Ajout : réorganisation et ébauche X509.

[lhc/ateliers.git] / etc / openssl / ca.cfg

diff --git a/etc/openssl/ca.cfg b/etc/openssl/ca.cfg
new file mode 100644 (file)
index 0000000..2cd0e7d
--- /dev/null
+++ b/etc/openssl/ca.cfg
@@ -0,0 +1,39 @@
+       HOME        = .
+       RANDFILE    = $HOME/var/lib/rand
+       oid_section = extra_oids
+[ extra_oids ]
+       # Pour EVSSL
+       trustList       = 2.16.840.1.113730.1.900
+       telephoneNumber = 2.5.4.20
+       initials        = 2.5.4.43
+       logotype        = 1.3.6.1.5.5.7.1.12
+[ req ]
+       prompt             = no
+       distinguished_name = root_distinguished_name
+       string_mask        = pkix
+[ root_distinguished_name ]
+       commonName             = $ENV::x509_host
+       countryName            = $ENV::x509_country
+       initials               = $ENV::x509_initials
+       0.organizationName     = $ENV::x509_host
+       organizationalUnitName = Anti-autorité de certification primaire
+       postalCode             = $ENV::x509_postal_code
+       stateOrProvinceName    = $ENV::x509_state_or_province
+       streetAddress          = $ENV::x509_street_address
+       telephoneNumber        = $ENV::x509_telephone_number
+[ root_extensions ]
+       basicConstraints       = critical,CA:TRUE,pathlen:1
+       keyUsage               = keyCertSign,cRLSign
+       subjectAltName         = email:contact@$ENV::x509_host
+       subjectKeyIdentifier   = hash
+       issuerAltName          = issuer:copy
+       authorityKeyIdentifier = keyid:always,issuer:always
+       authorityInfoAccess    = caIssuers;URI:http://www.$ENV::x509_host/tls/crt.pem
+       crlDistributionPoints  = URI:http://www.$ENV::x509_host/tls/crl.pem
+       #certificatePolicies    = @root_certificate_policies
+       #trustList              = ASN1:UTF8String:https://www.$ENV::x509_host/tls/trust.etl
+       #policyConstraints      =
+       #extendedKeyUsage       =
+       #inhibitAnyPolicy       =
+       #nameConstraints        =
+       #noCheck                =