|
|
@@ -266,7 +266,36 @@ cat <<EOF > tmp.policy
|
|
|
}
|
|
|
}
|
|
|
EOF
|
|
|
+```
|
|
|
+
|
|
|
+Also tried this policy:
|
|
|
+```
|
|
|
+{
|
|
|
+ "Extensions": {
|
|
|
+ "ExtendedKeyUsage": [
|
|
|
+ { "ExtendedKeyUsageType": "CLIENT_AUTH" },
|
|
|
+ { "ExtendedKeyUsageType": "SMART_CARD_LOGIN" }
|
|
|
+ ],
|
|
|
+ "KeyUsage": {
|
|
|
+ "DigitalSignature": true,
|
|
|
+ "KeyEncipherment": true,
|
|
|
+ "DataEncipherment": true,
|
|
|
+ "KeyAgreement": true,
|
|
|
+ "KeyCertSign": false,
|
|
|
+ "CRLSign": false,
|
|
|
+ "EncipherOnly": false,
|
|
|
+ "DecipherOnly": false
|
|
|
+ },
|
|
|
+ "SubjectAlternativeNames": [
|
|
|
+ { "Rfc822Name": "frederick.t.damstra@accenturefederal.com" },
|
|
|
+ { "Rfc822Name": "frederick.t.damstra@accenturefederalcyber.com" }
|
|
|
+ ]
|
|
|
+ }
|
|
|
+}
|
|
|
+```
|
|
|
+
|
|
|
|
|
|
+```
|
|
|
aws --profile mdr-common-services-gov --region us-gov-east-1 acm-pca issue-certificate \
|
|
|
--api-passthrough file://./tmp.policy \
|
|
|
--certificate-authority-arn arn:aws-us-gov:acm-pca:us-gov-east-1:701290387780:certificate-authority/31c0098a-2bef-4033-9a59-9b2ec0dad0b3 \
|
Fred Damstra [afs macbook]