system-config/modules/openstack_project/files/puppetmaster/zuul_ca.cnf

81 lines
1.7 KiB
INI

# This file is managed by puppet.
# https://opendev.org/opendev/system-config
[ca]
default_ca = CA_default
[CA_default]
dir = .
certs = $dir/certs
crl_dir = $dir/crl
database = $dir/index.txt
new_certs_dir = $dir/newcerts
certificate = $dir/cacert.pem
serial = $dir/serial
private_key = $dir/private/cakey.pem
RANDFILE = $dir/private/.rand
x509_extensions = usr_cert
name_opt = ca_default
cert_opt = ca_default
default_days = 3650
default_md = default
preserve = no
policy = ca_policy
[ca_policy]
countryName = supplied
stateOrProvinceName = supplied
localityName = supplied
organizationName = supplied
organizationalUnitName = supplied
commonName = supplied
emailAddress = supplied
[policy_anything]
countryName = supplied
stateOrProvinceName = supplied
localityName = supplied
organizationName = supplied
organizationalUnitName = supplied
commonName = supplied
emailAddress = supplied
[req]
default_bits = 2048
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
x509_extensions = v3_ca
string_mask = utf8only
prompt = no
[req_distinguished_name]
C = US
ST = Texas
L = Austin
O = OpenStack Foundation
OU = Infrastructure
CN = $ENV::CN
emailAddress = openstack-infra@lists.openstack.org
[usr_cert]
basicConstraints = CA:FALSE
nsComment = "client certificate"
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid,issuer
[server]
basicConstraints = CA:FALSE
nsCertType = server
nsComment = "server certificate"
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid,issuer
[v3_req]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
[v3_ca]
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always,issuer
basicConstraints = CA:true