28 lines
902 B
Django/Jinja
28 lines
902 B
Django/Jinja
[ v3_ca ]
|
|
# Extensions for a typical CA (`man x509v3_config`).
|
|
subjectKeyIdentifier = hash
|
|
authorityKeyIdentifier = keyid:always,issuer
|
|
basicConstraints = critical, CA:true
|
|
keyUsage = critical, digitalSignature, cRLSign, keyCertSign
|
|
|
|
[ v3_intermediate_ca ]
|
|
# Extensions for a typical intermediate CA (`man x509v3_config`).
|
|
# pathlen 0: no more intermediates beyond this
|
|
subjectKeyIdentifier = hash
|
|
authorityKeyIdentifier = keyid:always,issuer
|
|
basicConstraints = critical, CA:true, pathlen:0
|
|
keyUsage = critical, digitalSignature, cRLSign, keyCertSign
|
|
|
|
[ req ]
|
|
distinguished_name = req_distinguished_name
|
|
req_extensions = v3_req
|
|
prompt = no
|
|
|
|
[ req_distinguished_name ]
|
|
CN = {{ current_host_config.hostname }}
|
|
|
|
[ v3_req ]
|
|
#basicConstraints = CA:FALSE
|
|
keyUsage = critical, digitalSignature, keyEncipherment
|
|
extendedKeyUsage = serverAuth, clientAuth
|
|
subjectAltName = DNS:{{ current_host_config.hostname }}
|