ca_key_types:
  - { name: rsa2048, type: RSA, size: 2048 }
  - { name: ecc384, type: ECC, curve: secp384r1, digest: sha384 }

ca_key_names: "{{ ca_key_types | map(attribute='name') | list }}"

ca_default_items:
  - { type: ecc384 }
  - { type: rsa2048 }

ca_dir: /etc/ca

ca_rp: root-
ca_ip: inter-
ca_crt_ext: crt
ca_key_ext: key
ca_csr_ext: csr
ca_pfx_ext: pfx

# when to start to reissue certs
ca_reissue_period: 8w

ca_options: {}

crl_last_update_time: +8w
crl_next_update_time: +24w
crl_dir: /opt/crl