subjectKeyIdentifier = hash
issuerAltName = issuer:copy
authorityKeyIdentifier = keyid:always,issuer:always
- authorityInfoAccess = caIssuers;URI:http://www.$ENV::x509_host/tls/crt.pem
- crlDistributionPoints = URI:http://www.$ENV::x509_host/tls/$SERVICE/crl.pem
+ authorityInfoAccess = caIssuers;URI:http://www.$ENV::x509_host/x509/crt.pem
+ crlDistributionPoints = URI:http://www.$ENV::x509_host/x509/$SERVICE/crl.pem
certificatePolicies = @service_certificate_policies
[ service_self_signed_extensions ]
basicConstraints = critical,CA:TRUE,pathlen:0
subjectKeyIdentifier = hash
issuerAltName = issuer:copy
authorityKeyIdentifier = keyid:always,issuer:always
- authorityInfoAccess = caIssuers;URI:http://www.$ENV::x509_host/tls/$SERVICE/crt.pem
- crlDistributionPoints = URI:http://www.$ENV::x509_host/tls/$SERVICE/crl.self-signed.pem
+ authorityInfoAccess = caIssuers;URI:http://www.$ENV::x509_host/x509/$SERVICE/crt.pem
+ crlDistributionPoints = URI:http://www.$ENV::x509_host/x509/$SERVICE/crl.self-signed.pem
[ user_extensions ]
basicConstraints = critical,CA:FALSE,pathlen:0
keyUsage = digitalSignature,keyEncipherment
subjectKeyIdentifier = hash
issuerAltName = issuer:copy
authorityKeyIdentifier = keyid:always,issuer:always
- authorityInfoAccess = caIssuers;URI:http://www.$ENV::x509_host/tls/$SERVICE/crt.pem
+ authorityInfoAccess = caIssuers;URI:http://www.$ENV::x509_host/x509/$SERVICE/crt.pem
[ service_certificate_policies ]
policyIdentifier = 1.2.250.1.42
- CPS.1 = https://www.$ENV::x509_host/tls/cps
+ CPS.1 = https://www.$ENV::x509_host/x509/cps
[ service_ca ]
private_key = $HOME/var/sec/x509/service/$SERVICE/key.pem
dir = $HOME/var/pub/x509/service/$SERVICE