v0.1

2023-03-12 21:10:31 +05:00
parent c75f9f8f37
commit 404a9f0428
6 changed files with 149 additions and 0 deletions
--- a/ca_root/index.txt
+++ b/ca_root/index.txt
--- a/ca_root/openssl.conf
+++ b/ca_root/openssl.conf
@@ -0,0 +1,63 @@
+[ ca ]
+default_ca = CA_default
+
+[ CA_default ]
+dir               = /mnt/d/cert/ca_root #папка с нашим УЦ
+certs             = $dir/priv
+#crl_dir           = $dir/crl
+new_certs_dir     = $dir/newcerts
+database          = $dir/index.txt
+serial            = $dir/serial
+RANDFILE          = $dir/priv/.rand
+#подписывающие серты
+private_key       = $dir/priv/ca.key
+certificate       = $dir/pub/ca.crt
+default_md        = sha256
+name_opt          = ca_default
+cert_opt          = ca_default
+default_days      = 375
+preserve          = no
+policy            = policy_strict
+
+[ policy_strict ]
+countryName             = match
+stateOrProvinceName     = match
+organizationName        = optional
+organizationalUnitName  = optional
+commonName              = optional
+emailAddress            = optional
+
+
+[ req ]
+default_bits        = 2048
+distinguished_name  = req_distinguished_name
+string_mask         = utf8only
+default_md          = sha256
+x509_extensions     = v3_ca
+
+[ req_distinguished_name ]
+countryName                     = Country Name (2 letter code)
+stateOrProvinceName             = State or Province Name
+localityName                    = Locality Name
+organizationName                = Organization Name
+organizationalUnitName          = Organizational Unit Name
+commonName                      = Common Name
+emailAddress                    = Email Address
+
+# дефолтные значения
+countryName_default             = RU
+stateOrProvinceName_default     = Russia
+localityName_default            = Russia
+organizationName_default       = MyHomeLab
+
+[ v3_ca ]
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always,issuer
+basicConstraints = critical, CA:true
+keyUsage = critical, digitalSignature, cRLSign, keyCertSign
+
+[ v3_intermediate_ca ]
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always,issuer
+basicConstraints = critical, CA:true, pathlen:0
+keyUsage = critical, digitalSignature, cRLSign, keyCertSign
--- a/ca_root/serial
+++ b/ca_root/serial
@@ -0,0 +1 @@
+1000