41 lines
1.0 KiB
INI
41 lines
1.0 KiB
INI
[CA_{{slug}}]
|
|
default_crl_days = {{revocation_list_lifetime}}
|
|
default_days = {{certificate_lifetime}}
|
|
dir = {{directory}}
|
|
private_key = $dir/ca_key.pem
|
|
certificate = $dir/ca_crt.pem
|
|
new_certs_dir = $dir/requests/
|
|
revoked_certs_dir = $dir/revoked/
|
|
certs = $dir/signed/
|
|
crl = $dir/ca_crl.pem
|
|
serial = $dir/serial
|
|
{% if crl_distribution_points %}
|
|
crlDistributionPoints = {{crl_distribution_points}}
|
|
{% endif %}
|
|
{% if email_address %}
|
|
emailAddress = {{email_address}}
|
|
{% endif %}
|
|
x509_extensions = {{slug}}_cert
|
|
policy = poliy_{{slug}}
|
|
|
|
# Certidude specific stuff, TODO: move to separate section?
|
|
request_subnets = 10.0.0.0/8 192.168.0.0/16 172.168.0.0/16
|
|
autosign_subnets = 127.0.0.0/8
|
|
admin_subnets = 127.0.0.0/8
|
|
admin_users =
|
|
inbox = {{inbox}}
|
|
outbox = {{outbox}}
|
|
|
|
[policy_{{slug}}]
|
|
countryName = match
|
|
stateOrProvinceName = match
|
|
organizationName = match
|
|
organizationalUnitName = optional
|
|
commonName = supplied
|
|
emailAddress = optional
|
|
|
|
[{{slug}}_cert]
|
|
basicConstraints = CA:FALSE
|
|
keyUsage = nonRepudiation,digitalSignature,keyEncipherment
|
|
extendedKeyUsage = clientAuth
|