119 lines
3.0 KiB
JSON
119 lines
3.0 KiB
JSON
{
|
|
"root": "/var/lib/step-ca/certs/root_ca.crt",
|
|
"federatedRoots": null,
|
|
"crt": "/var/lib/step-ca/certs/intermediate_ca.crt",
|
|
"key": "/var/lib/step-ca/secrets/intermediate_ca_key",
|
|
"address": ":443",
|
|
"insecureAddress": "",
|
|
"dnsNames": [
|
|
"10.69.13.12"
|
|
],
|
|
"ssh": {
|
|
"hostKey": "/var/lib/step-ca/secrets/ssh_host_ca_key",
|
|
"userKey": "/var/lib/step-ca/secrets/ssh_user_ca_key"
|
|
},
|
|
"logger": {
|
|
"format": "text"
|
|
},
|
|
"db": {
|
|
"type": "badgerv2",
|
|
"dataSource": "/var/lib/step-ca/db",
|
|
"badgerFileLoadingMode": ""
|
|
},
|
|
"authority": {
|
|
"provisioners": [
|
|
{
|
|
"type": "JWK",
|
|
"name": "ca@home.2rjus.net",
|
|
"key": {
|
|
"use": "sig",
|
|
"kty": "EC",
|
|
"kid": "CIjtIe7FNhsNQe1qKGD9Rpj-lrf2ExyTYCXAOd3YDjE",
|
|
"crv": "P-256",
|
|
"alg": "ES256",
|
|
"x": "XRMX-BeobZ-R5-xb-E9YlaRjJUfd7JQxpscaF1NMgFo",
|
|
"y": "bF9xLp5-jywRD-MugMaOGbpbniPituWSLMlXRJnUUl0"
|
|
},
|
|
"encryptedKey": "eyJhbGciOiJQQkVTMi1IUzI1NitBMTI4S1ciLCJjdHkiOiJqd2sranNvbiIsImVuYyI6IkEyNTZHQ00iLCJwMmMiOjYwMDAwMCwicDJzIjoiY1lWOFJPb3lteXFLMWpzcS1WM1ZXQSJ9.WS8tPK-Q4gtnSsw7MhpTzYT_oi-SQx-CsRLh7KwdZnpACtd4YbcOYg.zeyDkmKRx8BIp-eB.OQ8c-KDW07gqJFtEMqHacRBkttrbJRRz0sYR47vQWDCoWhodaXsxM_Bj2pGvUrR26ij1t7irDeypnJoh6WXvUg3n_JaIUL4HgTwKSBrXZKTscXmY7YVmRMionhAb6oS9Jgus9K4QcFDHacC9_WgtGI7dnu3m0G7c-9Ur9dcDfROfyrnAByJp1rSZMzvriQr4t9bNYjDa8E8yu9zq6aAQqF0Xg_AxwiqYqesT-sdcfrxKS61appApRgPlAhW-uuzyY0wlWtsiyLaGlWM7WMfKdHsq-VqcVrI7Gi2i77vi7OqPEberqSt8D04tIri9S_sArKqWEDnBJsL07CC41IY.CqtYfbSa_wlmIsKgNj5u7g",
|
|
"claims": {
|
|
"enableSSHCA": true
|
|
}
|
|
},
|
|
{
|
|
"type": "ACME",
|
|
"name": "acme"
|
|
},
|
|
{
|
|
"type": "SSHPOP",
|
|
"name": "sshpop",
|
|
"claims": {
|
|
"enableSSHCA": true
|
|
}
|
|
}
|
|
]
|
|
},
|
|
"tls": {
|
|
"cipherSuites": [
|
|
"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256",
|
|
"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"
|
|
],
|
|
"minVersion": 1.2,
|
|
"maxVersion": 1.3,
|
|
"renegotiation": false
|
|
},
|
|
"templates": {
|
|
"ssh": {
|
|
"user": [
|
|
{
|
|
"name": "config.tpl",
|
|
"type": "snippet",
|
|
"template": "templates/ssh/config.tpl",
|
|
"path": "~/.ssh/config",
|
|
"comment": "#"
|
|
},
|
|
{
|
|
"name": "step_includes.tpl",
|
|
"type": "prepend-line",
|
|
"template": "templates/ssh/step_includes.tpl",
|
|
"path": "${STEPPATH}/ssh/includes",
|
|
"comment": "#"
|
|
},
|
|
{
|
|
"name": "step_config.tpl",
|
|
"type": "file",
|
|
"template": "templates/ssh/step_config.tpl",
|
|
"path": "ssh/config",
|
|
"comment": "#"
|
|
},
|
|
{
|
|
"name": "known_hosts.tpl",
|
|
"type": "file",
|
|
"template": "templates/ssh/known_hosts.tpl",
|
|
"path": "ssh/known_hosts",
|
|
"comment": "#"
|
|
}
|
|
],
|
|
"host": [
|
|
{
|
|
"name": "sshd_config.tpl",
|
|
"type": "snippet",
|
|
"template": "templates/ssh/sshd_config.tpl",
|
|
"path": "/etc/ssh/sshd_config",
|
|
"comment": "#",
|
|
"requires": [
|
|
"Certificate",
|
|
"Key"
|
|
]
|
|
},
|
|
{
|
|
"name": "ca.tpl",
|
|
"type": "snippet",
|
|
"template": "templates/ssh/ca.tpl",
|
|
"path": "/etc/ssh/ca.pub",
|
|
"comment": "#"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
}
|