Ajout : etc/{gnupg,openssl}/

[lhc/admin.git] / etc / openssl / org / heureux-cyclage / openssl.conf

diff --git a/etc/openssl/org/heureux-cyclage/openssl.conf b/etc/openssl/org/heureux-cyclage/openssl.conf
new file mode 100644 (file)
index 0000000..a312b5a
--- /dev/null
+++ b/etc/openssl/org/heureux-cyclage/openssl.conf
@@ -0,0 +1,24 @@
+# vim: ft=cfg
+[ req ]
+       default_bits       = 4096
+       default_md         = sha512
+       distinguished_name = distinguished_name
+       prompt             = no
+       req_extensions     = extensions
+       utf8               = yes
+[ distinguished_name ]
+       countryName            = FR
+       #stateOrProvinceName    =
+       #localityName           =
+       0.organizationName     = L’Heureux Cyclage
+       organizationalUnitName = public
+       commonName             = *.heureux-cyclage.org
+               # NOTE: wildcard certificate (more expen$ive)
+[ extensions ]
+       basicConstraints       = critical,CA:FALSE
+               # NOTE: this is not a Certificate Authority,
+               #       but only a leaf certificate, and thus
+               #       does not allow user certificates.
+       keyUsage               = keyEncipherment, keyAgreement
+       subjectAltName         = email:admin@heureux-cyclage.org
+       subjectKeyIdentifier   = hash