|
Packit Service |
509fd4 |
#
|
|
Packit Service |
509fd4 |
# ca options
|
|
Packit Service |
509fd4 |
#
|
|
Packit Service |
509fd4 |
|
|
Packit Service |
509fd4 |
[ca]
|
|
Packit Service |
509fd4 |
default_ca = osbuild_ca
|
|
Packit Service |
509fd4 |
|
|
Packit Service |
509fd4 |
[osbuild_ca]
|
|
Packit Service |
509fd4 |
database = ./index.txt
|
|
Packit Service |
509fd4 |
new_certs_dir = ./certs
|
|
Packit Service |
509fd4 |
rand_serial = yes
|
|
Packit Service |
509fd4 |
|
|
Packit Service |
509fd4 |
certificate = ca.cert.pem
|
|
Packit Service |
509fd4 |
private_key = private/ca.key.pem
|
|
Packit Service |
509fd4 |
|
|
Packit Service |
509fd4 |
default_days = 3650
|
|
Packit Service |
509fd4 |
default_md = sha256
|
|
Packit Service |
509fd4 |
|
|
Packit Service |
509fd4 |
x509_extensions = osbuild_ca_ext
|
|
Packit Service |
509fd4 |
|
|
Packit Service |
509fd4 |
# See WARNINGS in `man openssl ca`. This is ok, becasue it only copies
|
|
Packit Service |
509fd4 |
# extensions that are not already specified in `osbuild_ca_ext`.
|
|
Packit Service |
509fd4 |
copy_extensions = copy
|
|
Packit Service |
509fd4 |
|
|
Packit Service |
509fd4 |
preserve = no
|
|
Packit Service |
509fd4 |
policy = osbuild_ca_policy
|
|
Packit Service |
509fd4 |
|
|
Packit Service |
509fd4 |
# We want to issue multiple certificates with the same subject in the
|
|
Packit Service |
509fd4 |
# testing environment.
|
|
Packit Service |
509fd4 |
unique_subject = no
|
|
Packit Service |
509fd4 |
|
|
Packit Service |
509fd4 |
|
|
Packit Service |
509fd4 |
[osbuild_ca_ext]
|
|
Packit Service |
509fd4 |
basicConstraints = critical, CA:TRUE
|
|
Packit Service |
509fd4 |
subjectKeyIdentifier = hash
|
|
Packit Service |
509fd4 |
authorityKeyIdentifier = keyid:always, issuer:always
|
|
Packit Service |
509fd4 |
keyUsage = critical, digitalSignature, cRLSign, keyCertSign
|
|
Packit Service |
509fd4 |
|
|
Packit Service |
509fd4 |
|
|
Packit Service |
509fd4 |
[osbuild_ca_policy]
|
|
Packit Service |
509fd4 |
commonName = supplied
|
|
Packit Service |
509fd4 |
emailAddress = supplied
|
|
Packit Service |
509fd4 |
|
|
Packit Service |
509fd4 |
|
|
Packit Service |
509fd4 |
#
|
|
Packit Service |
509fd4 |
# Extensions for server certificates
|
|
Packit Service |
509fd4 |
#
|
|
Packit Service |
509fd4 |
|
|
Packit Service |
509fd4 |
[osbuild_server_ext]
|
|
Packit Service |
509fd4 |
basicConstraints = critical, CA:FALSE
|
|
Packit Service |
509fd4 |
subjectKeyIdentifier = hash
|
|
Packit Service |
509fd4 |
authorityKeyIdentifier = keyid, issuer:always
|
|
Packit Service |
509fd4 |
keyUsage = critical, digitalSignature, keyEncipherment
|
|
Packit Service |
509fd4 |
extendedKeyUsage = serverAuth
|
|
Packit Service |
509fd4 |
|
|
Packit Service |
509fd4 |
|
|
Packit Service |
509fd4 |
#
|
|
Packit Service |
509fd4 |
# Extensions for client certificates
|
|
Packit Service |
509fd4 |
#
|
|
Packit Service |
509fd4 |
|
|
Packit Service |
509fd4 |
[osbuild_client_ext]
|
|
Packit Service |
509fd4 |
basicConstraints = CA:FALSE
|
|
Packit Service |
509fd4 |
subjectKeyIdentifier = hash
|
|
Packit Service |
509fd4 |
authorityKeyIdentifier = keyid,issuer
|
|
Packit Service |
509fd4 |
keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
|
|
Packit Service |
509fd4 |
extendedKeyUsage = clientAuth
|
|
Packit Service |
509fd4 |
|
|
Packit Service |
509fd4 |
|
|
Packit Service |
509fd4 |
#
|
|
Packit Service |
509fd4 |
# req options
|
|
Packit Service |
509fd4 |
#
|
|
Packit Service |
509fd4 |
|
|
Packit Service |
509fd4 |
[req]
|
|
Packit Service |
509fd4 |
default_md = sha256
|
|
Packit Service |
509fd4 |
default_bits = 2048
|
|
Packit Service |
509fd4 |
distinguished_name = osbuild_distinguished_name
|
|
Packit Service |
509fd4 |
|
|
Packit Service |
509fd4 |
|
|
Packit Service |
509fd4 |
#
|
|
Packit Service |
509fd4 |
# Only prompt for CN
|
|
Packit Service |
509fd4 |
#
|
|
Packit Service |
509fd4 |
|
|
Packit Service |
509fd4 |
[osbuild_distinguished_name]
|
|
Packit Service |
509fd4 |
CN = Common Name
|
|
Packit Service |
509fd4 |
emailAddress = E-Mail Address
|