| 12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061 |
- [ ca ]
- default_ca = CA_default
-
- [ CA_default ]
-
- dir = {{ openvpn_path }}
- certs = $dir
- crl_dir = $dir
- database = $dir/index.txt
- new_certs_dir = $dir
-
- certificate = {{ openvpn_ca }}.crt
- serial = $dir/serial
- crl = $dir/crl.pem
- private_key = {{ openvpn_ca }}.key
- RANDFILE = $dir/.rand
-
- x509_extensions = server
-
- default_days = {{ openvpn_days_valid }}
- default_crl_days= 30
- default_md = sha256
- preserve = no
-
- policy = policy_anything
-
- [ policy_anything ]
- countryName = optional
- stateOrProvinceName = optional
- localityName = optional
- organizationName = optional
- organizationalUnitName = optional
- commonName = supplied
- name = optional
- emailAddress = optional
-
- [ req ]
- distinguished_name = req_distinguished_name
-
- [ req_distinguished_name ]
- countryName = Country Name (2 letter code)
-
- stateOrProvinceName = State or Province Name (full name)
-
- localityName = Locality Name (eg, city)
-
- 0.organizationName = Organization Name (eg, company)
-
- organizationalUnitName = Organizational Unit Name (eg, section)
-
- commonName = Common Name (eg, your name or your server\'s hostname)
- commonName_default = server
-
- [ server ]
- basicConstraints=CA:FALSE
- nsCertType = server
- nsComment = "Ansible Generated Server Certificate"
- subjectKeyIdentifier=hash
- authorityKeyIdentifier=keyid,issuer:always
- extendedKeyUsage=serverAuth
- keyUsage = digitalSignature, keyEncipherment
|
