--- /dev/null
+../lesjantesdunord.org
\ No newline at end of file
--- /dev/null
+ SERVICE = imap
+ RANDFILE = var/sec/x509/openssl.rand
+ oid_section = extra_oids
+[ extra_oids ]
+ # NOTE: pour une éventuelle validation étendue (Extended Validation (EV))
+ jurisdictionOfIncorporationLocalityName = 1.3.6.1.4.1.311.60.2.1.1
+ jurisdictionOfIncorporationStateOrProvinceName = 1.3.6.1.4.1.311.60.2.1.2
+ jurisdictionOfIncorporationCountryName = 1.3.6.1.4.1.311.60.2.1.3
+[ req ]
+ prompt = no
+ distinguished_name = distinguished_name
+ string_mask = pkix
+ #x509_extensions = root_extensions
+ #req_extensions = extension
+ #attributes = req_attributes
+[ distinguished_name ]
+ countryName = $ENV::x509_country
+ stateOrProvinceName = $ENV::x509_state_or_province
+ localityName = $ENV::x509_state_or_province
+ 0.organizationName = $ENV::x509_organization
+ organizationalUnitName = Service IMAP
+ commonName = $SERVICE.$ENV::x509_host
+ businessCategory = $ENV::x509_business_category
+ jurisdictionOfIncorporationLocalityName = $ENV::x509_state_or_province
+ jurisdictionOfIncorporationStateOrProvinceName = $ENV::x509_state_or_province
+ jurisdictionOfIncorporationCountryName = $ENV::x509_country
+[ extensions ]
+ basicConstraints = critical,CA:FALSE
+ keyUsage = digitalSignature,keyEncipherment
+ subjectAltName = email:contact+$SERVICE@$ENV::x509_host,DNS:$SERVICE.$ENV::x509_host
+ subjectKeyIdentifier = hash
+ issuerAltName = issuer:copy
+ authorityKeyIdentifier = keyid:always,issuer:always
+ authorityInfoAccess = caIssuers;URI:http://www.$ENV::x509_host/x509/crt.pem
+ crlDistributionPoints = URI:http://www.$ENV::x509_host/x509/$SERVICE/crl.pem
+ certificatePolicies = @certificate_policies
+[ self_signed_extensions ]
+ basicConstraints = critical,CA:TRUE,pathlen:0
+ keyUsage = keyCertSign,cRLSign,digitalSignature,keyEncipherment
+ subjectAltName = email:contact+$SERVICE@$ENV::x509_host,DNS:$SERVICE.$ENV::x509_host
+ subjectKeyIdentifier = hash
+ issuerAltName = issuer:copy
+ authorityKeyIdentifier = keyid:always,issuer:always
+ authorityInfoAccess = caIssuers;URI:http://www.$ENV::x509_host/x509/$SERVICE/crt.pem
+ crlDistributionPoints = URI:http://www.$ENV::x509_host/x509/$SERVICE/crl.self-signed.pem
+[ user_extensions ]
+ basicConstraints = critical,CA:FALSE,pathlen:0
+ keyUsage = digitalSignature,keyEncipherment
+ subjectAltName = email:$ENV::user@$ENV::x509_host
+ subjectKeyIdentifier = hash
+ issuerAltName = issuer:copy
+ authorityKeyIdentifier = keyid:always,issuer:always
+ authorityInfoAccess = caIssuers;URI:http://www.$ENV::x509_host/x509/$SERVICE/crt.pem
+[ certificate_policies ]
+ policyIdentifier = 1.2.250.1.42
+ CPS.1 = https://www.$ENV::x509_host/x509/cps
+[ ca ]
+ private_key = var/sec/x509/$ENV::x509/key.pem
+ dir = var/pub/x509/$ENV::x509
+ crl_dir = $dir
+ crlnumber = $dir/crl.num
+ crl = $dir/crl.pem
+ database = $dir/idx.txt
+[ self_signed_ca ]
+ private_key = var/sec/x509/$ENV::x509/key.pem
+ dir = var/pub/x509/$ENV::x509
+ crl_dir = $dir
+ crlnumber = $dir/crl.self-signed.num
+ crl = $dir/crl.self-signed.pem
+ database = $dir/idx.self-signed.txt
--- /dev/null
+ SERVICE = imap
+ HOME = .
+ RANDFILE = var/sec/x509/openssl.rand
+[ req ]
+ distinguished_name = user_distinguished_name
+ prompt = no
+ string_mask = pkix
+[ user_distinguished_name ]
+ 0.organizationName = $ENV::x509_organization
+ commonName = $ENV::user@$ENV::x509_host
+ countryName = $ENV::x509_country
+ localityName = néant
+ organizationalUnitName = Certificat utilisateurice du service IMAP
+ stateOrProvinceName = $ENV::x509_state_or_province
+#[ user_extensions ]
+# subjectAltName = email:$ENV::user@$ENV::x509_host
--- /dev/null
+ HOME = .
+ RANDFILE = var/sec/x509/openssl.rand
+ oid_section = extra_oids
+[ extra_oids ]
+ # Pour EVSSL
+ trustList = 2.16.840.1.113730.1.900
+ telephoneNumber = 2.5.4.20
+ initials = 2.5.4.43
+ logotype = 1.3.6.1.5.5.7.1.12
+[ req ]
+ prompt = no
+ distinguished_name = distinguished_name
+ string_mask = pkix
+[ distinguished_name ]
+ commonName = $ENV::x509_host
+ countryName = $ENV::x509_country
+ initials = $ENV::x509_initials
+ 0.organizationName = $ENV::x509_organization
+ organizationalUnitName = Anti-autorité de certification primaire
+ postalCode = $ENV::x509_postal_code
+ stateOrProvinceName = $ENV::x509_state_or_province
+ streetAddress = $ENV::x509_street_address
+ telephoneNumber = $ENV::x509_telephone_number
+[ extensions ]
+ basicConstraints = critical,CA:TRUE,pathlen:1
+ keyUsage = keyCertSign,cRLSign
+ subjectAltName = email:contact@$ENV::x509_host
+ subjectKeyIdentifier = hash
+ issuerAltName = issuer:copy
+ authorityKeyIdentifier = keyid:always,issuer:always
+ authorityInfoAccess = caIssuers;URI:http://www.$ENV::x509_host/x509/crt.pem
+ crlDistributionPoints = URI:http://www.$ENV::x509_host/x509/crl.pem
+ #certificatePolicies = @certificate_policies
+ #trustList = ASN1:UTF8String:https://www.$ENV::x509_host/x509/trust.etl
+ #policyConstraints =
+ #extendedKeyUsage =
+ #inhibitAnyPolicy =
+ #nameConstraints =
+ #noCheck =
+[ self_signed_extensions ]
+ basicConstraints = critical,CA:TRUE,pathlen:1
+ keyUsage = keyCertSign,cRLSign
+ subjectAltName = email:contact@$ENV::x509_host
+ subjectKeyIdentifier = hash
+ issuerAltName = issuer:copy
+ authorityKeyIdentifier = keyid:always,issuer:always
+ authorityInfoAccess = caIssuers;URI:http://www.$ENV::x509_host/x509/crt.pem
+ crlDistributionPoints = URI:http://www.$ENV::x509_host/x509/crl.pem
+[ ca ]
+ private_key = var/sec/x509/$ENV::x509/key.pem
+ dir = var/pub/x509/$ENV::x509
+ crl_dir = $dir
+ crlnumber = $dir/crl.num
+ crl = $dir/crl.pem
+ database = $dir/idx.txt
+[ self_signed_ca ]
+ private_key = var/sec/x509/$ENV::x509/key.pem
+ dir = var/pub/x509/$ENV::x509
+ crl_dir = $dir
+ crlnumber = $dir/crl.self-signed.num
+ crl = $dir/crl.self-signed.pem
+ database = $dir/idx.self-signed.txt
--- /dev/null
+#!/bin/sh
+
+export x509_host="lesjantesdunord.org"
+export x509_country="FR"
+export x509_organization="Les Jantes du Nord"
+export x509_organization_unit_name="Les Jantes du Nord"
+export x509_initials="LHC"
+export x509_state_or_province="Nord-Pas-de-Calais-Picardie"
+export x509_locality="LILLE"
+export x509_street_address="À la MRES, 23, rue Gosselet"
+export x509_postal_code="59000"
+export x509_telephone_number="néant"
+export x509_business_category="V1.0, ni dieu ni maître ni moteur"
+export x509_days="3653"
--- /dev/null
+ SERVICE = pop
+ RANDFILE = var/sec/x509/openssl.rand
+ oid_section = extra_oids
+[ extra_oids ]
+ # NOTE: pour une éventuelle validation étendue (Extended Validation (EV))
+ jurisdictionOfIncorporationLocalityName = 1.3.6.1.4.1.311.60.2.1.1
+ jurisdictionOfIncorporationStateOrProvinceName = 1.3.6.1.4.1.311.60.2.1.2
+ jurisdictionOfIncorporationCountryName = 1.3.6.1.4.1.311.60.2.1.3
+[ req ]
+ prompt = no
+ distinguished_name = distinguished_name
+ string_mask = pkix
+ #x509_extensions = root_extensions
+ #req_extensions = extension
+ #attributes = req_attributes
+[ distinguished_name ]
+ countryName = $ENV::x509_country
+ stateOrProvinceName = $ENV::x509_state_or_province
+ localityName = $ENV::x509_state_or_province
+ 0.organizationName = $ENV::x509_organization
+ organizationalUnitName = Service POP
+ commonName = $SERVICE.$ENV::x509_host
+ businessCategory = $ENV::x509_business_category
+ jurisdictionOfIncorporationLocalityName = $ENV::x509_state_or_province
+ jurisdictionOfIncorporationStateOrProvinceName = $ENV::x509_state_or_province
+ jurisdictionOfIncorporationCountryName = $ENV::x509_country
+[ extensions ]
+ basicConstraints = critical,CA:FALSE
+ keyUsage = digitalSignature,keyEncipherment
+ subjectAltName = email:contact+$SERVICE@$ENV::x509_host,DNS:$SERVICE.$ENV::x509_host
+ subjectKeyIdentifier = hash
+ issuerAltName = issuer:copy
+ authorityKeyIdentifier = keyid:always,issuer:always
+ authorityInfoAccess = caIssuers;URI:http://www.$ENV::x509_host/x509/crt.pem
+ crlDistributionPoints = URI:http://www.$ENV::x509_host/x509/$SERVICE/crl.pem
+ certificatePolicies = @certificate_policies
+[ self_signed_extensions ]
+ basicConstraints = critical,CA:TRUE,pathlen:0
+ keyUsage = keyCertSign,cRLSign,digitalSignature,keyEncipherment
+ subjectAltName = email:contact+$SERVICE@$ENV::x509_host,DNS:$SERVICE.$ENV::x509_host
+ subjectKeyIdentifier = hash
+ issuerAltName = issuer:copy
+ authorityKeyIdentifier = keyid:always,issuer:always
+ authorityInfoAccess = caIssuers;URI:http://www.$ENV::x509_host/x509/$SERVICE/crt.pem
+ crlDistributionPoints = URI:http://www.$ENV::x509_host/x509/$SERVICE/crl.self-signed.pem
+[ user_extensions ]
+ basicConstraints = critical,CA:FALSE,pathlen:0
+ keyUsage = digitalSignature,keyEncipherment
+ subjectAltName = email:$ENV::user@$ENV::x509_host
+ subjectKeyIdentifier = hash
+ issuerAltName = issuer:copy
+ authorityKeyIdentifier = keyid:always,issuer:always
+ authorityInfoAccess = caIssuers;URI:http://www.$ENV::x509_host/x509/$SERVICE/crt.pem
+[ certificate_policies ]
+ policyIdentifier = 1.2.250.1.42
+ CPS.1 = https://www.$ENV::x509_host/x509/cps
+[ ca ]
+ private_key = var/sec/x509/$ENV::x509/key.pem
+ dir = var/pub/x509/$ENV::x509
+ crl_dir = $dir
+ crlnumber = $dir/crl.num
+ crl = $dir/crl.pem
+ database = $dir/idx.txt
+[ self_signed_ca ]
+ private_key = var/sec/x509/$ENV::x509/key.pem
+ dir = var/pub/x509/$ENV::x509
+ crl_dir = $dir
+ crlnumber = $dir/crl.self-signed.num
+ crl = $dir/crl.self-signed.pem
+ database = $dir/idx.self-signed.txt
--- /dev/null
+../lesjantesdunord.org
\ No newline at end of file
--- /dev/null
+ SERVICE = pop
+ HOME = .
+ RANDFILE = var/sec/x509/openssl.rand
+[ req ]
+ distinguished_name = user_distinguished_name
+ prompt = no
+ string_mask = pkix
+[ user_distinguished_name ]
+ 0.organizationName = $ENV::x509_organization
+ commonName = $ENV::user@$ENV::x509_host
+ countryName = $ENV::x509_country
+ localityName = néant
+ organizationalUnitName = Certificat utilisateurice du service POP
+ stateOrProvinceName = $ENV::x509_state_or_province
+#[ user_extensions ]
+# subjectAltName = email:$ENV::user@$ENV::x509_host
--- /dev/null
+ SERVICE = smtp
+ RANDFILE = var/sec/x509/openssl.rand
+ oid_section = extra_oids
+[ extra_oids ]
+ # NOTE: pour une éventuelle validation étendue (Extended Validation (EV))
+ jurisdictionOfIncorporationLocalityName = 1.3.6.1.4.1.311.60.2.1.1
+ jurisdictionOfIncorporationStateOrProvinceName = 1.3.6.1.4.1.311.60.2.1.2
+ jurisdictionOfIncorporationCountryName = 1.3.6.1.4.1.311.60.2.1.3
+[ req ]
+ prompt = no
+ distinguished_name = distinguished_name
+ string_mask = pkix
+ #x509_extensions = root_extensions
+ #req_extensions = extension
+ #attributes = req_attributes
+[ distinguished_name ]
+ countryName = $ENV::x509_country
+ stateOrProvinceName = $ENV::x509_state_or_province
+ localityName = $ENV::x509_state_or_province
+ 0.organizationName = $ENV::x509_organization
+ organizationalUnitName = Service SMTP
+ commonName = $SERVICE.$ENV::x509_host
+ businessCategory = $ENV::x509_business_category
+ jurisdictionOfIncorporationLocalityName = $ENV::x509_state_or_province
+ jurisdictionOfIncorporationStateOrProvinceName = $ENV::x509_state_or_province
+ jurisdictionOfIncorporationCountryName = $ENV::x509_country
+[ extensions ]
+ basicConstraints = critical,CA:FALSE
+ keyUsage = digitalSignature,keyEncipherment
+ subjectAltName = email:contact+$SERVICE@$ENV::x509_host,DNS:$SERVICE.$ENV::x509_host
+ subjectKeyIdentifier = hash
+ issuerAltName = issuer:copy
+ authorityKeyIdentifier = keyid:always,issuer:always
+ authorityInfoAccess = caIssuers;URI:http://www.$ENV::x509_host/x509/crt.pem
+ crlDistributionPoints = URI:http://www.$ENV::x509_host/x509/$SERVICE/crl.pem
+ certificatePolicies = @certificate_policies
+[ self_signed_extensions ]
+ basicConstraints = critical,CA:TRUE,pathlen:0
+ keyUsage = keyCertSign,cRLSign,digitalSignature,keyEncipherment
+ subjectAltName = email:contact+$SERVICE@$ENV::x509_host,DNS:$SERVICE.$ENV::x509_host
+ subjectKeyIdentifier = hash
+ issuerAltName = issuer:copy
+ authorityKeyIdentifier = keyid:always,issuer:always
+ authorityInfoAccess = caIssuers;URI:http://www.$ENV::x509_host/x509/$SERVICE/crt.pem
+ crlDistributionPoints = URI:http://www.$ENV::x509_host/x509/$SERVICE/crl.pem
+[ user_extensions ]
+ basicConstraints = critical,CA:FALSE,pathlen:0
+ keyUsage = digitalSignature,keyEncipherment
+ subjectAltName = email:$ENV::user@$ENV::x509_host
+ subjectKeyIdentifier = hash
+ issuerAltName = issuer:copy
+ authorityKeyIdentifier = keyid:always,issuer:always
+ authorityInfoAccess = caIssuers;URI:http://www.$ENV::x509_host/x509/$SERVICE/crt.pem
+[ certificate_policies ]
+ policyIdentifier = 1.2.250.1.42
+ CPS.1 = https://www.$ENV::x509_host/x509/cps
+[ ca ]
+ private_key = var/sec/x509/$ENV::x509/key.pem
+ dir = var/pub/x509/$ENV::x509
+ crl_dir = $dir
+ crlnumber = $dir/crl.num
+ crl = $dir/crl.pem
+ database = $dir/idx.txt
+[ self_signed_ca ]
+ private_key = var/sec/x509/$ENV::x509/key.pem
+ dir = var/pub/x509/$ENV::x509
+ crl_dir = $dir
+ crlnumber = $dir/crl.self-signed.num
+ crl = $dir/crl.self-signed.pem
+ database = $dir/idx.self-signed.txt
--- /dev/null
+../lesjantesdunord.org
\ No newline at end of file
--- /dev/null
+ SERVICE = smtp
+ HOME = .
+ RANDFILE = var/sec/x509/openssl.rand
+[ req ]
+ distinguished_name = user_distinguished_name
+ prompt = no
+ string_mask = pkix
+[ user_distinguished_name ]
+ 0.organizationName = $ENV::x509_organization
+ commonName = $ENV::user@$ENV::x509_host
+ countryName = $ENV::x509_country
+ localityName = néant
+ organizationalUnitName = Certificat utilisateurice du service SMTP
+ stateOrProvinceName = $ENV::x509_state_or_province
+[ user_extensions ]
+ subjectAltName = email:$ENV::user@$ENV::x509_host
--- /dev/null
+ SERVICE = www
+ RANDFILE = var/sec/x509/openssl.rand
+ oid_section = extra_oids
+[ extra_oids ]
+ # NOTE: pour une éventuelle validation étendue (Extended Validation (EV))
+ jurisdictionOfIncorporationLocalityName = 1.3.6.1.4.1.311.60.2.1.1
+ jurisdictionOfIncorporationStateOrProvinceName = 1.3.6.1.4.1.311.60.2.1.2
+ jurisdictionOfIncorporationCountryName = 1.3.6.1.4.1.311.60.2.1.3
+[ req ]
+ prompt = no
+ distinguished_name = distinguished_name
+ string_mask = pkix
+ #x509_extensions = root_extensions
+ #req_extensions = extension
+ #attributes = req_attributes
+[ distinguished_name ]
+ countryName = $ENV::x509_country
+ stateOrProvinceName = $ENV::x509_state_or_province
+ localityName = $ENV::x509_state_or_province
+ 0.organizationName = $ENV::x509_organization
+ organizationalUnitName = Service Web
+ commonName = $SERVICE.$ENV::x509_host
+ businessCategory = $ENV::x509_business_category
+ jurisdictionOfIncorporationLocalityName = $ENV::x509_state_or_province
+ jurisdictionOfIncorporationStateOrProvinceName = $ENV::x509_state_or_province
+ jurisdictionOfIncorporationCountryName = $ENV::x509_country
+[ extensions ]
+ basicConstraints = critical,CA:FALSE,pathlen:0
+ keyUsage = keyEncipherment
+ subjectAltName = email:contact+$SERVICE@$ENV::x509_host,DNS:$SERVICE.$ENV::x509_host,DNS:$ENV::x509_host
+ subjectKeyIdentifier = hash
+ issuerAltName = issuer:copy
+ authorityKeyIdentifier = keyid:always,issuer:always
+ authorityInfoAccess = caIssuers;URI:http://www.$ENV::x509_host/x509/crt.pem
+ crlDistributionPoints = URI:http://www.$ENV::x509_host/x509/$SERVICE/crl.pem
+ certificatePolicies = @certificate_policies
+[ self_signed_extensions ]
+ basicConstraints = critical,CA:TRUE,pathlen:0
+ keyUsage = keyCertSign,cRLSign,digitalSignature,keyEncipherment
+ subjectAltName = email:contact+$SERVICE@$ENV::x509_host,DNS:$SERVICE.$ENV::x509_host,DNS:$ENV::x509_host
+ subjectKeyIdentifier = hash
+ issuerAltName = issuer:copy
+ authorityKeyIdentifier = keyid:always,issuer:always
+ authorityInfoAccess = caIssuers;URI:http://www.$ENV::x509_host/x509/$SERVICE/crt.pem
+ crlDistributionPoints = URI:http://www.$ENV::x509_host/x509/$SERVICE/crl.pem
+[ user_extensions ]
+ basicConstraints = critical,CA:FALSE,pathlen:0
+ keyUsage = digitalSignature,keyEncipherment
+ subjectAltName = email:$ENV::user@$ENV::x509_host
+ subjectKeyIdentifier = hash
+ issuerAltName = issuer:copy
+ authorityKeyIdentifier = keyid:always,issuer:always
+ authorityInfoAccess = caIssuers;URI:http://www.$ENV::x509_host/x509/$SERVICE/crt.pem
+[ certificate_policies ]
+ policyIdentifier = 1.2.250.1.42
+ CPS.1 = https://www.$ENV::x509_host/x509/cps
+[ ca ]
+ private_key = var/sec/x509/$ENV::x509/key.pem
+ dir = var/pub/x509/$ENV::x509
+ crl_dir = $dir
+ crlnumber = $dir/crl.num
+ crl = $dir/crl.pem
+ database = $dir/idx.txt
+[ self_signed_ca ]
+ private_key = var/sec/x509/$ENV::x509/key.pem
+ dir = var/pub/x509/$ENV::x509
+ crl_dir = $dir
+ crlnumber = $dir/crl.self-signed.num
+ crl = $dir/crl.self-signed.pem
+ database = $dir/idx.self-signed.txt
--- /dev/null
+../lesjantesdunord.org
\ No newline at end of file
--- /dev/null
+ SERVICE = www
+ HOME = .
+ RANDFILE = var/sec/x509/openssl.rand
+[ req ]
+ prompt = no
+ distinguished_name = user_distinguished_name
+ string_mask = pkix
+[ user_distinguished_name ]
+ countryName = $ENV::x509_country
+ stateOrProvinceName = $ENV::x509_state_or_province
+ #localityName =
+ 0.organizationName = $ENV::x509_organization
+ organizationalUnitName = Certificat utilisateurice du service Web
+ commonName = $ENV::user