github.com/letsencrypt/boulder@v0.20251208.0/test/config-next/ca.json (about) 1 { 2 "ca": { 3 "tls": { 4 "caCertFile": "test/certs/ipki/minica.pem", 5 "certFile": "test/certs/ipki/ca.boulder/cert.pem", 6 "keyFile": "test/certs/ipki/ca.boulder/key.pem" 7 }, 8 "hostnamePolicyFile": "test/ident-policy.yaml", 9 "grpcCA": { 10 "maxConnectionAge": "30s", 11 "services": { 12 "ca.CertificateAuthority": { 13 "clientNames": [ 14 "ra.boulder" 15 ] 16 }, 17 "ca.CRLGenerator": { 18 "clientNames": [ 19 "crl-updater.boulder" 20 ] 21 }, 22 "grpc.health.v1.Health": { 23 "clientNames": [ 24 "health-checker.boulder" 25 ] 26 } 27 } 28 }, 29 "sctService": { 30 "dnsAuthority": "consul.service.consul", 31 "srvLookup": { 32 "service": "ra-sct-provider", 33 "domain": "service.consul" 34 }, 35 "timeout": "15s", 36 "noWaitForReady": true, 37 "hostOverride": "ra.boulder" 38 }, 39 "saService": { 40 "dnsAuthority": "consul.service.consul", 41 "srvLookup": { 42 "service": "sa", 43 "domain": "service.consul" 44 }, 45 "timeout": "15s", 46 "noWaitForReady": true, 47 "hostOverride": "sa.boulder" 48 }, 49 "issuance": { 50 "certProfiles": { 51 "legacy": { 52 "omitCommonName": false, 53 "omitKeyEncipherment": false, 54 "omitClientAuth": false, 55 "omitSKID": false, 56 "maxValidityPeriod": "7776000s", 57 "maxValidityBackdate": "1h5m", 58 "lintConfig": "test/config-next/zlint.toml", 59 "ignoredLints": [ 60 "w_subject_common_name_included", 61 "e_dnsname_not_valid_tld", 62 "w_ext_subject_key_identifier_not_recommended_subscriber" 63 ] 64 }, 65 "shortlived": { 66 "omitCommonName": true, 67 "omitKeyEncipherment": true, 68 "omitClientAuth": true, 69 "omitSKID": true, 70 "maxValidityPeriod": "160h", 71 "maxValidityBackdate": "1h5m", 72 "lintConfig": "test/config-next/zlint.toml", 73 "ignoredLints": [ 74 "w_ext_subject_key_identifier_missing_sub_cert", 75 "e_dnsname_not_valid_tld" 76 ] 77 }, 78 "modern": { 79 "omitCommonName": true, 80 "omitKeyEncipherment": true, 81 "omitClientAuth": true, 82 "omitSKID": true, 83 "maxValidityPeriod": "583200s", 84 "maxValidityBackdate": "1h5m", 85 "lintConfig": "test/config-next/zlint.toml", 86 "ignoredLints": [ 87 "w_ext_subject_key_identifier_missing_sub_cert", 88 "e_dnsname_not_valid_tld" 89 ] 90 } 91 }, 92 "crlProfile": { 93 "validityInterval": "216h", 94 "maxBackdate": "1h5m", 95 "lintConfig": "test/config-next/zlint.toml" 96 }, 97 "issuers": [ 98 { 99 "active": true, 100 "profiles": [ 101 "legacy" 102 ], 103 "crlShards": 10, 104 "issuerURL": "http://ca.example.org:4502/int-ecdsa-a", 105 "crlURLBase": "http://ca.example.org:4501/lets-encrypt-crls/43104258997432926/", 106 "location": { 107 "configFile": "test/certs/webpki/int-ecdsa-a.pkcs11.json", 108 "certFile": "test/certs/webpki/int-ecdsa-a.cert.pem", 109 "numSessions": 2 110 } 111 }, 112 { 113 "active": true, 114 "profiles": [ 115 "legacy", 116 "modern", 117 "shortlived" 118 ], 119 "crlShards": 10, 120 "issuerURL": "http://ca.example.org:4502/int-ecdsa-b", 121 "crlURLBase": "http://ca.example.org:4501/lets-encrypt-crls/17302365692836921/", 122 "location": { 123 "configFile": "test/certs/webpki/int-ecdsa-b.pkcs11.json", 124 "certFile": "test/certs/webpki/int-ecdsa-b.cert.pem", 125 "numSessions": 2 126 } 127 }, 128 { 129 "active": false, 130 "crlShards": 10, 131 "issuerURL": "http://ca.example.org:4502/int-ecdsa-c", 132 "crlURLBase": "http://ca.example.org:4501/lets-encrypt-crls/56560759852043581/", 133 "location": { 134 "configFile": "test/certs/webpki/int-ecdsa-c.pkcs11.json", 135 "certFile": "test/certs/webpki/int-ecdsa-c.cert.pem", 136 "numSessions": 2 137 } 138 }, 139 { 140 "active": true, 141 "profiles": [ 142 "legacy" 143 ], 144 "crlShards": 10, 145 "issuerURL": "http://ca.example.org:4502/int-rsa-a", 146 "crlURLBase": "http://ca.example.org:4501/lets-encrypt-crls/29947985078257530/", 147 "location": { 148 "configFile": "test/certs/webpki/int-rsa-a.pkcs11.json", 149 "certFile": "test/certs/webpki/int-rsa-a.cert.pem", 150 "numSessions": 2 151 } 152 }, 153 { 154 "active": true, 155 "profiles": [ 156 "legacy", 157 "modern", 158 "shortlived" 159 ], 160 "crlShards": 10, 161 "issuerURL": "http://ca.example.org:4502/int-rsa-b", 162 "crlURLBase": "http://ca.example.org:4501/lets-encrypt-crls/6762885421992935/", 163 "location": { 164 "configFile": "test/certs/webpki/int-rsa-b.pkcs11.json", 165 "certFile": "test/certs/webpki/int-rsa-b.cert.pem", 166 "numSessions": 2 167 } 168 }, 169 { 170 "active": false, 171 "crlShards": 10, 172 "issuerURL": "http://ca.example.org:4502/int-rsa-c", 173 "crlURLBase": "http://ca.example.org:4501/lets-encrypt-crls/56183656833365902/", 174 "location": { 175 "configFile": "test/certs/webpki/int-rsa-c.pkcs11.json", 176 "certFile": "test/certs/webpki/int-rsa-c.cert.pem", 177 "numSessions": 2 178 } 179 } 180 ] 181 }, 182 "serialPrefixHex": "6e", 183 "maxNames": 100, 184 "goodkey": {}, 185 "ocspLogMaxLength": 4000, 186 "ctLogListFile": "test/ct-test-srv/log_list.json", 187 "features": {} 188 }, 189 "pa": { 190 "challenges": { 191 "http-01": true, 192 "dns-01": true, 193 "tls-alpn-01": true 194 }, 195 "identifiers": { 196 "dns": true, 197 "ip": true 198 } 199 }, 200 "syslog": { 201 "stdoutlevel": 4, 202 "sysloglevel": -1 203 }, 204 "openTelemetry": { 205 "endpoint": "bjaeger:4317", 206 "sampleratio": 1 207 } 208 }