Skip to main content

テンプレート例

クライアント認証用証明書

TLS 証明書

{
  "issue_types": [
    "client_authentication"
  ],
  "cert_type": "end_entity",
  "signature_algorithm": {
    "allowed_algorithms": [
      "sha256WithRSA",
      "sha384WithRSA",
      "sha512WithRSA",
      "sha256WithECDSA",
      "sha384WithECDSA",
      "sha512WithECDSA",
      "match_issuer"
    ],
    "default_algorithm":
"match_issuer"
  },
  "subject": {
    "attributes": [
      {
        "type": "common_name",
        "include": "optional",
        "encoding": "auto",
        "allowed_source": [
          "csr",
          "fixed_value",
          "user_supplied"
        ] 
      },
      {
        "type": "organization_name",
        "include": "optional",
        "encoding": "auto",
        "allowed_source": [
          "csr",
          "fixed_value",
          "user_supplied"
        ] 
      },
      {
        "type": "organization_unit",
        "include": "optional",
        "encoding": "auto",
        "allowed_source": [
          "csr",
          "fixed_value",
          "user_supplied"
        ] 
      },
      {
      "type": "street_address",
      "include": "optional",
      "encoding": "auto",
      "allowed_source": [
        "csr",
        "fixed_value",
        "user_supplied"
      ] 
    },
    {
      "type": "postal_code",
      "include": "optional",
      "encoding": "auto",
      "allowed_source": [
        "csr",
        "fixed_value",
        "user_supplied"
      ] 
    },
    {
      "type": "locality",
      "include": "optional",
      "encoding": "auto",
      "allowed_source": [
        "csr",
        "fixed_value",
        "user_supplied"
      ] 
    },
    {
      "type": "state",
      "include": "optional",
      "encoding": "auto",
      "allowed_source": [
        "csr",
        "fixed_value",
        "user_supplied"
      ] 
    },
    {
      "type": "country",
      "include": "optional",
      "encoding": "auto",
      "allowed_source": [
        "csr",
        "fixed_value",
        "user_supplied"
      ] 
    },
    {
      "type": "email",
      "include": "optional",
      "encoding": "auto",
      "allowed_source": [
        "csr",
        "fixed_value",
        "user_supplied"
      ]
    } 
  ]
},
"extensions": {
  "key_usage": {
    "critical": true,
    "required_usages": {
      "rsa": [
        "digital_signature",
        "key_encipherment"
      ], 
      "ecdsa": [
        "digital_signature"
      ]
    },
    "optional_usages": {
      "rsa": [
        "data_encipherment"
      ], 
      "ecdsa": [
        "key_agreement"
      ]
    } 
  },
  "extended_key_usage": {
    "critical": true,
    "required_usages": [
      { 
        "oid":
"client_authentication",
        "name": "Client
Authentication"
        }
      ],
      "optional_usages": [
        {
          "oid": "1.2.3.4",
          "name": "Custom Extension"
        } 
      ]
    } 
},
"renewal_settings": {
  "renew_valid_cert": "anytime",
  "renew_expired_cert": "anytime",
  "renew_revoked_cert": true,
  "renewal_key_pair": "optional",
"allow_override_renewal_key_pair":
true
  },
  "serial_number_size": 20,
  "validity": {
    "min_duration": {
      "value": 1,
      "unit": "days"
    },
    "max_duration": {
      "value": 10,
      "unit": "years"
    },
    "default_duration": {
      "min": {
        "value": 1,
        "unit": "years"
      },
      "max": {
        "value": 10,
        "unit": "years"
      } 
    }
  } 
}
{
  "issue_types": [
    "server_authentication",
    "client_authentication"
  ],
  "cert_type": "end_entity",
  "signature_algorithm": {
    "allowed_algorithms": [
      "sha256WithRSA",
      "sha384WithRSA",
      "sha512WithRSA",
      "sha256WithECDSA",
      "sha384WithECDSA",
      "sha512WithECDSA",
      "match_issuer"
    ],
    "default_algorithm":
"match_issuer"
  },
  "subject": {
    "attributes": [
      {
        "type": "common_name",
        "include": "optional",
        "encoding": "auto",
        "allowed_source": [
          "csr",
          "fixed_value",
          "user_supplied"
        ] 
      },
      {
        "type": "organization_name",
        "include": "optional",
        "encoding": "auto",
        "allowed_source": [
          "csr",
          "fixed_value",
          "user_supplied"
        ] 
      },
      {
        "type": "organization_unit",
        "include": "optional",
        "encoding": "auto",
        "allowed_source": [
          "csr",
          "fixed_value",
          "user_supplied"
        ] 
      },
      {
        "type": "street_address",
        "include": "optional",
        "encoding": "auto",
        "allowed_source": [
          "csr",
          "fixed_value",
          "user_supplied"
        ] 
      },
      {
        "type": "postal_code",
        "include": "optional",
        "encoding": "auto",
        "allowed_source": [
          "csr",
          "fixed_value",
          "user_supplied"
        ]   
      },
      {
        "type": "locality",
        "include": "optional",
        "encoding": "auto",
        "allowed_source": [
          "csr",
          "fixed_value",
          "user_supplied"
        ] 
      },
      {
        "type": "state",
        "include": "optional",
        "encoding": "auto",
        "allowed_source": [
          "csr",
          "fixed_value",
          "user_supplied"
        ] 
      },
      {
        "type": "country",
        "include": "optional",
        "encoding": "auto",
        "allowed_source": [
          "csr",
          "fixed_value",
          "user_supplied"
        ] 
      },
      {
        "type": "email",
        "include": "optional"
        "encoding": "auto",
        "allowed_source": [
          "csr",
          "fixed_value",
          "user_supplied"
        ] 
      }
    ] 
  },
  "extensions": {
    "key_usage": {
      "critical": true,
      "allow_critical_override":
true,
      "required_usages": {
        "rsa": [
          "digital_signature",
          "key_encipherment"
        ],
        "ecdsa": [
          "digital_signature",
          "key_agreement"
        ] 
      },
      "optional_usages": {
        "rsa": [
          "digital_signature",
          "key_encipherment"
        ],
        "ecdsa": [
          "digital_signature",
          "key_agreement"
        ] 
      }
    },
    "extended_key_usage": {
      "critical": true,
      "allow_critical_override":
true,
      "required_usages": [
        {
          "oid":
"server_authentication",
          "name": "" 
        },
        { 
          "oid":
"client_authentication",
          "name": ""
        } 
      ]
    }, 
    "san": {
ABC
      "critical": false,
      "dns_name": {
        "include": "no",
        "auto_include_cn": "no",
        "allowed_source": [
          "csr",
          "fixed_value",
          "user_supplied"
        ] 
      }
    } 
  },
  "renewal_settings": {
    "renew_valid_cert": "anytime",
    "renew_expired_cert": "anytime",
    "renew_revoked_cert": true,
    "renewal_key_pair": "optional",
"allow_override_renewal_key_pair":
true
  },
  "serial_number_size": 20,
  "validity": {
    "min_duration": {
      "value": 1,
      "unit": "days"
    },
    "max_duration": {
      "value": 10,
      "unit": "years"
    },
    "default_duration": {
      "min": {
        "value": 1,
        "unit": "days"
      },
      "max": {
        "value": 10,
        "unit": "years"
      } 
    }
  } 
}