github.com/letsencrypt/boulder@v0.20251208.0/test/certs/intermediate-cert-ceremony-ecdsa-cross.yaml (about) 1 ceremony-type: cross-certificate 2 pkcs11: 3 module: /usr/lib/softhsm/libsofthsm2.so 4 pin: 1234 5 signing-key-slot: {{ .SlotID }} 6 signing-key-label: root rsa 7 inputs: 8 public-key-path: test/certs/webpki/{{ .FileName }}.pubkey.pem 9 issuer-certificate-path: test/certs/webpki/root-rsa.cert.pem 10 certificate-to-cross-sign-path: test/certs/webpki/{{ .FileName }}.cert.pem 11 outputs: 12 certificate-path: test/certs/webpki/{{ .FileName }}-cross.cert.pem 13 certificate-profile: 14 signature-algorithm: SHA256WithRSA 15 common-name: {{ .CommonName }} 16 organization: good guys 17 country: US 18 not-before: 2025-07-01 00:00:00 19 not-after: 2030-06-30 23:59:59 20 crl-url: http://rsa.example.com/crl 21 issuer-url: http://rsa.example.com/cert 22 policies: 23 - oid: 2.23.140.1.2.1 24 key-usages: 25 - Digital Signature 26 - Cert Sign 27 - CRL Sign 28 skip-lints: 29 # The extKeyUsage extension is required for intermediate certificates, but is 30 # optional for cross-signed certs which share a Subject DN and Public Key with 31 # a Root Certificate (BRs 7.1.2.2.g). This cert is a cross-sign. 32 - n_mp_allowed_eku 33 - n_sub_ca_eku_missing