Ajout : etc/openssl/burettes.heureux-cyclage.org/ .

diff --git a/etc/openssl/burettes.heureux-cyclage.org/ca b/etc/openssl/burettes.heureux-cyclage.org/ca
new file mode 120000 (symlink)
index 0000000..6d4a070
--- /dev/null
+++ b/etc/openssl/burettes.heureux-cyclage.org/ca
@@ -0,0 +1 @@
+../heureux-cyclage.org
\ No newline at end of file

diff --git a/etc/openssl/burettes.heureux-cyclage.org/host.cfg b/etc/openssl/burettes.heureux-cyclage.org/host.cfg
new file mode 100644 (file)
index 0000000..f2ef765
--- /dev/null
+++ b/etc/openssl/burettes.heureux-cyclage.org/host.cfg
@@ -0,0 +1,70 @@
+       SERVICE     = burettes
+       RANDFILE    = var/sec/x509/openssl.rand
+       oid_section = extra_oids
+[ extra_oids ]
+       # NOTE: pour une éventuelle validation étendue (Extended Validation (EV))
+       jurisdictionOfIncorporationLocalityName        = 1.3.6.1.4.1.311.60.2.1.1
+       jurisdictionOfIncorporationStateOrProvinceName = 1.3.6.1.4.1.311.60.2.1.2
+       jurisdictionOfIncorporationCountryName         = 1.3.6.1.4.1.311.60.2.1.3
+[ req ]
+       prompt             = no
+       distinguished_name = distinguished_name
+       string_mask        = pkix
+       #x509_extensions    = root_extensions
+       #req_extensions     = extension
+       #attributes         = req_attributes
+[ distinguished_name ]
+       countryName            = $ENV::x509_country
+       stateOrProvinceName    = $ENV::x509_state_or_province
+       localityName           = $ENV::x509_state_or_province
+       0.organizationName     = $ENV::x509_organization
+       organizationalUnitName = Service de la Burette
+       commonName             = $SERVICE.$ENV::x509_host
+       businessCategory                               = $ENV::x509_business_category
+       jurisdictionOfIncorporationLocalityName        = $ENV::x509_state_or_province
+       jurisdictionOfIncorporationStateOrProvinceName = $ENV::x509_state_or_province
+       jurisdictionOfIncorporationCountryName         = $ENV::x509_country
+[ extensions ]
+       basicConstraints       = critical,CA:TRUE,pathlen:0
+       keyUsage               = keyCertSign,cRLSign,digitalSignature,keyEncipherment
+       subjectAltName         = email:contact+$SERVICE@$ENV::x509_host,DNS:*.burettes.heureux-cyclage.org,DNS:burette.cyclocoop.heureux-cyclage.org,DNS:*.burette.cyclocoop.heureux-cyclage.org,DNS:burette.cyclocoop.org,DNS:*.burette.cyclocoop.org,DNS:burette.velosenville.org,DNS:burette.ptitvelo.net,DNS:burette.atelierdynamo.fr
+       subjectKeyIdentifier   = hash
+       issuerAltName          = issuer:copy
+       authorityKeyIdentifier = keyid:always,issuer:always
+       authorityInfoAccess    = caIssuers;URI:http://www.$ENV::x509_host/x509/crt.pem
+       crlDistributionPoints  = URI:http://www.$ENV::x509_host/x509/$SERVICE/crl.pem
+       certificatePolicies    = @certificate_policies
+[ self_signed_extensions ]
+       basicConstraints       = critical,CA:TRUE,pathlen:0
+       keyUsage               = keyCertSign,cRLSign,digitalSignature,keyEncipherment
+       subjectAltName         = email:contact+$SERVICE@$ENV::x509_host,DNS:*.burettes.heureux-cyclage.org,DNS:burette.cyclocoop.heureux-cyclage.org,DNS:*.burette.cyclocoop.heureux-cyclage.org,DNS:burette.cyclocoop.org,DNS:*.burette.cyclocoop.org,DNS:burette.velosenville.org,DNS:burette.ptitvelo.net,DNS:burette.atelierdynamo.fr
+       subjectKeyIdentifier   = hash
+       issuerAltName          = issuer:copy
+       authorityKeyIdentifier = keyid:always,issuer:always
+       authorityInfoAccess    = caIssuers;URI:http://www.$ENV::x509_host/x509/$SERVICE/crt.pem
+       crlDistributionPoints  = URI:http://www.$ENV::x509_host/x509/$SERVICE/crl.pem
+[ user_extensions ]
+       basicConstraints       = critical,CA:FALSE,pathlen:0
+       keyUsage               = digitalSignature,keyEncipherment
+       subjectAltName         = email:$ENV::user@$ENV::x509_host
+       subjectKeyIdentifier   = hash
+       issuerAltName          = issuer:copy
+       authorityKeyIdentifier = keyid:always,issuer:always
+       authorityInfoAccess    = caIssuers;URI:http://www.$ENV::x509_host/x509/$SERVICE/crt.pem
+[ certificate_policies ]
+       policyIdentifier = 1.2.250.1.42
+       CPS.1            = https://www.$ENV::x509_host/x509/cps
+[ ca ]
+       private_key      = var/sec/x509/$ENV::x509/key.pem
+       dir              = var/pub/x509/$ENV::x509
+       crl_dir          = $dir
+       crlnumber        = $dir/crl.num
+       crl              = $dir/crl.pem
+       database         = $dir/idx.txt
+[ self_signed_ca ]
+       private_key      = var/sec/x509/$ENV::x509/key.pem
+       dir              = var/pub/x509/$ENV::x509
+       crl_dir          = $dir
+       crlnumber        = $dir/crl.self-signed.num
+       crl              = $dir/crl.self-signed.pem
+       database         = $dir/idx.self-signed.txt

diff --git a/etc/openssl/burettes.heureux-cyclage.org/user.cfg b/etc/openssl/burettes.heureux-cyclage.org/user.cfg
new file mode 100644 (file)
index 0000000..ad9fd1a
--- /dev/null
+++ b/etc/openssl/burettes.heureux-cyclage.org/user.cfg
@@ -0,0 +1,14 @@
+       SERVICE  = burettes
+       HOME     = .
+       RANDFILE = var/sec/x509/openssl.rand
+[ req ]
+       prompt             = no
+       distinguished_name = user_distinguished_name
+       string_mask        = pkix
+[ user_distinguished_name ]
+       countryName            = $ENV::x509_country
+       stateOrProvinceName    = $ENV::x509_state_or_province
+       #localityName           =
+       0.organizationName     = $ENV::x509_organization
+       organizationalUnitName = Certificat utilisateurice du service de la Burette
+       commonName             = $ENV::user