Ajout : etc/openssl/lesjantesdunord.org

diff --git a/etc/openssl/imap.lesjantesdunord.org/ca b/etc/openssl/imap.lesjantesdunord.org/ca
new file mode 120000 (symlink)
index 0000000..5aba0b4
--- /dev/null
+++ b/etc/openssl/imap.lesjantesdunord.org/ca
@@ -0,0 +1 @@
+../lesjantesdunord.org
\ No newline at end of file

diff --git a/etc/openssl/imap.lesjantesdunord.org/host.cfg b/etc/openssl/imap.lesjantesdunord.org/host.cfg
new file mode 100644 (file)
index 0000000..26695c7
--- /dev/null
+++ b/etc/openssl/imap.lesjantesdunord.org/host.cfg
@@ -0,0 +1,70 @@
+       SERVICE     = imap
+       RANDFILE    = var/sec/x509/openssl.rand
+       oid_section = extra_oids
+[ extra_oids ]
+       # NOTE: pour une éventuelle validation étendue (Extended Validation (EV))
+       jurisdictionOfIncorporationLocalityName        = 1.3.6.1.4.1.311.60.2.1.1
+       jurisdictionOfIncorporationStateOrProvinceName = 1.3.6.1.4.1.311.60.2.1.2
+       jurisdictionOfIncorporationCountryName         = 1.3.6.1.4.1.311.60.2.1.3
+[ req ]
+       prompt             = no
+       distinguished_name = distinguished_name
+       string_mask        = pkix
+       #x509_extensions    = root_extensions
+       #req_extensions     = extension
+       #attributes         = req_attributes
+[ distinguished_name ]
+       countryName            = $ENV::x509_country
+       stateOrProvinceName    = $ENV::x509_state_or_province
+       localityName           = $ENV::x509_state_or_province
+       0.organizationName     = $ENV::x509_organization
+       organizationalUnitName = Service IMAP
+       commonName             = $SERVICE.$ENV::x509_host
+       businessCategory                               = $ENV::x509_business_category
+       jurisdictionOfIncorporationLocalityName        = $ENV::x509_state_or_province
+       jurisdictionOfIncorporationStateOrProvinceName = $ENV::x509_state_or_province
+       jurisdictionOfIncorporationCountryName         = $ENV::x509_country
+[ extensions ]
+       basicConstraints       = critical,CA:FALSE
+       keyUsage               = digitalSignature,keyEncipherment
+       subjectAltName         = email:contact+$SERVICE@$ENV::x509_host,DNS:$SERVICE.$ENV::x509_host
+       subjectKeyIdentifier   = hash
+       issuerAltName          = issuer:copy
+       authorityKeyIdentifier = keyid:always,issuer:always
+       authorityInfoAccess    = caIssuers;URI:http://www.$ENV::x509_host/x509/crt.pem
+       crlDistributionPoints  = URI:http://www.$ENV::x509_host/x509/$SERVICE/crl.pem
+       certificatePolicies    = @certificate_policies
+[ self_signed_extensions ]
+       basicConstraints       = critical,CA:TRUE,pathlen:0
+       keyUsage               = keyCertSign,cRLSign,digitalSignature,keyEncipherment
+       subjectAltName         = email:contact+$SERVICE@$ENV::x509_host,DNS:$SERVICE.$ENV::x509_host
+       subjectKeyIdentifier   = hash
+       issuerAltName          = issuer:copy
+       authorityKeyIdentifier = keyid:always,issuer:always
+       authorityInfoAccess    = caIssuers;URI:http://www.$ENV::x509_host/x509/$SERVICE/crt.pem
+       crlDistributionPoints  = URI:http://www.$ENV::x509_host/x509/$SERVICE/crl.self-signed.pem
+[ user_extensions ]
+       basicConstraints       = critical,CA:FALSE,pathlen:0
+       keyUsage               = digitalSignature,keyEncipherment
+       subjectAltName         = email:$ENV::user@$ENV::x509_host
+       subjectKeyIdentifier   = hash
+       issuerAltName          = issuer:copy
+       authorityKeyIdentifier = keyid:always,issuer:always
+       authorityInfoAccess    = caIssuers;URI:http://www.$ENV::x509_host/x509/$SERVICE/crt.pem
+[ certificate_policies ]
+       policyIdentifier = 1.2.250.1.42
+       CPS.1            = https://www.$ENV::x509_host/x509/cps
+[ ca ]
+       private_key      = var/sec/x509/$ENV::x509/key.pem
+       dir              = var/pub/x509/$ENV::x509
+       crl_dir          = $dir
+       crlnumber        = $dir/crl.num
+       crl              = $dir/crl.pem
+       database         = $dir/idx.txt
+[ self_signed_ca ]
+       private_key      = var/sec/x509/$ENV::x509/key.pem
+       dir              = var/pub/x509/$ENV::x509
+       crl_dir          = $dir
+       crlnumber        = $dir/crl.self-signed.num
+       crl              = $dir/crl.self-signed.pem
+       database         = $dir/idx.self-signed.txt

diff --git a/etc/openssl/imap.lesjantesdunord.org/user.cfg b/etc/openssl/imap.lesjantesdunord.org/user.cfg
new file mode 100644 (file)
index 0000000..4116009
--- /dev/null
+++ b/etc/openssl/imap.lesjantesdunord.org/user.cfg
@@ -0,0 +1,16 @@
+       SERVICE  = imap
+       HOME     = .
+       RANDFILE = var/sec/x509/openssl.rand
+[ req ]
+       distinguished_name = user_distinguished_name
+       prompt             = no
+       string_mask        = pkix
+[ user_distinguished_name ]
+       0.organizationName     = $ENV::x509_organization
+       commonName             = $ENV::user@$ENV::x509_host
+       countryName            = $ENV::x509_country
+       localityName           = néant
+       organizationalUnitName = Certificat utilisateurice du service IMAP
+       stateOrProvinceName    = $ENV::x509_state_or_province
+#[ user_extensions ]
+#      subjectAltName         = email:$ENV::user@$ENV::x509_host

diff --git a/etc/openssl/lesjantesdunord.org/host.cfg b/etc/openssl/lesjantesdunord.org/host.cfg
new file mode 100644 (file)
index 0000000..b5b1175
--- /dev/null
+++ b/etc/openssl/lesjantesdunord.org/host.cfg
@@ -0,0 +1,62 @@
+       HOME        = .
+       RANDFILE    = var/sec/x509/openssl.rand
+       oid_section = extra_oids
+[ extra_oids ]
+       # Pour EVSSL
+       trustList       = 2.16.840.1.113730.1.900
+       telephoneNumber = 2.5.4.20
+       initials        = 2.5.4.43
+       logotype        = 1.3.6.1.5.5.7.1.12
+[ req ]
+       prompt             = no
+       distinguished_name = distinguished_name
+       string_mask        = pkix
+[ distinguished_name ]
+       commonName             = $ENV::x509_host
+       countryName            = $ENV::x509_country
+       initials               = $ENV::x509_initials
+       0.organizationName     = $ENV::x509_organization
+       organizationalUnitName = Anti-autorité de certification primaire
+       postalCode             = $ENV::x509_postal_code
+       stateOrProvinceName    = $ENV::x509_state_or_province
+       streetAddress          = $ENV::x509_street_address
+       telephoneNumber        = $ENV::x509_telephone_number
+[ extensions ]
+       basicConstraints       = critical,CA:TRUE,pathlen:1
+       keyUsage               = keyCertSign,cRLSign
+       subjectAltName         = email:contact@$ENV::x509_host
+       subjectKeyIdentifier   = hash
+       issuerAltName          = issuer:copy
+       authorityKeyIdentifier = keyid:always,issuer:always
+       authorityInfoAccess    = caIssuers;URI:http://www.$ENV::x509_host/x509/crt.pem
+       crlDistributionPoints  = URI:http://www.$ENV::x509_host/x509/crl.pem
+       #certificatePolicies    = @certificate_policies
+       #trustList              = ASN1:UTF8String:https://www.$ENV::x509_host/x509/trust.etl
+       #policyConstraints      =
+       #extendedKeyUsage       =
+       #inhibitAnyPolicy       =
+       #nameConstraints        =
+       #noCheck                =
+[ self_signed_extensions ]
+       basicConstraints       = critical,CA:TRUE,pathlen:1
+       keyUsage               = keyCertSign,cRLSign
+       subjectAltName         = email:contact@$ENV::x509_host
+       subjectKeyIdentifier   = hash
+       issuerAltName          = issuer:copy
+       authorityKeyIdentifier = keyid:always,issuer:always
+       authorityInfoAccess    = caIssuers;URI:http://www.$ENV::x509_host/x509/crt.pem
+       crlDistributionPoints  = URI:http://www.$ENV::x509_host/x509/crl.pem
+[ ca ]
+       private_key      = var/sec/x509/$ENV::x509/key.pem
+       dir              = var/pub/x509/$ENV::x509
+       crl_dir          = $dir
+       crlnumber        = $dir/crl.num
+       crl              = $dir/crl.pem
+       database         = $dir/idx.txt
+[ self_signed_ca ]
+       private_key      = var/sec/x509/$ENV::x509/key.pem
+       dir              = var/pub/x509/$ENV::x509
+       crl_dir          = $dir
+       crlnumber        = $dir/crl.self-signed.num
+       crl              = $dir/crl.self-signed.pem
+       database         = $dir/idx.self-signed.txt

diff --git a/etc/openssl/lesjantesdunord.org/host.sh b/etc/openssl/lesjantesdunord.org/host.sh
new file mode 100644 (file)
index 0000000..fcc1df2
--- /dev/null
+++ b/etc/openssl/lesjantesdunord.org/host.sh
@@ -0,0 +1,14 @@
+#!/bin/sh
+
+export x509_host="lesjantesdunord.org"
+export x509_country="FR"
+export x509_organization="Les Jantes du Nord"
+export x509_organization_unit_name="Les Jantes du Nord"
+export x509_initials="LHC"
+export x509_state_or_province="Nord-Pas-de-Calais-Picardie"
+export x509_locality="LILLE"
+export x509_street_address="À la MRES, 23, rue Gosselet"
+export x509_postal_code="59000"
+export x509_telephone_number="néant"
+export x509_business_category="V1.0, ni dieu ni maître ni moteur"
+export x509_days="3653"

diff --git a/etc/openssl/pop.lesjantesdunord.org/host.cfg b/etc/openssl/pop.lesjantesdunord.org/host.cfg
new file mode 100644 (file)
index 0000000..3389044
--- /dev/null
+++ b/etc/openssl/pop.lesjantesdunord.org/host.cfg
@@ -0,0 +1,70 @@
+       SERVICE     = pop
+       RANDFILE    = var/sec/x509/openssl.rand
+       oid_section = extra_oids
+[ extra_oids ]
+       # NOTE: pour une éventuelle validation étendue (Extended Validation (EV))
+       jurisdictionOfIncorporationLocalityName        = 1.3.6.1.4.1.311.60.2.1.1
+       jurisdictionOfIncorporationStateOrProvinceName = 1.3.6.1.4.1.311.60.2.1.2
+       jurisdictionOfIncorporationCountryName         = 1.3.6.1.4.1.311.60.2.1.3
+[ req ]
+       prompt             = no
+       distinguished_name = distinguished_name
+       string_mask        = pkix
+       #x509_extensions    = root_extensions
+       #req_extensions     = extension
+       #attributes         = req_attributes
+[ distinguished_name ]
+       countryName            = $ENV::x509_country
+       stateOrProvinceName    = $ENV::x509_state_or_province
+       localityName           = $ENV::x509_state_or_province
+       0.organizationName     = $ENV::x509_organization
+       organizationalUnitName = Service POP
+       commonName             = $SERVICE.$ENV::x509_host
+       businessCategory                               = $ENV::x509_business_category
+       jurisdictionOfIncorporationLocalityName        = $ENV::x509_state_or_province
+       jurisdictionOfIncorporationStateOrProvinceName = $ENV::x509_state_or_province
+       jurisdictionOfIncorporationCountryName         = $ENV::x509_country
+[ extensions ]
+       basicConstraints       = critical,CA:FALSE
+       keyUsage               = digitalSignature,keyEncipherment
+       subjectAltName         = email:contact+$SERVICE@$ENV::x509_host,DNS:$SERVICE.$ENV::x509_host
+       subjectKeyIdentifier   = hash
+       issuerAltName          = issuer:copy
+       authorityKeyIdentifier = keyid:always,issuer:always
+       authorityInfoAccess    = caIssuers;URI:http://www.$ENV::x509_host/x509/crt.pem
+       crlDistributionPoints  = URI:http://www.$ENV::x509_host/x509/$SERVICE/crl.pem
+       certificatePolicies    = @certificate_policies
+[ self_signed_extensions ]
+       basicConstraints       = critical,CA:TRUE,pathlen:0
+       keyUsage               = keyCertSign,cRLSign,digitalSignature,keyEncipherment
+       subjectAltName         = email:contact+$SERVICE@$ENV::x509_host,DNS:$SERVICE.$ENV::x509_host
+       subjectKeyIdentifier   = hash
+       issuerAltName          = issuer:copy
+       authorityKeyIdentifier = keyid:always,issuer:always
+       authorityInfoAccess    = caIssuers;URI:http://www.$ENV::x509_host/x509/$SERVICE/crt.pem
+       crlDistributionPoints  = URI:http://www.$ENV::x509_host/x509/$SERVICE/crl.self-signed.pem
+[ user_extensions ]
+       basicConstraints       = critical,CA:FALSE,pathlen:0
+       keyUsage               = digitalSignature,keyEncipherment
+       subjectAltName         = email:$ENV::user@$ENV::x509_host
+       subjectKeyIdentifier   = hash
+       issuerAltName          = issuer:copy
+       authorityKeyIdentifier = keyid:always,issuer:always
+       authorityInfoAccess    = caIssuers;URI:http://www.$ENV::x509_host/x509/$SERVICE/crt.pem
+[ certificate_policies ]
+       policyIdentifier = 1.2.250.1.42
+       CPS.1            = https://www.$ENV::x509_host/x509/cps
+[ ca ]
+       private_key      = var/sec/x509/$ENV::x509/key.pem
+       dir              = var/pub/x509/$ENV::x509
+       crl_dir          = $dir
+       crlnumber        = $dir/crl.num
+       crl              = $dir/crl.pem
+       database         = $dir/idx.txt
+[ self_signed_ca ]
+       private_key      = var/sec/x509/$ENV::x509/key.pem
+       dir              = var/pub/x509/$ENV::x509
+       crl_dir          = $dir
+       crlnumber        = $dir/crl.self-signed.num
+       crl              = $dir/crl.self-signed.pem
+       database         = $dir/idx.self-signed.txt

diff --git a/etc/openssl/pop.lesjantesdunord.org/lesjantesdunord.org b/etc/openssl/pop.lesjantesdunord.org/lesjantesdunord.org
new file mode 120000 (symlink)
index 0000000..5aba0b4
--- /dev/null
+++ b/etc/openssl/pop.lesjantesdunord.org/lesjantesdunord.org
@@ -0,0 +1 @@
+../lesjantesdunord.org
\ No newline at end of file

diff --git a/etc/openssl/pop.lesjantesdunord.org/user.cfg b/etc/openssl/pop.lesjantesdunord.org/user.cfg
new file mode 100644 (file)
index 0000000..d29ceab
--- /dev/null
+++ b/etc/openssl/pop.lesjantesdunord.org/user.cfg
@@ -0,0 +1,16 @@
+       SERVICE  = pop
+       HOME     = .
+       RANDFILE = var/sec/x509/openssl.rand
+[ req ]
+       distinguished_name = user_distinguished_name
+       prompt             = no
+       string_mask        = pkix
+[ user_distinguished_name ]
+       0.organizationName     = $ENV::x509_organization
+       commonName             = $ENV::user@$ENV::x509_host
+       countryName            = $ENV::x509_country
+       localityName           = néant
+       organizationalUnitName = Certificat utilisateurice du service POP
+       stateOrProvinceName    = $ENV::x509_state_or_province
+#[ user_extensions ]
+#      subjectAltName         = email:$ENV::user@$ENV::x509_host

diff --git a/etc/openssl/smtp.lesjantesdunord.org/host.cfg b/etc/openssl/smtp.lesjantesdunord.org/host.cfg
new file mode 100644 (file)
index 0000000..8f03b98
--- /dev/null
+++ b/etc/openssl/smtp.lesjantesdunord.org/host.cfg
@@ -0,0 +1,70 @@
+       SERVICE     = smtp
+       RANDFILE    = var/sec/x509/openssl.rand
+       oid_section = extra_oids
+[ extra_oids ]
+       # NOTE: pour une éventuelle validation étendue (Extended Validation (EV))
+       jurisdictionOfIncorporationLocalityName        = 1.3.6.1.4.1.311.60.2.1.1
+       jurisdictionOfIncorporationStateOrProvinceName = 1.3.6.1.4.1.311.60.2.1.2
+       jurisdictionOfIncorporationCountryName         = 1.3.6.1.4.1.311.60.2.1.3
+[ req ]
+       prompt             = no
+       distinguished_name = distinguished_name
+       string_mask        = pkix
+       #x509_extensions    = root_extensions
+       #req_extensions     = extension
+       #attributes         = req_attributes
+[ distinguished_name ]
+       countryName            = $ENV::x509_country
+       stateOrProvinceName    = $ENV::x509_state_or_province
+       localityName           = $ENV::x509_state_or_province
+       0.organizationName     = $ENV::x509_organization
+       organizationalUnitName = Service SMTP
+       commonName             = $SERVICE.$ENV::x509_host
+       businessCategory                               = $ENV::x509_business_category
+       jurisdictionOfIncorporationLocalityName        = $ENV::x509_state_or_province
+       jurisdictionOfIncorporationStateOrProvinceName = $ENV::x509_state_or_province
+       jurisdictionOfIncorporationCountryName         = $ENV::x509_country
+[ extensions ]
+       basicConstraints       = critical,CA:FALSE
+       keyUsage               = digitalSignature,keyEncipherment
+       subjectAltName         = email:contact+$SERVICE@$ENV::x509_host,DNS:$SERVICE.$ENV::x509_host
+       subjectKeyIdentifier   = hash
+       issuerAltName          = issuer:copy
+       authorityKeyIdentifier = keyid:always,issuer:always
+       authorityInfoAccess    = caIssuers;URI:http://www.$ENV::x509_host/x509/crt.pem
+       crlDistributionPoints  = URI:http://www.$ENV::x509_host/x509/$SERVICE/crl.pem
+       certificatePolicies    = @certificate_policies
+[ self_signed_extensions ]
+       basicConstraints       = critical,CA:TRUE,pathlen:0
+       keyUsage               = keyCertSign,cRLSign,digitalSignature,keyEncipherment
+       subjectAltName         = email:contact+$SERVICE@$ENV::x509_host,DNS:$SERVICE.$ENV::x509_host
+       subjectKeyIdentifier   = hash
+       issuerAltName          = issuer:copy
+       authorityKeyIdentifier = keyid:always,issuer:always
+       authorityInfoAccess    = caIssuers;URI:http://www.$ENV::x509_host/x509/$SERVICE/crt.pem
+       crlDistributionPoints  = URI:http://www.$ENV::x509_host/x509/$SERVICE/crl.pem
+[ user_extensions ]
+       basicConstraints       = critical,CA:FALSE,pathlen:0
+       keyUsage               = digitalSignature,keyEncipherment
+       subjectAltName         = email:$ENV::user@$ENV::x509_host
+       subjectKeyIdentifier   = hash
+       issuerAltName          = issuer:copy
+       authorityKeyIdentifier = keyid:always,issuer:always
+       authorityInfoAccess    = caIssuers;URI:http://www.$ENV::x509_host/x509/$SERVICE/crt.pem
+[ certificate_policies ]
+       policyIdentifier = 1.2.250.1.42
+       CPS.1            = https://www.$ENV::x509_host/x509/cps
+[ ca ]
+       private_key      = var/sec/x509/$ENV::x509/key.pem
+       dir              = var/pub/x509/$ENV::x509
+       crl_dir          = $dir
+       crlnumber        = $dir/crl.num
+       crl              = $dir/crl.pem
+       database         = $dir/idx.txt
+[ self_signed_ca ]
+       private_key      = var/sec/x509/$ENV::x509/key.pem
+       dir              = var/pub/x509/$ENV::x509
+       crl_dir          = $dir
+       crlnumber        = $dir/crl.self-signed.num
+       crl              = $dir/crl.self-signed.pem
+       database         = $dir/idx.self-signed.txt

diff --git a/etc/openssl/smtp.lesjantesdunord.org/lesjantesdunord.org b/etc/openssl/smtp.lesjantesdunord.org/lesjantesdunord.org
new file mode 120000 (symlink)
index 0000000..5aba0b4
--- /dev/null
+++ b/etc/openssl/smtp.lesjantesdunord.org/lesjantesdunord.org
@@ -0,0 +1 @@
+../lesjantesdunord.org
\ No newline at end of file

diff --git a/etc/openssl/smtp.lesjantesdunord.org/user.cfg b/etc/openssl/smtp.lesjantesdunord.org/user.cfg
new file mode 100644 (file)
index 0000000..ed63a6a
--- /dev/null
+++ b/etc/openssl/smtp.lesjantesdunord.org/user.cfg
@@ -0,0 +1,16 @@
+       SERVICE  = smtp
+       HOME     = .
+       RANDFILE = var/sec/x509/openssl.rand
+[ req ]
+       distinguished_name = user_distinguished_name
+       prompt             = no
+       string_mask        = pkix
+[ user_distinguished_name ]
+       0.organizationName     = $ENV::x509_organization
+       commonName             = $ENV::user@$ENV::x509_host
+       countryName            = $ENV::x509_country
+       localityName           = néant
+       organizationalUnitName = Certificat utilisateurice du service SMTP
+       stateOrProvinceName    = $ENV::x509_state_or_province
+[ user_extensions ]
+       subjectAltName         = email:$ENV::user@$ENV::x509_host

diff --git a/etc/openssl/www.lesjantesdunord.org/host.cfg b/etc/openssl/www.lesjantesdunord.org/host.cfg
new file mode 100644 (file)
index 0000000..f966389
--- /dev/null
+++ b/etc/openssl/www.lesjantesdunord.org/host.cfg
@@ -0,0 +1,70 @@
+       SERVICE     = www
+       RANDFILE    = var/sec/x509/openssl.rand
+       oid_section = extra_oids
+[ extra_oids ]
+       # NOTE: pour une éventuelle validation étendue (Extended Validation (EV))
+       jurisdictionOfIncorporationLocalityName        = 1.3.6.1.4.1.311.60.2.1.1
+       jurisdictionOfIncorporationStateOrProvinceName = 1.3.6.1.4.1.311.60.2.1.2
+       jurisdictionOfIncorporationCountryName         = 1.3.6.1.4.1.311.60.2.1.3
+[ req ]
+       prompt             = no
+       distinguished_name = distinguished_name
+       string_mask        = pkix
+       #x509_extensions    = root_extensions
+       #req_extensions     = extension
+       #attributes         = req_attributes
+[ distinguished_name ]
+       countryName            = $ENV::x509_country
+       stateOrProvinceName    = $ENV::x509_state_or_province
+       localityName           = $ENV::x509_state_or_province
+       0.organizationName     = $ENV::x509_organization
+       organizationalUnitName = Service Web
+       commonName             = $SERVICE.$ENV::x509_host
+       businessCategory                               = $ENV::x509_business_category
+       jurisdictionOfIncorporationLocalityName        = $ENV::x509_state_or_province
+       jurisdictionOfIncorporationStateOrProvinceName = $ENV::x509_state_or_province
+       jurisdictionOfIncorporationCountryName         = $ENV::x509_country
+[ extensions ]
+       basicConstraints       = critical,CA:FALSE,pathlen:0
+       keyUsage               = keyEncipherment
+       subjectAltName         = email:contact+$SERVICE@$ENV::x509_host,DNS:$SERVICE.$ENV::x509_host,DNS:$ENV::x509_host
+       subjectKeyIdentifier   = hash
+       issuerAltName          = issuer:copy
+       authorityKeyIdentifier = keyid:always,issuer:always
+       authorityInfoAccess    = caIssuers;URI:http://www.$ENV::x509_host/x509/crt.pem
+       crlDistributionPoints  = URI:http://www.$ENV::x509_host/x509/$SERVICE/crl.pem
+       certificatePolicies    = @certificate_policies
+[ self_signed_extensions ]
+       basicConstraints       = critical,CA:TRUE,pathlen:0
+       keyUsage               = keyCertSign,cRLSign,digitalSignature,keyEncipherment
+       subjectAltName         = email:contact+$SERVICE@$ENV::x509_host,DNS:$SERVICE.$ENV::x509_host,DNS:$ENV::x509_host
+       subjectKeyIdentifier   = hash
+       issuerAltName          = issuer:copy
+       authorityKeyIdentifier = keyid:always,issuer:always
+       authorityInfoAccess    = caIssuers;URI:http://www.$ENV::x509_host/x509/$SERVICE/crt.pem
+       crlDistributionPoints  = URI:http://www.$ENV::x509_host/x509/$SERVICE/crl.pem
+[ user_extensions ]
+       basicConstraints       = critical,CA:FALSE,pathlen:0
+       keyUsage               = digitalSignature,keyEncipherment
+       subjectAltName         = email:$ENV::user@$ENV::x509_host
+       subjectKeyIdentifier   = hash
+       issuerAltName          = issuer:copy
+       authorityKeyIdentifier = keyid:always,issuer:always
+       authorityInfoAccess    = caIssuers;URI:http://www.$ENV::x509_host/x509/$SERVICE/crt.pem
+[ certificate_policies ]
+       policyIdentifier = 1.2.250.1.42
+       CPS.1            = https://www.$ENV::x509_host/x509/cps
+[ ca ]
+       private_key      = var/sec/x509/$ENV::x509/key.pem
+       dir              = var/pub/x509/$ENV::x509
+       crl_dir          = $dir
+       crlnumber        = $dir/crl.num
+       crl              = $dir/crl.pem
+       database         = $dir/idx.txt
+[ self_signed_ca ]
+       private_key      = var/sec/x509/$ENV::x509/key.pem
+       dir              = var/pub/x509/$ENV::x509
+       crl_dir          = $dir
+       crlnumber        = $dir/crl.self-signed.num
+       crl              = $dir/crl.self-signed.pem
+       database         = $dir/idx.self-signed.txt

diff --git a/etc/openssl/www.lesjantesdunord.org/lesjantesdunord.org b/etc/openssl/www.lesjantesdunord.org/lesjantesdunord.org
new file mode 120000 (symlink)
index 0000000..5aba0b4
--- /dev/null
+++ b/etc/openssl/www.lesjantesdunord.org/lesjantesdunord.org
@@ -0,0 +1 @@
+../lesjantesdunord.org
\ No newline at end of file

diff --git a/etc/openssl/www.lesjantesdunord.org/user.cfg b/etc/openssl/www.lesjantesdunord.org/user.cfg
new file mode 100644 (file)
index 0000000..eb801a1
--- /dev/null
+++ b/etc/openssl/www.lesjantesdunord.org/user.cfg
@@ -0,0 +1,14 @@
+       SERVICE  = www
+       HOME     = .
+       RANDFILE = var/sec/x509/openssl.rand
+[ req ]
+       prompt             = no
+       distinguished_name = user_distinguished_name
+       string_mask        = pkix
+[ user_distinguished_name ]
+       countryName            = $ENV::x509_country
+       stateOrProvinceName    = $ENV::x509_state_or_province
+       #localityName           =
+       0.organizationName     = $ENV::x509_organization
+       organizationalUnitName = Certificat utilisateurice du service Web
+       commonName             = $ENV::user