diff options
| author | Erich Eckner <git@eckner.net> | 2019-09-02 13:08:04 +0200 |
|---|---|---|
| committer | Erich Eckner <git@eckner.net> | 2019-09-02 13:08:04 +0200 |
| commit | f78f292e58908b3962bbe4282052083d83d23759 (patch) | |
| tree | 72f76d419b27ca82b3dca65ae57bbc3bf8fb09d1 | |
| parent | 0292d459c617ecba3e25d6765454716ba1f3a428 (diff) | |
| download | simple-pki-f78f292e58908b3962bbe4282052083d83d23759.tar.xz | |
remove cruft
| -rw-r--r-- | etc/email.conf | 31 | ||||
| -rwxr-xr-x | website-run-through | 69 |
2 files changed, 0 insertions, 100 deletions
diff --git a/etc/email.conf b/etc/email.conf deleted file mode 100644 index ea26c58..0000000 --- a/etc/email.conf +++ /dev/null @@ -1,31 +0,0 @@ -# Email certificate request - -# This file is used by the openssl req command. Since we cannot know the DN in -# advance the user is prompted for DN information. - -[ req ] -default_bits = 2048 # RSA key size -encrypt_key = yes # Protect private key -default_md = sha1 # MD to use -utf8 = yes # Input is UTF-8 -string_mask = utf8only # Emit UTF-8 strings -prompt = yes # Prompt for DN -distinguished_name = email_dn # DN template -req_extensions = email_reqext # Desired extensions - -[ email_dn ] -0.domainComponent = "1. Domain Component (eg, com) " -1.domainComponent = "2. Domain Component (eg, company) " -2.domainComponent = "3. Domain Component (eg, pki) " -organizationName = "4. Organization Name (eg, company) " -organizationalUnitName = "5. Organizational Unit Name (eg, section) " -commonName = "6. Common Name (eg, full name)" -commonName_max = 64 -emailAddress = "7. Email Address (eg, name@fqdn)" -emailAddress_max = 40 - -[ email_reqext ] -keyUsage = critical,digitalSignature,keyEncipherment -extendedKeyUsage = emailProtection,clientAuth -subjectKeyIdentifier = hash -subjectAltName = email:move diff --git a/website-run-through b/website-run-through deleted file mode 100755 index 324619b..0000000 --- a/website-run-through +++ /dev/null @@ -1,69 +0,0 @@ -#!/bin/bash - -set -e - -rm -rf --one-file-system ca certs - -mkdir -p ca/root-ca/private ca/root-ca/db crl certs -chmod 700 ca/root-ca/private - -cp /dev/null ca/root-ca/db/root-ca.db -cp /dev/null ca/root-ca/db/root-ca.db.attr -echo 01 > ca/root-ca/db/root-ca.crt.srl -echo 01 > ca/root-ca/db/root-ca.crl.srl - -CA=root-ca openssl req -new \ - -config etc/ca-ssl.conf \ - -out ca/root-ca.csr \ - -keyout ca/root-ca/private/root-ca.key - -CA=root-ca openssl ca -batch -name root_ca -selfsign \ - -config etc/ca-ssl.conf \ - -in ca/root-ca.csr \ - -out ca/root-ca.crt \ - -extensions root_ca_ext - -mkdir -p ca/signing-ca/private ca/signing-ca/db crl certs -chmod 700 ca/signing-ca/private - -cp /dev/null ca/signing-ca/db/signing-ca.db -cp /dev/null ca/signing-ca/db/signing-ca.db.attr -echo 01 > ca/signing-ca/db/signing-ca.crt.srl -echo 01 > ca/signing-ca/db/signing-ca.crl.srl - -CA=signing-ca openssl req -new \ - -config etc/ca-ssl.conf \ - -out ca/signing-ca.csr \ - -keyout ca/signing-ca/private/signing-ca.key - -CA=root-ca openssl ca -batch -name root_ca \ - -config etc/ca-ssl.conf \ - -in ca/signing-ca.csr \ - -out ca/signing-ca.crt \ - -extensions signing_ca_ext - -SAN=DNS:test.local \ -CN=test.local \ -openssl req -new \ - -config etc/server-ssl.conf \ - -out /tmp/nginx.csr \ - -keyout /tmp/nginx.key - -CA=signing-ca openssl ca -batch -name signing_ca \ - -config etc/ca-ssl.conf \ - -in /tmp/nginx.csr \ - -out /tmp/nginx.crt \ - -extensions server_ext - -cat /tmp/nginx.crt ca/signing-ca.crt ca/root-ca.crt > /tmp/nginx.chain - -sudo systemctl restart nginx - -curl -Ss https://test.local --cacert ca/root-ca.crt - -exit 0 - -openssl ca \ - -config etc/ca-ssl.conf \ - -revoke ca/signing-ca/01.pem \ - -crl_reason superseded |