X-Git-Url: https://git.cyclocoop.org/?a=blobdiff_plain;f=etc%2Fopenssl%2Flesjantesdunord.org%2Fhost.cfg;fp=etc%2Fopenssl%2Flesjantesdunord.org%2Fhost.cfg;h=b5b11751de91e1b2277ffdc9c4b57eba9588107e;hb=d62cff2432548fa49b0b73a7b05b875d35ebb53b;hp=0000000000000000000000000000000000000000;hpb=b070a54daf03b1220fbf6143f35c768628f20199;p=lhc%2Fateliers.git

diff --git a/etc/openssl/lesjantesdunord.org/host.cfg b/etc/openssl/lesjantesdunord.org/host.cfg
new file mode 100644
index 0000000..b5b1175
--- /dev/null
+++ b/etc/openssl/lesjantesdunord.org/host.cfg
@@ -0,0 +1,62 @@
+	HOME        = .
+	RANDFILE    = var/sec/x509/openssl.rand
+	oid_section = extra_oids
+[ extra_oids ]
+	# Pour EVSSL
+	trustList       = 2.16.840.1.113730.1.900
+	telephoneNumber = 2.5.4.20
+	initials        = 2.5.4.43
+	logotype        = 1.3.6.1.5.5.7.1.12
+[ req ]
+	prompt             = no
+	distinguished_name = distinguished_name
+	string_mask        = pkix
+[ distinguished_name ]
+	commonName             = $ENV::x509_host
+	countryName            = $ENV::x509_country
+	initials               = $ENV::x509_initials
+	0.organizationName     = $ENV::x509_organization
+	organizationalUnitName = Anti-autorité de certification primaire
+	postalCode             = $ENV::x509_postal_code
+	stateOrProvinceName    = $ENV::x509_state_or_province
+	streetAddress          = $ENV::x509_street_address
+	telephoneNumber        = $ENV::x509_telephone_number
+[ extensions ]
+	basicConstraints       = critical,CA:TRUE,pathlen:1
+	keyUsage               = keyCertSign,cRLSign
+	subjectAltName         = email:contact@$ENV::x509_host
+	subjectKeyIdentifier   = hash
+	issuerAltName          = issuer:copy
+	authorityKeyIdentifier = keyid:always,issuer:always
+	authorityInfoAccess    = caIssuers;URI:http://www.$ENV::x509_host/x509/crt.pem
+	crlDistributionPoints  = URI:http://www.$ENV::x509_host/x509/crl.pem
+	#certificatePolicies    = @certificate_policies
+	#trustList              = ASN1:UTF8String:https://www.$ENV::x509_host/x509/trust.etl
+	#policyConstraints      =
+	#extendedKeyUsage       =
+	#inhibitAnyPolicy       =
+	#nameConstraints        =
+	#noCheck                =
+[ self_signed_extensions ]
+	basicConstraints       = critical,CA:TRUE,pathlen:1
+	keyUsage               = keyCertSign,cRLSign
+	subjectAltName         = email:contact@$ENV::x509_host
+	subjectKeyIdentifier   = hash
+	issuerAltName          = issuer:copy
+	authorityKeyIdentifier = keyid:always,issuer:always
+	authorityInfoAccess    = caIssuers;URI:http://www.$ENV::x509_host/x509/crt.pem
+	crlDistributionPoints  = URI:http://www.$ENV::x509_host/x509/crl.pem
+[ ca ]
+	private_key      = var/sec/x509/$ENV::x509/key.pem
+	dir              = var/pub/x509/$ENV::x509
+	crl_dir          = $dir
+	crlnumber        = $dir/crl.num
+	crl              = $dir/crl.pem
+	database         = $dir/idx.txt
+[ self_signed_ca ]
+	private_key      = var/sec/x509/$ENV::x509/key.pem
+	dir              = var/pub/x509/$ENV::x509
+	crl_dir          = $dir
+	crlnumber        = $dir/crl.self-signed.num
+	crl              = $dir/crl.self-signed.pem
+	database         = $dir/idx.self-signed.txt