X-Git-Url: https://git.cyclocoop.org/?a=blobdiff_plain;f=etc%2Fopenssl%2Fimap.velivelo.org%2Fhost.cfg;fp=etc%2Fopenssl%2Fimap.velivelo.org%2Fhost.cfg;h=0000000000000000000000000000000000000000;hb=f61b2787cc9a9a1322bd58ac6ef51d4b49892ad4;hp=26695c73662a3562e686f818920ab335643de3ed;hpb=1a40e3d8b09356cf4ddce5bd0ec487cebd91ff64;p=lhc%2Fateliers.git diff --git a/etc/openssl/imap.velivelo.org/host.cfg b/etc/openssl/imap.velivelo.org/host.cfg deleted file mode 100644 index 26695c7..0000000 --- a/etc/openssl/imap.velivelo.org/host.cfg +++ /dev/null @@ -1,70 +0,0 @@ - SERVICE = imap - RANDFILE = var/sec/x509/openssl.rand - oid_section = extra_oids -[ extra_oids ] - # NOTE: pour une éventuelle validation étendue (Extended Validation (EV)) - jurisdictionOfIncorporationLocalityName = 1.3.6.1.4.1.311.60.2.1.1 - jurisdictionOfIncorporationStateOrProvinceName = 1.3.6.1.4.1.311.60.2.1.2 - jurisdictionOfIncorporationCountryName = 1.3.6.1.4.1.311.60.2.1.3 -[ req ] - prompt = no - distinguished_name = distinguished_name - string_mask = pkix - #x509_extensions = root_extensions - #req_extensions = extension - #attributes = req_attributes -[ distinguished_name ] - countryName = $ENV::x509_country - stateOrProvinceName = $ENV::x509_state_or_province - localityName = $ENV::x509_state_or_province - 0.organizationName = $ENV::x509_organization - organizationalUnitName = Service IMAP - commonName = $SERVICE.$ENV::x509_host - businessCategory = $ENV::x509_business_category - jurisdictionOfIncorporationLocalityName = $ENV::x509_state_or_province - jurisdictionOfIncorporationStateOrProvinceName = $ENV::x509_state_or_province - jurisdictionOfIncorporationCountryName = $ENV::x509_country -[ extensions ] - basicConstraints = critical,CA:FALSE - keyUsage = digitalSignature,keyEncipherment - subjectAltName = email:contact+$SERVICE@$ENV::x509_host,DNS:$SERVICE.$ENV::x509_host - subjectKeyIdentifier = hash - issuerAltName = issuer:copy - authorityKeyIdentifier = keyid:always,issuer:always - authorityInfoAccess = caIssuers;URI:http://www.$ENV::x509_host/x509/crt.pem - crlDistributionPoints = URI:http://www.$ENV::x509_host/x509/$SERVICE/crl.pem - certificatePolicies = @certificate_policies -[ self_signed_extensions ] - basicConstraints = critical,CA:TRUE,pathlen:0 - keyUsage = keyCertSign,cRLSign,digitalSignature,keyEncipherment - subjectAltName = email:contact+$SERVICE@$ENV::x509_host,DNS:$SERVICE.$ENV::x509_host - subjectKeyIdentifier = hash - issuerAltName = issuer:copy - authorityKeyIdentifier = keyid:always,issuer:always - authorityInfoAccess = caIssuers;URI:http://www.$ENV::x509_host/x509/$SERVICE/crt.pem - crlDistributionPoints = URI:http://www.$ENV::x509_host/x509/$SERVICE/crl.self-signed.pem -[ user_extensions ] - basicConstraints = critical,CA:FALSE,pathlen:0 - keyUsage = digitalSignature,keyEncipherment - subjectAltName = email:$ENV::user@$ENV::x509_host - subjectKeyIdentifier = hash - issuerAltName = issuer:copy - authorityKeyIdentifier = keyid:always,issuer:always - authorityInfoAccess = caIssuers;URI:http://www.$ENV::x509_host/x509/$SERVICE/crt.pem -[ certificate_policies ] - policyIdentifier = 1.2.250.1.42 - CPS.1 = https://www.$ENV::x509_host/x509/cps -[ ca ] - private_key = var/sec/x509/$ENV::x509/key.pem - dir = var/pub/x509/$ENV::x509 - crl_dir = $dir - crlnumber = $dir/crl.num - crl = $dir/crl.pem - database = $dir/idx.txt -[ self_signed_ca ] - private_key = var/sec/x509/$ENV::x509/key.pem - dir = var/pub/x509/$ENV::x509 - crl_dir = $dir - crlnumber = $dir/crl.self-signed.num - crl = $dir/crl.self-signed.pem - database = $dir/idx.self-signed.txt