mirror of
https://github.com/laurivosandi/certidude
synced 2025-09-09 23:11:12 +00:00
Refactor wrappers
Completely remove wrapper class for CA, use certidude.authority module instead.
This commit is contained in:
20
certidude/templates/certidude.conf
Normal file
20
certidude/templates/certidude.conf
Normal file
@@ -0,0 +1,20 @@
|
||||
[authorization]
|
||||
admin_users = administrator
|
||||
admin_subnets = 0.0.0.0/0
|
||||
request_subnets = 0.0.0.0/0
|
||||
autosign_subnets = 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16
|
||||
|
||||
[signature]
|
||||
certificate_lifetime = 1825
|
||||
revocation_list_lifetime = 1
|
||||
|
||||
[push]
|
||||
server =
|
||||
|
||||
[authority]
|
||||
private_key_path = {{ ca_key }}
|
||||
certificate_path = {{ ca_crt }}
|
||||
requests_dir = {{ directory }}/requests/
|
||||
signed_dir = {{ directory }}/signed/
|
||||
revoked_dir = {{ directory }}/revoked/
|
||||
|
||||
@@ -1,45 +0,0 @@
|
||||
# You have to copy the settings to the system-wide
|
||||
# OpenSSL configuration (usually /etc/ssl/openssl.cnf
|
||||
|
||||
[CA_{{common_name}}]
|
||||
default_crl_days = {{revocation_list_lifetime}}
|
||||
default_days = {{certificate_lifetime}}
|
||||
dir = {{directory}}
|
||||
private_key = $dir/ca_key.pem
|
||||
certificate = $dir/ca_crt.pem
|
||||
new_certs_dir = $dir/requests/
|
||||
revoked_certs_dir = $dir/revoked/
|
||||
certs = $dir/signed/
|
||||
crl = $dir/ca_crl.pem
|
||||
serial = $dir/serial
|
||||
{% if crl_distribution_points %}
|
||||
crlDistributionPoints = {{crl_distribution_points}}
|
||||
{% endif %}
|
||||
{% if email_address %}
|
||||
emailAddress = {{email_address}}
|
||||
{% endif %}
|
||||
x509_extensions = {{common_name}}_cert
|
||||
policy = policy_{{common_name}}
|
||||
|
||||
# Certidude specific stuff, TODO: move to separate section?
|
||||
request_subnets = 10.0.0.0/8 192.168.0.0/16 172.168.0.0/16
|
||||
autosign_subnets = 127.0.0.0/8
|
||||
admin_subnets = 127.0.0.0/8
|
||||
admin_users =
|
||||
inbox = {{inbox}}
|
||||
outbox = {{outbox}}
|
||||
push_server = {{push_server}}
|
||||
|
||||
[policy_{{common_name}}]
|
||||
countryName = match
|
||||
stateOrProvinceName = match
|
||||
organizationName = match
|
||||
organizationalUnitName = optional
|
||||
commonName = supplied
|
||||
emailAddress = optional
|
||||
|
||||
[{{common_name}}_cert]
|
||||
basicConstraints = CA:FALSE
|
||||
keyUsage = nonRepudiation,digitalSignature,keyEncipherment
|
||||
extendedKeyUsage = clientAuth
|
||||
|
||||
Reference in New Issue
Block a user