b2e02cfd2213019fac82b4cda8c26adff37be02e
[stack/cam.git] / lib / templates.py
1
2 openssl_conf_template = '''
3 RANDFILE = %(ca_dir)s/.random
4
5 [ ca ]
6 default_ca              = CA_default
7
8 [ CA_default ]
9 dir                     = %(ca_dir)s
10 certs                   = $dir/public/certs
11 crl_dir                 = $dir/public/crl
12 crl                     = $dir/public/crl.pem
13 database                = $dir/index
14 serial                  = $dir/serial
15 new_certs_dir           = $dir/newcerts
16 certificate             = $dir/public/ca.pem
17 private_key             = $dir/private/ca.key
18 x509_extensions         = certificate_extensions
19 email_in_dn             = no
20 default_days            = %(default_days)s
21 default_crl_days        = 31
22 default_md              = sha1
23 preserve                = yes
24 policy                  = policy_match
25
26 [ policy_match ]
27 countryName             = supplied
28 organizationName        = supplied
29 organizationalUnitName  = optional
30 commonName              = supplied
31 emailAddress            = supplied
32
33 [ policy_anything ]
34 countryName             = optional
35 organizationName        = optional
36 organizationalUnitName  = optional
37 commonName              = supplied
38 emailAddress            = optional
39
40 [ req ]
41 default_bits            = 4096
42 default_md              = sha1
43 distinguished_name      = req_distinguished_name
44 attributes              = req_attributes
45 x509_extensions         = v3_ca
46 string_mask             = nombstr
47
48 [ req_distinguished_name ]
49 countryName                     = Country Name
50 countryName_default             = "%(country)s"
51 countryName_min                 = 2
52 countryName_max                 = 2
53 0.organizationName              = Organization Name
54 0.organizationName_default      = "%(org)s"
55 organizationalUnitName          = Organizational Unit Name
56 organizationalUnitName_default  = "%(ou)s"
57 commonName                      = Common Name
58 commonName_max                  = 64
59 commonName_default              = "%(cn)s"
60 emailAddress                    = Email Address
61 emailAddress_max                = 60
62 emailAddress_default            = "%(email)s"
63 SET-ex3                         = SET extension number 3
64
65 [ req_attributes ]
66
67 [ certificate_extensions ]
68
69 [ v3_ca ]
70 subjectKeyIdentifier    = hash
71 authorityKeyIdentifier  = keyid:always,issuer:always
72 basicConstraints        = critical, CA:true
73 keyUsage                = cRLSign, keyCertSign
74 nsCertType              = sslCA, emailCA, objCA
75 nsComment               = "%(cn)s"
76 subjectAltName          = email:copy
77 issuerAltName           = issuer:copy
78
79 '''
80
81 ext_template = '''
82 basicConstraints        = CA:false
83 nsCertType              = client, server
84 keyUsage                = nonRepudiation, digitalSignature, keyEncipherment
85 extendedKeyUsage        = clientAuth, serverAuth
86 nsComment               = "%(ca_name)s"
87 subjectKeyIdentifier    = hash
88 authorityKeyIdentifier  = keyid, issuer:always
89 subjectAltName          = @subject_alt_name
90 issuerAltName           = issuer:copy
91 nsCaRevocationUrl       = %(ca_base_url)s/crl.pem
92 nsRevocationUrl         = %(ca_base_url)s/crl.pem
93 crlDistributionPoints   = @cdp_section
94
95 [ subject_alt_name ]
96 %(alt_names)s
97 email = copy
98
99 [ cdp_section ]
100 URI.1 = %(ca_base_url)s/crl.pem
101 '''
102