jose.canelas/ansible
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Initial commit. This repo contains ansible CM that describes ECG infrastructure.

Browse Source 
A test server (acacia root server) is already included in the inventory, with an ecg admin account.
This commit is contained in:
jose.canelas
2022-08-05 15:48:02 +01:00
commit a8269203f0
43 changed files with 2465 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

56
secret/pki/authorities/root/config/openssl-selfsign.conf Normal file
View File

@@ -0,0 +1,56 @@
# Configuration file generated by pki-authority
[ default ]
name = root-ca
domain_suffix = ecogood.org
aia_url = http://$name.$domain_suffix/crt/
crl_url = http://$name.$domain_suffix/crl/
ocsp_url = http://$name.$domain_suffix/ocsp/
default_ca = ca_default
name_opt = utf8,esc_ctrl,multiline,lname,align
[ ca_default ]
home = .
database = $home/database/index
serial = $home/database/serial
crlnumber = $home/database/crlnumber
certificate = $home/subject/cert.pem
private_key = $home/private/key.pem
RANDFILE = $home/private/random
new_certs_dir = $home/certs
unique_subject = no
copy_extensions = none
default_days = 4380
default_crl_days = 365
default_md = sha256
policy = policy_default
x509_extensions = extension_default
[ crl_info ]
URI.0 = $crl_url
[ issuer_info ]
caIssuers;URI.0 = $aia_url
OCSP;URI.0 = $ocsp_url
[ extension_ocsp ]
authorityKeyIdentifier = keyid:always
basicConstraints = critical, CA:false
extendedKeyUsage = OCSPSigning
keyUsage = critical, digitalSignature
subjectKeyIdentifier = hash
[ policy_default ]
countryName = optional
stateOrProvinceName = optional
organizationName = optional
organizationalUnitName = optional
commonName = optional
emailAddress = optional
[ extension_default ]
basicConstraints = critical, CA:TRUE
keyUsage = critical, keyCertSign, cRLSign
subjectKeyIdentifier = hash
nameConstraints = critical, permitted;DNS:ecogood.org,permitted;DNS:.ecogood.org