summaryrefslogtreecommitdiff
path: root/config_files/certificate-authority/config
diff options
context:
space:
mode:
authorhc <hc@email.ch>2024-11-20 12:51:33 +0800
committerhc <hc@email.ch>2024-11-20 12:51:33 +0800
commit853b82126baa1e8e408a10f91053c52626ffad29 (patch)
tree2fc1de9695810681ba654aab3c2a4867aacc1ac7 /config_files/certificate-authority/config
parentb1f88b682624e85b4b743343dfaaeed113b69413 (diff)
working
Diffstat (limited to 'config_files/certificate-authority/config')
-rw-r--r--config_files/certificate-authority/config/create_intermediate_csr.ini22
-rw-r--r--config_files/certificate-authority/config/create_root_cert.ini55
-rw-r--r--config_files/certificate-authority/config/fullchain.crt55
-rwxr-xr-xconfig_files/certificate-authority/config/normalcli/client.crt24
-rwxr-xr-xconfig_files/certificate-authority/config/normalcli/client.csr17
-rwxr-xr-xconfig_files/certificate-authority/config/normalcli/client.key28
-rw-r--r--config_files/certificate-authority/config/server.crt24
-rw-r--r--config_files/certificate-authority/config/server.csr17
-rw-r--r--config_files/certificate-authority/config/sign_intermediate_csr.ini43
-rw-r--r--config_files/certificate-authority/config/sign_server_and_client_csrs.ini45
-rw-r--r--config_files/certificate-authority/config/yubikey/yubi.crt23
-rw-r--r--config_files/certificate-authority/config/yubikey/yubi.crt.pem23
-rw-r--r--config_files/certificate-authority/config/yubikey/yubi.csr16
-rw-r--r--config_files/certificate-authority/config/yubikey/yubi_pubkey.pem9
14 files changed, 401 insertions, 0 deletions
diff --git a/config_files/certificate-authority/config/create_intermediate_csr.ini b/config_files/certificate-authority/config/create_intermediate_csr.ini
new file mode 100644
index 0000000..1929141
--- /dev/null
+++ b/config_files/certificate-authority/config/create_intermediate_csr.ini
@@ -0,0 +1,22 @@
1[ req ]
2# Options for the `req` tool (`man req`).
3default_bits = 4096
4distinguished_name = req_distinguished_name
5string_mask = utf8only
6prompt = no
7
8# SHA-1 is deprecated, so use SHA-2 instead.
9[ v3_ca ]
10# Extensions for a typical CA (`man x509v3_config`).
11subjectKeyIdentifier = hash
12authorityKeyIdentifier = keyid:always,issuer
13basicConstraints = critical, CA:true
14keyUsage = critical, digitalSignature, cRLSign, keyCertSign
15default_md = sha512
16
17[ req_distinguished_name ]
18C = SG
19ST = singapore
20O = company name
21OU = companyname Certificate Authority
22CN = hi Intermediate CA
diff --git a/config_files/certificate-authority/config/create_root_cert.ini b/config_files/certificate-authority/config/create_root_cert.ini
new file mode 100644
index 0000000..3321dd4
--- /dev/null
+++ b/config_files/certificate-authority/config/create_root_cert.ini
@@ -0,0 +1,55 @@
1[ ca ]
2# `man ca`
3default_ca = CA_default
4
5[ CA_default ]
6# Directory and file locations.
7dir = /opt/certificate-authority
8certs = $dir/certs
9crl_dir = $dir/crl
10new_certs_dir = $dir/newcerts
11database = $dir/index.txt
12serial = $dir/serial
13
14# SHA-1 is deprecated, so use SHA-2 instead.
15default_md = sha512
16
17name_opt = ca_default
18cert_opt = ca_default
19default_days = 375
20preserve = no
21policy = policy_strict
22
23[ policy_strict ]
24# The root CA should only sign intermediate certificates that match.
25# See the POLICY FORMAT section of `man ca`.
26countryName = match
27stateOrProvinceName = match
28organizationName = match
29organizationalUnitName = optional
30commonName = supplied
31emailAddress = optional
32
33[ req ]
34# Options for the `req` tool (`man req`).
35default_bits = 4096
36distinguished_name = req_distinguished_name
37string_mask = utf8only
38prompt = no
39
40# SHA-1 is deprecated, so use SHA-2 instead.
41default_md = sha512
42
43[ req_distinguished_name ]
44C = sg
45ST = hi
46O = hi
47OU = hi Certificate Authority
48CN = hi Root CA
49
50[ v3_ca ]
51# Extensions for a typical CA (`man x509v3_config`).
52subjectKeyIdentifier = hash
53authorityKeyIdentifier = keyid:always,issuer
54basicConstraints = critical, CA:true
55keyUsage = critical, digitalSignature, cRLSign, keyCertSign
diff --git a/config_files/certificate-authority/config/fullchain.crt b/config_files/certificate-authority/config/fullchain.crt
new file mode 100644
index 0000000..d17d14e
--- /dev/null
+++ b/config_files/certificate-authority/config/fullchain.crt
@@ -0,0 +1,55 @@
1-----BEGIN CERTIFICATE-----
2MIIEEzCCA5mgAwIBAgIUdPIUkJpPJEojUqKFG8wPExCcuA4wCgYIKoZIzj0EAwQw
3gYExCzAJBgNVBAYTAlNHMRIwEAYDVQQIDAlzaW5nYXBvcmUxFTATBgNVBAoMDGNv
4bXBhbnkgbmFtZTEqMCgGA1UECwwhY29tcGFueW5hbWUgQ2VydGlmaWNhdGUgQXV0
5aG9yaXR5MRswGQYDVQQDDBJoaSBJbnRlcm1lZGlhdGUgQ0EwHhcNMjQxMTEyMTk0
6ODE3WhcNMjUxMTIyMTk0ODE3WjBoMQswCQYDVQQGEwJVUzESMBAGA1UECAwJWW91
7clN0YXRlMREwDwYDVQQHDAhZb3VyQ2l0eTEZMBcGA1UECgwQWW91ck9yZ2FuaXph
8dGlvbjEXMBUGA1UEAwwOeW91cmRvbWFpbi5jb20wggEiMA0GCSqGSIb3DQEBAQUA
9A4IBDwAwggEKAoIBAQCSxTDiQWEArAFdVLF8fYnY5jqCUiYo4CPE1GLL/vI2t/0u
108a//yWWuZaOK0z3Mj0FRuUofXEJGGXB2fFs1qStuyYBEpwJaJm7uhm1zNLakC4I7
11V12Bs5/edw8qMQLmGu7kqQ0PiOMTuS2GS2EhPUnKIErqhiQBgv56hW4o86SGjnYb
12rGSBCAys6NpaqPC8oMOXjJs5T0bbyHaT8ga2zaLlD4pBcho+2sWITWtv9eMZFuva
13kE8vHNR48mbR5FuZ1CJenxU62NHZcfIaMChYN5KjGdHGqCFbPXzxehaX0Ofhghc6
14Z28KiP+AbQwaMEAqRrvU0V7GTLmE6DAWvmYJslGxAgMBAAGjggE6MIIBNjAJBgNV
15HRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIGQDAzBglghkgBhvhCAQ0EJhYkT3BlblNT
16TCBHZW5lcmF0ZWQgU2VydmVyIENlcnRpZmljYXRlMB0GA1UdDgQWBBScPhckKM30
17e6q7bJiXfbXIk6qhSzCBnAYDVR0jBIGUMIGRgBQSutLIyJsePNmzX9GhghKTR5XT
18w6FjpGEwXzELMAkGA1UEBhMCc2cxCzAJBgNVBAgMAmhpMQswCQYDVQQKDAJoaTEh
19MB8GA1UECwwYaGkgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRMwEQYDVQQDDApoaSBS
20b290IENBghQ3yksY6003XwZ6WpPv6BvlNMRG1zAOBgNVHQ8BAf8EBAMCBaAwEwYD
21VR0lBAwwCgYIKwYBBQUHAwEwCgYIKoZIzj0EAwQDaAAwZQIwEwNmLeDtForhC2WY
22JCcijzNBlKLGvKRP0KXGh3Uhfl+ZZOhmTYM5lnbZ1XDrZG2YAjEA9oU5b7AEqtIO
235uYkFrKJ49qA8crVH84thHvfYrOMMJNO8v1fgDtiKayzHnQq+61V
24-----END CERTIFICATE-----
25-----BEGIN CERTIFICATE-----
26MIIChjCCAgygAwIBAgIUN8pLGOtNN18GelqT7+gb5TTERtcwCgYIKoZIzj0EAwQw
27XzELMAkGA1UEBhMCc2cxCzAJBgNVBAgMAmhpMQswCQYDVQQKDAJoaTEhMB8GA1UE
28CwwYaGkgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRMwEQYDVQQDDApoaSBSb290IENB
29MB4XDTI0MTExMjE5MzYwNVoXDTI5MTExMTE5MzYwNVowgYExCzAJBgNVBAYTAlNH
30MRIwEAYDVQQIDAlzaW5nYXBvcmUxFTATBgNVBAoMDGNvbXBhbnkgbmFtZTEqMCgG
31A1UECwwhY29tcGFueW5hbWUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRswGQYDVQQD
32DBJoaSBJbnRlcm1lZGlhdGUgQ0EwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQHjbSZ
33S/10AselloIpzwY56f1pntc622qiJ/lB3O9WDkSEt5UpdXumtehRVKHkTCK2U6Wc
34ldyBA5aVkj4DpSFgLgfWI/+23WzI5bzYtyEW7VuwsEwWTq6y2PpWVULZzUijZjBk
35MB0GA1UdDgQWBBQSutLIyJsePNmzX9GhghKTR5XTwzAfBgNVHSMEGDAWgBQ1I3hI
36xxMh1tp7g4SRVmjAgyEapTASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQE
37AwIBhjAKBggqhkjOPQQDBANoADBlAjBpqaP5p29kRuZrdmjTJq/laWpenSZiXK4m
38rJVaBV2V0ajCB4eqTnS4KJORjTfLVOMCMQCf6T3ZH5TN+f1QkHxDM9DUOkyOqOzv
39FXvgRTHcWckPqceCIgO4IWFS7WxgyvEmlr4=
40-----END CERTIFICATE-----
41-----BEGIN CERTIFICATE-----
42MIICYDCCAeagAwIBAgIUKzrohjd0kem8ZlOdZ3Z/WCacRW4wCgYIKoZIzj0EAwQw
43XzELMAkGA1UEBhMCc2cxCzAJBgNVBAgMAmhpMQswCQYDVQQKDAJoaTEhMB8GA1UE
44CwwYaGkgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRMwEQYDVQQDDApoaSBSb290IENB
45MB4XDTI0MTExMjE5Mjg1OFoXDTM0MTExMDE5Mjg1OFowXzELMAkGA1UEBhMCc2cx
46CzAJBgNVBAgMAmhpMQswCQYDVQQKDAJoaTEhMB8GA1UECwwYaGkgQ2VydGlmaWNh
47dGUgQXV0aG9yaXR5MRMwEQYDVQQDDApoaSBSb290IENBMHYwEAYHKoZIzj0CAQYF
48K4EEACIDYgAEDu8tCkFEHPtSprQKEp+QNUxEMQHPPYAqOtLFYLQrgZV862d/tCms
492ZN610YgJ4Q2jzPoG+OT75/cA66bqfRik0GY6Uc/YIzXVjFIdnLPv36w0gUnazdZ
507J3U95JZ9006o2MwYTAdBgNVHQ4EFgQUNSN4SMcTIdbae4OEkVZowIMhGqUwHwYD
51VR0jBBgwFoAUNSN4SMcTIdbae4OEkVZowIMhGqUwDwYDVR0TAQH/BAUwAwEB/zAO
52BgNVHQ8BAf8EBAMCAYYwCgYIKoZIzj0EAwQDaAAwZQIwDwyap3b/a6em5Q2AOCf7
53sWJfyC1WW/6UAZ3smu5LT5zd+nBeuiQ5OinIWm8xAXUDAjEAxjDUWD1avBtFV6sw
54FHb91laAakaee7EgVkEng1kqEkzza9cNGghek2aIPV5nHXH+
55-----END CERTIFICATE-----
diff --git a/config_files/certificate-authority/config/normalcli/client.crt b/config_files/certificate-authority/config/normalcli/client.crt
new file mode 100755
index 0000000..e7bcb9a
--- /dev/null
+++ b/config_files/certificate-authority/config/normalcli/client.crt
@@ -0,0 +1,24 @@
1-----BEGIN CERTIFICATE-----
2MIIEBDCCA4mgAwIBAgIUdPIUkJpPJEojUqKFG8wPExCcuBAwCgYIKoZIzj0EAwQw
3gYExCzAJBgNVBAYTAlNHMRIwEAYDVQQIDAlzaW5nYXBvcmUxFTATBgNVBAoMDGNv
4bXBhbnkgbmFtZTEqMCgGA1UECwwhY29tcGFueW5hbWUgQ2VydGlmaWNhdGUgQXV0
5aG9yaXR5MRswGQYDVQQDDBJoaSBJbnRlcm1lZGlhdGUgQ0EwHhcNMjQxMTEyMjIw
6MjQ0WhcNMjUxMTIyMjIwMjQ0WjBYMQswCQYDVQQGEwJVUzESMBAGA1UECAwJWW91
7clN0YXRlMREwDwYDVQQHDAhZb3VyQ2l0eTEQMA4GA1UECgwHWW91ck9yZzEQMA4G
8A1UEAwwHY2xpZW50MjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANik
9xK/PaOCf2ewyWsZ2paKGWTBmu+72qDDIIJHYAT+7vp/n7m91K0+MhzOsDwdJH/vH
10oT1Wy30Q6eGRG6EgiL6oHbWWp+Rp6zDHAHXc+IYDWqs6ipUOYBbaXllHirnlkG3z
11XJ11d05gxWPsXjDw96O91CKJPtSIC0kyVU4E22SM0Qcv0IaHsBG1+bYOtOT0wNE5
12v/pvNJYP7Oe4H+8s6rZZr+S5AT+JdU7B4+tyzI40M+4cjrVi987C3Y1qZ80MN4L6
13IWSjSVOwe8I1Ktj7fJ11GBGsWrxeOu4G9KtpVTyI+TNyg6UMR805J6c+BR6t7C5Z
14aUdsAaqX66Nsw3pNDo8CAwEAAaOCATowggE2MAkGA1UdEwQCMAAwEQYJYIZIAYb4
15QgEBBAQDAgeAMDMGCWCGSAGG+EIBDQQmFiRPcGVuU1NMIEdlbmVyYXRlZCBDbGll
16bnQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFNh/IRK0n80go6/SriULim3nGAkKMIGc
17BgNVHSMEgZQwgZGAFBK60sjImx482bNf0aGCEpNHldPDoWOkYTBfMQswCQYDVQQG
18EwJzZzELMAkGA1UECAwCaGkxCzAJBgNVBAoMAmhpMSEwHwYDVQQLDBhoaSBDZXJ0
19aWZpY2F0ZSBBdXRob3JpdHkxEzARBgNVBAMMCmhpIFJvb3QgQ0GCFDfKSxjrTTdf
20Bnpak+/oG+U0xEbXMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcD
21AjAKBggqhkjOPQQDBANpADBmAjEA6gSZO2a0iijgvcYOm9fB8vIgwYDlrEytmIt4
22DWSRP7k9/a+CW6CfNf8IWNDmfNOmAjEAsbP8DRJ3Bb5iEwE3XAACAHANnMNWCJ05
231FLmX4pIQee05665Uao7HcTCPAGNJpRY
24-----END CERTIFICATE-----
diff --git a/config_files/certificate-authority/config/normalcli/client.csr b/config_files/certificate-authority/config/normalcli/client.csr
new file mode 100755
index 0000000..356b308
--- /dev/null
+++ b/config_files/certificate-authority/config/normalcli/client.csr
@@ -0,0 +1,17 @@
1-----BEGIN CERTIFICATE REQUEST-----
2MIICnTCCAYUCAQAwWDELMAkGA1UEBhMCVVMxEjAQBgNVBAgMCVlvdXJTdGF0ZTER
3MA8GA1UEBwwIWW91ckNpdHkxEDAOBgNVBAoMB1lvdXJPcmcxEDAOBgNVBAMMB2Ns
4aWVudDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDYpMSvz2jgn9ns
5MlrGdqWihlkwZrvu9qgwyCCR2AE/u76f5+5vdStPjIczrA8HSR/7x6E9Vst9EOnh
6kRuhIIi+qB21lqfkaeswxwB13PiGA1qrOoqVDmAW2l5ZR4q55ZBt81yddXdOYMVj
77F4w8PejvdQiiT7UiAtJMlVOBNtkjNEHL9CGh7ARtfm2DrTk9MDROb/6bzSWD+zn
8uB/vLOq2Wa/kuQE/iXVOwePrcsyONDPuHI61YvfOwt2NamfNDDeC+iFko0lTsHvC
9NSrY+3yddRgRrFq8XjruBvSraVU8iPkzcoOlDEfNOSenPgUerewuWWlHbAGql+uj
10bMN6TQ6PAgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAQEAwj/+j8IWQZ99yV/qE2us
11/YK7VJWCZgRpYbmrUTOH67evwiRlPEj1reXdyTBHISJ9tnE57mcXn0nbvAWI9tpk
124/KMJx9g1Jfuid5SgD74ShsFiHn0SP+9O9OEHTZIL5nyQIDu8L6X3KwsB6TsodbH
13pYGBp/jnhz46LBynsTTDIoxa5i+M0dz43oYpLlJqXZE8Srgm/uR8ye2AS/QPvcuC
14bVgw52YgAGNu3PlE3hf0ORtwWasekl6uCTRVTzIf2qptkx3AuUGgSy0biPotyHxt
15rf0NGodVZyb0L4lF/t+4Wk7SyP9zuxq0sA938kLQb3Ob9hTM2i0T4msJplz5He37
16eA==
17-----END CERTIFICATE REQUEST-----
diff --git a/config_files/certificate-authority/config/normalcli/client.key b/config_files/certificate-authority/config/normalcli/client.key
new file mode 100755
index 0000000..4dd0ac4
--- /dev/null
+++ b/config_files/certificate-authority/config/normalcli/client.key
@@ -0,0 +1,28 @@
1-----BEGIN PRIVATE KEY-----
2MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDYpMSvz2jgn9ns
3MlrGdqWihlkwZrvu9qgwyCCR2AE/u76f5+5vdStPjIczrA8HSR/7x6E9Vst9EOnh
4kRuhIIi+qB21lqfkaeswxwB13PiGA1qrOoqVDmAW2l5ZR4q55ZBt81yddXdOYMVj
57F4w8PejvdQiiT7UiAtJMlVOBNtkjNEHL9CGh7ARtfm2DrTk9MDROb/6bzSWD+zn
6uB/vLOq2Wa/kuQE/iXVOwePrcsyONDPuHI61YvfOwt2NamfNDDeC+iFko0lTsHvC
7NSrY+3yddRgRrFq8XjruBvSraVU8iPkzcoOlDEfNOSenPgUerewuWWlHbAGql+uj
8bMN6TQ6PAgMBAAECggEAUkh2id3plBMypnLTpnhu3aVQX8FNVOwrImgIcsxLYSUS
9OFLTbVLf0dVqjpYlmRtNgggm9hCutgBEDI/cIh0kwuFAc3VWrDsMgJi81IdKfz/r
104ogYFZgBp/xlhFxXVNbbvd8GSKnSWBsKLbMbbVRAglj5pupgykEnpDPxUXInz+63
11Ccmwcz82mYw5oAXwGbFWF9P0wfCbBkr13uH7l4yk9jawm2DNC7IlBQ/TzFv8qI0I
12kUM/JB3/LIgqAL/9tniMt5uGJd5WUTagICJCI+bCRKMJVvjq37096gjbLG2LCPn3
13iQ6/0Or202hlpIBWZBcyXW4d2/0EvI5Rz8C0aV0K+QKBgQDyB10vEFUVKqub+AVu
14VEJJSscuhNH/5PpDV2uOycx9bWwIeofcUFyiDCvorJmCtlU8hvyTjdaBbWR8UhEr
15qewf0ZYfO1WVUP1egz5u5Ralph1IYHUoxwStR2knp+JHtuIHuCSnal2Vu8p57uoZ
16i3nNTzadof0XJq2uiSPWGAxYGQKBgQDlJkUA8eZLb4JVrTcOch3OAHlmxizPgJPJ
17SxsGsaQn/636fk9GHiCtRt2oD7tgGpxzBrf6i0Bs1K0wzBbmPtb6JhE+z5nhKirk
18CPXbb/6XN8svQHkIqKlHOqaSTQ96mHfEfcOurpeuYzQDt09Rppgo4eXExRXig1lI
19g0KN4+gQ5wKBgERKh6SL+zXpwFpV9VJYPAvqKaGaoJaPyX3O4O59SlHp2h3aVRN5
20KWof/RO9/+K+B/b4L7SCxQ/oCf56OZYUcCfaP324hEGJhLRyW992jJlY8dJGRUio
21P02VZLpnyJVrqQN8lfsXLCjfwBX/r9ZdYJTp0QNRfdRWeZNR5ua2CmWhAoGBAMRG
22hl5r1K2SotnOF1WJS5wy7cmpP6Kw6GVHrquKJyiXqSbhX/eYQLcK9ztH1mBYCt+/
23xoCVHCbb+EjO12J6OttjFexuF8k0vC48upIuGKzf/mrH16QiC3TWeOzhkruYsyWb
2476vFImkd0eTI8+jlQHnsHEnx4m/1v9kLjUtKBnHLAoGAXyAN75ZRy69QOvrXpjPI
258Rq48hwCrwwUtIMWNKZFHUA+SlT6fYACfKDwajdkNQjTqJ/KpA/oDVA7He8K2wlM
262RnYraXx1eivGXIfQvUWcuHOq6CmcJEp+WiVUbLlyKMyPS7hB3PYuWrnYpAwaiBn
27uWGX6LvdsBajP4hpEDM6o7o=
28-----END PRIVATE KEY-----
diff --git a/config_files/certificate-authority/config/server.crt b/config_files/certificate-authority/config/server.crt
new file mode 100644
index 0000000..84447b1
--- /dev/null
+++ b/config_files/certificate-authority/config/server.crt
@@ -0,0 +1,24 @@
1-----BEGIN CERTIFICATE-----
2MIIEEzCCA5mgAwIBAgIUdPIUkJpPJEojUqKFG8wPExCcuA4wCgYIKoZIzj0EAwQw
3gYExCzAJBgNVBAYTAlNHMRIwEAYDVQQIDAlzaW5nYXBvcmUxFTATBgNVBAoMDGNv
4bXBhbnkgbmFtZTEqMCgGA1UECwwhY29tcGFueW5hbWUgQ2VydGlmaWNhdGUgQXV0
5aG9yaXR5MRswGQYDVQQDDBJoaSBJbnRlcm1lZGlhdGUgQ0EwHhcNMjQxMTEyMTk0
6ODE3WhcNMjUxMTIyMTk0ODE3WjBoMQswCQYDVQQGEwJVUzESMBAGA1UECAwJWW91
7clN0YXRlMREwDwYDVQQHDAhZb3VyQ2l0eTEZMBcGA1UECgwQWW91ck9yZ2FuaXph
8dGlvbjEXMBUGA1UEAwwOeW91cmRvbWFpbi5jb20wggEiMA0GCSqGSIb3DQEBAQUA
9A4IBDwAwggEKAoIBAQCSxTDiQWEArAFdVLF8fYnY5jqCUiYo4CPE1GLL/vI2t/0u
108a//yWWuZaOK0z3Mj0FRuUofXEJGGXB2fFs1qStuyYBEpwJaJm7uhm1zNLakC4I7
11V12Bs5/edw8qMQLmGu7kqQ0PiOMTuS2GS2EhPUnKIErqhiQBgv56hW4o86SGjnYb
12rGSBCAys6NpaqPC8oMOXjJs5T0bbyHaT8ga2zaLlD4pBcho+2sWITWtv9eMZFuva
13kE8vHNR48mbR5FuZ1CJenxU62NHZcfIaMChYN5KjGdHGqCFbPXzxehaX0Ofhghc6
14Z28KiP+AbQwaMEAqRrvU0V7GTLmE6DAWvmYJslGxAgMBAAGjggE6MIIBNjAJBgNV
15HRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIGQDAzBglghkgBhvhCAQ0EJhYkT3BlblNT
16TCBHZW5lcmF0ZWQgU2VydmVyIENlcnRpZmljYXRlMB0GA1UdDgQWBBScPhckKM30
17e6q7bJiXfbXIk6qhSzCBnAYDVR0jBIGUMIGRgBQSutLIyJsePNmzX9GhghKTR5XT
18w6FjpGEwXzELMAkGA1UEBhMCc2cxCzAJBgNVBAgMAmhpMQswCQYDVQQKDAJoaTEh
19MB8GA1UECwwYaGkgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRMwEQYDVQQDDApoaSBS
20b290IENBghQ3yksY6003XwZ6WpPv6BvlNMRG1zAOBgNVHQ8BAf8EBAMCBaAwEwYD
21VR0lBAwwCgYIKwYBBQUHAwEwCgYIKoZIzj0EAwQDaAAwZQIwEwNmLeDtForhC2WY
22JCcijzNBlKLGvKRP0KXGh3Uhfl+ZZOhmTYM5lnbZ1XDrZG2YAjEA9oU5b7AEqtIO
235uYkFrKJ49qA8crVH84thHvfYrOMMJNO8v1fgDtiKayzHnQq+61V
24-----END CERTIFICATE-----
diff --git a/config_files/certificate-authority/config/server.csr b/config_files/certificate-authority/config/server.csr
new file mode 100644
index 0000000..9e5e167
--- /dev/null
+++ b/config_files/certificate-authority/config/server.csr
@@ -0,0 +1,17 @@
1-----BEGIN CERTIFICATE REQUEST-----
2MIICrTCCAZUCAQAwaDELMAkGA1UEBhMCVVMxEjAQBgNVBAgMCVlvdXJTdGF0ZTER
3MA8GA1UEBwwIWW91ckNpdHkxGTAXBgNVBAoMEFlvdXJPcmdhbml6YXRpb24xFzAV
4BgNVBAMMDnlvdXJkb21haW4uY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
5CgKCAQEAksUw4kFhAKwBXVSxfH2J2OY6glImKOAjxNRiy/7yNrf9LvGv/8llrmWj
6itM9zI9BUblKH1xCRhlwdnxbNakrbsmARKcCWiZu7oZtczS2pAuCO1ddgbOf3ncP
7KjEC5hru5KkND4jjE7kthkthIT1JyiBK6oYkAYL+eoVuKPOkho52G6xkgQgMrOja
8WqjwvKDDl4ybOU9G28h2k/IGts2i5Q+KQXIaPtrFiE1rb/XjGRbr2pBPLxzUePJm
90eRbmdQiXp8VOtjR2XHyGjAoWDeSoxnRxqghWz188XoWl9Dn4YIXOmdvCoj/gG0M
10GjBAKka71NFexky5hOgwFr5mCbJRsQIDAQABoAAwDQYJKoZIhvcNAQELBQADggEB
11ABrlYpipRamlAk0zMYb2J/Yk/sw6T41OzWhG4Z6n6V5KSmCbTO/KgUIjeRMmIilE
12yE2LTJL1aUFDkAib7SJu02U4iZquRDsGSzQbT4xnhzTz4esOowkXEZGFdCV/qhDK
13lN34yFV+oNGT9nO3TjKE2SJPiDlfgMdRikoYPNWo6yv+0l3a4jWiTqq7Xn0derEu
14ZHPBhAuJvWzrD3ixap4BOlSKNp9C0dFuLhbnu9SAuy4uL/rjWsOH+KZVW388MlzA
15CibAN3GHmm7xzNUTrXrX3w5w3mU1O3IKKWu1u/EQTPq8/WfmRcvOg+xhqlOEvCGx
16YrwlWlETn28qAuq0WTa3+Gg=
17-----END CERTIFICATE REQUEST-----
diff --git a/config_files/certificate-authority/config/sign_intermediate_csr.ini b/config_files/certificate-authority/config/sign_intermediate_csr.ini
new file mode 100644
index 0000000..09a20f7
--- /dev/null
+++ b/config_files/certificate-authority/config/sign_intermediate_csr.ini
@@ -0,0 +1,43 @@
1[ ca ]
2# `man ca`
3default_ca = CA_default
4
5[ CA_default ]
6# Directory and file locations.
7dir = /opt/certificate-authority
8certs = $dir/certs
9crl_dir = $dir/crl
10new_certs_dir = $dir/newcerts
11database = $dir/index.txt
12serial = $dir/serial
13
14# The root key and root certificate.
15private_key = pkcs11:model=PKCS%2315%20emulated;manufacturer=www.CardContact.de;serial=DENK0104964;token=SmartCard-HSM%20%28UserPIN%29;id=%BA%6C%1F%2B%2B%16%E9%7B%4F%31%B0%91%19%73%2F%C8%DF%78%3A%FD;object=root;type=private
16certificate = ../certs/root.crt
17
18# SHA-1 is deprecated, so use SHA-2 instead.
19default_md = sha512
20
21name_opt = ca_default
22cert_opt = ca_default
23default_days = 375
24preserve = no
25policy = policy_loose
26
27[ policy_loose ]
28# Allow the intermediate CA to sign a more diverse range of certificates.
29# See the POLICY FORMAT section of the `ca` man page.
30countryName = optional
31stateOrProvinceName = optional
32localityName = optional
33organizationName = optional
34organizationalUnitName = optional
35commonName = supplied
36emailAddress = optional
37
38[ v3_intermediate_ca ]
39# Extensions for a typical intermediate CA (`man x509v3_config`).
40subjectKeyIdentifier = hash
41authorityKeyIdentifier = keyid:always,issuer
42basicConstraints = critical, CA:true, pathlen:0
43keyUsage = critical, digitalSignature, cRLSign, keyCertSign
diff --git a/config_files/certificate-authority/config/sign_server_and_client_csrs.ini b/config_files/certificate-authority/config/sign_server_and_client_csrs.ini
new file mode 100644
index 0000000..0cffc13
--- /dev/null
+++ b/config_files/certificate-authority/config/sign_server_and_client_csrs.ini
@@ -0,0 +1,45 @@
1[ ca ]
2default_ca = CA_default
3
4[ CA_default ]
5dir = /opt/certificate-authority/intermediate
6certs = $dir/certs
7crl_dir = $dir/crl
8new_certs_dir = $dir/newcerts
9database = $dir/index.txt
10serial = $dir/serial
11private_key = pkcs11:model=PKCS%2315%20emulated;manufacturer=www.CardContact.de;serial=DENK0104964;token=SmartCard-HSM%20%28UserPIN%29;id=%D6%0E%28%C8%ED%2B%D5%FF%87%6B%88%06%4F%5B%70%1A%E5%F7%B4%99;object=intermediate;type=private
12certificate = $dir/certs/intermediate.crt
13default_md = sha512
14name_opt = ca_default
15cert_opt = ca_default
16default_days = 375
17preserve = no
18policy = policy_loose
19
20[ policy_loose ]
21countryName = optional
22stateOrProvinceName = optional
23localityName = optional
24organizationName = optional
25organizationalUnitName = optional
26commonName = supplied
27emailAddress = optional
28
29[ server_cert ]
30basicConstraints = CA:FALSE
31nsCertType = server
32nsComment = "OpenSSL Generated Server Certificate"
33subjectKeyIdentifier = hash
34authorityKeyIdentifier = keyid,issuer:always
35keyUsage = critical, digitalSignature, keyEncipherment
36extendedKeyUsage = serverAuth
37
38[ client_cert ]
39basicConstraints = CA:FALSE
40nsCertType = client
41nsComment = "OpenSSL Generated Client Certificate"
42subjectKeyIdentifier = hash
43authorityKeyIdentifier = keyid,issuer:always
44keyUsage = critical, digitalSignature
45extendedKeyUsage = clientAuth
diff --git a/config_files/certificate-authority/config/yubikey/yubi.crt b/config_files/certificate-authority/config/yubikey/yubi.crt
new file mode 100644
index 0000000..7cd308b
--- /dev/null
+++ b/config_files/certificate-authority/config/yubikey/yubi.crt
@@ -0,0 +1,23 @@
1-----BEGIN CERTIFICATE-----
2MIID5zCCA2ygAwIBAgIUdPIUkJpPJEojUqKFG8wPExCcuA8wCgYIKoZIzj0EAwQw
3gYExCzAJBgNVBAYTAlNHMRIwEAYDVQQIDAlzaW5nYXBvcmUxFTATBgNVBAoMDGNv
4bXBhbnkgbmFtZTEqMCgGA1UECwwhY29tcGFueW5hbWUgQ2VydGlmaWNhdGUgQXV0
5aG9yaXR5MRswGQYDVQQDDBJoaSBJbnRlcm1lZGlhdGUgQ0EwHhcNMjQxMTEyMjAw
6NDQ4WhcNMjUxMTIyMjAwNDQ4WjA7MQswCQYDVQQGEwJVUzEVMBMGA1UECgwMRXhh
7bXBsZSBDb3JwMRUwEwYDVQQDDAxoaWkgVXNlbmFtZXIwggEiMA0GCSqGSIb3DQEB
8AQUAA4IBDwAwggEKAoIBAQDJUjjRY+PpNWuR7Zt81ZLtAzTLSP0BwRhOtUB0JM2Y
9sYm/xaxHDvVORIrn58y7SLEo+k2mWdC5CfyelN7hQEw8BakW2n4ka3BMef7Cd+Hp
10ICTIBvRdecYd5Swl3BB22Pus+WuuY9AP1c1+sMUJ5fRp9TG6MdmyYXDbmNmIUvbU
111NYhaUS9BmE8+Tgcg5BQvvArofk9sR8GVmrfeWRdCIh+Ma+X08UoZLGtkJG3Z51c
12qTUoNBgU61CiRqAEH4PZ5V7zaXgYOpUrr8/ql2e7/WCpn4qmjWDd7DnUCC1VR58z
13lUjFYw9OPPmPZ30IB8fp48Z3tgwynLVX0/iw2o7nPRQtAgMBAAGjggE6MIIBNjAJ
14BgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIHgDAzBglghkgBhvhCAQ0EJhYkT3Bl
15blNTTCBHZW5lcmF0ZWQgQ2xpZW50IENlcnRpZmljYXRlMB0GA1UdDgQWBBQiJrOh
16Pna4bxHGNpRqmaV/IC/jxzCBnAYDVR0jBIGUMIGRgBQSutLIyJsePNmzX9GhghKT
17R5XTw6FjpGEwXzELMAkGA1UEBhMCc2cxCzAJBgNVBAgMAmhpMQswCQYDVQQKDAJo
18aTEhMB8GA1UECwwYaGkgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRMwEQYDVQQDDApo
19aSBSb290IENBghQ3yksY6003XwZ6WpPv6BvlNMRG1zAOBgNVHQ8BAf8EBAMCB4Aw
20EwYDVR0lBAwwCgYIKwYBBQUHAwIwCgYIKoZIzj0EAwQDaQAwZgIxAI0V54UBZJqA
21SWYihKikCdS6S6PB9F0OgibPPgWWSVztbImzZsFGAdVpwS8SDp8JMQIxAMVFxqBk
2229UXxX1SvENRXPKZO6a7iMh6E8VmOd/ZXDVkstuL6sUWTRVuiv3YoBPK3A==
23-----END CERTIFICATE-----
diff --git a/config_files/certificate-authority/config/yubikey/yubi.crt.pem b/config_files/certificate-authority/config/yubikey/yubi.crt.pem
new file mode 100644
index 0000000..7cd308b
--- /dev/null
+++ b/config_files/certificate-authority/config/yubikey/yubi.crt.pem
@@ -0,0 +1,23 @@
1-----BEGIN CERTIFICATE-----
2MIID5zCCA2ygAwIBAgIUdPIUkJpPJEojUqKFG8wPExCcuA8wCgYIKoZIzj0EAwQw
3gYExCzAJBgNVBAYTAlNHMRIwEAYDVQQIDAlzaW5nYXBvcmUxFTATBgNVBAoMDGNv
4bXBhbnkgbmFtZTEqMCgGA1UECwwhY29tcGFueW5hbWUgQ2VydGlmaWNhdGUgQXV0
5aG9yaXR5MRswGQYDVQQDDBJoaSBJbnRlcm1lZGlhdGUgQ0EwHhcNMjQxMTEyMjAw
6NDQ4WhcNMjUxMTIyMjAwNDQ4WjA7MQswCQYDVQQGEwJVUzEVMBMGA1UECgwMRXhh
7bXBsZSBDb3JwMRUwEwYDVQQDDAxoaWkgVXNlbmFtZXIwggEiMA0GCSqGSIb3DQEB
8AQUAA4IBDwAwggEKAoIBAQDJUjjRY+PpNWuR7Zt81ZLtAzTLSP0BwRhOtUB0JM2Y
9sYm/xaxHDvVORIrn58y7SLEo+k2mWdC5CfyelN7hQEw8BakW2n4ka3BMef7Cd+Hp
10ICTIBvRdecYd5Swl3BB22Pus+WuuY9AP1c1+sMUJ5fRp9TG6MdmyYXDbmNmIUvbU
111NYhaUS9BmE8+Tgcg5BQvvArofk9sR8GVmrfeWRdCIh+Ma+X08UoZLGtkJG3Z51c
12qTUoNBgU61CiRqAEH4PZ5V7zaXgYOpUrr8/ql2e7/WCpn4qmjWDd7DnUCC1VR58z
13lUjFYw9OPPmPZ30IB8fp48Z3tgwynLVX0/iw2o7nPRQtAgMBAAGjggE6MIIBNjAJ
14BgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIHgDAzBglghkgBhvhCAQ0EJhYkT3Bl
15blNTTCBHZW5lcmF0ZWQgQ2xpZW50IENlcnRpZmljYXRlMB0GA1UdDgQWBBQiJrOh
16Pna4bxHGNpRqmaV/IC/jxzCBnAYDVR0jBIGUMIGRgBQSutLIyJsePNmzX9GhghKT
17R5XTw6FjpGEwXzELMAkGA1UEBhMCc2cxCzAJBgNVBAgMAmhpMQswCQYDVQQKDAJo
18aTEhMB8GA1UECwwYaGkgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRMwEQYDVQQDDApo
19aSBSb290IENBghQ3yksY6003XwZ6WpPv6BvlNMRG1zAOBgNVHQ8BAf8EBAMCB4Aw
20EwYDVR0lBAwwCgYIKwYBBQUHAwIwCgYIKoZIzj0EAwQDaQAwZgIxAI0V54UBZJqA
21SWYihKikCdS6S6PB9F0OgibPPgWWSVztbImzZsFGAdVpwS8SDp8JMQIxAMVFxqBk
2229UXxX1SvENRXPKZO6a7iMh6E8VmOd/ZXDVkstuL6sUWTRVuiv3YoBPK3A==
23-----END CERTIFICATE-----
diff --git a/config_files/certificate-authority/config/yubikey/yubi.csr b/config_files/certificate-authority/config/yubikey/yubi.csr
new file mode 100644
index 0000000..f001530
--- /dev/null
+++ b/config_files/certificate-authority/config/yubikey/yubi.csr
@@ -0,0 +1,16 @@
1-----BEGIN CERTIFICATE REQUEST-----
2MIICgDCCAWgCAQAwOzEVMBMGA1UEAwwMaGlpIFVzZW5hbWVyMRUwEwYDVQQKDAxF
3eGFtcGxlIENvcnAxCzAJBgNVBAYTAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
4MIIBCgKCAQEAyVI40WPj6TVrke2bfNWS7QM0y0j9AcEYTrVAdCTNmLGJv8WsRw71
5TkSK5+fMu0ixKPpNplnQuQn8npTe4UBMPAWpFtp+JGtwTHn+wnfh6SAkyAb0XXnG
6HeUsJdwQdtj7rPlrrmPQD9XNfrDFCeX0afUxujHZsmFw25jZiFL21NTWIWlEvQZh
7PPk4HIOQUL7wK6H5PbEfBlZq33lkXQiIfjGvl9PFKGSxrZCRt2edXKk1KDQYFOtQ
8okagBB+D2eVe82l4GDqVK6/P6pdnu/1gqZ+Kpo1g3ew51AgtVUefM5VIxWMPTjz5
9j2d9CAfH6ePGd7YMMpy1V9P4sNqO5z0ULQIDAQABoAAwDQYJKoZIhvcNAQELBQAD
10ggEBADcx0k7zRU4d9F8yQ7aBLhraIDJ9ZURvEptoUTuzFUu95ACZWOoiATSeLoiJ
116nnHGksOQjYWCRUNu7lYuyE0SfxeFGCKEH8J2jkX8Z5JhKyc+VZeuaD+pu8gH3gz
12RIl2Dz8L9npMQGSQrdAwJyyohHERYNSrW0OWwHP38yqqpA4rRUGHDmZtPRUjirnq
13zABvt5rJAM7nx1Q+OGYupdzrg5fFtlN3JNWl2EZpe2e65A13k+nBNSSBt2aLyfVV
149GXblWRhei/OAIJTThXW+dex5aU8ujDgeGnHrtR5r7OqkL72+4TI3UZie+k2NOBZ
15zD2XpFWYvUMcvi1oLaTyQ4fulLE=
16-----END CERTIFICATE REQUEST-----
diff --git a/config_files/certificate-authority/config/yubikey/yubi_pubkey.pem b/config_files/certificate-authority/config/yubikey/yubi_pubkey.pem
new file mode 100644
index 0000000..4979331
--- /dev/null
+++ b/config_files/certificate-authority/config/yubikey/yubi_pubkey.pem
@@ -0,0 +1,9 @@
1-----BEGIN PUBLIC KEY-----
2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyVI40WPj6TVrke2bfNWS
37QM0y0j9AcEYTrVAdCTNmLGJv8WsRw71TkSK5+fMu0ixKPpNplnQuQn8npTe4UBM
4PAWpFtp+JGtwTHn+wnfh6SAkyAb0XXnGHeUsJdwQdtj7rPlrrmPQD9XNfrDFCeX0
5afUxujHZsmFw25jZiFL21NTWIWlEvQZhPPk4HIOQUL7wK6H5PbEfBlZq33lkXQiI
6fjGvl9PFKGSxrZCRt2edXKk1KDQYFOtQokagBB+D2eVe82l4GDqVK6/P6pdnu/1g
7qZ+Kpo1g3ew51AgtVUefM5VIxWMPTjz5j2d9CAfH6ePGd7YMMpy1V9P4sNqO5z0U
8LQIDAQAB
9-----END PUBLIC KEY-----
generated by cgit (git 2.34.1) at 2026-02-20 04:03:31 +0000