diff options
| author | Erich Eckner <git@eckner.net> | 2019-09-02 10:31:30 +0200 |
|---|---|---|
| committer | Erich Eckner <git@eckner.net> | 2019-09-02 12:03:10 +0200 |
| commit | 4cb7f201a74ebd1709f544f79cdff6855f853e0d (patch) | |
| tree | 62277205ef753c6894887f8fb4d5535afd9fb824 /etc | |
| parent | ae6cc296f850009ee4a088cf65ee971d6a501e55 (diff) | |
| download | simple-pki-4cb7f201a74ebd1709f544f79cdff6855f853e0d.tar.xz | |
useful defaults, no password on CAs
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/root-ca.conf | 14 | ||||
| -rw-r--r-- | etc/server.conf | 14 | ||||
| -rw-r--r-- | etc/signing-ca.conf | 14 |
3 files changed, 20 insertions, 22 deletions
diff --git a/etc/root-ca.conf b/etc/root-ca.conf index cd00238..70df9cf 100644 --- a/etc/root-ca.conf +++ b/etc/root-ca.conf @@ -13,8 +13,8 @@ dir = . # Top dir # certificate. [ req ] -default_bits = 2048 # RSA key size -encrypt_key = yes # Protect private key +default_bits = 4096 # RSA key size +encrypt_key = no # Protect private key default_md = sha1 # MD to use utf8 = yes # Input is UTF-8 string_mask = utf8only # Emit UTF-8 strings @@ -23,11 +23,11 @@ distinguished_name = ca_dn # DN section req_extensions = ca_reqext # Desired extensions [ ca_dn ] -0.domainComponent = "org" -1.domainComponent = "simple" -organizationName = "Simple Inc" -organizationalUnitName = "Simple Root CA" -commonName = "Simple Root CA" +0.domainComponent = "net" +1.domainComponent = "eckner" +organizationName = "Eckner Net" +organizationalUnitName = "Eckner Net CA" +commonName = "Eckner Net Root CA" [ ca_reqext ] keyUsage = critical,keyCertSign,cRLSign diff --git a/etc/server.conf b/etc/server.conf index 7c07fe7..c19bb37 100644 --- a/etc/server.conf +++ b/etc/server.conf @@ -12,18 +12,16 @@ encrypt_key = no # Protect private key default_md = sha1 # MD to use utf8 = yes # Input is UTF-8 string_mask = utf8only # Emit UTF-8 strings -prompt = yes # Prompt for DN +prompt = no # Prompt for DN distinguished_name = server_dn # DN template req_extensions = server_reqext # Desired extensions [ server_dn ] -0.domainComponent = "1. Domain Component (eg, com) " -1.domainComponent = "2. Domain Component (eg, company) " -2.domainComponent = "3. Domain Component (eg, pki) " -organizationName = "4. Organization Name (eg, company) " -organizationalUnitName = "5. Organizational Unit Name (eg, section) " -commonName = "6. Common Name (eg, FQDN) " -commonName_max = 64 +0.domainComponent = "net" +1.domainComponent = "eckner" +organizationName = "Eckner Net" +organizationalUnitName = "Eckner Net" +commonName = $ENV::CN [ server_reqext ] keyUsage = critical,digitalSignature,keyEncipherment diff --git a/etc/signing-ca.conf b/etc/signing-ca.conf index 72d306f..ebba5d0 100644 --- a/etc/signing-ca.conf +++ b/etc/signing-ca.conf @@ -13,8 +13,8 @@ dir = . # Top dir # certificate. [ req ] -default_bits = 2048 # RSA key size -encrypt_key = yes # Protect private key +default_bits = 4096 # RSA key size +encrypt_key = no # Protect private key default_md = sha1 # MD to use utf8 = yes # Input is UTF-8 string_mask = utf8only # Emit UTF-8 strings @@ -23,11 +23,11 @@ distinguished_name = ca_dn # DN section req_extensions = ca_reqext # Desired extensions [ ca_dn ] -0.domainComponent = "org" -1.domainComponent = "simple" -organizationName = "Simple Inc" -organizationalUnitName = "Simple Signing CA" -commonName = "Simple Signing CA" +0.domainComponent = "net" +1.domainComponent = "eckner" +organizationName = "Eckner Net" +organizationalUnitName = "Eckner Net CA" +commonName = "Eckner Net Signing CA" [ ca_reqext ] keyUsage = critical,keyCertSign,cRLSign |