SERVICE = smtpd HOME = . RANDFILE = $HOME/var/rand oid_section = extra_oids [ extra_oids ] # Pour la validation étendue (Extended Validation (EV)) jurisdictionOfIncorporationLocalityName = 1.3.6.1.4.1.311.60.2.1.1 jurisdictionOfIncorporationStateOrProvinceName = 1.3.6.1.4.1.311.60.2.1.2 jurisdictionOfIncorporationCountryName = 1.3.6.1.4.1.311.60.2.1.3 [ req ] prompt = no distinguished_name = service_distinguished_name string_mask = pkix #x509_extensions = root_extensions #req_extensions = service_extension #attributes = req_attributes [ service_distinguished_name ] countryName = $ENV::x509_country stateOrProvinceName = $ENV::x509_state_or_province localityName = $ENV::x509_state_or_province 0.organizationName = $ENV::x509_organization organizationalUnitName = Service SMTP (serveur) commonName = $SERVICE.$ENV::x509_host businessCategory = $ENV::x509_business_category jurisdictionOfIncorporationLocalityName = $ENV::x509_state_or_province jurisdictionOfIncorporationStateOrProvinceName = $ENV::x509_state_or_province jurisdictionOfIncorporationCountryName = $ENV::x509_country [ service_extensions ] basicConstraints = critical,CA:TRUE,pathlen:0 keyUsage = keyCertSign,cRLSign,digitalSignature,keyEncipherment subjectAltName = email:contact+$SERVICE@$ENV::x509_host,DNS:$SERVICE.$ENV::x509_host,DNS:smtp.$ENV::x509_host,DNS:submission.$ENV::x509_host,DNS:smtps.$ENV::x509_host subjectKeyIdentifier = hash issuerAltName = issuer:copy authorityKeyIdentifier = keyid:always,issuer:always authorityInfoAccess = caIssuers;URI:http://www.$ENV::x509_host/tls/crt.pem crlDistributionPoints = URI:http://www.$ENV::x509_host/tls/$SERVICE/crl.pem certificatePolicies = @service_certificate_policies [ service_self_signed_extensions ] basicConstraints = critical,CA:TRUE,pathlen:0 keyUsage = keyCertSign,cRLSign,digitalSignature,keyEncipherment subjectAltName = email:contact+$SERVICE@$ENV::x509_host,DNS:$SERVICE.$ENV::x509_host,DNS:smtp.$ENV::x509_host,DNS:submission.$ENV::x509_host,DNS:smtps.$ENV::x509_host subjectKeyIdentifier = hash issuerAltName = issuer:copy authorityKeyIdentifier = keyid:always,issuer:always authorityInfoAccess = caIssuers;URI:http://www.$ENV::x509_host/tls/$SERVICE/crt.pem crlDistributionPoints = URI:http://www.$ENV::x509_host/tls/$SERVICE/crl.pem [ user_extensions ] basicConstraints = critical,CA:FALSE,pathlen:0 keyUsage = digitalSignature,keyEncipherment subjectAltName = email:$ENV::x509_user@$ENV::x509_host subjectKeyIdentifier = hash issuerAltName = issuer:copy authorityKeyIdentifier = keyid:always,issuer:always authorityInfoAccess = caIssuers;URI:http://www.$ENV::x509_host/tls/$SERVICE/crt.pem [ service_certificate_policies ] policyIdentifier = 1.2.250.1.42 CPS.1 = https://www.$ENV::x509_host/tls/cps [ service_ca ] dir = $HOME/var/lib/x509/service/$SERVICE crl_dir = $dir crlnumber = $dir/crl.num crl = $dir/crl.pem private_key = $dir/key.pem database = $dir/idx.txt [ service_self_signed_ca ] dir = $HOME/var/lib/x509/service/$SERVICE crl_dir = $dir crlnumber = $dir/crl.self-signed.num crl = $dir/crl.self-signed.pem database = $dir/idx.self-signed.txt private_key = $dir/key.pem