テンプレート例
クライアント認証用証明書 | TLS 証明書 |
---|---|
{ "issue_types": [ "client_authentication" ], "cert_type": "end_entity", "signature_algorithm": { "allowed_algorithms": [ "sha256WithRSA", "sha384WithRSA", "sha512WithRSA", "sha256WithECDSA", "sha384WithECDSA", "sha512WithECDSA", "match_issuer" ], "default_algorithm": "match_issuer" }, "subject": { "attributes": [ { "type": "common_name", "include": "optional", "encoding": "auto", "allowed_source": [ "csr", "fixed_value", "user_supplied" ] }, { "type": "organization_name", "include": "optional", "encoding": "auto", "allowed_source": [ "csr", "fixed_value", "user_supplied" ] }, { "type": "organization_unit", "include": "optional", "encoding": "auto", "allowed_source": [ "csr", "fixed_value", "user_supplied" ] }, { "type": "street_address", "include": "optional", "encoding": "auto", "allowed_source": [ "csr", "fixed_value", "user_supplied" ] }, { "type": "postal_code", "include": "optional", "encoding": "auto", "allowed_source": [ "csr", "fixed_value", "user_supplied" ] }, { "type": "locality", "include": "optional", "encoding": "auto", "allowed_source": [ "csr", "fixed_value", "user_supplied" ] }, { "type": "state", "include": "optional", "encoding": "auto", "allowed_source": [ "csr", "fixed_value", "user_supplied" ] }, { "type": "country", "include": "optional", "encoding": "auto", "allowed_source": [ "csr", "fixed_value", "user_supplied" ] }, { "type": "email", "include": "optional", "encoding": "auto", "allowed_source": [ "csr", "fixed_value", "user_supplied" ] } ] }, "extensions": { "key_usage": { "critical": true, "required_usages": { "rsa": [ "digital_signature", "key_encipherment" ], "ecdsa": [ "digital_signature" ] }, "optional_usages": { "rsa": [ "data_encipherment" ], "ecdsa": [ "key_agreement" ] } }, "extended_key_usage": { "critical": true, "required_usages": [ { "oid": "client_authentication", "name": "Client Authentication" } ], "optional_usages": [ { "oid": "1.2.3.4", "name": "Custom Extension" } ] } }, "renewal_settings": { "renew_valid_cert": "anytime", "renew_expired_cert": "anytime", "renew_revoked_cert": true, "renewal_key_pair": "optional", "allow_override_renewal_key_pair": true }, "serial_number_size": 20, "validity": { "min_duration": { "value": 1, "unit": "days" }, "max_duration": { "value": 10, "unit": "years" }, "default_duration": { "min": { "value": 1, "unit": "years" }, "max": { "value": 10, "unit": "years" } } } } | { "issue_types": [ "server_authentication", "client_authentication" ], "cert_type": "end_entity", "signature_algorithm": { "allowed_algorithms": [ "sha256WithRSA", "sha384WithRSA", "sha512WithRSA", "sha256WithECDSA", "sha384WithECDSA", "sha512WithECDSA", "match_issuer" ], "default_algorithm": "match_issuer" }, "subject": { "attributes": [ { "type": "common_name", "include": "optional", "encoding": "auto", "allowed_source": [ "csr", "fixed_value", "user_supplied" ] }, { "type": "organization_name", "include": "optional", "encoding": "auto", "allowed_source": [ "csr", "fixed_value", "user_supplied" ] }, { "type": "organization_unit", "include": "optional", "encoding": "auto", "allowed_source": [ "csr", "fixed_value", "user_supplied" ] }, { "type": "street_address", "include": "optional", "encoding": "auto", "allowed_source": [ "csr", "fixed_value", "user_supplied" ] }, { "type": "postal_code", "include": "optional", "encoding": "auto", "allowed_source": [ "csr", "fixed_value", "user_supplied" ] }, { "type": "locality", "include": "optional", "encoding": "auto", "allowed_source": [ "csr", "fixed_value", "user_supplied" ] }, { "type": "state", "include": "optional", "encoding": "auto", "allowed_source": [ "csr", "fixed_value", "user_supplied" ] }, { "type": "country", "include": "optional", "encoding": "auto", "allowed_source": [ "csr", "fixed_value", "user_supplied" ] }, { "type": "email", "include": "optional" "encoding": "auto", "allowed_source": [ "csr", "fixed_value", "user_supplied" ] } ] }, "extensions": { "key_usage": { "critical": true, "allow_critical_override": true, "required_usages": { "rsa": [ "digital_signature", "key_encipherment" ], "ecdsa": [ "digital_signature", "key_agreement" ] }, "optional_usages": { "rsa": [ "digital_signature", "key_encipherment" ], "ecdsa": [ "digital_signature", "key_agreement" ] } }, "extended_key_usage": { "critical": true, "allow_critical_override": true, "required_usages": [ { "oid": "server_authentication", "name": "" }, { "oid": "client_authentication", "name": "" } ] }, "san": { ABC "critical": false, "dns_name": { "include": "no", "auto_include_cn": "no", "allowed_source": [ "csr", "fixed_value", "user_supplied" ] } } }, "renewal_settings": { "renew_valid_cert": "anytime", "renew_expired_cert": "anytime", "renew_revoked_cert": true, "renewal_key_pair": "optional", "allow_override_renewal_key_pair": true }, "serial_number_size": 20, "validity": { "min_duration": { "value": 1, "unit": "days" }, "max_duration": { "value": 10, "unit": "years" }, "default_duration": { "min": { "value": 1, "unit": "days" }, "max": { "value": 10, "unit": "years" } } } } |