-
-openssl_conf_template = '''
-RANDFILE = %(ca_dir)s/.random
+RANDFILE = %(basedir)s/.random
[ ca ]
default_ca = CA_default
[ CA_default ]
-dir = %(ca_dir)s
+dir = %(basedir)s
certs = $dir/public/certs
crl_dir = $dir/public/crl
crl = $dir/public/crl.pem
+crlnumber = $dir/crlnumber
database = $dir/index
serial = $dir/serial
new_certs_dir = $dir/newcerts
emailAddress = optional
[ req ]
-default_bits = 4096
+default_bits = %(bits)s
default_md = sha1
distinguished_name = req_distinguished_name
attributes = req_attributes
subjectAltName = email:copy
issuerAltName = issuer:copy
-'''
-
-ext_template = '''
-basicConstraints = CA:false
-nsCertType = client, server
-keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-extendedKeyUsage = clientAuth, serverAuth
-nsComment = "%(ca_name)s"
-subjectKeyIdentifier = hash
-authorityKeyIdentifier = keyid, issuer:always
-subjectAltName = @subject_alt_name
-issuerAltName = issuer:copy
-nsCaRevocationUrl = %(ca_base_url)s/crl.pem
-nsRevocationUrl = %(ca_base_url)s/crl.pem
-crlDistributionPoints = @cdp_section
-
-[ subject_alt_name ]
-%(alt_names)s
-email = copy
-
-[ cdp_section ]
-URI.1 = %(ca_base_url)s/crl.pem
-'''
-
v.licheni.net / stack / cam.git / blobdiff