From 617ae234abe407638c2232da4a2d842a1c7583d6 Mon Sep 17 00:00:00 2001 From: julm Date: Thu, 28 Nov 2013 16:41:05 +0100 Subject: [PATCH] Ajout : etc/openssl/burettes.heureux-cyclage.org/ . --- etc/openssl/burettes.heureux-cyclage.org/ca | 1 + .../burettes.heureux-cyclage.org/host.cfg | 70 +++++++++++++++++++ .../burettes.heureux-cyclage.org/user.cfg | 14 ++++ 3 files changed, 85 insertions(+) create mode 120000 etc/openssl/burettes.heureux-cyclage.org/ca create mode 100644 etc/openssl/burettes.heureux-cyclage.org/host.cfg create mode 100644 etc/openssl/burettes.heureux-cyclage.org/user.cfg diff --git a/etc/openssl/burettes.heureux-cyclage.org/ca b/etc/openssl/burettes.heureux-cyclage.org/ca new file mode 120000 index 0000000..6d4a070 --- /dev/null +++ b/etc/openssl/burettes.heureux-cyclage.org/ca @@ -0,0 +1 @@ +../heureux-cyclage.org \ No newline at end of file diff --git a/etc/openssl/burettes.heureux-cyclage.org/host.cfg b/etc/openssl/burettes.heureux-cyclage.org/host.cfg new file mode 100644 index 0000000..f2ef765 --- /dev/null +++ b/etc/openssl/burettes.heureux-cyclage.org/host.cfg @@ -0,0 +1,70 @@ + SERVICE = burettes + RANDFILE = var/sec/x509/openssl.rand + oid_section = extra_oids +[ extra_oids ] + # NOTE: pour une éventuelle validation étendue (Extended Validation (EV)) + jurisdictionOfIncorporationLocalityName = 1.3.6.1.4.1.311.60.2.1.1 + jurisdictionOfIncorporationStateOrProvinceName = 1.3.6.1.4.1.311.60.2.1.2 + jurisdictionOfIncorporationCountryName = 1.3.6.1.4.1.311.60.2.1.3 +[ req ] + prompt = no + distinguished_name = distinguished_name + string_mask = pkix + #x509_extensions = root_extensions + #req_extensions = extension + #attributes = req_attributes +[ distinguished_name ] + countryName = $ENV::x509_country + stateOrProvinceName = $ENV::x509_state_or_province + localityName = $ENV::x509_state_or_province + 0.organizationName = $ENV::x509_organization + organizationalUnitName = Service de la Burette + commonName = $SERVICE.$ENV::x509_host + businessCategory = $ENV::x509_business_category + jurisdictionOfIncorporationLocalityName = $ENV::x509_state_or_province + jurisdictionOfIncorporationStateOrProvinceName = $ENV::x509_state_or_province + jurisdictionOfIncorporationCountryName = $ENV::x509_country +[ extensions ] + basicConstraints = critical,CA:TRUE,pathlen:0 + keyUsage = keyCertSign,cRLSign,digitalSignature,keyEncipherment + subjectAltName = email:contact+$SERVICE@$ENV::x509_host,DNS:*.burettes.heureux-cyclage.org,DNS:burette.cyclocoop.heureux-cyclage.org,DNS:*.burette.cyclocoop.heureux-cyclage.org,DNS:burette.cyclocoop.org,DNS:*.burette.cyclocoop.org,DNS:burette.velosenville.org,DNS:burette.ptitvelo.net,DNS:burette.atelierdynamo.fr + subjectKeyIdentifier = hash + issuerAltName = issuer:copy + authorityKeyIdentifier = keyid:always,issuer:always + authorityInfoAccess = caIssuers;URI:http://www.$ENV::x509_host/x509/crt.pem + crlDistributionPoints = URI:http://www.$ENV::x509_host/x509/$SERVICE/crl.pem + certificatePolicies = @certificate_policies +[ self_signed_extensions ] + basicConstraints = critical,CA:TRUE,pathlen:0 + keyUsage = keyCertSign,cRLSign,digitalSignature,keyEncipherment + subjectAltName = email:contact+$SERVICE@$ENV::x509_host,DNS:*.burettes.heureux-cyclage.org,DNS:burette.cyclocoop.heureux-cyclage.org,DNS:*.burette.cyclocoop.heureux-cyclage.org,DNS:burette.cyclocoop.org,DNS:*.burette.cyclocoop.org,DNS:burette.velosenville.org,DNS:burette.ptitvelo.net,DNS:burette.atelierdynamo.fr + subjectKeyIdentifier = hash + issuerAltName = issuer:copy + authorityKeyIdentifier = keyid:always,issuer:always + authorityInfoAccess = caIssuers;URI:http://www.$ENV::x509_host/x509/$SERVICE/crt.pem + crlDistributionPoints = URI:http://www.$ENV::x509_host/x509/$SERVICE/crl.pem +[ user_extensions ] + basicConstraints = critical,CA:FALSE,pathlen:0 + keyUsage = digitalSignature,keyEncipherment + subjectAltName = email:$ENV::user@$ENV::x509_host + subjectKeyIdentifier = hash + issuerAltName = issuer:copy + authorityKeyIdentifier = keyid:always,issuer:always + authorityInfoAccess = caIssuers;URI:http://www.$ENV::x509_host/x509/$SERVICE/crt.pem +[ certificate_policies ] + policyIdentifier = 1.2.250.1.42 + CPS.1 = https://www.$ENV::x509_host/x509/cps +[ ca ] + private_key = var/sec/x509/$ENV::x509/key.pem + dir = var/pub/x509/$ENV::x509 + crl_dir = $dir + crlnumber = $dir/crl.num + crl = $dir/crl.pem + database = $dir/idx.txt +[ self_signed_ca ] + private_key = var/sec/x509/$ENV::x509/key.pem + dir = var/pub/x509/$ENV::x509 + crl_dir = $dir + crlnumber = $dir/crl.self-signed.num + crl = $dir/crl.self-signed.pem + database = $dir/idx.self-signed.txt diff --git a/etc/openssl/burettes.heureux-cyclage.org/user.cfg b/etc/openssl/burettes.heureux-cyclage.org/user.cfg new file mode 100644 index 0000000..ad9fd1a --- /dev/null +++ b/etc/openssl/burettes.heureux-cyclage.org/user.cfg @@ -0,0 +1,14 @@ + SERVICE = burettes + HOME = . + RANDFILE = var/sec/x509/openssl.rand +[ req ] + prompt = no + distinguished_name = user_distinguished_name + string_mask = pkix +[ user_distinguished_name ] + countryName = $ENV::x509_country + stateOrProvinceName = $ENV::x509_state_or_province + #localityName = + 0.organizationName = $ENV::x509_organization + organizationalUnitName = Certificat utilisateurice du service de la Burette + commonName = $ENV::user -- 2.20.1