Ajout : etc/nginx/site.d/ptitvelo-www

[lhc/ateliers.git] / etc / openssl / ptitvelo.net / host.cfg
diff --git a/etc/openssl/ptitvelo.net/host.cfg b/etc/openssl/ptitvelo.net/host.cfg

new file mode 100644 (file)

index 0000000..b5b1175
--- /dev/null
+++ b/etc/openssl/ptitvelo.net/host.cfg
@@ -0,0 +1,62 @@
+       HOME        = .
+       RANDFILE    = var/sec/x509/openssl.rand
+       oid_section = extra_oids
+[ extra_oids ]
+       # Pour EVSSL
+       trustList       = 2.16.840.1.113730.1.900
+       telephoneNumber = 2.5.4.20
+       initials        = 2.5.4.43
+       logotype        = 1.3.6.1.5.5.7.1.12
+[ req ]
+       prompt             = no
+       distinguished_name = distinguished_name
+       string_mask        = pkix
+[ distinguished_name ]
+       commonName             = $ENV::x509_host
+       countryName            = $ENV::x509_country
+       initials               = $ENV::x509_initials
+       0.organizationName     = $ENV::x509_organization
+       organizationalUnitName = Anti-autorité de certification primaire
+       postalCode             = $ENV::x509_postal_code
+       stateOrProvinceName    = $ENV::x509_state_or_province
+       streetAddress          = $ENV::x509_street_address
+       telephoneNumber        = $ENV::x509_telephone_number
+[ extensions ]
+       basicConstraints       = critical,CA:TRUE,pathlen:1
+       keyUsage               = keyCertSign,cRLSign
+       subjectAltName         = email:contact@$ENV::x509_host
+       subjectKeyIdentifier   = hash
+       issuerAltName          = issuer:copy
+       authorityKeyIdentifier = keyid:always,issuer:always
+       authorityInfoAccess    = caIssuers;URI:http://www.$ENV::x509_host/x509/crt.pem
+       crlDistributionPoints  = URI:http://www.$ENV::x509_host/x509/crl.pem
+       #certificatePolicies    = @certificate_policies
+       #trustList              = ASN1:UTF8String:https://www.$ENV::x509_host/x509/trust.etl
+       #policyConstraints      =
+       #extendedKeyUsage       =
+       #inhibitAnyPolicy       =
+       #nameConstraints        =
+       #noCheck                =
+[ self_signed_extensions ]
+       basicConstraints       = critical,CA:TRUE,pathlen:1
+       keyUsage               = keyCertSign,cRLSign
+       subjectAltName         = email:contact@$ENV::x509_host
+       subjectKeyIdentifier   = hash
+       issuerAltName          = issuer:copy
+       authorityKeyIdentifier = keyid:always,issuer:always
+       authorityInfoAccess    = caIssuers;URI:http://www.$ENV::x509_host/x509/crt.pem
+       crlDistributionPoints  = URI:http://www.$ENV::x509_host/x509/crl.pem
+[ ca ]
+       private_key      = var/sec/x509/$ENV::x509/key.pem
+       dir              = var/pub/x509/$ENV::x509
+       crl_dir          = $dir
+       crlnumber        = $dir/crl.num
+       crl              = $dir/crl.pem
+       database         = $dir/idx.txt
+[ self_signed_ca ]
+       private_key      = var/sec/x509/$ENV::x509/key.pem
+       dir              = var/pub/x509/$ENV::x509
+       crl_dir          = $dir
+       crlnumber        = $dir/crl.self-signed.num
+       crl              = $dir/crl.self-signed.pem
+       database         = $dir/idx.self-signed.txt