sign-ca functional

1 files changed, 30 insertions, 0 deletions

diff --git a/etc/server-ssl.conf b/etc/server-ssl.conf
new file mode 100644
index 0000000..337a7a4
--- /dev/null
+++ b/etc/server-ssl.conf
@@ -0,0 +1,30 @@
+# TLS server certificate request
+
+# This file is used by the openssl req command. The subjectAltName cannot be
+# prompted for and must be specified in the SAN environment variable.
+
+[ default ]
+SAN                     = $ENV::SAN             # Default value
+
+[ req ]
+default_bits            = 2048                  # RSA key size
+encrypt_key             = no                    # Protect private key
+default_md              = sha1                  # MD to use
+utf8                    = yes                   # Input is UTF-8
+string_mask             = utf8only              # Emit UTF-8 strings
+prompt                  = no                    # Prompt for DN
+distinguished_name      = server_dn             # DN template
+req_extensions          = server_reqext         # Desired extensions
+
+[ server_dn ]
+0.domainComponent       = "net"
+1.domainComponent       = "eckner"
+organizationName        = "Eckner Net"
+organizationalUnitName  = "Eckner Net Https"
+commonName              = $ENV::CN
+
+[ server_reqext ]
+keyUsage                = critical,digitalSignature,keyEncipherment
+extendedKeyUsage        = serverAuth,clientAuth
+subjectKeyIdentifier    = hash
+subjectAltName          = $ENV::SAN