working

1 files changed, 45 insertions, 0 deletions

diff --git a/config_files/certificate-authority/config/sign_server_and_client_csrs.ini b/config_files/certificate-authority/config/sign_server_and_client_csrs.ini
new file mode 100644
index 0000000..0cffc13
--- /dev/null
+++ b/config_files/certificate-authority/config/sign_server_and_client_csrs.ini
@@ -0,0 +1,45 @@
+[ ca ]
+default_ca = CA_default
+
+[ CA_default ]
+dir               = /opt/certificate-authority/intermediate
+certs             = $dir/certs
+crl_dir           = $dir/crl
+new_certs_dir     = $dir/newcerts
+database          = $dir/index.txt
+serial            = $dir/serial
+private_key       = pkcs11:model=PKCS%2315%20emulated;manufacturer=www.CardContact.de;serial=DENK0104964;token=SmartCard-HSM%20%28UserPIN%29;id=%D6%0E%28%C8%ED%2B%D5%FF%87%6B%88%06%4F%5B%70%1A%E5%F7%B4%99;object=intermediate;type=private
+certificate       = $dir/certs/intermediate.crt
+default_md        = sha512
+name_opt         = ca_default
+cert_opt         = ca_default
+default_days     = 375
+preserve         = no
+policy           = policy_loose
+
+[ policy_loose ]
+countryName             = optional
+stateOrProvinceName     = optional
+localityName            = optional
+organizationName        = optional
+organizationalUnitName  = optional
+commonName              = supplied
+emailAddress            = optional
+
+[ server_cert ]
+basicConstraints = CA:FALSE
+nsCertType = server
+nsComment = "OpenSSL Generated Server Certificate"
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid,issuer:always
+keyUsage = critical, digitalSignature, keyEncipherment
+extendedKeyUsage = serverAuth
+
+[ client_cert ]
+basicConstraints = CA:FALSE
+nsCertType = client
+nsComment = "OpenSSL Generated Client Certificate"
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid,issuer:always
+keyUsage = critical, digitalSignature
+extendedKeyUsage = clientAuth