etc/openssl/cyclocoop.org/host.cfg

   1         HOME        = .
   2         RANDFILE    = var/sec/x509/openssl.rand
   3         oid_section = extra_oids
   4 [ extra_oids ]
   5         # Pour EVSSL
   6         trustList       = 2.16.840.1.113730.1.900
   7         telephoneNumber = 2.5.4.20
   8         initials        = 2.5.4.43
   9         logotype        = 1.3.6.1.5.5.7.1.12
  10 [ req ]
  11         prompt             = no
  12         distinguished_name = distinguished_name
  13         string_mask        = pkix
  14 [ distinguished_name ]
  15         commonName             = $ENV::x509_host
  16         countryName            = $ENV::x509_country
  17         initials               = $ENV::x509_initials
  18         0.organizationName     = $ENV::x509_organization
  19         organizationalUnitName = Anti-autorité de certification primaire
  20         postalCode             = $ENV::x509_postal_code
  21         stateOrProvinceName    = $ENV::x509_state_or_province
  22         streetAddress          = $ENV::x509_street_address
  23         telephoneNumber        = $ENV::x509_telephone_number
  24 [ extensions ]
  25         basicConstraints       = critical,CA:TRUE,pathlen:1
  26         keyUsage               = keyCertSign,cRLSign
  27         subjectAltName         = email:contact@$ENV::x509_host
  28         subjectKeyIdentifier   = hash
  29         issuerAltName          = issuer:copy
  30         authorityKeyIdentifier = keyid:always,issuer:always
  31         authorityInfoAccess    = caIssuers;URI:http://www.$ENV::x509_host/x509/crt.pem
  32         crlDistributionPoints  = URI:http://www.$ENV::x509_host/x509/crl.pem
  33         #certificatePolicies    = @certificate_policies
  34         #trustList              = ASN1:UTF8String:https://www.$ENV::x509_host/x509/trust.etl
  35         #policyConstraints      =
  36         #extendedKeyUsage       =
  37         #inhibitAnyPolicy       =
  38         #nameConstraints        =
  39         #noCheck                =
  40 [ self_signed_extensions ]
  41         basicConstraints       = critical,CA:TRUE,pathlen:1
  42         keyUsage               = keyCertSign,cRLSign
  43         subjectAltName         = email:contact@$ENV::x509_host
  44         subjectKeyIdentifier   = hash
  45         issuerAltName          = issuer:copy
  46         authorityKeyIdentifier = keyid:always,issuer:always
  47         authorityInfoAccess    = caIssuers;URI:http://www.$ENV::x509_host/x509/crt.pem
  48         crlDistributionPoints  = URI:http://www.$ENV::x509_host/x509/crl.pem
  49 [ ca ]
  50         private_key      = var/sec/x509/$ENV::x509/key.pem
  51         dir              = var/pub/x509/$ENV::x509
  52         crl_dir          = $dir
  53         crlnumber        = $dir/crl.num
  54         crl              = $dir/crl.pem
  55         database         = $dir/idx.txt
  56 [ self_signed_ca ]
  57         private_key      = var/sec/x509/$ENV::x509/key.pem
  58         dir              = var/pub/x509/$ENV::x509
  59         crl_dir          = $dir
  60         crlnumber        = $dir/crl.self-signed.num
  61         crl              = $dir/crl.self-signed.pem
  62         database         = $dir/idx.self-signed.txt