Mise-à-jour : lib/tool/openssl .

[lhc/ateliers.git] / etc / openssl / service / www.cfg
diff --git a/etc/openssl/service/www.cfg b/etc/openssl/service/www.cfg

deleted file mode 100644 (file)

index 356371a..0000000
--- a/etc/openssl/service/www.cfg
+++ /dev/null
@@ -1,71 +0,0 @@
-       SERVICE     = www
-       HOME        = .
-       RANDFILE    = var/sec/x509/openssl.rand
-       oid_section = extra_oids
-[ extra_oids ]
-       # NOTE: pour une éventuelle validation étendue (Extended Validation (EV))
-       jurisdictionOfIncorporationLocalityName        = 1.3.6.1.4.1.311.60.2.1.1
-       jurisdictionOfIncorporationStateOrProvinceName = 1.3.6.1.4.1.311.60.2.1.2
-       jurisdictionOfIncorporationCountryName         = 1.3.6.1.4.1.311.60.2.1.3
-[ req ]
-       prompt             = no
-       distinguished_name = service_distinguished_name
-       string_mask        = pkix
-       #x509_extensions    = root_extensions
-       #req_extensions     = service_extension
-       #attributes         = req_attributes
-[ service_distinguished_name ]
-       countryName            = $ENV::x509_country
-       stateOrProvinceName    = $ENV::x509_state_or_province
-       localityName           = $ENV::x509_state_or_province
-       0.organizationName     = $ENV::x509_organization
-       organizationalUnitName = Service Web
-       commonName             = $SERVICE.$ENV::x509_host
-       businessCategory                               = $ENV::x509_business_category
-       jurisdictionOfIncorporationLocalityName        = $ENV::x509_state_or_province
-       jurisdictionOfIncorporationStateOrProvinceName = $ENV::x509_state_or_province
-       jurisdictionOfIncorporationCountryName         = $ENV::x509_country
-[ service_extensions ]
-       basicConstraints       = critical,CA:TRUE,pathlen:0
-       keyUsage               = keyCertSign,cRLSign,digitalSignature,keyEncipherment
-       subjectAltName         = email:contact+$SERVICE@$ENV::x509_host,DNS:$SERVICE.$ENV::x509_host,DNS:$ENV::x509_host
-       subjectKeyIdentifier   = hash
-       issuerAltName          = issuer:copy
-       authorityKeyIdentifier = keyid:always,issuer:always
-       authorityInfoAccess    = caIssuers;URI:http://www.$ENV::x509_host/x509/crt.pem
-       crlDistributionPoints  = URI:http://www.$ENV::x509_host/x509/$SERVICE/crl.pem
-       certificatePolicies    = @service_certificate_policies
-[ service_self_signed_extensions ]
-       basicConstraints       = critical,CA:TRUE,pathlen:0
-       keyUsage               = keyCertSign,cRLSign,digitalSignature,keyEncipherment
-       subjectAltName         = email:contact+$SERVICE@$ENV::x509_host,DNS:$SERVICE.$ENV::x509_host,DNS:$ENV::x509_host
-       subjectKeyIdentifier   = hash
-       issuerAltName          = issuer:copy
-       authorityKeyIdentifier = keyid:always,issuer:always
-       authorityInfoAccess    = caIssuers;URI:http://www.$ENV::x509_host/x509/$SERVICE/crt.pem
-       crlDistributionPoints  = URI:http://www.$ENV::x509_host/x509/$SERVICE/crl.pem
-[ user_extensions ]
-       basicConstraints       = critical,CA:FALSE,pathlen:0
-       keyUsage               = digitalSignature,keyEncipherment
-       subjectAltName         = email:$ENV::USER@$ENV::x509_host
-       subjectKeyIdentifier   = hash
-       issuerAltName          = issuer:copy
-       authorityKeyIdentifier = keyid:always,issuer:always
-       authorityInfoAccess    = caIssuers;URI:http://www.$ENV::x509_host/x509/$SERVICE/crt.pem
-[ service_certificate_policies ]
-       policyIdentifier = 1.2.250.1.42
-       CPS.1            = https://www.$ENV::x509_host/x509/cps
-[ service_ca ]
-       private_key      = $HOME/var/sec/x509/service/$SERVICE/key.pem
-       dir              = $HOME/var/pub/x509/service/$SERVICE
-       crl_dir          = $dir
-       crlnumber        = $dir/crl.num
-       crl              = $dir/crl.pem
-       database         = $dir/idx.txt
-[ service_self_signed_ca ]
-       private_key      = $HOME/var/sec/x509/service/$SERVICE/key.pem
-       dir              = $HOME/var/pub/x509/service/$SERVICE
-       crl_dir          = $dir
-       crlnumber        = $dir/crl.self-signed.num
-       crl              = $dir/crl.self-signed.pem
-       database         = $dir/idx.self-signed.txt