mirror of
https://github.com/Icinga/icinga2.git
synced 2025-08-31 14:38:14 +02:00
59 lines
1.9 KiB
Plaintext
59 lines
1.9 KiB
Plaintext
[ ca ]
|
|
default_ca = myca
|
|
|
|
[ myca ]
|
|
dir = gen
|
|
certs = $dir # Where the issued certs are kept
|
|
crl_dir = $dir # Where the issued crls are kept
|
|
database = $dir/certindex # database index file.
|
|
new_certs_dir = $dir/newcerts # default place for new certs.
|
|
certificate = $dir/ca_intermediate.crt # The CA certificate
|
|
private_key = $dir/ca_intermediate.key
|
|
serial = $dir/certserial # The current serial number
|
|
crlnumber = $dir/crlnumber # the current crl number
|
|
|
|
unique_subject = no
|
|
default_days = 36525
|
|
default_md = sha1
|
|
x509_extensions = myca_extensions
|
|
default_crl_days = 36525 # this is required to generate CRL from this config
|
|
policy = myca_policy
|
|
|
|
[ myca_policy ]
|
|
countryName = optional
|
|
stateOrProvinceName = optional
|
|
localityName = optional
|
|
organizationName = optional
|
|
organizationalUnitName = optional
|
|
commonName = supplied
|
|
emailAddress = optional
|
|
|
|
|
|
[ myca_extensions ]
|
|
basicConstraints = CA:false
|
|
subjectKeyIdentifier = hash
|
|
authorityKeyIdentifier = keyid:always
|
|
keyUsage = digitalSignature,keyEncipherment
|
|
extendedKeyUsage = serverAuth
|
|
#crlDistributionPoints = URI:localhost/root.crl # will make certificate revocation fail if this endpoint does not exist
|
|
|
|
[ req ]
|
|
default_bits = 4096
|
|
default_md = sha256
|
|
distinguished_name = req_distinguished_name
|
|
encrypt_key = no
|
|
prompt = no
|
|
x509_extensions = req_v3_ca
|
|
|
|
[ req_distinguished_name ]
|
|
countryName = DK
|
|
localityName = Copenhagen
|
|
organizationName = WinTLS
|
|
commonName = WinTLS Intermediate Certificate Authority
|
|
|
|
[ req_v3_ca ]
|
|
subjectKeyIdentifier = hash
|
|
authorityKeyIdentifier = keyid:always,issuer:always
|
|
basicConstraints = CA:true
|
|
keyUsage = cRLSign, keyCertSign
|