# -*- coding: utf-8 -*-
# vim: ft=yaml
---

x509_signing_policies:
  host:
    #- minions: 'host'
    - signing_private_key: /etc/pki/ca.key
    - signing_cert: /etc/pki/ca.crt
    - C: DE
    - ST: Berlin
    - L: Berlin
    - basicConstraints: "critical CA:false"
    - keyUsage: "nonRepudiation, digitalSignature, keyEncipherment, keyAgreement"
    - extendedKeyUsage: "serverAuth, clientAuth"
    - subjectKeyIdentifier: hash
    - authorityKeyIdentifier: keyid,issuer:always
    - days_valid: 365
    - copypath: /etc/pki/issued_certs/