github.com/letsencrypt/boulder@v0.20251208.0/test/config/ca.json (about) 1 { 2 "ca": { 3 "tls": { 4 "caCertFile": "test/certs/ipki/minica.pem", 5 "certFile": "test/certs/ipki/ca.boulder/cert.pem", 6 "keyFile": "test/certs/ipki/ca.boulder/key.pem" 7 }, 8 "hostnamePolicyFile": "test/ident-policy.yaml", 9 "grpcCA": { 10 "maxConnectionAge": "30s", 11 "address": ":9093", 12 "services": { 13 "ca.CertificateAuthority": { 14 "clientNames": [ 15 "ra.boulder" 16 ] 17 }, 18 "ca.CRLGenerator": { 19 "clientNames": [ 20 "crl-updater.boulder" 21 ] 22 }, 23 "grpc.health.v1.Health": { 24 "clientNames": [ 25 "health-checker.boulder" 26 ] 27 } 28 } 29 }, 30 "sctService": { 31 "dnsAuthority": "consul.service.consul", 32 "srvLookup": { 33 "service": "ra-sct-provider", 34 "domain": "service.consul" 35 }, 36 "timeout": "15s", 37 "noWaitForReady": true, 38 "hostOverride": "ra.boulder" 39 }, 40 "saService": { 41 "dnsAuthority": "consul.service.consul", 42 "srvLookup": { 43 "service": "sa", 44 "domain": "service.consul" 45 }, 46 "timeout": "15s", 47 "noWaitForReady": true, 48 "hostOverride": "sa.boulder" 49 }, 50 "issuance": { 51 "certProfiles": { 52 "legacy": { 53 "omitCommonName": false, 54 "omitKeyEncipherment": false, 55 "omitClientAuth": false, 56 "omitSKID": false, 57 "maxValidityPeriod": "7776000s", 58 "maxValidityBackdate": "1h5m", 59 "lintConfig": "test/config-next/zlint.toml", 60 "ignoredLints": [ 61 "w_subject_common_name_included", 62 "e_dnsname_not_valid_tld", 63 "w_ext_subject_key_identifier_not_recommended_subscriber" 64 ] 65 }, 66 "shortlived": { 67 "omitCommonName": true, 68 "omitKeyEncipherment": true, 69 "omitClientAuth": true, 70 "omitSKID": true, 71 "maxValidityPeriod": "160h", 72 "maxValidityBackdate": "1h5m", 73 "lintConfig": "test/config-next/zlint.toml", 74 "ignoredLints": [ 75 "w_ext_subject_key_identifier_missing_sub_cert", 76 "e_dnsname_not_valid_tld" 77 ] 78 }, 79 "modern": { 80 "omitCommonName": true, 81 "omitKeyEncipherment": true, 82 "omitClientAuth": true, 83 "omitSKID": true, 84 "maxValidityPeriod": "583200s", 85 "maxValidityBackdate": "1h5m", 86 "lintConfig": "test/config-next/zlint.toml", 87 "ignoredLints": [ 88 "w_ext_subject_key_identifier_missing_sub_cert", 89 "e_dnsname_not_valid_tld" 90 ] 91 } 92 }, 93 "crlProfile": { 94 "validityInterval": "216h", 95 "maxBackdate": "1h5m", 96 "lintConfig": "test/config/zlint.toml" 97 }, 98 "issuers": [ 99 { 100 "active": true, 101 "profiles": [ 102 "legacy" 103 ], 104 "crlShards": 10, 105 "issuerURL": "http://ca.example.org:4502/int-ecdsa-a", 106 "crlURLBase": "http://ca.example.org:4501/lets-encrypt-crls/43104258997432926/", 107 "location": { 108 "configFile": "test/certs/webpki/int-ecdsa-a.pkcs11.json", 109 "certFile": "test/certs/webpki/int-ecdsa-a.cert.pem", 110 "numSessions": 2 111 } 112 }, 113 { 114 "active": true, 115 "profiles": [ 116 "legacy", 117 "modern", 118 "shortlived" 119 ], 120 "crlShards": 10, 121 "issuerURL": "http://ca.example.org:4502/int-ecdsa-b", 122 "crlURLBase": "http://ca.example.org:4501/lets-encrypt-crls/17302365692836921/", 123 "location": { 124 "configFile": "test/certs/webpki/int-ecdsa-b.pkcs11.json", 125 "certFile": "test/certs/webpki/int-ecdsa-b.cert.pem", 126 "numSessions": 2 127 } 128 }, 129 { 130 "active": false, 131 "crlShards": 10, 132 "issuerURL": "http://ca.example.org:4502/int-ecdsa-c", 133 "crlURLBase": "http://ca.example.org:4501/lets-encrypt-crls/56560759852043581/", 134 "location": { 135 "configFile": "test/certs/webpki/int-ecdsa-c.pkcs11.json", 136 "certFile": "test/certs/webpki/int-ecdsa-c.cert.pem", 137 "numSessions": 2 138 } 139 }, 140 { 141 "active": true, 142 "profiles": [ 143 "legacy" 144 ], 145 "crlShards": 10, 146 "issuerURL": "http://ca.example.org:4502/int-rsa-a", 147 "crlURLBase": "http://ca.example.org:4501/lets-encrypt-crls/29947985078257530/", 148 "location": { 149 "configFile": "test/certs/webpki/int-rsa-a.pkcs11.json", 150 "certFile": "test/certs/webpki/int-rsa-a.cert.pem", 151 "numSessions": 2 152 } 153 }, 154 { 155 "active": true, 156 "profiles": [ 157 "legacy", 158 "modern", 159 "shortlived" 160 ], 161 "crlShards": 10, 162 "issuerURL": "http://ca.example.org:4502/int-rsa-b", 163 "crlURLBase": "http://ca.example.org:4501/lets-encrypt-crls/6762885421992935/", 164 "location": { 165 "configFile": "test/certs/webpki/int-rsa-b.pkcs11.json", 166 "certFile": "test/certs/webpki/int-rsa-b.cert.pem", 167 "numSessions": 2 168 } 169 }, 170 { 171 "active": false, 172 "crlShards": 10, 173 "issuerURL": "http://ca.example.org:4502/int-rsa-c", 174 "crlURLBase": "http://ca.example.org:4501/lets-encrypt-crls/56183656833365902/", 175 "location": { 176 "configFile": "test/certs/webpki/int-rsa-c.pkcs11.json", 177 "certFile": "test/certs/webpki/int-rsa-c.cert.pem", 178 "numSessions": 2 179 } 180 } 181 ] 182 }, 183 "serialPrefixHex": "6e", 184 "maxNames": 100, 185 "goodkey": {}, 186 "ocspLogMaxLength": 4000, 187 "ctLogListFile": "test/ct-test-srv/log_list.json", 188 "features": {} 189 }, 190 "pa": { 191 "challenges": { 192 "http-01": true, 193 "dns-01": true, 194 "tls-alpn-01": true 195 }, 196 "identifiers": { 197 "dns": true, 198 "ip": true 199 } 200 }, 201 "syslog": { 202 "stdoutlevel": 4, 203 "sysloglevel": 4 204 } 205 }