37 lines
929 B
INI
37 lines
929 B
INI
[CA_{{slug}}]
|
|
default_crl_days = {{revocation_list_lifetime}}
|
|
default_days = {{certificate_lifetime}}
|
|
dir = {{directory}}
|
|
private_key = $dir/ca_key.pem
|
|
certificate = $dir/ca_crt.pem
|
|
new_certs_dir = $dir/requests/
|
|
revoked_certs_dir = $dir/revoked/
|
|
certs = $dir/signed/
|
|
crl = $dir/ca_crl.pem
|
|
serial = $dir/serial
|
|
{% if crl_distribution_points %}
|
|
crlDistributionPoints = {{crl_distribution_points}}
|
|
{% endif %}
|
|
{% if email_address %}
|
|
emailAddress = {{email_address}}
|
|
{% endif %}
|
|
x509_extensions = {{slug}}_cert
|
|
policy = poliy_{{slug}}
|
|
request_whitelist =
|
|
autosign_whitelist = 127.0.0.0/8
|
|
inbox = {{inbox}}
|
|
outbox = {{outbox}}
|
|
|
|
[policy_{{slug}}]
|
|
countryName = match
|
|
stateOrProvinceName = match
|
|
organizationName = match
|
|
organizationalUnitName = optional
|
|
commonName = supplied
|
|
emailAddress = optional
|
|
|
|
[{{slug}}_cert]
|
|
basicConstraints = CA:FALSE
|
|
keyUsage = nonRepudiation,digitalSignature,keyEncipherment
|
|
extendedKeyUsage = clientAuth
|