X-Git-Url: https://v.licheni.net/stack/cam.git/blobdiff_plain/de74ecfb399e9c18e476104744856fde67ea2e81:/lib/templates.py..112c04e3926d62291efd902a1dcb0b2d24feeb59:/cam/templates/openssl_config diff --git a/lib/templates.py b/cam/templates/openssl_config similarity index 74% rename from lib/templates.py rename to cam/templates/openssl_config index b2e02cf..4583fca 100644 --- a/lib/templates.py +++ b/cam/templates/openssl_config @@ -1,15 +1,14 @@ - -openssl_conf_template = ''' -RANDFILE = %(ca_dir)s/.random +RANDFILE = %(basedir)s/.random [ ca ] default_ca = CA_default [ CA_default ] -dir = %(ca_dir)s +dir = %(basedir)s certs = $dir/public/certs crl_dir = $dir/public/crl crl = $dir/public/crl.pem +crlnumber = $dir/crlnumber database = $dir/index serial = $dir/serial new_certs_dir = $dir/newcerts @@ -38,7 +37,7 @@ commonName = supplied emailAddress = optional [ req ] -default_bits = 4096 +default_bits = %(bits)s default_md = sha1 distinguished_name = req_distinguished_name attributes = req_attributes @@ -76,27 +75,3 @@ nsComment = "%(cn)s" subjectAltName = email:copy issuerAltName = issuer:copy -''' - -ext_template = ''' -basicConstraints = CA:false -nsCertType = client, server -keyUsage = nonRepudiation, digitalSignature, keyEncipherment -extendedKeyUsage = clientAuth, serverAuth -nsComment = "%(ca_name)s" -subjectKeyIdentifier = hash -authorityKeyIdentifier = keyid, issuer:always -subjectAltName = @subject_alt_name -issuerAltName = issuer:copy -nsCaRevocationUrl = %(ca_base_url)s/crl.pem -nsRevocationUrl = %(ca_base_url)s/crl.pem -crlDistributionPoints = @cdp_section - -[ subject_alt_name ] -%(alt_names)s -email = copy - -[ cdp_section ] -URI.1 = %(ca_base_url)s/crl.pem -''' -