Update to 2021-12-01 19:13

2025-08-10 18:46:59 +02:00 · 2021-12-01 19:13:34 +01:00
commit 4c4556c660
2153 changed files with 60999 additions and 0 deletions
--- a/roles/openxpki/templates/config.d/realm/scep/scep-server.yaml.j2
+++ b/roles/openxpki/templates/config.d/realm/scep/scep-server.yaml.j2
@@ -0,0 +1,60 @@
+renewal:
+  notbefore: 000014
+  notafter: 0
+
+revoke_on_replace:
+  reason_code: keyCompromise
+  delay_revocation_time: +000014
+
+
+workflow:
+  type: certificate_enroll
+  param:
+    transaction_id: transaction_id
+    signer_cert: signer_cert
+    pkcs10: pkcs10
+    _url_params: url_params
+
+key_size:
+  rsaEncryption: 1020-4096
+
+hash_type:
+  - sha1
+  - sha256
+  - sha512
+
+authorized_signer:
+  rule1:
+    subject: CN=.+:scepclient,.*
+  rule2:
+    subject: CN=.+:pkiclient,.*
+
+policy:
+  allow_man_authen: 1
+  allow_anon_enroll: 0
+  allow_man_approv: 1
+  allow_eligibility_recheck: 0
+  approval_points: 1
+  max_active_certs: 1
+  allow_expired_signer: 0
+  auto_revoke_existing_certs: 1
+  allow_replace: 1
+
+response:
+  getcacert_strip_root: 1
+
+profile:
+  cert_profile: {{ item.0.scep.profile }}
+  cert_subject_style: enroll
+
+profile_map:
+  pc-client: I18N_OPENXPKI_PROFILE_USER_AUTHENTICATION
+
+hmac: "{{ item.0.scep.hmac | default(pki_scep_hmac) }}"
+
+challenge:
+  value: "{{ item.0.scep.challenge | default(pki_scep_challenge) }}"
+
+eligible:
+  renewal:
+   value: 1