v0.1

2 years ago · 404a9f0428
parent c75f9f8f37
commit 404a9f0428
6 changed files with 149 additions and 0 deletions
--- a/ca1/index.txt
+++ b/ca1/index.txt
--- a/ca1/openssl.conf
+++ b/ca1/openssl.conf
@ -0,0 +1,84 @@
 [ ca ]
 default_ca = CA_default
 [ CA_default ]
 dir               = /mnt/d/cert/ca1 # папка промежуточного цс
 certs             = $dir/pub
 new_certs_dir     = $dir/newcerts
 database          = $dir/index.txt
 serial            = $dir/serial
 RANDFILE          = $dir/priv/.rand
 private_key       = $dir/priv/ca1.key
 certificate       = $dir/pub/ca1.crt
 default_md        = sha256
 name_opt          = ca_default
 cert_opt          = ca_default
 default_days      = 375
 preserve          = no
 policy            = policy_loose
 unique_subject = no
 [ policy_loose ]
 countryName             = optional
 stateOrProvinceName     = optional
 localityName            = optional
 organizationName        = optional
 organizationalUnitName  = optional
 commonName              = supplied
 emailAddress            = optional
 [ req ]
 default_bits        = 2048
 distinguished_name  = req_distinguished_name
 string_mask         = utf8only
 default_md          = sha256
 x509_extensions     = v3_ca
 [ req_distinguished_name ]
 countryName                     = Country Name (2 letter code)
 stateOrProvinceName             = State or Province Name
 localityName                    = Locality Name
 organizationName                = Organization Name
 organizationalUnitName          = Organizational Unit Name
 commonName                      = Common Name
 emailAddress                    = Email Address
 # значения по-умолчанию
 countryName_default             = RU
 stateOrProvinceName_default     = Russia
 localityName_default            = Russia
 organizationName_default        = MyHomeLab1
 [ v3_ca ]
 subjectKeyIdentifier = hash
 authorityKeyIdentifier = keyid:always,issuer
 basicConstraints = critical, CA:true
 keyUsage = critical, digitalSignature, cRLSign, keyCertSign
 [ v3_intermediate_ca ]
 subjectKeyIdentifier = hash
 authorityKeyIdentifier = keyid:always,issuer
 basicConstraints = critical, CA:true, pathlen:0
 keyUsage = critical, digitalSignature, cRLSign, keyCertSign
 [ usr_cert ]
 basicConstraints = CA:FALSE
 nsCertType = client, email
 nsComment = "OpenSSL Generated Client Certificate"
 subjectKeyIdentifier = hash
 authorityKeyIdentifier = keyid,issuer
 keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
 extendedKeyUsage = clientAuth, emailProtection
 [ server_cert ]
 basicConstraints = CA:FALSE
 nsCertType = server
 nsComment = "OpenSSL Generated Server Certificate"
 subjectKeyIdentifier = hash
 authorityKeyIdentifier = keyid,issuer:always
 keyUsage = critical, digitalSignature, keyEncipherment
 extendedKeyUsage = serverAuth
 subjectAltName=${ENV::SAN}
--- a/ca1/serial
+++ b/ca1/serial
@ -0,0 +1 @@
 1000
--- a/ca_root/index.txt
+++ b/ca_root/index.txt
--- a/ca_root/openssl.conf
+++ b/ca_root/openssl.conf
@ -0,0 +1,63 @@
 [ ca ]
 default_ca = CA_default
 [ CA_default ]
 dir               = /mnt/d/cert/ca_root #папка с нашим УЦ
 certs             = $dir/priv
 #crl_dir           = $dir/crl
 new_certs_dir     = $dir/newcerts
 database          = $dir/index.txt
 serial            = $dir/serial
 RANDFILE          = $dir/priv/.rand
 #подписывающие серты
 private_key       = $dir/priv/ca.key
 certificate       = $dir/pub/ca.crt
 default_md        = sha256
 name_opt          = ca_default
 cert_opt          = ca_default
 default_days      = 375
 preserve          = no
 policy            = policy_strict
 [ policy_strict ]
 countryName             = match
 stateOrProvinceName     = match
 organizationName        = optional
 organizationalUnitName  = optional
 commonName              = optional
 emailAddress            = optional
 [ req ]
 default_bits        = 2048
 distinguished_name  = req_distinguished_name
 string_mask         = utf8only
 default_md          = sha256
 x509_extensions     = v3_ca
 [ req_distinguished_name ]
 countryName                     = Country Name (2 letter code)
 stateOrProvinceName             = State or Province Name
 localityName                    = Locality Name
 organizationName                = Organization Name
 organizationalUnitName          = Organizational Unit Name
 commonName                      = Common Name
 emailAddress                    = Email Address
 # дефолтные значения
 countryName_default             = RU
 stateOrProvinceName_default     = Russia
 localityName_default            = Russia
 organizationName_default       = MyHomeLab
 [ v3_ca ]
 subjectKeyIdentifier = hash
 authorityKeyIdentifier = keyid:always,issuer
 basicConstraints = critical, CA:true
 keyUsage = critical, digitalSignature, cRLSign, keyCertSign
 [ v3_intermediate_ca ]
 subjectKeyIdentifier = hash
 authorityKeyIdentifier = keyid:always,issuer
 basicConstraints = critical, CA:true, pathlen:0
 keyUsage = critical, digitalSignature, cRLSign, keyCertSign
--- a/ca_root/serial
+++ b/ca_root/serial
@ -0,0 +1 @@
 1000