From: Ludovic CHEVALIER Date: Thu, 14 Jan 2016 10:24:25 +0000 (+0100) Subject: Ajout : etc/openssl/lesjantesdunord.org X-Git-Url: https://git.cyclocoop.org/?p=lhc%2Fateliers.git;a=commitdiff_plain;h=d62cff2432548fa49b0b73a7b05b875d35ebb53b Ajout : etc/openssl/lesjantesdunord.org --- diff --git a/etc/openssl/imap.lesjantesdunord.org/ca b/etc/openssl/imap.lesjantesdunord.org/ca new file mode 120000 index 0000000..5aba0b4 --- /dev/null +++ b/etc/openssl/imap.lesjantesdunord.org/ca @@ -0,0 +1 @@ +../lesjantesdunord.org \ No newline at end of file diff --git a/etc/openssl/imap.lesjantesdunord.org/host.cfg b/etc/openssl/imap.lesjantesdunord.org/host.cfg new file mode 100644 index 0000000..26695c7 --- /dev/null +++ b/etc/openssl/imap.lesjantesdunord.org/host.cfg @@ -0,0 +1,70 @@ + SERVICE = imap + RANDFILE = var/sec/x509/openssl.rand + oid_section = extra_oids +[ extra_oids ] + # NOTE: pour une éventuelle validation étendue (Extended Validation (EV)) + jurisdictionOfIncorporationLocalityName = 1.3.6.1.4.1.311.60.2.1.1 + jurisdictionOfIncorporationStateOrProvinceName = 1.3.6.1.4.1.311.60.2.1.2 + jurisdictionOfIncorporationCountryName = 1.3.6.1.4.1.311.60.2.1.3 +[ req ] + prompt = no + distinguished_name = distinguished_name + string_mask = pkix + #x509_extensions = root_extensions + #req_extensions = extension + #attributes = req_attributes +[ distinguished_name ] + countryName = $ENV::x509_country + stateOrProvinceName = $ENV::x509_state_or_province + localityName = $ENV::x509_state_or_province + 0.organizationName = $ENV::x509_organization + organizationalUnitName = Service IMAP + commonName = $SERVICE.$ENV::x509_host + businessCategory = $ENV::x509_business_category + jurisdictionOfIncorporationLocalityName = $ENV::x509_state_or_province + jurisdictionOfIncorporationStateOrProvinceName = $ENV::x509_state_or_province + jurisdictionOfIncorporationCountryName = $ENV::x509_country +[ extensions ] + basicConstraints = critical,CA:FALSE + keyUsage = digitalSignature,keyEncipherment + subjectAltName = email:contact+$SERVICE@$ENV::x509_host,DNS:$SERVICE.$ENV::x509_host + subjectKeyIdentifier = hash + issuerAltName = issuer:copy + authorityKeyIdentifier = keyid:always,issuer:always + authorityInfoAccess = caIssuers;URI:http://www.$ENV::x509_host/x509/crt.pem + crlDistributionPoints = URI:http://www.$ENV::x509_host/x509/$SERVICE/crl.pem + certificatePolicies = @certificate_policies +[ self_signed_extensions ] + basicConstraints = critical,CA:TRUE,pathlen:0 + keyUsage = keyCertSign,cRLSign,digitalSignature,keyEncipherment + subjectAltName = email:contact+$SERVICE@$ENV::x509_host,DNS:$SERVICE.$ENV::x509_host + subjectKeyIdentifier = hash + issuerAltName = issuer:copy + authorityKeyIdentifier = keyid:always,issuer:always + authorityInfoAccess = caIssuers;URI:http://www.$ENV::x509_host/x509/$SERVICE/crt.pem + crlDistributionPoints = URI:http://www.$ENV::x509_host/x509/$SERVICE/crl.self-signed.pem +[ user_extensions ] + basicConstraints = critical,CA:FALSE,pathlen:0 + keyUsage = digitalSignature,keyEncipherment + subjectAltName = email:$ENV::user@$ENV::x509_host + subjectKeyIdentifier = hash + issuerAltName = issuer:copy + authorityKeyIdentifier = keyid:always,issuer:always + authorityInfoAccess = caIssuers;URI:http://www.$ENV::x509_host/x509/$SERVICE/crt.pem +[ certificate_policies ] + policyIdentifier = 1.2.250.1.42 + CPS.1 = https://www.$ENV::x509_host/x509/cps +[ ca ] + private_key = var/sec/x509/$ENV::x509/key.pem + dir = var/pub/x509/$ENV::x509 + crl_dir = $dir + crlnumber = $dir/crl.num + crl = $dir/crl.pem + database = $dir/idx.txt +[ self_signed_ca ] + private_key = var/sec/x509/$ENV::x509/key.pem + dir = var/pub/x509/$ENV::x509 + crl_dir = $dir + crlnumber = $dir/crl.self-signed.num + crl = $dir/crl.self-signed.pem + database = $dir/idx.self-signed.txt diff --git a/etc/openssl/imap.lesjantesdunord.org/user.cfg b/etc/openssl/imap.lesjantesdunord.org/user.cfg new file mode 100644 index 0000000..4116009 --- /dev/null +++ b/etc/openssl/imap.lesjantesdunord.org/user.cfg @@ -0,0 +1,16 @@ + SERVICE = imap + HOME = . + RANDFILE = var/sec/x509/openssl.rand +[ req ] + distinguished_name = user_distinguished_name + prompt = no + string_mask = pkix +[ user_distinguished_name ] + 0.organizationName = $ENV::x509_organization + commonName = $ENV::user@$ENV::x509_host + countryName = $ENV::x509_country + localityName = néant + organizationalUnitName = Certificat utilisateurice du service IMAP + stateOrProvinceName = $ENV::x509_state_or_province +#[ user_extensions ] +# subjectAltName = email:$ENV::user@$ENV::x509_host diff --git a/etc/openssl/lesjantesdunord.org/host.cfg b/etc/openssl/lesjantesdunord.org/host.cfg new file mode 100644 index 0000000..b5b1175 --- /dev/null +++ b/etc/openssl/lesjantesdunord.org/host.cfg @@ -0,0 +1,62 @@ + HOME = . + RANDFILE = var/sec/x509/openssl.rand + oid_section = extra_oids +[ extra_oids ] + # Pour EVSSL + trustList = 2.16.840.1.113730.1.900 + telephoneNumber = 2.5.4.20 + initials = 2.5.4.43 + logotype = 1.3.6.1.5.5.7.1.12 +[ req ] + prompt = no + distinguished_name = distinguished_name + string_mask = pkix +[ distinguished_name ] + commonName = $ENV::x509_host + countryName = $ENV::x509_country + initials = $ENV::x509_initials + 0.organizationName = $ENV::x509_organization + organizationalUnitName = Anti-autorité de certification primaire + postalCode = $ENV::x509_postal_code + stateOrProvinceName = $ENV::x509_state_or_province + streetAddress = $ENV::x509_street_address + telephoneNumber = $ENV::x509_telephone_number +[ extensions ] + basicConstraints = critical,CA:TRUE,pathlen:1 + keyUsage = keyCertSign,cRLSign + subjectAltName = email:contact@$ENV::x509_host + subjectKeyIdentifier = hash + issuerAltName = issuer:copy + authorityKeyIdentifier = keyid:always,issuer:always + authorityInfoAccess = caIssuers;URI:http://www.$ENV::x509_host/x509/crt.pem + crlDistributionPoints = URI:http://www.$ENV::x509_host/x509/crl.pem + #certificatePolicies = @certificate_policies + #trustList = ASN1:UTF8String:https://www.$ENV::x509_host/x509/trust.etl + #policyConstraints = + #extendedKeyUsage = + #inhibitAnyPolicy = + #nameConstraints = + #noCheck = +[ self_signed_extensions ] + basicConstraints = critical,CA:TRUE,pathlen:1 + keyUsage = keyCertSign,cRLSign + subjectAltName = email:contact@$ENV::x509_host + subjectKeyIdentifier = hash + issuerAltName = issuer:copy + authorityKeyIdentifier = keyid:always,issuer:always + authorityInfoAccess = caIssuers;URI:http://www.$ENV::x509_host/x509/crt.pem + crlDistributionPoints = URI:http://www.$ENV::x509_host/x509/crl.pem +[ ca ] + private_key = var/sec/x509/$ENV::x509/key.pem + dir = var/pub/x509/$ENV::x509 + crl_dir = $dir + crlnumber = $dir/crl.num + crl = $dir/crl.pem + database = $dir/idx.txt +[ self_signed_ca ] + private_key = var/sec/x509/$ENV::x509/key.pem + dir = var/pub/x509/$ENV::x509 + crl_dir = $dir + crlnumber = $dir/crl.self-signed.num + crl = $dir/crl.self-signed.pem + database = $dir/idx.self-signed.txt diff --git a/etc/openssl/lesjantesdunord.org/host.sh b/etc/openssl/lesjantesdunord.org/host.sh new file mode 100644 index 0000000..fcc1df2 --- /dev/null +++ b/etc/openssl/lesjantesdunord.org/host.sh @@ -0,0 +1,14 @@ +#!/bin/sh + +export x509_host="lesjantesdunord.org" +export x509_country="FR" +export x509_organization="Les Jantes du Nord" +export x509_organization_unit_name="Les Jantes du Nord" +export x509_initials="LHC" +export x509_state_or_province="Nord-Pas-de-Calais-Picardie" +export x509_locality="LILLE" +export x509_street_address="À la MRES, 23, rue Gosselet" +export x509_postal_code="59000" +export x509_telephone_number="néant" +export x509_business_category="V1.0, ni dieu ni maître ni moteur" +export x509_days="3653" diff --git a/etc/openssl/pop.lesjantesdunord.org/host.cfg b/etc/openssl/pop.lesjantesdunord.org/host.cfg new file mode 100644 index 0000000..3389044 --- /dev/null +++ b/etc/openssl/pop.lesjantesdunord.org/host.cfg @@ -0,0 +1,70 @@ + SERVICE = pop + RANDFILE = var/sec/x509/openssl.rand + oid_section = extra_oids +[ extra_oids ] + # NOTE: pour une éventuelle validation étendue (Extended Validation (EV)) + jurisdictionOfIncorporationLocalityName = 1.3.6.1.4.1.311.60.2.1.1 + jurisdictionOfIncorporationStateOrProvinceName = 1.3.6.1.4.1.311.60.2.1.2 + jurisdictionOfIncorporationCountryName = 1.3.6.1.4.1.311.60.2.1.3 +[ req ] + prompt = no + distinguished_name = distinguished_name + string_mask = pkix + #x509_extensions = root_extensions + #req_extensions = extension + #attributes = req_attributes +[ distinguished_name ] + countryName = $ENV::x509_country + stateOrProvinceName = $ENV::x509_state_or_province + localityName = $ENV::x509_state_or_province + 0.organizationName = $ENV::x509_organization + organizationalUnitName = Service POP + commonName = $SERVICE.$ENV::x509_host + businessCategory = $ENV::x509_business_category + jurisdictionOfIncorporationLocalityName = $ENV::x509_state_or_province + jurisdictionOfIncorporationStateOrProvinceName = $ENV::x509_state_or_province + jurisdictionOfIncorporationCountryName = $ENV::x509_country +[ extensions ] + basicConstraints = critical,CA:FALSE + keyUsage = digitalSignature,keyEncipherment + subjectAltName = email:contact+$SERVICE@$ENV::x509_host,DNS:$SERVICE.$ENV::x509_host + subjectKeyIdentifier = hash + issuerAltName = issuer:copy + authorityKeyIdentifier = keyid:always,issuer:always + authorityInfoAccess = caIssuers;URI:http://www.$ENV::x509_host/x509/crt.pem + crlDistributionPoints = URI:http://www.$ENV::x509_host/x509/$SERVICE/crl.pem + certificatePolicies = @certificate_policies +[ self_signed_extensions ] + basicConstraints = critical,CA:TRUE,pathlen:0 + keyUsage = keyCertSign,cRLSign,digitalSignature,keyEncipherment + subjectAltName = email:contact+$SERVICE@$ENV::x509_host,DNS:$SERVICE.$ENV::x509_host + subjectKeyIdentifier = hash + issuerAltName = issuer:copy + authorityKeyIdentifier = keyid:always,issuer:always + authorityInfoAccess = caIssuers;URI:http://www.$ENV::x509_host/x509/$SERVICE/crt.pem + crlDistributionPoints = URI:http://www.$ENV::x509_host/x509/$SERVICE/crl.self-signed.pem +[ user_extensions ] + basicConstraints = critical,CA:FALSE,pathlen:0 + keyUsage = digitalSignature,keyEncipherment + subjectAltName = email:$ENV::user@$ENV::x509_host + subjectKeyIdentifier = hash + issuerAltName = issuer:copy + authorityKeyIdentifier = keyid:always,issuer:always + authorityInfoAccess = caIssuers;URI:http://www.$ENV::x509_host/x509/$SERVICE/crt.pem +[ certificate_policies ] + policyIdentifier = 1.2.250.1.42 + CPS.1 = https://www.$ENV::x509_host/x509/cps +[ ca ] + private_key = var/sec/x509/$ENV::x509/key.pem + dir = var/pub/x509/$ENV::x509 + crl_dir = $dir + crlnumber = $dir/crl.num + crl = $dir/crl.pem + database = $dir/idx.txt +[ self_signed_ca ] + private_key = var/sec/x509/$ENV::x509/key.pem + dir = var/pub/x509/$ENV::x509 + crl_dir = $dir + crlnumber = $dir/crl.self-signed.num + crl = $dir/crl.self-signed.pem + database = $dir/idx.self-signed.txt diff --git a/etc/openssl/pop.lesjantesdunord.org/lesjantesdunord.org b/etc/openssl/pop.lesjantesdunord.org/lesjantesdunord.org new file mode 120000 index 0000000..5aba0b4 --- /dev/null +++ b/etc/openssl/pop.lesjantesdunord.org/lesjantesdunord.org @@ -0,0 +1 @@ +../lesjantesdunord.org \ No newline at end of file diff --git a/etc/openssl/pop.lesjantesdunord.org/user.cfg b/etc/openssl/pop.lesjantesdunord.org/user.cfg new file mode 100644 index 0000000..d29ceab --- /dev/null +++ b/etc/openssl/pop.lesjantesdunord.org/user.cfg @@ -0,0 +1,16 @@ + SERVICE = pop + HOME = . + RANDFILE = var/sec/x509/openssl.rand +[ req ] + distinguished_name = user_distinguished_name + prompt = no + string_mask = pkix +[ user_distinguished_name ] + 0.organizationName = $ENV::x509_organization + commonName = $ENV::user@$ENV::x509_host + countryName = $ENV::x509_country + localityName = néant + organizationalUnitName = Certificat utilisateurice du service POP + stateOrProvinceName = $ENV::x509_state_or_province +#[ user_extensions ] +# subjectAltName = email:$ENV::user@$ENV::x509_host diff --git a/etc/openssl/smtp.lesjantesdunord.org/host.cfg b/etc/openssl/smtp.lesjantesdunord.org/host.cfg new file mode 100644 index 0000000..8f03b98 --- /dev/null +++ b/etc/openssl/smtp.lesjantesdunord.org/host.cfg @@ -0,0 +1,70 @@ + SERVICE = smtp + RANDFILE = var/sec/x509/openssl.rand + oid_section = extra_oids +[ extra_oids ] + # NOTE: pour une éventuelle validation étendue (Extended Validation (EV)) + jurisdictionOfIncorporationLocalityName = 1.3.6.1.4.1.311.60.2.1.1 + jurisdictionOfIncorporationStateOrProvinceName = 1.3.6.1.4.1.311.60.2.1.2 + jurisdictionOfIncorporationCountryName = 1.3.6.1.4.1.311.60.2.1.3 +[ req ] + prompt = no + distinguished_name = distinguished_name + string_mask = pkix + #x509_extensions = root_extensions + #req_extensions = extension + #attributes = req_attributes +[ distinguished_name ] + countryName = $ENV::x509_country + stateOrProvinceName = $ENV::x509_state_or_province + localityName = $ENV::x509_state_or_province + 0.organizationName = $ENV::x509_organization + organizationalUnitName = Service SMTP + commonName = $SERVICE.$ENV::x509_host + businessCategory = $ENV::x509_business_category + jurisdictionOfIncorporationLocalityName = $ENV::x509_state_or_province + jurisdictionOfIncorporationStateOrProvinceName = $ENV::x509_state_or_province + jurisdictionOfIncorporationCountryName = $ENV::x509_country +[ extensions ] + basicConstraints = critical,CA:FALSE + keyUsage = digitalSignature,keyEncipherment + subjectAltName = email:contact+$SERVICE@$ENV::x509_host,DNS:$SERVICE.$ENV::x509_host + subjectKeyIdentifier = hash + issuerAltName = issuer:copy + authorityKeyIdentifier = keyid:always,issuer:always + authorityInfoAccess = caIssuers;URI:http://www.$ENV::x509_host/x509/crt.pem + crlDistributionPoints = URI:http://www.$ENV::x509_host/x509/$SERVICE/crl.pem + certificatePolicies = @certificate_policies +[ self_signed_extensions ] + basicConstraints = critical,CA:TRUE,pathlen:0 + keyUsage = keyCertSign,cRLSign,digitalSignature,keyEncipherment + subjectAltName = email:contact+$SERVICE@$ENV::x509_host,DNS:$SERVICE.$ENV::x509_host + subjectKeyIdentifier = hash + issuerAltName = issuer:copy + authorityKeyIdentifier = keyid:always,issuer:always + authorityInfoAccess = caIssuers;URI:http://www.$ENV::x509_host/x509/$SERVICE/crt.pem + crlDistributionPoints = URI:http://www.$ENV::x509_host/x509/$SERVICE/crl.pem +[ user_extensions ] + basicConstraints = critical,CA:FALSE,pathlen:0 + keyUsage = digitalSignature,keyEncipherment + subjectAltName = email:$ENV::user@$ENV::x509_host + subjectKeyIdentifier = hash + issuerAltName = issuer:copy + authorityKeyIdentifier = keyid:always,issuer:always + authorityInfoAccess = caIssuers;URI:http://www.$ENV::x509_host/x509/$SERVICE/crt.pem +[ certificate_policies ] + policyIdentifier = 1.2.250.1.42 + CPS.1 = https://www.$ENV::x509_host/x509/cps +[ ca ] + private_key = var/sec/x509/$ENV::x509/key.pem + dir = var/pub/x509/$ENV::x509 + crl_dir = $dir + crlnumber = $dir/crl.num + crl = $dir/crl.pem + database = $dir/idx.txt +[ self_signed_ca ] + private_key = var/sec/x509/$ENV::x509/key.pem + dir = var/pub/x509/$ENV::x509 + crl_dir = $dir + crlnumber = $dir/crl.self-signed.num + crl = $dir/crl.self-signed.pem + database = $dir/idx.self-signed.txt diff --git a/etc/openssl/smtp.lesjantesdunord.org/lesjantesdunord.org b/etc/openssl/smtp.lesjantesdunord.org/lesjantesdunord.org new file mode 120000 index 0000000..5aba0b4 --- /dev/null +++ b/etc/openssl/smtp.lesjantesdunord.org/lesjantesdunord.org @@ -0,0 +1 @@ +../lesjantesdunord.org \ No newline at end of file diff --git a/etc/openssl/smtp.lesjantesdunord.org/user.cfg b/etc/openssl/smtp.lesjantesdunord.org/user.cfg new file mode 100644 index 0000000..ed63a6a --- /dev/null +++ b/etc/openssl/smtp.lesjantesdunord.org/user.cfg @@ -0,0 +1,16 @@ + SERVICE = smtp + HOME = . + RANDFILE = var/sec/x509/openssl.rand +[ req ] + distinguished_name = user_distinguished_name + prompt = no + string_mask = pkix +[ user_distinguished_name ] + 0.organizationName = $ENV::x509_organization + commonName = $ENV::user@$ENV::x509_host + countryName = $ENV::x509_country + localityName = néant + organizationalUnitName = Certificat utilisateurice du service SMTP + stateOrProvinceName = $ENV::x509_state_or_province +[ user_extensions ] + subjectAltName = email:$ENV::user@$ENV::x509_host diff --git a/etc/openssl/www.lesjantesdunord.org/host.cfg b/etc/openssl/www.lesjantesdunord.org/host.cfg new file mode 100644 index 0000000..f966389 --- /dev/null +++ b/etc/openssl/www.lesjantesdunord.org/host.cfg @@ -0,0 +1,70 @@ + SERVICE = www + RANDFILE = var/sec/x509/openssl.rand + oid_section = extra_oids +[ extra_oids ] + # NOTE: pour une éventuelle validation étendue (Extended Validation (EV)) + jurisdictionOfIncorporationLocalityName = 1.3.6.1.4.1.311.60.2.1.1 + jurisdictionOfIncorporationStateOrProvinceName = 1.3.6.1.4.1.311.60.2.1.2 + jurisdictionOfIncorporationCountryName = 1.3.6.1.4.1.311.60.2.1.3 +[ req ] + prompt = no + distinguished_name = distinguished_name + string_mask = pkix + #x509_extensions = root_extensions + #req_extensions = extension + #attributes = req_attributes +[ distinguished_name ] + countryName = $ENV::x509_country + stateOrProvinceName = $ENV::x509_state_or_province + localityName = $ENV::x509_state_or_province + 0.organizationName = $ENV::x509_organization + organizationalUnitName = Service Web + commonName = $SERVICE.$ENV::x509_host + businessCategory = $ENV::x509_business_category + jurisdictionOfIncorporationLocalityName = $ENV::x509_state_or_province + jurisdictionOfIncorporationStateOrProvinceName = $ENV::x509_state_or_province + jurisdictionOfIncorporationCountryName = $ENV::x509_country +[ extensions ] + basicConstraints = critical,CA:FALSE,pathlen:0 + keyUsage = keyEncipherment + subjectAltName = email:contact+$SERVICE@$ENV::x509_host,DNS:$SERVICE.$ENV::x509_host,DNS:$ENV::x509_host + subjectKeyIdentifier = hash + issuerAltName = issuer:copy + authorityKeyIdentifier = keyid:always,issuer:always + authorityInfoAccess = caIssuers;URI:http://www.$ENV::x509_host/x509/crt.pem + crlDistributionPoints = URI:http://www.$ENV::x509_host/x509/$SERVICE/crl.pem + certificatePolicies = @certificate_policies +[ self_signed_extensions ] + basicConstraints = critical,CA:TRUE,pathlen:0 + keyUsage = keyCertSign,cRLSign,digitalSignature,keyEncipherment + subjectAltName = email:contact+$SERVICE@$ENV::x509_host,DNS:$SERVICE.$ENV::x509_host,DNS:$ENV::x509_host + subjectKeyIdentifier = hash + issuerAltName = issuer:copy + authorityKeyIdentifier = keyid:always,issuer:always + authorityInfoAccess = caIssuers;URI:http://www.$ENV::x509_host/x509/$SERVICE/crt.pem + crlDistributionPoints = URI:http://www.$ENV::x509_host/x509/$SERVICE/crl.pem +[ user_extensions ] + basicConstraints = critical,CA:FALSE,pathlen:0 + keyUsage = digitalSignature,keyEncipherment + subjectAltName = email:$ENV::user@$ENV::x509_host + subjectKeyIdentifier = hash + issuerAltName = issuer:copy + authorityKeyIdentifier = keyid:always,issuer:always + authorityInfoAccess = caIssuers;URI:http://www.$ENV::x509_host/x509/$SERVICE/crt.pem +[ certificate_policies ] + policyIdentifier = 1.2.250.1.42 + CPS.1 = https://www.$ENV::x509_host/x509/cps +[ ca ] + private_key = var/sec/x509/$ENV::x509/key.pem + dir = var/pub/x509/$ENV::x509 + crl_dir = $dir + crlnumber = $dir/crl.num + crl = $dir/crl.pem + database = $dir/idx.txt +[ self_signed_ca ] + private_key = var/sec/x509/$ENV::x509/key.pem + dir = var/pub/x509/$ENV::x509 + crl_dir = $dir + crlnumber = $dir/crl.self-signed.num + crl = $dir/crl.self-signed.pem + database = $dir/idx.self-signed.txt diff --git a/etc/openssl/www.lesjantesdunord.org/lesjantesdunord.org b/etc/openssl/www.lesjantesdunord.org/lesjantesdunord.org new file mode 120000 index 0000000..5aba0b4 --- /dev/null +++ b/etc/openssl/www.lesjantesdunord.org/lesjantesdunord.org @@ -0,0 +1 @@ +../lesjantesdunord.org \ No newline at end of file diff --git a/etc/openssl/www.lesjantesdunord.org/user.cfg b/etc/openssl/www.lesjantesdunord.org/user.cfg new file mode 100644 index 0000000..eb801a1 --- /dev/null +++ b/etc/openssl/www.lesjantesdunord.org/user.cfg @@ -0,0 +1,14 @@ + SERVICE = www + HOME = . + RANDFILE = var/sec/x509/openssl.rand +[ req ] + prompt = no + distinguished_name = user_distinguished_name + string_mask = pkix +[ user_distinguished_name ] + countryName = $ENV::x509_country + stateOrProvinceName = $ENV::x509_state_or_province + #localityName = + 0.organizationName = $ENV::x509_organization + organizationalUnitName = Certificat utilisateurice du service Web + commonName = $ENV::user