github.com/letsencrypt/boulder@v0.20251208.0/test/certs/root-ceremony-ecdsa.yaml

github.com/letsencrypt/boulder@v0.20251208.0/test/certs/root-ceremony-ecdsa.yaml (about)

     1  ceremony-type: root
     2  pkcs11:
     3      module: /usr/lib/softhsm/libsofthsm2.so
     4      pin: 1234
     5      store-key-in-slot: {{ .SlotID }}
     6      store-key-with-label: root ecdsa
     7  key:
     8      type: ecdsa
     9      ecdsa-curve: P-384
    10  outputs:
    11      public-key-path: test/certs/webpki/root-ecdsa.pubkey.pem
    12      certificate-path: test/certs/webpki/root-ecdsa.cert.pem
    13  certificate-profile:
    14      signature-algorithm: ECDSAWithSHA384
    15      common-name: root ecdsa
    16      organization: good guys
    17      country: US
    18      not-before: 2020-01-01 12:00:00
    19      not-after: 2040-01-01 12:00:00
    20      key-usages:
    21          - Cert Sign
    22          - CRL Sign
    23  skip-lints:
    24     # Our roots don't sign OCSP, so they don't need the Digital Signature KU.
    25     - n_ca_digital_signature_not_set