No Description
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

openssl-server-certificate.cnf.j2 1.3KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061
  1. [ ca ]
  2. default_ca = CA_default
  3. [ CA_default ]
  4. dir = {{ openvpn_path }}
  5. certs = $dir
  6. crl_dir = $dir
  7. database = $dir/index.txt
  8. new_certs_dir = $dir
  9. certificate = {{ openvpn_ca }}.crt
  10. serial = $dir/serial
  11. crl = $dir/crl.pem
  12. private_key = {{ openvpn_ca }}.key
  13. RANDFILE = $dir/.rand
  14. x509_extensions = server
  15. default_days = {{ openvpn_days_valid }}
  16. default_crl_days= 30
  17. default_md = sha256
  18. preserve = no
  19. policy = policy_anything
  20. [ policy_anything ]
  21. countryName = optional
  22. stateOrProvinceName = optional
  23. localityName = optional
  24. organizationName = optional
  25. organizationalUnitName = optional
  26. commonName = supplied
  27. name = optional
  28. emailAddress = optional
  29. [ req ]
  30. distinguished_name = req_distinguished_name
  31. [ req_distinguished_name ]
  32. countryName = Country Name (2 letter code)
  33. stateOrProvinceName = State or Province Name (full name)
  34. localityName = Locality Name (eg, city)
  35. 0.organizationName = Organization Name (eg, company)
  36. organizationalUnitName = Organizational Unit Name (eg, section)
  37. commonName = Common Name (eg, your name or your server\'s hostname)
  38. commonName_default = server
  39. [ server ]
  40. basicConstraints=CA:FALSE
  41. nsCertType = server
  42. nsComment = "Ansible Generated Server Certificate"
  43. subjectKeyIdentifier=hash
  44. authorityKeyIdentifier=keyid,issuer:always
  45. extendedKeyUsage=serverAuth
  46. keyUsage = digitalSignature, keyEncipherment