# This file is managed by puppet. # https://git.openstack.org/cgit/openstack-infra/system-config [ca] default_ca = CA_default [CA_default] dir = . certs = $dir/certs crl_dir = $dir/crl database = $dir/index.txt new_certs_dir = $dir/newcerts certificate = $dir/cacert.pem serial = $dir/serial private_key = $dir/private/cakey.pem RANDFILE = $dir/private/.rand x509_extensions = usr_cert name_opt = ca_default cert_opt = ca_default default_days = 3650 default_md = default preserve = no policy = ca_policy [ca_policy] countryName = supplied stateOrProvinceName = supplied localityName = supplied organizationName = supplied organizationalUnitName = supplied commonName = supplied emailAddress = supplied [policy_anything] countryName = supplied stateOrProvinceName = supplied localityName = supplied organizationName = supplied organizationalUnitName = supplied commonName = supplied emailAddress = supplied [req] default_bits = 2048 default_keyfile = privkey.pem distinguished_name = req_distinguished_name x509_extensions = v3_ca string_mask = utf8only prompt = no [req_distinguished_name] C = US ST = Texas L = Austin O = OpenStack Foundation OU = Infrastructure CN = $ENV::CN emailAddress = openstack-infra@lists.openstack.org [usr_cert] basicConstraints = CA:FALSE nsComment = "client certificate" subjectKeyIdentifier = hash authorityKeyIdentifier = keyid,issuer [server] basicConstraints = CA:FALSE nsCertType = server nsComment = "server certificate" subjectKeyIdentifier = hash authorityKeyIdentifier = keyid,issuer [v3_req] basicConstraints = CA:FALSE keyUsage = nonRepudiation, digitalSignature, keyEncipherment [v3_ca] subjectKeyIdentifier = hash authorityKeyIdentifier = keyid:always,issuer basicConstraints = CA:true