJarSigningSet.6.constraint.class_id=keyUsageExtConstraintImpl
policyset.caJarSigningSet.6.constraint.name=Key Usage Extension Constraint
policyset.caJarSigningSet.6.constraint.params.keyUsageCritical=-
policyset.caJarSigningSet.6.constraint.params.keyUsageCrlSign=-
policyset.caJarSigningSet.6.constraint.params.keyUsageDataEncipherment=-
policyset.caJarSigningSet.6.constraint.params.keyUsageDecipherOnly=-
policyset.caJarSigningSet.6.constraint.params.keyUsageDigitalSignature=-
policyset.caJarSigningSet.6.constraint.params.keyUsageEncipherOnly=-
policyset.caJarSigningSet.6.constraint.params.keyUsageKeyAgreement=-
policyset.caJarSigningSet.6.constraint.params.keyUsageKeyCertSign=-
policyset.caJarSigningSet.6.constraint.params.keyUsageKeyEncipherment=-
policyset.caJarSigningSet.6.constraint.params.keyUsageNonRepudiation=-
policyset.caJarSigningSet.6.default.class_id=keyUsageExtDefaultImpl
policyset.caJarSigningSet.6.default.name=Key Usage Default
policyset.caJarSigningSet.6.default.params.keyUsageCritical=true
policyset.caJarSigningSet.6.default.params.keyUsageCrlSign=false
policyset.caJarSigningSet.6.default.params.keyUsageDataEncipherment=false
policyset.caJarSigningSet.6.default.params.keyUsageDecipherOnly=false
policyset.caJarSigningSet.6.default.params.keyUsageDigitalSignature=true
policyset.caJarSigningSet.6.default.params.keyUsageEncipherOnly=false
policyset.caJarSigningSet.6.default.params.keyUsageKeyAgreement=false
policyset.caJarSigningSet.6.default.params.keyUsageKeyCertSign=true
policyset.caJarSigningSet.6.default.params.keyUsageKeyEncipherment=false
policyset.caJarSigningSet.6.default.params.keyUsageNonRepudiation=false
policyset.caJarSigningSet.7.constraint.class_id=nsCertTypeExtConstraintImpl
policyset.caJarSigningSet.7.constraint.name=Netscape Certificate Type Extension Constraint
policyset.caJarSigningSet.7.constraint.params.nsCertCritical=-
policyset.caJarSigningSet.7.constraint.params.nsCertEmail=-
policyset.caJarSigningSet.7.constraint.params.nsCertEmailCA=-
policyset.caJarSigningSet.7.constraint.params.nsCertObjectSigning=-
policyset.caJarSigningSet.7.constraint.params.nsCertObjectSigningCA=-
policyset.caJarSigningSet.7.constraint.params.nsCertSSLCA=-
policyset.caJarSigningSet.7.constraint.params.nsCertSSLClient=-
policyset.caJarSigningSet.7.constraint.params.nsCertSSLServer=-
policyset.caJarSigningSet.7.default.class_id=nsCertTypeExtDefaultImpl
policyset.caJarSigningSet.7.default.name=Netscape Certificate Type Extension Default
policyset.caJarSigningSet.7.default.params.nsCertCritical=false
policyset.caJarSigningSet.7.default.params.nsCertEmail=false
policyset.caJarSigningSet.7.default.params.nsCertEmailCA=false
policyset.caJarSigningSet.7.default.params.nsCertObjectSigning=true
policyset.caJarSigningSet.7.default.params.nsCertObjectSigningCA=false
policyset.caJarSigningSet.7.default.params.nsCertSSLCA=false
policyset.caJarSigningSet.7.default.params.nsCertSSLClient=false
policyset.caJarSigningSet.7.default.params.nsCertSSLServer=false
policyset.caJarSigningSet.9.constraint.class_id=signingAlgConstraintImpl
policyset.caJarSigningSet.9.constraint.name=No Constraint
policyset.caJarSigningSet.9.constraint.params.signingAlgsAllowed=MD5withRSA,MD2withRSA,SHA1withRSA,SHA256withRSA,SHA512withRSA,SHA1withDSA,SHA1withEC
policyset.caJarSigningSet.9.default.class_id=signingAlgDefaultImpl
policyset.caJarSigningSet.9.default.name=Signing Alg
policyset.caJarSigningSet.9.default.params.signingAlg=-
Reference in New Issue View Git Blame Copy Permalink