omnect-cli/conf/config.toml.est.template at main · omnect/omnect-cli · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
## Hostname
hostname = "test-omnect-est"

## DPS provisioning with X.509 certificate
[provisioning]
source = "dps"
global_endpoint = "https://global.azure-devices-provisioning.net/"
id_scope = "0neXXXXXXXX"

[provisioning.attestation]
method = "x509"
registration_id = "test-omnect-est"

[provisioning.attestation.identity_cert]
method = "est"
common_name = "test-omnect-est"

[provisioning.attestation.identity_cert.auto_renew]
rotate_key = true
threshold = "80%"
retry = "4%"

## Cert issuance via EST
[cert_issuance.est]
trusted_certs = [
     "file:///mnt/cert/ca/ca.crt",
     "file:///mnt/cert/ca/edge_ca.crt",
]

[cert_issuance.est.auth]
bootstrap_identity_cert = "file:///mnt/cert/priv/device_id_cert.pem"
bootstrap_identity_pk = "file:///mnt/cert/priv/device_id_cert_key.pem"            # file URI, or...

[cert_issuance.est.urls]
default = "https://omnect-est.url:8080/.well-known/est"

[edge_ca]
method = "est"
common_name = "test-omnect-est"
url = "https://omnect-est.url2/.well-known/est"
bootstrap_identity_cert = "file:///mnt/cert/priv/edge_ca_cert.pem"
bootstrap_identity_pk = "file:///mnt/cert/priv/edge_ca_cert_key.pem"

[edge_ca.auto_renew]
rotate_key = true
threshold = "80%"
retry = "4%"