apt cacher for debian
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 

124 lines
2.9 KiB

  1. #HOME = .
  2. #RANDFILE = $ENV::HOME/.rnd
  3. oid_section = new_oids
  4. extensions = v3_req
  5. [ new_oids ]
  6. ####################################################################
  7. [ ca ]
  8. default_ca = CA_default # The default ca section
  9. ####################################################################
  10. [ CA_default ]
  11. dir = ./
  12. certs = $dir/certs # Where the issued certs are kept
  13. crl_dir = $dir/crl # Where the issued crl are kept
  14. database = $dir/index.txt # database index file.
  15. new_certs_dir = $dir/new_certs # default place for new certs.
  16. certificate = $dir/CA_crt.pem # The CA certificate
  17. serial = $dir/serial # The current serial number
  18. crl = $dir/CA_crl.pem # The current CRL
  19. private_key = $dir/CA_key.pem
  20. RANDFILE = $dir/.rand # private random number file
  21. x509_extensions = usr_cert # The extentions to add to the cert
  22. # crl_extensions = crl_ext
  23. default_days = 1825 # how long to certify for
  24. default_crl_days= 365 # how long before next CRL
  25. default_md = sha256
  26. preserve = no # keep passed DN ordering
  27. policy = policy_match
  28. # For the CA policy
  29. [ policy_match ]
  30. countryName = match
  31. stateOrProvinceName = match
  32. organizationName = match
  33. organizationalUnitName = optional
  34. commonName = supplied
  35. emailAddress = optional
  36. [ policy_anything ]
  37. countryName = optional
  38. stateOrProvinceName = optional
  39. localityName = optional
  40. organizationName = optional
  41. organizationalUnitName = optional
  42. commonName = supplied
  43. emailAddress = optional
  44. [ req ]
  45. default_bits = 1024
  46. default_keyfile = privkey.pem
  47. distinguished_name = req_distinguished_name
  48. attributes = req_attributes
  49. x509_extensions = v3_ca # The extentions to add to the self signed cert
  50. string_mask = nombstr
  51. #req_extensions = v3_req # The extensions to add to a certificate request
  52. [ req_distinguished_name ]
  53. countryName = country
  54. countryName_default = US
  55. countryName_min = 2
  56. countryName_max = 2
  57. stateOrProvinceName = province
  58. stateOrProvinceName_default = California
  59. localityName = locality
  60. localityName_default = Mountain View
  61. 0.organizationName = O
  62. 0.organizationName_default = Google
  63. organizationalUnitName = OU
  64. organizationalUnitName_default = Enterprise
  65. commonName = CN
  66. commonName_default = MyCA
  67. commonName_max = 64
  68. emailAddress = email
  69. emailAddress_max = 40
  70. # SET-ex3 = SET extension number 3
  71. [ req_attributes ]
  72. challengePassword =
  73. challengePassword_min = 0
  74. challengePassword_max = 20
  75. unstructuredName = An optional company name
  76. [ usr_cert ]
  77. nsComment = "OpenSSL Generated Certificate"
  78. #subjectAltName = @alt_names
  79. keyUsage = digitalSignature, nonRepudiation, keyEncipherment
  80. [alt_names]
  81. DNS.1 = git.local-domain
  82. [ v3_req ]
  83. basicConstraints = CA:false
  84. keyUsage = digitalSignature, nonRepudiation, keyEncipherment
  85. [ v3_ca ]
  86. basicConstraints = CA:true
  87. keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment, keyAgreement, keyCertSign, cRLSign
  88. [ crl_ext ]
  89. authorityKeyIdentifier=keyid:always,issuer:always