jose.canelas/ansible
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
a8269203f0e695aca728d847f53694faffbbade6
ansible/secret/pki/authorities/domain/config/openssl-sign.conf
jose.canelas a8269203f0 Initial commit. This repo contains ansible CM that describes ECG infrastructure. 
A test server (acacia root server) is already included in the inventory, with an ecg admin account.
2022-08-05 15:48:02 +01:00

60 lines
1.9 KiB
Plaintext
Raw Blame History

# Configuration file generated by pki-authority
[ default ]
name = domain-ca
domain_suffix = ecogood.org
aia_url = http://$name.$domain_suffix/crt/
crl_url = http://$name.$domain_suffix/crl/
ocsp_url = http://$name.$domain_suffix/ocsp/
default_ca = ca_default
name_opt = utf8,esc_ctrl,multiline,lname,align
[ ca_default ]
home = .
database = $home/database/index
serial = $home/database/serial
crlnumber = $home/database/crlnumber
certificate = $home/subject/cert.pem
private_key = $home/private/key.pem
RANDFILE = $home/private/random
new_certs_dir = $home/certs
unique_subject = no
policy = policy_default
x509_extensions = extension_default
copy_extensions = copy
default_days = 1095
default_crl_days = 30
default_md = sha256
[ crl_info ]
URI.0 = $crl_url
[ issuer_info ]
caIssuers;URI.0 = $aia_url
OCSP;URI.0 = $ocsp_url
[ extension_ocsp ]
authorityKeyIdentifier = keyid:always
basicConstraints = critical, CA:false
extendedKeyUsage = OCSPSigning
keyUsage = critical, digitalSignature
subjectKeyIdentifier = hash
[ policy_default ]
countryName = optional
stateOrProvinceName = optional
organizationName = optional
organizationalUnitName = optional
commonName = optional
emailAddress = optional
[ extension_default ]
authorityInfoAccess = @issuer_info
authorityKeyIdentifier = keyid:always, issuer:always
basicConstraints = critical, CA:FALSE
crlDistributionPoints = @crl_info
extendedKeyUsage = clientAuth, serverAuth
keyUsage = critical, digitalSignature, keyEncipherment
subjectKeyIdentifier = hash
Reference in New Issue View Git Blame Copy Permalink