[{"data":1,"prerenderedAt":947},["ShallowReactive",2],{"navigation_docs":3,"-docs-guides-certificate-profiles":86,"-docs-guides-certificate-profiles-surround":942},[4,22,31,48,65],{"title":5,"path":6,"stem":7,"children":8,"page":21},"Api","\u002Fdocs\u002Fapi","docs\u002Fapi",[9,13,17],{"title":10,"path":11,"stem":12},"CLI Reference","\u002Fdocs\u002Fapi\u002Fcli-reference","docs\u002Fapi\u002F1.cli-reference",{"title":14,"path":15,"stem":16},"ZMQ Protocol Reference","\u002Fdocs\u002Fapi\u002Fzmq-protocol","docs\u002Fapi\u002F2.zmq-protocol",{"title":18,"path":19,"stem":20},"Error Codes","\u002Fdocs\u002Fapi\u002Ferror-codes","docs\u002Fapi\u002F3.error-codes",false,{"title":23,"path":24,"stem":25,"children":26,"page":21},"Community","\u002Fdocs\u002Fcommunity","docs\u002Fcommunity",[27],{"title":28,"path":29,"stem":30},"Contributing","\u002Fdocs\u002Fcommunity\u002Fcontributing","docs\u002Fcommunity\u002F1.contributing",{"title":32,"path":33,"stem":34,"children":35,"page":21},"Concepts","\u002Fdocs\u002Fconcepts","docs\u002Fconcepts",[36,40,44],{"title":37,"path":38,"stem":39},"Architecture","\u002Fdocs\u002Fconcepts\u002Farchitecture","docs\u002Fconcepts\u002F1.architecture",{"title":41,"path":42,"stem":43},"Certificate Lifecycle","\u002Fdocs\u002Fconcepts\u002Fcertificate-lifecycle","docs\u002Fconcepts\u002F2.certificate-lifecycle",{"title":45,"path":46,"stem":47},"Security Model","\u002Fdocs\u002Fconcepts\u002Fsecurity-model","docs\u002Fconcepts\u002F3.security-model",{"title":49,"path":50,"stem":51,"children":52,"page":21},"Getting Started","\u002Fdocs\u002Fgetting-started","docs\u002Fgetting-started",[53,57,61],{"title":54,"path":55,"stem":56},"Introduction","\u002Fdocs\u002Fgetting-started\u002Fintroduction","docs\u002Fgetting-started\u002F1.introduction",{"title":58,"path":59,"stem":60},"Installation","\u002Fdocs\u002Fgetting-started\u002Finstallation","docs\u002Fgetting-started\u002F2.installation",{"title":62,"path":63,"stem":64},"Quick Start","\u002Fdocs\u002Fgetting-started\u002Fquick-start","docs\u002Fgetting-started\u002F3.quick-start",{"title":66,"path":67,"stem":68,"children":69,"page":21},"Guides","\u002Fdocs\u002Fguides","docs\u002Fguides",[70,74,78,82],{"title":71,"path":72,"stem":73},"Configuration","\u002Fdocs\u002Fguides\u002Fconfiguration","docs\u002Fguides\u002F1.configuration",{"title":75,"path":76,"stem":77},"Certificate Profiles","\u002Fdocs\u002Fguides\u002Fcertificate-profiles","docs\u002Fguides\u002F2.certificate-profiles",{"title":79,"path":80,"stem":81},"Docker Deployment","\u002Fdocs\u002Fguides\u002Fdocker-deployment","docs\u002Fguides\u002F3.docker-deployment",{"title":83,"path":84,"stem":85},"Importing an Existing CA","\u002Fdocs\u002Fguides\u002Fimporting-existing-ca","docs\u002Fguides\u002F4.importing-existing-ca",{"id":87,"title":75,"body":88,"description":935,"extension":936,"links":937,"meta":938,"navigation":939,"path":76,"seo":940,"stem":77,"__hash__":941},"docs\u002Fdocs\u002Fguides\u002F2.certificate-profiles.md",{"type":89,"value":90,"toc":927},"minimark",[91,95,99,104,307,311,322,515,519,575,578,711,715,783,787,793,902,912,916,923],[92,93,75],"h1",{"id":94},"certificate-profiles",[96,97,98],"p",{},"Profiles define the cryptographic parameters and X.509 extensions applied to issued certificates. uPKI CA ships with 7 built-in profiles covering the most common use cases.",[100,101,103],"h2",{"id":102},"built-in-profiles","Built-in profiles",[105,106,107,129],"table",{},[108,109,110],"thead",{},[111,112,113,117,120,123,126],"tr",{},[114,115,116],"th",{},"Profile",[114,118,119],{},"Type",[114,121,122],{},"Default Validity",[114,124,125],{},"Key Usage",[114,127,128],{},"Extended Key Usage",[130,131,132,161,191,215,240,266,286],"tbody",{},[111,133,134,141,146,149,158],{},[135,136,137],"td",{},[138,139,140],"code",{},"ca",[135,142,143],{},[138,144,145],{},"sslCA",[135,147,148],{},"10 years",[135,150,151,154,155],{},[138,152,153],{},"keyCertSign",", ",[138,156,157],{},"cRLSign",[135,159,160],{},"—",[111,162,163,168,172,175,183],{},[135,164,165],{},[138,166,167],{},"ra",[135,169,170],{},[138,171,145],{},[135,173,174],{},"1 year",[135,176,177,154,180],{},[138,178,179],{},"digitalSignature",[138,181,182],{},"keyEncipherment",[135,184,185,154,188],{},[138,186,187],{},"serverAuth",[138,189,190],{},"clientAuth",[111,192,193,198,202,205,211],{},[135,194,195],{},[138,196,197],{},"server",[135,199,200],{},[138,201,197],{},[135,203,204],{},"60 days",[135,206,207,154,209],{},[138,208,179],{},[138,210,182],{},[135,212,213],{},[138,214,187],{},[111,216,217,222,226,228,234],{},[135,218,219],{},[138,220,221],{},"webapp",[135,223,224],{},[138,225,197],{},[135,227,204],{},[135,229,230,154,232],{},[138,231,179],{},[138,233,182],{},[135,235,236,154,238],{},[138,237,187],{},[138,239,190],{},[111,241,242,247,252,255,259],{},[135,243,244],{},[138,245,246],{},"laptop",[135,248,249],{},[138,250,251],{},"user",[135,253,254],{},"30 days",[135,256,257],{},[138,258,179],{},[135,260,261,154,263],{},[138,262,190],{},[138,264,265],{},"emailProtection",[111,267,268,272,276,278,282],{},[135,269,270],{},[138,271,251],{},[135,273,274],{},[138,275,251],{},[135,277,254],{},[135,279,280],{},[138,281,179],{},[135,283,284],{},[138,285,190],{},[111,287,288,293,297,299,303],{},[135,289,290],{},[138,291,292],{},"admin",[135,294,295],{},[138,296,251],{},[135,298,174],{},[135,300,301],{},[138,302,179],{},[135,304,305],{},[138,306,190],{},[100,308,310],{"id":309},"profile-yaml-format","Profile YAML format",[96,312,313,314,317,318,321],{},"Profiles are stored as YAML files in ",[138,315,316],{},"$UPKI_DATA_DIR\u002Fprofiles\u002F",". To create a custom profile, drop a ",[138,319,320],{},".yml"," file in that directory:",[323,324,329],"pre",{"className":325,"code":326,"language":327,"meta":328,"style":328},"language-yaml shiki shiki-themes material-theme-lighter material-theme material-theme-palenight","# profiles\u002Fiot-device.yml\nname: iot-device\ntype: user\nvalidity: 365 # days\nkey_type: rsa\nkey_length: 2048\ndigest: sha256\nca: false\nkey_usage:\n  - digitalSignature\n  - keyEncipherment\nextended_key_usage:\n  - clientAuth\nsubject_alt_name:\n  - email: false\n  - dns: false\n  - ip: true # allow IP SANs for IoT devices\n","yaml","",[138,330,331,340,355,366,381,392,403,414,425,434,443,451,459,467,475,487,499],{"__ignoreMap":328},[332,333,336],"span",{"class":334,"line":335},"line",1,[332,337,339],{"class":338},"sHwdD","# profiles\u002Fiot-device.yml\n",[332,341,343,347,351],{"class":334,"line":342},2,[332,344,346],{"class":345},"swJcz","name",[332,348,350],{"class":349},"sMK4o",":",[332,352,354],{"class":353},"sfazB"," iot-device\n",[332,356,358,361,363],{"class":334,"line":357},3,[332,359,360],{"class":345},"type",[332,362,350],{"class":349},[332,364,365],{"class":353}," user\n",[332,367,369,372,374,378],{"class":334,"line":368},4,[332,370,371],{"class":345},"validity",[332,373,350],{"class":349},[332,375,377],{"class":376},"sbssI"," 365",[332,379,380],{"class":338}," # days\n",[332,382,384,387,389],{"class":334,"line":383},5,[332,385,386],{"class":345},"key_type",[332,388,350],{"class":349},[332,390,391],{"class":353}," rsa\n",[332,393,395,398,400],{"class":334,"line":394},6,[332,396,397],{"class":345},"key_length",[332,399,350],{"class":349},[332,401,402],{"class":376}," 2048\n",[332,404,406,409,411],{"class":334,"line":405},7,[332,407,408],{"class":345},"digest",[332,410,350],{"class":349},[332,412,413],{"class":353}," sha256\n",[332,415,417,419,421],{"class":334,"line":416},8,[332,418,140],{"class":345},[332,420,350],{"class":349},[332,422,424],{"class":423},"sfNiH"," false\n",[332,426,428,431],{"class":334,"line":427},9,[332,429,430],{"class":345},"key_usage",[332,432,433],{"class":349},":\n",[332,435,437,440],{"class":334,"line":436},10,[332,438,439],{"class":349},"  -",[332,441,442],{"class":353}," digitalSignature\n",[332,444,446,448],{"class":334,"line":445},11,[332,447,439],{"class":349},[332,449,450],{"class":353}," keyEncipherment\n",[332,452,454,457],{"class":334,"line":453},12,[332,455,456],{"class":345},"extended_key_usage",[332,458,433],{"class":349},[332,460,462,464],{"class":334,"line":461},13,[332,463,439],{"class":349},[332,465,466],{"class":353}," clientAuth\n",[332,468,470,473],{"class":334,"line":469},14,[332,471,472],{"class":345},"subject_alt_name",[332,474,433],{"class":349},[332,476,478,480,483,485],{"class":334,"line":477},15,[332,479,439],{"class":349},[332,481,482],{"class":345}," email",[332,484,350],{"class":349},[332,486,424],{"class":423},[332,488,490,492,495,497],{"class":334,"line":489},16,[332,491,439],{"class":349},[332,493,494],{"class":345}," dns",[332,496,350],{"class":349},[332,498,424],{"class":423},[332,500,502,504,507,509,512],{"class":334,"line":501},17,[332,503,439],{"class":349},[332,505,506],{"class":345}," ip",[332,508,350],{"class":349},[332,510,511],{"class":423}," true",[332,513,514],{"class":338}," # allow IP SANs for IoT devices\n",[100,516,518],{"id":517},"listing-profiles-via-zmq","Listing profiles via ZMQ",[323,520,524],{"className":521,"code":522,"language":523,"meta":328,"style":328},"language-json shiki shiki-themes material-theme-lighter material-theme material-theme-palenight","{\n  \"TASK\": \"list_profiles\",\n  \"params\": {}\n}\n","json",[138,525,526,531,556,570],{"__ignoreMap":328},[332,527,528],{"class":334,"line":335},[332,529,530],{"class":349},"{\n",[332,532,533,536,540,543,545,548,551,553],{"class":334,"line":342},[332,534,535],{"class":349},"  \"",[332,537,539],{"class":538},"spNyl","TASK",[332,541,542],{"class":349},"\"",[332,544,350],{"class":349},[332,546,547],{"class":349}," \"",[332,549,550],{"class":353},"list_profiles",[332,552,542],{"class":349},[332,554,555],{"class":349},",\n",[332,557,558,560,563,565,567],{"class":334,"line":357},[332,559,535],{"class":349},[332,561,562],{"class":538},"params",[332,564,542],{"class":349},[332,566,350],{"class":349},[332,568,569],{"class":349}," {}\n",[332,571,572],{"class":334,"line":368},[332,573,574],{"class":349},"}\n",[96,576,577],{},"Response:",[323,579,581],{"className":521,"code":580,"language":523,"meta":328,"style":328},"{\n  \"EVENT\": \"ANSWER\",\n  \"DATA\": [\n    \"ca\",\n    \"ra\",\n    \"server\",\n    \"webapp\",\n    \"laptop\",\n    \"user\",\n    \"admin\",\n    \"iot-device\"\n  ]\n}\n",[138,582,583,587,607,621,632,642,652,662,672,682,692,702,707],{"__ignoreMap":328},[332,584,585],{"class":334,"line":335},[332,586,530],{"class":349},[332,588,589,591,594,596,598,600,603,605],{"class":334,"line":342},[332,590,535],{"class":349},[332,592,593],{"class":538},"EVENT",[332,595,542],{"class":349},[332,597,350],{"class":349},[332,599,547],{"class":349},[332,601,602],{"class":353},"ANSWER",[332,604,542],{"class":349},[332,606,555],{"class":349},[332,608,609,611,614,616,618],{"class":334,"line":357},[332,610,535],{"class":349},[332,612,613],{"class":538},"DATA",[332,615,542],{"class":349},[332,617,350],{"class":349},[332,619,620],{"class":349}," [\n",[332,622,623,626,628,630],{"class":334,"line":368},[332,624,625],{"class":349},"    \"",[332,627,140],{"class":353},[332,629,542],{"class":349},[332,631,555],{"class":349},[332,633,634,636,638,640],{"class":334,"line":383},[332,635,625],{"class":349},[332,637,167],{"class":353},[332,639,542],{"class":349},[332,641,555],{"class":349},[332,643,644,646,648,650],{"class":334,"line":394},[332,645,625],{"class":349},[332,647,197],{"class":353},[332,649,542],{"class":349},[332,651,555],{"class":349},[332,653,654,656,658,660],{"class":334,"line":405},[332,655,625],{"class":349},[332,657,221],{"class":353},[332,659,542],{"class":349},[332,661,555],{"class":349},[332,663,664,666,668,670],{"class":334,"line":416},[332,665,625],{"class":349},[332,667,246],{"class":353},[332,669,542],{"class":349},[332,671,555],{"class":349},[332,673,674,676,678,680],{"class":334,"line":427},[332,675,625],{"class":349},[332,677,251],{"class":353},[332,679,542],{"class":349},[332,681,555],{"class":349},[332,683,684,686,688,690],{"class":334,"line":436},[332,685,625],{"class":349},[332,687,292],{"class":353},[332,689,542],{"class":349},[332,691,555],{"class":349},[332,693,694,696,699],{"class":334,"line":445},[332,695,625],{"class":349},[332,697,698],{"class":353},"iot-device",[332,700,701],{"class":349},"\"\n",[332,703,704],{"class":334,"line":453},[332,705,706],{"class":349},"  ]\n",[332,708,709],{"class":334,"line":461},[332,710,574],{"class":349},[100,712,714],{"id":713},"getting-a-profile-details","Getting a profile details",[323,716,718],{"className":521,"code":717,"language":523,"meta":328,"style":328},"{\n  \"TASK\": \"get_profile\",\n  \"params\": {\n    \"profile\": \"server\"\n  }\n}\n",[138,719,720,724,743,756,774,779],{"__ignoreMap":328},[332,721,722],{"class":334,"line":335},[332,723,530],{"class":349},[332,725,726,728,730,732,734,736,739,741],{"class":334,"line":342},[332,727,535],{"class":349},[332,729,539],{"class":538},[332,731,542],{"class":349},[332,733,350],{"class":349},[332,735,547],{"class":349},[332,737,738],{"class":353},"get_profile",[332,740,542],{"class":349},[332,742,555],{"class":349},[332,744,745,747,749,751,753],{"class":334,"line":357},[332,746,535],{"class":349},[332,748,562],{"class":538},[332,750,542],{"class":349},[332,752,350],{"class":349},[332,754,755],{"class":349}," {\n",[332,757,758,760,764,766,768,770,772],{"class":334,"line":368},[332,759,625],{"class":349},[332,761,763],{"class":762},"sBMFI","profile",[332,765,542],{"class":349},[332,767,350],{"class":349},[332,769,547],{"class":349},[332,771,197],{"class":353},[332,773,701],{"class":349},[332,775,776],{"class":334,"line":383},[332,777,778],{"class":349},"  }\n",[332,780,781],{"class":334,"line":394},[332,782,574],{"class":349},[100,784,786],{"id":785},"using-a-profile-when-issuing","Using a profile when issuing",[96,788,789,790,792],{},"Pass ",[138,791,763],{}," in any certificate generation request:",[323,794,796],{"className":521,"code":795,"language":523,"meta":328,"style":328},"{\n  \"TASK\": \"generate\",\n  \"params\": {\n    \"cn\": \"api.example.internal\",\n    \"profile\": \"webapp\",\n    \"sans\": [\"api.example.internal\"]\n  }\n}\n",[138,797,798,802,821,833,853,871,894,898],{"__ignoreMap":328},[332,799,800],{"class":334,"line":335},[332,801,530],{"class":349},[332,803,804,806,808,810,812,814,817,819],{"class":334,"line":342},[332,805,535],{"class":349},[332,807,539],{"class":538},[332,809,542],{"class":349},[332,811,350],{"class":349},[332,813,547],{"class":349},[332,815,816],{"class":353},"generate",[332,818,542],{"class":349},[332,820,555],{"class":349},[332,822,823,825,827,829,831],{"class":334,"line":357},[332,824,535],{"class":349},[332,826,562],{"class":538},[332,828,542],{"class":349},[332,830,350],{"class":349},[332,832,755],{"class":349},[332,834,835,837,840,842,844,846,849,851],{"class":334,"line":368},[332,836,625],{"class":349},[332,838,839],{"class":762},"cn",[332,841,542],{"class":349},[332,843,350],{"class":349},[332,845,547],{"class":349},[332,847,848],{"class":353},"api.example.internal",[332,850,542],{"class":349},[332,852,555],{"class":349},[332,854,855,857,859,861,863,865,867,869],{"class":334,"line":383},[332,856,625],{"class":349},[332,858,763],{"class":762},[332,860,542],{"class":349},[332,862,350],{"class":349},[332,864,547],{"class":349},[332,866,221],{"class":353},[332,868,542],{"class":349},[332,870,555],{"class":349},[332,872,873,875,878,880,882,885,887,889,891],{"class":334,"line":394},[332,874,625],{"class":349},[332,876,877],{"class":762},"sans",[332,879,542],{"class":349},[332,881,350],{"class":349},[332,883,884],{"class":349}," [",[332,886,542],{"class":349},[332,888,848],{"class":353},[332,890,542],{"class":349},[332,892,893],{"class":349},"]\n",[332,895,896],{"class":334,"line":405},[332,897,778],{"class":349},[332,899,900],{"class":334,"line":416},[332,901,574],{"class":349},[96,903,904,905,907,908,911],{},"If ",[138,906,763],{}," is omitted, the CA defaults to ",[138,909,910],{},"\"server\"",".",[100,913,915],{"id":914},"profile-validation","Profile validation",[96,917,918,919,922],{},"The CA validates each requested profile at sign time. An unknown profile name results in an ",[138,920,921],{},"UPKI ERROR"," response.",[924,925,926],"style",{},"html pre.shiki code .sHwdD, html code.shiki .sHwdD{--shiki-light:#90A4AE;--shiki-light-font-style:italic;--shiki-default:#546E7A;--shiki-default-font-style:italic;--shiki-dark:#676E95;--shiki-dark-font-style:italic}html pre.shiki code .swJcz, html code.shiki .swJcz{--shiki-light:#E53935;--shiki-default:#F07178;--shiki-dark:#F07178}html pre.shiki code .sMK4o, html code.shiki .sMK4o{--shiki-light:#39ADB5;--shiki-default:#89DDFF;--shiki-dark:#89DDFF}html pre.shiki code .sfazB, html code.shiki .sfazB{--shiki-light:#91B859;--shiki-default:#C3E88D;--shiki-dark:#C3E88D}html pre.shiki code .sbssI, html code.shiki .sbssI{--shiki-light:#F76D47;--shiki-default:#F78C6C;--shiki-dark:#F78C6C}html pre.shiki code .sfNiH, html code.shiki .sfNiH{--shiki-light:#FF5370;--shiki-default:#FF9CAC;--shiki-dark:#FF9CAC}html .light .shiki span {color: var(--shiki-light);background: var(--shiki-light-bg);font-style: var(--shiki-light-font-style);font-weight: var(--shiki-light-font-weight);text-decoration: var(--shiki-light-text-decoration);}html.light .shiki span {color: var(--shiki-light);background: var(--shiki-light-bg);font-style: var(--shiki-light-font-style);font-weight: var(--shiki-light-font-weight);text-decoration: var(--shiki-light-text-decoration);}html .default .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html.dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html pre.shiki code .spNyl, html code.shiki .spNyl{--shiki-light:#9C3EDA;--shiki-default:#C792EA;--shiki-dark:#C792EA}html pre.shiki code .sBMFI, html code.shiki .sBMFI{--shiki-light:#E2931D;--shiki-default:#FFCB6B;--shiki-dark:#FFCB6B}",{"title":328,"searchDepth":342,"depth":342,"links":928},[929,930,931,932,933,934],{"id":102,"depth":342,"text":103},{"id":309,"depth":342,"text":310},{"id":517,"depth":342,"text":518},{"id":713,"depth":342,"text":714},{"id":785,"depth":342,"text":786},{"id":914,"depth":342,"text":915},"Built-in profiles and how to create custom ones.","md",null,{},true,{"title":75,"description":935},"J46WPvG5P6Qys0IhpsX6mYeLgXYUfdzZ_-GWJN_6ILY",[943,945],{"title":71,"path":72,"stem":73,"description":944,"children":-1},"Complete reference for ca.config.yml and environment variables.",{"title":79,"path":80,"stem":81,"description":946,"children":-1},"Run uPKI CA in Docker or Docker Compose with production-ready settings.",1775569478524]