adding bouncer, console, some work for certificates, fixed hostname in hb_tor_dmz, working on readme for host config
This commit is contained in:
parent
f4eb827058
commit
5d89e9c40c
|
|
@ -0,0 +1,32 @@
|
|||
#!/bin/bash
|
||||
|
||||
COMMON_NAME="n3tw3rk.1ns3cur1ty.c0rp"
|
||||
CWD=$(pwd)
|
||||
|
||||
set -e
|
||||
|
||||
names = "
|
||||
3dg3
|
||||
g3n3r4l
|
||||
hub
|
||||
pr0xy-dmz
|
||||
s3rv1c3z
|
||||
t0r-3dg3
|
||||
t0r-dmz
|
||||
h0pm
|
||||
p0stf1x
|
||||
mysql
|
||||
"
|
||||
|
||||
for x in $(echo $names | tr ' ' '\n' | grep "."); do
|
||||
openssl genpkey \
|
||||
-algorithm ED25519 \
|
||||
-out "${CWD}/config/ssl/intermediate/private/${x}.${COMMON_NAME}.ed25519.key"
|
||||
|
||||
openssl genpkey \
|
||||
-algorithm ED448 \
|
||||
-out "${CWD}/config/ssl/intermediate/private/${x}.${COMMON_NAME}.ed448.key"
|
||||
|
||||
openssl genrsa -out "${CWD}/config/ssl/intermediate/private/${x}.${COMMON_NAME}.key" 4096
|
||||
|
||||
done
|
||||
|
|
@ -0,0 +1,256 @@
|
|||
servers = (
|
||||
{
|
||||
address = "hub";
|
||||
chatnet = "hub";
|
||||
port = "6667";
|
||||
password = "password";
|
||||
use_tls = "no";
|
||||
tls_verify = "no";
|
||||
autoconnect = "yes";
|
||||
},
|
||||
{
|
||||
address = "general";
|
||||
chatnet = "general";
|
||||
port = "6667";
|
||||
password = "password";
|
||||
use_tls = "no";
|
||||
tls_verify = "no";
|
||||
autoconnect = "yes";
|
||||
},
|
||||
{
|
||||
address = "198.18.70.58";
|
||||
chatnet = "tor-dmz";
|
||||
port = "6667";
|
||||
password = "password";
|
||||
use_tls = "no";
|
||||
tls_verify = "no";
|
||||
autoconnect = "yes";
|
||||
},
|
||||
{
|
||||
address = "198.18.70.66";
|
||||
chatnet = "proxy-dmz";
|
||||
port = "6667";
|
||||
password = "password";
|
||||
use_tls = "no";
|
||||
tls_verify = "no";
|
||||
autoconnect = "yes";
|
||||
},
|
||||
{
|
||||
address = "edge";
|
||||
chatnet = "edge";
|
||||
port = "6667";
|
||||
password = "password";
|
||||
use_tls = "no";
|
||||
tls_verify = "no";
|
||||
autoconnect = "yes";
|
||||
}
|
||||
);
|
||||
|
||||
chatnets = {
|
||||
hub = {
|
||||
nick = "hub_admin";
|
||||
username = "hubadmin";
|
||||
realname = "hub admin";
|
||||
type = "IRC";
|
||||
autosendcmd = "/quote oper hub_admin password";
|
||||
};
|
||||
edge = {
|
||||
nick = "edge_admin";
|
||||
username = "edgeadmin";
|
||||
realname = "edge admin";
|
||||
type = "IRC";
|
||||
autosendcmd = "/oper edge_admin password";
|
||||
};
|
||||
general = {
|
||||
nick = "general_admin";
|
||||
username = "generaladmin";
|
||||
realname = "general admin";
|
||||
type = "IRC";
|
||||
autosendcmd = "/oper general_admin password";
|
||||
};
|
||||
tordmz = {
|
||||
nick = "tor_dmz_admin";
|
||||
username = "tdmzadmin";
|
||||
realname = "tor dmz admin";
|
||||
type = "IRC";
|
||||
autosendcmd = "/oper tor_dmz_admin password";
|
||||
};
|
||||
prxdmz = {
|
||||
nick = "proxy_dmz_admin";
|
||||
username = "pdmzadmin";
|
||||
realname = "tor dmz admin";
|
||||
type = "IRC";
|
||||
autosendcmd = "/oper proxy_dmz_admin password";
|
||||
};
|
||||
"tor-dmz" = { type = "IRC"; };
|
||||
"proxy-dmz" = { type = "IRC"; };
|
||||
};
|
||||
|
||||
channels = (
|
||||
{ name = "#partyline"; chatnet = "hub"; autojoin = "yes"; },
|
||||
{ name = "#partyline"; chatnet = "edge"; autojoin = "yes"; },
|
||||
{ name = "#partyline"; chatnet = "general"; autojoin = "yes"; },
|
||||
{ name = "#partyline"; chatnet = "tordmz"; autojoin = "yes"; },
|
||||
{ name = "#partyline"; chatnet = "prxdmz"; autojoin = "yes"; }
|
||||
);
|
||||
|
||||
aliases = {
|
||||
ATAG = "WINDOW SERVER";
|
||||
ADDALLCHANS = "SCRIPT EXEC foreach my \\$channel (Irssi::channels()) { Irssi::command(\"CHANNEL ADD -auto \\$channel->{name} \\$channel->{server}->{tag} \\$channel->{key}\")\\;}";
|
||||
B = "BAN";
|
||||
BACK = "AWAY";
|
||||
BANS = "BAN";
|
||||
BYE = "QUIT";
|
||||
C = "CLEAR";
|
||||
CALC = "EXEC - if command -v bc >/dev/null 2>&1\\; then printf '%s=' '$*'\\; echo '$*' | bc -l\\; else echo bc was not found\\; fi";
|
||||
CHAT = "DCC CHAT";
|
||||
DATE = "TIME";
|
||||
DEHIGHLIGHT = "DEHILIGHT";
|
||||
DESCRIBE = "ACTION";
|
||||
DHL = "DEHILIGHT";
|
||||
EXEMPTLIST = "MODE $C +e";
|
||||
EXIT = "QUIT";
|
||||
GOTO = "SCROLLBACK GOTO";
|
||||
HIGHLIGHT = "HILIGHT";
|
||||
HL = "HILIGHT";
|
||||
HOST = "USERHOST";
|
||||
INVITELIST = "MODE $C +I";
|
||||
J = "JOIN";
|
||||
K = "KICK";
|
||||
KB = "KICKBAN";
|
||||
KN = "KNOCKOUT";
|
||||
LAST = "LASTLOG";
|
||||
LEAVE = "PART";
|
||||
M = "MSG";
|
||||
MUB = "UNBAN *";
|
||||
N = "NAMES";
|
||||
NMSG = "^MSG";
|
||||
P = "PART";
|
||||
Q = "QUERY";
|
||||
RESET = "SET -default";
|
||||
RUN = "SCRIPT LOAD";
|
||||
SAY = "MSG *";
|
||||
SB = "SCROLLBACK";
|
||||
SBAR = "STATUSBAR";
|
||||
SIGNOFF = "QUIT";
|
||||
SV = "MSG * Irssi $J ($V) - https://irssi.org";
|
||||
T = "TOPIC";
|
||||
UB = "UNBAN";
|
||||
UMODE = "MODE $N";
|
||||
UNSET = "SET -clear";
|
||||
W = "WHO";
|
||||
WC = "WINDOW CLOSE";
|
||||
WG = "WINDOW GOTO";
|
||||
WJOIN = "JOIN -window";
|
||||
WI = "WHOIS";
|
||||
WII = "WHOIS $0 $0";
|
||||
WL = "WINDOW LIST";
|
||||
WN = "WINDOW NEW HIDDEN";
|
||||
WQUERY = "QUERY -window";
|
||||
WW = "WHOWAS";
|
||||
};
|
||||
|
||||
statusbar = {
|
||||
|
||||
items = {
|
||||
|
||||
barstart = "{sbstart}";
|
||||
barend = "{sbend}";
|
||||
|
||||
topicbarstart = "{topicsbstart}";
|
||||
topicbarend = "{topicsbend}";
|
||||
|
||||
time = "{sb $Z}";
|
||||
user = "{sb {sbnickmode $cumode}$N{sbmode $usermode}{sbaway $A}}";
|
||||
|
||||
window = "{sb $winref:$tag/$itemname{sbmode $M}}";
|
||||
window_empty = "{sb $winref{sbservertag $tag}}";
|
||||
|
||||
prompt = "{prompt $[.15]itemname}";
|
||||
prompt_empty = "{prompt $winname}";
|
||||
|
||||
topic = " $topic";
|
||||
topic_empty = " Irssi v$J - https://irssi.org";
|
||||
|
||||
lag = "{sb Lag: $0-}";
|
||||
act = "{sb Act: $0-}";
|
||||
more = "-- more --";
|
||||
};
|
||||
|
||||
default = {
|
||||
|
||||
window = {
|
||||
|
||||
disabled = "no";
|
||||
type = "window";
|
||||
placement = "bottom";
|
||||
position = "1";
|
||||
visible = "active";
|
||||
|
||||
items = {
|
||||
barstart = { priority = "100"; };
|
||||
time = { };
|
||||
user = { };
|
||||
window = { };
|
||||
window_empty = { };
|
||||
lag = { priority = "-1"; };
|
||||
act = { priority = "10"; };
|
||||
more = { priority = "-1"; alignment = "right"; };
|
||||
barend = { priority = "100"; alignment = "right"; };
|
||||
};
|
||||
};
|
||||
|
||||
window_inact = {
|
||||
|
||||
type = "window";
|
||||
placement = "bottom";
|
||||
position = "1";
|
||||
visible = "inactive";
|
||||
|
||||
items = {
|
||||
barstart = { priority = "100"; };
|
||||
window = { };
|
||||
window_empty = { };
|
||||
more = { priority = "-1"; alignment = "right"; };
|
||||
barend = { priority = "100"; alignment = "right"; };
|
||||
};
|
||||
};
|
||||
|
||||
prompt = {
|
||||
|
||||
type = "root";
|
||||
placement = "bottom";
|
||||
position = "100";
|
||||
visible = "always";
|
||||
|
||||
items = {
|
||||
prompt = { priority = "-1"; };
|
||||
prompt_empty = { priority = "-1"; };
|
||||
input = { priority = "10"; };
|
||||
};
|
||||
};
|
||||
|
||||
topic = {
|
||||
|
||||
type = "root";
|
||||
placement = "top";
|
||||
position = "1";
|
||||
visible = "always";
|
||||
|
||||
items = {
|
||||
topicbarstart = { priority = "100"; };
|
||||
topic = { };
|
||||
topic_empty = { };
|
||||
topicbarend = { priority = "100"; alignment = "right"; };
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
settings = {
|
||||
core = {
|
||||
real_name = "changeme";
|
||||
user_name = "changeme";
|
||||
nick = "changeme";
|
||||
};
|
||||
"fe-text" = { actlist_sort = "refnum"; };
|
||||
};
|
||||
|
|
@ -0,0 +1,295 @@
|
|||
# When testing changes, the easiest way to reload the theme is with /RELOAD.
|
||||
# This reloads the configuration file too, so if you did any changes remember
|
||||
# to /SAVE it first. Remember also that /SAVE overwrites the theme file with
|
||||
# old data so keep backups :)
|
||||
|
||||
# TEMPLATES:
|
||||
|
||||
# The real text formats that irssi uses are the ones you can find with
|
||||
# /FORMAT command. Back in the old days all the colors and texts were mixed
|
||||
# up in those formats, and it was really hard to change the colors since you
|
||||
# might have had to change them in tens of different places. So, then came
|
||||
# this templating system.
|
||||
|
||||
# Now the /FORMATs don't have any colors in them, and they also have very
|
||||
# little other styling. Most of the stuff you need to change is in this
|
||||
# theme file. If you can't change something here, you can always go back
|
||||
# to change the /FORMATs directly, they're also saved in these .theme files.
|
||||
|
||||
# So .. the templates. They're those {blahblah} parts you see all over the
|
||||
# /FORMATs and here. Their usage is simply {name parameter1 parameter2}.
|
||||
# When irssi sees this kind of text, it goes to find "name" from abstracts
|
||||
# block below and sets "parameter1" into $0 and "parameter2" into $1 (you
|
||||
# can have more parameters of course). Templates can have subtemplates.
|
||||
# Here's a small example:
|
||||
# /FORMAT format hello {colorify {underline world}}
|
||||
# abstracts = { colorify = "%G$0-%n"; underline = "%U$0-%U"; }
|
||||
# When irssi expands the templates in "format", the final string would be:
|
||||
# hello %G%Uworld%U%n
|
||||
# ie. underlined bright green "world" text.
|
||||
# and why "$0-", why not "$0"? $0 would only mean the first parameter,
|
||||
# $0- means all the parameters. With {underline hello world} you'd really
|
||||
# want to underline both of the words, not just the hello (and world would
|
||||
# actually be removed entirely).
|
||||
|
||||
# COLORS:
|
||||
|
||||
# You can find definitions for the color format codes in docs/formats.txt.
|
||||
|
||||
# There's one difference here though. %n format. Normally it means the
|
||||
# default color of the terminal (white mostly), but here it means the
|
||||
# "reset color back to the one it was in higher template". For example
|
||||
# if there was /FORMAT test %g{foo}bar, and foo = "%Y$0%n", irssi would
|
||||
# print yellow "foo" (as set with %Y) but "bar" would be green, which was
|
||||
# set at the beginning before the {foo} template. If there wasn't the %g
|
||||
# at start, the normal behaviour of %n would occur. If you _really_ want
|
||||
# to use the terminal's default color, use %N.
|
||||
|
||||
#############################################################################
|
||||
|
||||
# default foreground color (%N) - -1 is the "default terminal color"
|
||||
default_color = "-1";
|
||||
|
||||
# print timestamp/servertag at the end of line, not at beginning
|
||||
info_eol = "false";
|
||||
|
||||
# these characters are automatically replaced with specified color
|
||||
# (dark grey by default)
|
||||
replaces = { "[]=" = "%K$*%n"; };
|
||||
|
||||
abstracts = {
|
||||
##
|
||||
## generic
|
||||
##
|
||||
|
||||
# text to insert at the beginning of each non-message line
|
||||
line_start = "%B-%n!%B-%n ";
|
||||
|
||||
# timestamp styling, nothing by default
|
||||
timestamp = "$*";
|
||||
|
||||
# any kind of text that needs hilighting, default is to bold
|
||||
hilight = "%_$*%_";
|
||||
|
||||
# any kind of error message, default is bright red
|
||||
error = "%R$*%n";
|
||||
|
||||
# channel name is printed
|
||||
channel = "%_$*%_";
|
||||
|
||||
# nick is printed
|
||||
nick = "%_$*%_";
|
||||
|
||||
# nick host is printed
|
||||
nickhost = "[$*]";
|
||||
|
||||
# server name is printed
|
||||
server = "%_$*%_";
|
||||
|
||||
# some kind of comment is printed
|
||||
comment = "[$*]";
|
||||
|
||||
# reason for something is printed (part, quit, kick, ..)
|
||||
reason = "{comment $*}";
|
||||
|
||||
# mode change is printed ([+o nick])
|
||||
mode = "{comment $*}";
|
||||
|
||||
##
|
||||
## channel specific messages
|
||||
##
|
||||
|
||||
# highlighted nick/host is printed (joins)
|
||||
channick_hilight = "%C$*%n";
|
||||
chanhost_hilight = "{nickhost %c$*%n}";
|
||||
|
||||
# nick/host is printed (parts, quits, etc.)
|
||||
channick = "%c$*%n";
|
||||
chanhost = "{nickhost $*}";
|
||||
|
||||
# highlighted channel name is printed
|
||||
channelhilight = "%c$*%n";
|
||||
|
||||
# ban/ban exception/invite list mask is printed
|
||||
ban = "%c$*%n";
|
||||
|
||||
##
|
||||
## messages
|
||||
##
|
||||
|
||||
# the basic styling of how to print message, $0 = nick mode, $1 = nick
|
||||
msgnick = "%K<%n$0$1-%K>%n %|";
|
||||
|
||||
# message from you is printed. "ownnick" specifies the styling of the
|
||||
# nick ($0 part in msgnick) and "ownmsgnick" specifies the styling of the
|
||||
# whole line.
|
||||
|
||||
# Example1: You want the message text to be green:
|
||||
# ownmsgnick = "{msgnick $0 $1-}%g";
|
||||
# Example2.1: You want < and > chars to be yellow:
|
||||
# ownmsgnick = "%Y{msgnick $0 $1-%Y}%n";
|
||||
# (you'll also have to remove <> from replaces list above)
|
||||
# Example2.2: But you still want to keep <> grey for other messages:
|
||||
# pubmsgnick = "%K{msgnick $0 $1-%K}%n";
|
||||
# pubmsgmenick = "%K{msgnick $0 $1-%K}%n";
|
||||
# pubmsghinick = "%K{msgnick $1 $0$2-%n%K}%n";
|
||||
# ownprivmsgnick = "%K{msgnick $*%K}%n";
|
||||
# privmsgnick = "%K{msgnick %R$*%K}%n";
|
||||
|
||||
# $0 = nick mode, $1 = nick
|
||||
ownmsgnick = "{msgnick $0 $1-}";
|
||||
ownnick = "%_$*%n";
|
||||
|
||||
# public message in channel, $0 = nick mode, $1 = nick
|
||||
pubmsgnick = "{msgnick $0 $1-}";
|
||||
pubnick = "%N$*%n";
|
||||
|
||||
# public message in channel meant for me, $0 = nick mode, $1 = nick
|
||||
pubmsgmenick = "{msgnick $0 $1-}";
|
||||
menick = "%Y$*%n";
|
||||
|
||||
# public highlighted message in channel
|
||||
# $0 = highlight color, $1 = nick mode, $2 = nick
|
||||
pubmsghinick = "{msgnick $1 $0$2-%n}";
|
||||
|
||||
# channel name is printed with message
|
||||
msgchannel = "%K:%c$*%n";
|
||||
|
||||
# private message, $0 = nick, $1 = host
|
||||
privmsg = "[%R$0%K(%r$1-%K)%n] ";
|
||||
|
||||
# private message from you, $0 = "msg", $1 = target nick
|
||||
ownprivmsg = "[%r$0%K(%R$1-%K)%n] ";
|
||||
|
||||
# own private message in query
|
||||
ownprivmsgnick = "{msgnick $*}";
|
||||
ownprivnick = "%_$*%n";
|
||||
|
||||
# private message in query
|
||||
privmsgnick = "{msgnick %R$*%n}";
|
||||
|
||||
##
|
||||
## Actions (/ME stuff)
|
||||
##
|
||||
|
||||
# used internally by this theme
|
||||
action_core = "%_ * $*%n";
|
||||
|
||||
# generic one that's used by most actions
|
||||
action = "{action_core $*} ";
|
||||
|
||||
# own action, both private/public
|
||||
ownaction = "{action $*}";
|
||||
|
||||
# own action with target, both private/public
|
||||
ownaction_target = "{action_core $0}%K:%c$1%n ";
|
||||
|
||||
# private action sent by others
|
||||
pvtaction = "%_ (*) $*%n ";
|
||||
pvtaction_query = "{action $*}";
|
||||
|
||||
# public action sent by others
|
||||
pubaction = "{action $*}";
|
||||
|
||||
|
||||
##
|
||||
## other IRC events
|
||||
##
|
||||
|
||||
# whois
|
||||
whois = "%# $[8]0 : $1-";
|
||||
|
||||
# notices
|
||||
ownnotice = "[%r$0%K(%R$1-%K)]%n ";
|
||||
notice = "%K-%M$*%K-%n ";
|
||||
pubnotice_channel = "%K:%m$*";
|
||||
pvtnotice_host = "%K(%m$*%K)";
|
||||
servernotice = "%g!$*%n ";
|
||||
|
||||
# CTCPs
|
||||
ownctcp = "[%r$0%K(%R$1-%K)] ";
|
||||
ctcp = "%g$*%n";
|
||||
|
||||
# wallops
|
||||
wallop = "%_$*%n: ";
|
||||
wallop_nick = "%n$*";
|
||||
wallop_action = "%_ * $*%n ";
|
||||
|
||||
# netsplits
|
||||
netsplit = "%R$*%n";
|
||||
netjoin = "%C$*%n";
|
||||
|
||||
# /names list
|
||||
names_prefix = "";
|
||||
names_nick = "[%_$0%_$1-] ";
|
||||
names_nick_op = "{names_nick $*}";
|
||||
names_nick_halfop = "{names_nick $*}";
|
||||
names_nick_voice = "{names_nick $*}";
|
||||
names_users = "[%g$*%n]";
|
||||
names_channel = "%G$*%n";
|
||||
|
||||
# DCC
|
||||
dcc = "%g$*%n";
|
||||
dccfile = "%_$*%_";
|
||||
|
||||
# DCC chat, own msg/action
|
||||
dccownmsg = "[%r$0%K($1-%K)%n] ";
|
||||
dccownnick = "%R$*%n";
|
||||
dccownquerynick = "%_$*%n";
|
||||
dccownaction = "{action $*}";
|
||||
dccownaction_target = "{action_core $0}%K:%c$1%n ";
|
||||
|
||||
# DCC chat, others
|
||||
dccmsg = "[%G$1-%K(%g$0%K)%n] ";
|
||||
dccquerynick = "%G$*%n";
|
||||
dccaction = "%_ (*dcc*) $*%n %|";
|
||||
|
||||
##
|
||||
## statusbar
|
||||
##
|
||||
|
||||
# default background for all statusbars. You can also give
|
||||
# the default foreground color for statusbar items.
|
||||
sb_background = "%4%w";
|
||||
window_border = "%4%w";
|
||||
|
||||
# default backround for "default" statusbar group
|
||||
#sb_default_bg = "%4";
|
||||
# background for prompt / input line
|
||||
sb_prompt_bg = "%n";
|
||||
# background for info statusbar
|
||||
sb_info_bg = "%8";
|
||||
# background for topicbar (same default)
|
||||
#sb_topic_bg = "%4";
|
||||
|
||||
# text at the beginning of statusbars. "sb" already puts a space there,
|
||||
# so we don't use anything by default.
|
||||
sbstart = "";
|
||||
# text at the end of statusbars. Use space so that it's never
|
||||
# used for anything.
|
||||
sbend = " ";
|
||||
|
||||
topicsbstart = "{sbstart $*}";
|
||||
topicsbend = "{sbend $*}";
|
||||
|
||||
prompt = "[$*] ";
|
||||
|
||||
sb = " %c[%n$*%c]%n";
|
||||
sbmode = "(%c+%n$*)";
|
||||
sbaway = " (%GzZzZ%n)";
|
||||
sbservertag = ":$0 (change with ^X)";
|
||||
sbnickmode = "$0";
|
||||
|
||||
# activity in statusbar
|
||||
|
||||
# ',' separator
|
||||
sb_act_sep = "%c$*";
|
||||
# normal text
|
||||
sb_act_text = "%c$*";
|
||||
# public message
|
||||
sb_act_msg = "%W$*";
|
||||
# hilight
|
||||
sb_act_hilight = "%M$*";
|
||||
# hilight with specified color, $0 = color, $1 = text
|
||||
sb_act_hilight_color = "$0$1-%n";
|
||||
};
|
||||
|
|
@ -0,0 +1,128 @@
|
|||
[ca]
|
||||
default_ca = CA_Intermediate
|
||||
|
||||
[CA_Intermediate]
|
||||
unique_subject = no
|
||||
dir = config/ssl/intermediate
|
||||
certs = $dir/certs
|
||||
crl_dir = $dir/crl
|
||||
new_certs_dir = $dir/newcerts
|
||||
database = $dir/index.txt
|
||||
serial = $dir/serial
|
||||
RANDFILE = $dir/private/.rand
|
||||
private_key = $dir/private/1nt3rm3d14t3.n3tw3rk.1ns3cur1ty.c0rp.ed25519.key
|
||||
certificate = $dir/certs/1nt3rm3d14t3.n3tw3rk.1ns3cur1ty.c0rp.ed25519.crt
|
||||
crlnumber = $dir/crlnumber
|
||||
crl = $dir/crl/1nt3rm3d14t3.n3tw3rk.1ns3cur1ty.c0rp.ed25519.crl
|
||||
crl_extensions = crl_ext
|
||||
default_crl_days = 3650
|
||||
default_md = sha512
|
||||
name_opt = ca_default
|
||||
cert_opt = ca_default
|
||||
default_days = 825
|
||||
preserve = no
|
||||
policy = policy_loose
|
||||
|
||||
|
||||
[CA_default]
|
||||
dir = config/ssl/ca
|
||||
certs = $dir/certs
|
||||
crl_dir = $dir/crl
|
||||
new_certs_dir = $dir/newcerts
|
||||
database = $dir/index.txt
|
||||
serial = $dir/serial
|
||||
RANDFILE = $dir/private/.rand
|
||||
private_key = $dir/private/c4.n3tw3rk.1ns3cur1ty.c0rp.ed25519.key
|
||||
certificate = $dir/certs/c4.n3tw3rk.1ns3cur1ty.c0rp.ed25519.crt
|
||||
crlnumber = $dir/crlnumber
|
||||
crl = $dir/crl/c4.n3tw3rk.1ns3cur1ty.c0rp.ed25519.crl
|
||||
crl_extensions = crl_ext
|
||||
default_crl_days = 3650
|
||||
default_md = sha512
|
||||
name_opt = ca_default
|
||||
cert_opt = ca_default
|
||||
default_days = 825
|
||||
preserve = no
|
||||
policy = policy_strict
|
||||
|
||||
[policy_strict]
|
||||
countryName = match
|
||||
stateOrProvinceName = match
|
||||
organizationName = match
|
||||
organizationalUnitName = optional
|
||||
commonName = supplied
|
||||
emailAddress = optional
|
||||
|
||||
[policy_loose]
|
||||
countryName = optional
|
||||
stateOrProvinceName = optional
|
||||
localityName = optional
|
||||
organizationName = optional
|
||||
organizationalUnitName = optional
|
||||
commonName = supplied
|
||||
emailAddress = optional
|
||||
|
||||
[req]
|
||||
prompt = no
|
||||
default_bits = 4096
|
||||
distinguished_name = req_distinguished_name
|
||||
string_mask = utf8only
|
||||
default_md = sha512
|
||||
x509_extensions = v3_ca
|
||||
|
||||
[req_distinguished_name]
|
||||
countryName = XY
|
||||
stateOrProvinceName = Nowhere
|
||||
localityName = Village
|
||||
0.organizationName = n3tw3rk
|
||||
organizationalUnitName = c3rt1f1c4t3 4uth0r1ty
|
||||
commonName = 3dg3.n3tw3rk.1ns3cur1ty.c0rp
|
||||
emailAddress = commodus@n3tw3rk.1ns3cur1ty.c0rp
|
||||
|
||||
[v3_ca]
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid:always,issuer
|
||||
basicConstraints = critical, CA:true
|
||||
keyUsage = critical, digitalSignature, cRLSign, keyCertSign
|
||||
|
||||
[v3_intermediate_ca]
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid:always,issuer
|
||||
basicConstraints = critical, CA:true, pathlen:0
|
||||
keyUsage = critical, digitalSignature, cRLSign, keyCertSign
|
||||
crlDistributionPoints = @crl_info
|
||||
authorityInfoAccess = @ocsp_info
|
||||
|
||||
[usr_cert]
|
||||
basicConstraints = CA:FALSE
|
||||
nsCertType = client, email
|
||||
nsComment = "n3tw3rk cl13nt c3rt1f1c4t3"
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid,issuer
|
||||
keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
|
||||
extendedKeyUsage = clientAuth, emailProtection
|
||||
|
||||
[server_cert]
|
||||
basicConstraints = CA:FALSE
|
||||
nsCertType = server
|
||||
nsComment = "n3tw3rk s3rv3r c3rt1f1c4t3"
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid,issuer:always
|
||||
keyUsage = critical, digitalSignature, keyEncipherment
|
||||
extendedKeyUsage = serverAuth
|
||||
|
||||
[crl_ext]
|
||||
authorityKeyIdentifier = keyid:always
|
||||
|
||||
[ocsp]
|
||||
basicConstraints = CA:FALSE
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid,issuer
|
||||
keyUsage = critical, digitalSignature
|
||||
extendedKeyUsage = critical, OCSPSigning
|
||||
|
||||
[alt_names]
|
||||
DNS.1 = 3dg3.n3tw3rk.1ns3cur1ty.c0rp
|
||||
DNS.2 = 3dg3
|
||||
IP.1 =
|
||||
|
||||
|
|
@ -0,0 +1,128 @@
|
|||
[ca]
|
||||
default_ca = CA_Intermediate
|
||||
|
||||
[CA_Intermediate]
|
||||
unique_subject = no
|
||||
dir = config/ssl/intermediate
|
||||
certs = $dir/certs
|
||||
crl_dir = $dir/crl
|
||||
new_certs_dir = $dir/newcerts
|
||||
database = $dir/index.txt
|
||||
serial = $dir/serial
|
||||
RANDFILE = $dir/private/.rand
|
||||
private_key = $dir/private/1nt3rm3d14t3.n3tw3rk.1ns3cur1ty.c0rp.ed448.key
|
||||
certificate = $dir/certs/1nt3rm3d14t3.n3tw3rk.1ns3cur1ty.c0rp.ed448.crt
|
||||
crlnumber = $dir/crlnumber
|
||||
crl = $dir/crl/1nt3rm3d14t3.n3tw3rk.1ns3cur1ty.c0rp.ed448.crl
|
||||
crl_extensions = crl_ext
|
||||
default_crl_days = 3650
|
||||
default_md = sha512
|
||||
name_opt = ca_default
|
||||
cert_opt = ca_default
|
||||
default_days = 825
|
||||
preserve = no
|
||||
policy = policy_loose
|
||||
|
||||
|
||||
[CA_default]
|
||||
dir = config/ssl/ca
|
||||
certs = $dir/certs
|
||||
crl_dir = $dir/crl
|
||||
new_certs_dir = $dir/newcerts
|
||||
database = $dir/index.txt
|
||||
serial = $dir/serial
|
||||
RANDFILE = $dir/private/.rand
|
||||
private_key = $dir/private/c4.n3tw3rk.1ns3cur1ty.c0rp.ed448.key
|
||||
certificate = $dir/certs/c4.n3tw3rk.1ns3cur1ty.c0rp.ed448.crt
|
||||
crlnumber = $dir/crlnumber
|
||||
crl = $dir/crl/c4.n3tw3rk.1ns3cur1ty.c0rp.ed448.crl
|
||||
crl_extensions = crl_ext
|
||||
default_crl_days = 3650
|
||||
default_md = sha512
|
||||
name_opt = ca_default
|
||||
cert_opt = ca_default
|
||||
default_days = 825
|
||||
preserve = no
|
||||
policy = policy_strict
|
||||
|
||||
[policy_strict]
|
||||
countryName = match
|
||||
stateOrProvinceName = match
|
||||
organizationName = match
|
||||
organizationalUnitName = optional
|
||||
commonName = supplied
|
||||
emailAddress = optional
|
||||
|
||||
[policy_loose]
|
||||
countryName = optional
|
||||
stateOrProvinceName = optional
|
||||
localityName = optional
|
||||
organizationName = optional
|
||||
organizationalUnitName = optional
|
||||
commonName = supplied
|
||||
emailAddress = optional
|
||||
|
||||
[req]
|
||||
prompt = no
|
||||
default_bits = 4096
|
||||
distinguished_name = req_distinguished_name
|
||||
string_mask = utf8only
|
||||
default_md = sha512
|
||||
x509_extensions = v3_ca
|
||||
|
||||
[req_distinguished_name]
|
||||
countryName = XY
|
||||
stateOrProvinceName = Nowhere
|
||||
localityName = Village
|
||||
0.organizationName = n3tw3rk
|
||||
organizationalUnitName = c3rt1f1c4t3 4uth0r1ty
|
||||
commonName = 3dg3.n3tw3rk.1ns3cur1ty.c0rp
|
||||
emailAddress = commodus@n3tw3rk.1ns3cur1ty.c0rp
|
||||
|
||||
[v3_ca]
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid:always,issuer
|
||||
basicConstraints = critical, CA:true
|
||||
keyUsage = critical, digitalSignature, cRLSign, keyCertSign
|
||||
|
||||
[v3_intermediate_ca]
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid:always,issuer
|
||||
basicConstraints = critical, CA:true, pathlen:0
|
||||
keyUsage = critical, digitalSignature, cRLSign, keyCertSign
|
||||
crlDistributionPoints = @crl_info
|
||||
authorityInfoAccess = @ocsp_info
|
||||
|
||||
[usr_cert]
|
||||
basicConstraints = CA:FALSE
|
||||
nsCertType = client, email
|
||||
nsComment = "n3tw3rk cl13nt c3rt1f1c4t3"
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid,issuer
|
||||
keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
|
||||
extendedKeyUsage = clientAuth, emailProtection
|
||||
|
||||
[server_cert]
|
||||
basicConstraints = CA:FALSE
|
||||
nsCertType = server
|
||||
nsComment = "n3tw3rk s3rv3r c3rt1f1c4t3"
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid,issuer:always
|
||||
keyUsage = critical, digitalSignature, keyEncipherment
|
||||
extendedKeyUsage = serverAuth
|
||||
|
||||
[crl_ext]
|
||||
authorityKeyIdentifier = keyid:always
|
||||
|
||||
[ocsp]
|
||||
basicConstraints = CA:FALSE
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid,issuer
|
||||
keyUsage = critical, digitalSignature
|
||||
extendedKeyUsage = critical, OCSPSigning
|
||||
|
||||
[alt_names]
|
||||
DNS.1 = 3dg3.n3tw3rk.1ns3cur1ty.c0rp
|
||||
DNS.2 = 3dg3
|
||||
IP.1 =
|
||||
|
||||
|
|
@ -0,0 +1,127 @@
|
|||
[ca]
|
||||
default_ca = CA_Intermediate
|
||||
|
||||
[CA_Intermediate]
|
||||
unique_subject = no
|
||||
dir = config/ssl/intermediate
|
||||
certs = $dir/certs
|
||||
crl_dir = $dir/crl
|
||||
new_certs_dir = $dir/newcerts
|
||||
database = $dir/index.txt
|
||||
serial = $dir/serial
|
||||
RANDFILE = $dir/private/.rand
|
||||
private_key = $dir/private/1nt3rm3d14t3.n3tw3rk.1ns3cur1ty.c0rp.key
|
||||
certificate = $dir/certs/1nt3rm3d14t3.n3tw3rk.1ns3cur1ty.c0rp.crt
|
||||
crlnumber = $dir/crlnumber
|
||||
crl = $dir/crl/1nt3rm3d14t3.n3tw3rk.1ns3cur1ty.c0rp.crl
|
||||
crl_extensions = crl_ext
|
||||
default_crl_days = 3650
|
||||
default_md = sha512
|
||||
name_opt = ca_default
|
||||
cert_opt = ca_default
|
||||
default_days = 825
|
||||
preserve = no
|
||||
policy = policy_loose
|
||||
|
||||
|
||||
[CA_default]
|
||||
dir = config/ssl/ca
|
||||
certs = $dir/certs
|
||||
crl_dir = $dir/crl
|
||||
new_certs_dir = $dir/newcerts
|
||||
database = $dir/index.txt
|
||||
serial = $dir/serial
|
||||
RANDFILE = $dir/private/.rand
|
||||
private_key = $dir/private/c4.n3tw3rk.1ns3cur1ty.c0rp.key
|
||||
certificate = $dir/certs/c4.n3tw3rk.1ns3cur1ty.c0rp.crt
|
||||
crlnumber = $dir/crlnumber
|
||||
crl = $dir/crl/c4.n3tw3rk.1ns3cur1ty.c0rp.crl
|
||||
crl_extensions = crl_ext
|
||||
default_crl_days = 3650
|
||||
default_md = sha512
|
||||
name_opt = ca_default
|
||||
cert_opt = ca_default
|
||||
default_days = 825
|
||||
preserve = no
|
||||
policy = policy_strict
|
||||
|
||||
[policy_strict]
|
||||
countryName = match
|
||||
stateOrProvinceName = match
|
||||
organizationName = match
|
||||
organizationalUnitName = optional
|
||||
commonName = supplied
|
||||
emailAddress = optional
|
||||
|
||||
[policy_loose]
|
||||
countryName = optional
|
||||
stateOrProvinceName = optional
|
||||
localityName = optional
|
||||
organizationName = optional
|
||||
organizationalUnitName = optional
|
||||
commonName = supplied
|
||||
emailAddress = optional
|
||||
|
||||
[req]
|
||||
prompt = no
|
||||
default_bits = 4096
|
||||
distinguished_name = req_distinguished_name
|
||||
string_mask = utf8only
|
||||
default_md = sha512
|
||||
x509_extensions = v3_ca
|
||||
|
||||
[req_distinguished_name]
|
||||
countryName = XY
|
||||
stateOrProvinceName = Nowhere
|
||||
localityName = Village
|
||||
0.organizationName = n3tw3rk
|
||||
organizationalUnitName = c3rt1f1c4t3 4uth0r1ty
|
||||
commonName = 3dg3.n3tw3rk.1ns3cur1ty.c0rp
|
||||
emailAddress = commodus@n3tw3rk.1ns3cur1ty.c0rp
|
||||
|
||||
[v3_ca]
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid:always,issuer
|
||||
basicConstraints = critical, CA:true
|
||||
keyUsage = critical, digitalSignature, cRLSign, keyCertSign
|
||||
|
||||
[v3_intermediate_ca]
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid:always,issuer
|
||||
basicConstraints = critical, CA:true, pathlen:0
|
||||
keyUsage = critical, digitalSignature, cRLSign, keyCertSign
|
||||
crlDistributionPoints = @crl_info
|
||||
authorityInfoAccess = @ocsp_info
|
||||
|
||||
[usr_cert]
|
||||
basicConstraints = CA:FALSE
|
||||
nsCertType = client, email
|
||||
nsComment = "n3tw3rk cl13nt c3rt1f1c4t3"
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid,issuer
|
||||
keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
|
||||
extendedKeyUsage = clientAuth, emailProtection
|
||||
|
||||
[server_cert]
|
||||
basicConstraints = CA:FALSE
|
||||
nsCertType = server
|
||||
nsComment = "n3tw3rk s3rv3r c3rt1f1c4t3"
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid,issuer:always
|
||||
keyUsage = critical, digitalSignature, keyEncipherment
|
||||
extendedKeyUsage = serverAuth
|
||||
|
||||
[crl_ext]
|
||||
authorityKeyIdentifier = keyid:always
|
||||
|
||||
[ocsp]
|
||||
basicConstraints = CA:FALSE
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid,issuer
|
||||
keyUsage = critical, digitalSignature
|
||||
extendedKeyUsage = critical, OCSPSigning
|
||||
|
||||
[alt_names]
|
||||
DNS.1 = 3dg3.n3tw3rk.1ns3cur1ty.c0rp
|
||||
DNS.2 = 3dg3
|
||||
IP.1 =
|
||||
|
|
@ -0,0 +1,128 @@
|
|||
[ca]
|
||||
default_ca = CA_Intermediate
|
||||
|
||||
[CA_Intermediate]
|
||||
unique_subject = no
|
||||
dir = config/ssl/intermediate
|
||||
certs = $dir/certs
|
||||
crl_dir = $dir/crl
|
||||
new_certs_dir = $dir/newcerts
|
||||
database = $dir/index.txt
|
||||
serial = $dir/serial
|
||||
RANDFILE = $dir/private/.rand
|
||||
private_key = $dir/private/1nt3rm3d14t3.n3tw3rk.1ns3cur1ty.c0rp.ed25519.key
|
||||
certificate = $dir/certs/1nt3rm3d14t3.n3tw3rk.1ns3cur1ty.c0rp.ed25519.crt
|
||||
crlnumber = $dir/crlnumber
|
||||
crl = $dir/crl/1nt3rm3d14t3.n3tw3rk.1ns3cur1ty.c0rp.ed25519.crl
|
||||
crl_extensions = crl_ext
|
||||
default_crl_days = 3650
|
||||
default_md = sha512
|
||||
name_opt = ca_default
|
||||
cert_opt = ca_default
|
||||
default_days = 825
|
||||
preserve = no
|
||||
policy = policy_loose
|
||||
|
||||
|
||||
[CA_default]
|
||||
dir = config/ssl/ca
|
||||
certs = $dir/certs
|
||||
crl_dir = $dir/crl
|
||||
new_certs_dir = $dir/newcerts
|
||||
database = $dir/index.txt
|
||||
serial = $dir/serial
|
||||
RANDFILE = $dir/private/.rand
|
||||
private_key = $dir/private/c4.n3tw3rk.1ns3cur1ty.c0rp.ed25519.key
|
||||
certificate = $dir/certs/c4.n3tw3rk.1ns3cur1ty.c0rp.ed25519.crt
|
||||
crlnumber = $dir/crlnumber
|
||||
crl = $dir/crl/c4.n3tw3rk.1ns3cur1ty.c0rp.ed25519.crl
|
||||
crl_extensions = crl_ext
|
||||
default_crl_days = 3650
|
||||
default_md = sha512
|
||||
name_opt = ca_default
|
||||
cert_opt = ca_default
|
||||
default_days = 825
|
||||
preserve = no
|
||||
policy = policy_strict
|
||||
|
||||
[policy_strict]
|
||||
countryName = match
|
||||
stateOrProvinceName = match
|
||||
organizationName = match
|
||||
organizationalUnitName = optional
|
||||
commonName = supplied
|
||||
emailAddress = optional
|
||||
|
||||
[policy_loose]
|
||||
countryName = optional
|
||||
stateOrProvinceName = optional
|
||||
localityName = optional
|
||||
organizationName = optional
|
||||
organizationalUnitName = optional
|
||||
commonName = supplied
|
||||
emailAddress = optional
|
||||
|
||||
[req]
|
||||
prompt = no
|
||||
default_bits = 4096
|
||||
distinguished_name = req_distinguished_name
|
||||
string_mask = utf8only
|
||||
default_md = sha512
|
||||
x509_extensions = v3_ca
|
||||
|
||||
[req_distinguished_name]
|
||||
countryName = XY
|
||||
stateOrProvinceName = Nowhere
|
||||
localityName = Village
|
||||
0.organizationName = n3tw3rk
|
||||
organizationalUnitName = c3rt1f1c4t3 4uth0r1ty
|
||||
commonName = g3n3r4l.n3tw3rk.1ns3cur1ty.c0rp
|
||||
emailAddress = commodus@n3tw3rk.1ns3cur1ty.c0rp
|
||||
|
||||
[v3_ca]
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid:always,issuer
|
||||
basicConstraints = critical, CA:true
|
||||
keyUsage = critical, digitalSignature, cRLSign, keyCertSign
|
||||
|
||||
[v3_intermediate_ca]
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid:always,issuer
|
||||
basicConstraints = critical, CA:true, pathlen:0
|
||||
keyUsage = critical, digitalSignature, cRLSign, keyCertSign
|
||||
crlDistributionPoints = @crl_info
|
||||
authorityInfoAccess = @ocsp_info
|
||||
|
||||
[usr_cert]
|
||||
basicConstraints = CA:FALSE
|
||||
nsCertType = client, email
|
||||
nsComment = "n3tw3rk cl13nt c3rt1f1c4t3"
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid,issuer
|
||||
keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
|
||||
extendedKeyUsage = clientAuth, emailProtection
|
||||
|
||||
[server_cert]
|
||||
basicConstraints = CA:FALSE
|
||||
nsCertType = server
|
||||
nsComment = "n3tw3rk s3rv3r c3rt1f1c4t3"
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid,issuer:always
|
||||
keyUsage = critical, digitalSignature, keyEncipherment
|
||||
extendedKeyUsage = serverAuth
|
||||
|
||||
[crl_ext]
|
||||
authorityKeyIdentifier = keyid:always
|
||||
|
||||
[ocsp]
|
||||
basicConstraints = CA:FALSE
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid,issuer
|
||||
keyUsage = critical, digitalSignature
|
||||
extendedKeyUsage = critical, OCSPSigning
|
||||
|
||||
[alt_names]
|
||||
DNS.1 = g3n3r4l.n3tw3rk.1ns3cur1ty.c0rp
|
||||
DNS.2 = g3n3r4l
|
||||
IP.1 =
|
||||
|
||||
|
|
@ -0,0 +1,128 @@
|
|||
[ca]
|
||||
default_ca = CA_Intermediate
|
||||
|
||||
[CA_Intermediate]
|
||||
unique_subject = no
|
||||
dir = config/ssl/intermediate
|
||||
certs = $dir/certs
|
||||
crl_dir = $dir/crl
|
||||
new_certs_dir = $dir/newcerts
|
||||
database = $dir/index.txt
|
||||
serial = $dir/serial
|
||||
RANDFILE = $dir/private/.rand
|
||||
private_key = $dir/private/1nt3rm3d14t3.n3tw3rk.1ns3cur1ty.c0rp.ed448.key
|
||||
certificate = $dir/certs/1nt3rm3d14t3.n3tw3rk.1ns3cur1ty.c0rp.ed448.crt
|
||||
crlnumber = $dir/crlnumber
|
||||
crl = $dir/crl/1nt3rm3d14t3.n3tw3rk.1ns3cur1ty.c0rp.ed448.crl
|
||||
crl_extensions = crl_ext
|
||||
default_crl_days = 3650
|
||||
default_md = sha512
|
||||
name_opt = ca_default
|
||||
cert_opt = ca_default
|
||||
default_days = 825
|
||||
preserve = no
|
||||
policy = policy_loose
|
||||
|
||||
|
||||
[CA_default]
|
||||
dir = config/ssl/ca
|
||||
certs = $dir/certs
|
||||
crl_dir = $dir/crl
|
||||
new_certs_dir = $dir/newcerts
|
||||
database = $dir/index.txt
|
||||
serial = $dir/serial
|
||||
RANDFILE = $dir/private/.rand
|
||||
private_key = $dir/private/c4.n3tw3rk.1ns3cur1ty.c0rp.ed448.key
|
||||
certificate = $dir/certs/c4.n3tw3rk.1ns3cur1ty.c0rp.ed448.crt
|
||||
crlnumber = $dir/crlnumber
|
||||
crl = $dir/crl/c4.n3tw3rk.1ns3cur1ty.c0rp.ed448.crl
|
||||
crl_extensions = crl_ext
|
||||
default_crl_days = 3650
|
||||
default_md = sha512
|
||||
name_opt = ca_default
|
||||
cert_opt = ca_default
|
||||
default_days = 825
|
||||
preserve = no
|
||||
policy = policy_strict
|
||||
|
||||
[policy_strict]
|
||||
countryName = match
|
||||
stateOrProvinceName = match
|
||||
organizationName = match
|
||||
organizationalUnitName = optional
|
||||
commonName = supplied
|
||||
emailAddress = optional
|
||||
|
||||
[policy_loose]
|
||||
countryName = optional
|
||||
stateOrProvinceName = optional
|
||||
localityName = optional
|
||||
organizationName = optional
|
||||
organizationalUnitName = optional
|
||||
commonName = supplied
|
||||
emailAddress = optional
|
||||
|
||||
[req]
|
||||
prompt = no
|
||||
default_bits = 4096
|
||||
distinguished_name = req_distinguished_name
|
||||
string_mask = utf8only
|
||||
default_md = sha512
|
||||
x509_extensions = v3_ca
|
||||
|
||||
[req_distinguished_name]
|
||||
countryName = XY
|
||||
stateOrProvinceName = Nowhere
|
||||
localityName = Village
|
||||
0.organizationName = n3tw3rk
|
||||
organizationalUnitName = c3rt1f1c4t3 4uth0r1ty
|
||||
commonName = g3n3r4l.n3tw3rk.1ns3cur1ty.c0rp
|
||||
emailAddress = commodus@n3tw3rk.1ns3cur1ty.c0rp
|
||||
|
||||
[v3_ca]
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid:always,issuer
|
||||
basicConstraints = critical, CA:true
|
||||
keyUsage = critical, digitalSignature, cRLSign, keyCertSign
|
||||
|
||||
[v3_intermediate_ca]
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid:always,issuer
|
||||
basicConstraints = critical, CA:true, pathlen:0
|
||||
keyUsage = critical, digitalSignature, cRLSign, keyCertSign
|
||||
crlDistributionPoints = @crl_info
|
||||
authorityInfoAccess = @ocsp_info
|
||||
|
||||
[usr_cert]
|
||||
basicConstraints = CA:FALSE
|
||||
nsCertType = client, email
|
||||
nsComment = "n3tw3rk cl13nt c3rt1f1c4t3"
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid,issuer
|
||||
keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
|
||||
extendedKeyUsage = clientAuth, emailProtection
|
||||
|
||||
[server_cert]
|
||||
basicConstraints = CA:FALSE
|
||||
nsCertType = server
|
||||
nsComment = "n3tw3rk s3rv3r c3rt1f1c4t3"
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid,issuer:always
|
||||
keyUsage = critical, digitalSignature, keyEncipherment
|
||||
extendedKeyUsage = serverAuth
|
||||
|
||||
[crl_ext]
|
||||
authorityKeyIdentifier = keyid:always
|
||||
|
||||
[ocsp]
|
||||
basicConstraints = CA:FALSE
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid,issuer
|
||||
keyUsage = critical, digitalSignature
|
||||
extendedKeyUsage = critical, OCSPSigning
|
||||
|
||||
[alt_names]
|
||||
DNS.1 = g3n3r4l.n3tw3rk.1ns3cur1ty.c0rp
|
||||
DNS.2 = g3n3r4l
|
||||
IP.1 =
|
||||
|
||||
|
|
@ -0,0 +1,127 @@
|
|||
[ca]
|
||||
default_ca = CA_Intermediate
|
||||
|
||||
[CA_Intermediate]
|
||||
unique_subject = no
|
||||
dir = config/ssl/intermediate
|
||||
certs = $dir/certs
|
||||
crl_dir = $dir/crl
|
||||
new_certs_dir = $dir/newcerts
|
||||
database = $dir/index.txt
|
||||
serial = $dir/serial
|
||||
RANDFILE = $dir/private/.rand
|
||||
private_key = $dir/private/1nt3rm3d14t3.n3tw3rk.1ns3cur1ty.c0rp.key
|
||||
certificate = $dir/certs/1nt3rm3d14t3.n3tw3rk.1ns3cur1ty.c0rp.crt
|
||||
crlnumber = $dir/crlnumber
|
||||
crl = $dir/crl/1nt3rm3d14t3.n3tw3rk.1ns3cur1ty.c0rp.crl
|
||||
crl_extensions = crl_ext
|
||||
default_crl_days = 3650
|
||||
default_md = sha512
|
||||
name_opt = ca_default
|
||||
cert_opt = ca_default
|
||||
default_days = 825
|
||||
preserve = no
|
||||
policy = policy_loose
|
||||
|
||||
|
||||
[CA_default]
|
||||
dir = config/ssl/ca
|
||||
certs = $dir/certs
|
||||
crl_dir = $dir/crl
|
||||
new_certs_dir = $dir/newcerts
|
||||
database = $dir/index.txt
|
||||
serial = $dir/serial
|
||||
RANDFILE = $dir/private/.rand
|
||||
private_key = $dir/private/c4.n3tw3rk.1ns3cur1ty.c0rp.key
|
||||
certificate = $dir/certs/c4.n3tw3rk.1ns3cur1ty.c0rp.crt
|
||||
crlnumber = $dir/crlnumber
|
||||
crl = $dir/crl/c4.n3tw3rk.1ns3cur1ty.c0rp.crl
|
||||
crl_extensions = crl_ext
|
||||
default_crl_days = 3650
|
||||
default_md = sha512
|
||||
name_opt = ca_default
|
||||
cert_opt = ca_default
|
||||
default_days = 825
|
||||
preserve = no
|
||||
policy = policy_strict
|
||||
|
||||
[policy_strict]
|
||||
countryName = match
|
||||
stateOrProvinceName = match
|
||||
organizationName = match
|
||||
organizationalUnitName = optional
|
||||
commonName = supplied
|
||||
emailAddress = optional
|
||||
|
||||
[policy_loose]
|
||||
countryName = optional
|
||||
stateOrProvinceName = optional
|
||||
localityName = optional
|
||||
organizationName = optional
|
||||
organizationalUnitName = optional
|
||||
commonName = supplied
|
||||
emailAddress = optional
|
||||
|
||||
[req]
|
||||
prompt = no
|
||||
default_bits = 4096
|
||||
distinguished_name = req_distinguished_name
|
||||
string_mask = utf8only
|
||||
default_md = sha512
|
||||
x509_extensions = v3_ca
|
||||
|
||||
[req_distinguished_name]
|
||||
countryName = XY
|
||||
stateOrProvinceName = Nowhere
|
||||
localityName = Village
|
||||
0.organizationName = n3tw3rk
|
||||
organizationalUnitName = c3rt1f1c4t3 4uth0r1ty
|
||||
commonName = _.n3tw3rk.1ns3cur1ty.c0rp
|
||||
emailAddress = commodus@n3tw3rk.1ns3cur1ty.c0rp
|
||||
|
||||
[v3_ca]
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid:always,issuer
|
||||
basicConstraints = critical, CA:true
|
||||
keyUsage = critical, digitalSignature, cRLSign, keyCertSign
|
||||
|
||||
[v3_intermediate_ca]
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid:always,issuer
|
||||
basicConstraints = critical, CA:true, pathlen:0
|
||||
keyUsage = critical, digitalSignature, cRLSign, keyCertSign
|
||||
crlDistributionPoints = @crl_info
|
||||
authorityInfoAccess = @ocsp_info
|
||||
|
||||
[usr_cert]
|
||||
basicConstraints = CA:FALSE
|
||||
nsCertType = client, email
|
||||
nsComment = "n3tw3rk cl13nt c3rt1f1c4t3"
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid,issuer
|
||||
keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
|
||||
extendedKeyUsage = clientAuth, emailProtection
|
||||
|
||||
[server_cert]
|
||||
basicConstraints = CA:FALSE
|
||||
nsCertType = server
|
||||
nsComment = "n3tw3rk s3rv3r c3rt1f1c4t3"
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid,issuer:always
|
||||
keyUsage = critical, digitalSignature, keyEncipherment
|
||||
extendedKeyUsage = serverAuth
|
||||
|
||||
[crl_ext]
|
||||
authorityKeyIdentifier = keyid:always
|
||||
|
||||
[ocsp]
|
||||
basicConstraints = CA:FALSE
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid,issuer
|
||||
keyUsage = critical, digitalSignature
|
||||
extendedKeyUsage = critical, OCSPSigning
|
||||
|
||||
[alt_names]
|
||||
DNS.1 = _.n3tw3rk.1ns3cur1ty.c0rp
|
||||
DNS.2 = _
|
||||
IP.1 =
|
||||
|
|
@ -0,0 +1,128 @@
|
|||
[ca]
|
||||
default_ca = CA_Intermediate
|
||||
|
||||
[CA_Intermediate]
|
||||
unique_subject = no
|
||||
dir = config/ssl/intermediate
|
||||
certs = $dir/certs
|
||||
crl_dir = $dir/crl
|
||||
new_certs_dir = $dir/newcerts
|
||||
database = $dir/index.txt
|
||||
serial = $dir/serial
|
||||
RANDFILE = $dir/private/.rand
|
||||
private_key = $dir/private/1nt3rm3d14t3.n3tw3rk.1ns3cur1ty.c0rp.ed25519.key
|
||||
certificate = $dir/certs/1nt3rm3d14t3.n3tw3rk.1ns3cur1ty.c0rp.ed25519.crt
|
||||
crlnumber = $dir/crlnumber
|
||||
crl = $dir/crl/1nt3rm3d14t3.n3tw3rk.1ns3cur1ty.c0rp.ed25519.crl
|
||||
crl_extensions = crl_ext
|
||||
default_crl_days = 3650
|
||||
default_md = sha512
|
||||
name_opt = ca_default
|
||||
cert_opt = ca_default
|
||||
default_days = 825
|
||||
preserve = no
|
||||
policy = policy_loose
|
||||
|
||||
|
||||
[CA_default]
|
||||
dir = config/ssl/ca
|
||||
certs = $dir/certs
|
||||
crl_dir = $dir/crl
|
||||
new_certs_dir = $dir/newcerts
|
||||
database = $dir/index.txt
|
||||
serial = $dir/serial
|
||||
RANDFILE = $dir/private/.rand
|
||||
private_key = $dir/private/c4.n3tw3rk.1ns3cur1ty.c0rp.ed25519.key
|
||||
certificate = $dir/certs/c4.n3tw3rk.1ns3cur1ty.c0rp.ed25519.crt
|
||||
crlnumber = $dir/crlnumber
|
||||
crl = $dir/crl/c4.n3tw3rk.1ns3cur1ty.c0rp.ed25519.crl
|
||||
crl_extensions = crl_ext
|
||||
default_crl_days = 3650
|
||||
default_md = sha512
|
||||
name_opt = ca_default
|
||||
cert_opt = ca_default
|
||||
default_days = 825
|
||||
preserve = no
|
||||
policy = policy_strict
|
||||
|
||||
[policy_strict]
|
||||
countryName = match
|
||||
stateOrProvinceName = match
|
||||
organizationName = match
|
||||
organizationalUnitName = optional
|
||||
commonName = supplied
|
||||
emailAddress = optional
|
||||
|
||||
[policy_loose]
|
||||
countryName = optional
|
||||
stateOrProvinceName = optional
|
||||
localityName = optional
|
||||
organizationName = optional
|
||||
organizationalUnitName = optional
|
||||
commonName = supplied
|
||||
emailAddress = optional
|
||||
|
||||
[req]
|
||||
prompt = no
|
||||
default_bits = 4096
|
||||
distinguished_name = req_distinguished_name
|
||||
string_mask = utf8only
|
||||
default_md = sha512
|
||||
x509_extensions = v3_ca
|
||||
|
||||
[req_distinguished_name]
|
||||
countryName = XY
|
||||
stateOrProvinceName = Nowhere
|
||||
localityName = Village
|
||||
0.organizationName = n3tw3rk
|
||||
organizationalUnitName = c3rt1f1c4t3 4uth0r1ty
|
||||
commonName = h0pm.n3tw3rk.1ns3cur1ty.c0rp
|
||||
emailAddress = commodus@n3tw3rk.1ns3cur1ty.c0rp
|
||||
|
||||
[v3_ca]
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid:always,issuer
|
||||
basicConstraints = critical, CA:true
|
||||
keyUsage = critical, digitalSignature, cRLSign, keyCertSign
|
||||
|
||||
[v3_intermediate_ca]
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid:always,issuer
|
||||
basicConstraints = critical, CA:true, pathlen:0
|
||||
keyUsage = critical, digitalSignature, cRLSign, keyCertSign
|
||||
crlDistributionPoints = @crl_info
|
||||
authorityInfoAccess = @ocsp_info
|
||||
|
||||
[usr_cert]
|
||||
basicConstraints = CA:FALSE
|
||||
nsCertType = client, email
|
||||
nsComment = "n3tw3rk cl13nt c3rt1f1c4t3"
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid,issuer
|
||||
keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
|
||||
extendedKeyUsage = clientAuth, emailProtection
|
||||
|
||||
[server_cert]
|
||||
basicConstraints = CA:FALSE
|
||||
nsCertType = server
|
||||
nsComment = "n3tw3rk s3rv3r c3rt1f1c4t3"
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid,issuer:always
|
||||
keyUsage = critical, digitalSignature, keyEncipherment
|
||||
extendedKeyUsage = serverAuth
|
||||
|
||||
[crl_ext]
|
||||
authorityKeyIdentifier = keyid:always
|
||||
|
||||
[ocsp]
|
||||
basicConstraints = CA:FALSE
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid,issuer
|
||||
keyUsage = critical, digitalSignature
|
||||
extendedKeyUsage = critical, OCSPSigning
|
||||
|
||||
[alt_names]
|
||||
DNS.1 = h0pm.n3tw3rk.1ns3cur1ty.c0rp
|
||||
DNS.2 = h0pm
|
||||
IP.1 =
|
||||
|
||||
|
|
@ -0,0 +1,128 @@
|
|||
[ca]
|
||||
default_ca = CA_Intermediate
|
||||
|
||||
[CA_Intermediate]
|
||||
unique_subject = no
|
||||
dir = config/ssl/intermediate
|
||||
certs = $dir/certs
|
||||
crl_dir = $dir/crl
|
||||
new_certs_dir = $dir/newcerts
|
||||
database = $dir/index.txt
|
||||
serial = $dir/serial
|
||||
RANDFILE = $dir/private/.rand
|
||||
private_key = $dir/private/1nt3rm3d14t3.n3tw3rk.1ns3cur1ty.c0rp.ed448.key
|
||||
certificate = $dir/certs/1nt3rm3d14t3.n3tw3rk.1ns3cur1ty.c0rp.ed448.crt
|
||||
crlnumber = $dir/crlnumber
|
||||
crl = $dir/crl/1nt3rm3d14t3.n3tw3rk.1ns3cur1ty.c0rp.ed448.crl
|
||||
crl_extensions = crl_ext
|
||||
default_crl_days = 3650
|
||||
default_md = sha512
|
||||
name_opt = ca_default
|
||||
cert_opt = ca_default
|
||||
default_days = 825
|
||||
preserve = no
|
||||
policy = policy_loose
|
||||
|
||||
|
||||
[CA_default]
|
||||
dir = config/ssl/ca
|
||||
certs = $dir/certs
|
||||
crl_dir = $dir/crl
|
||||
new_certs_dir = $dir/newcerts
|
||||
database = $dir/index.txt
|
||||
serial = $dir/serial
|
||||
RANDFILE = $dir/private/.rand
|
||||
private_key = $dir/private/c4.n3tw3rk.1ns3cur1ty.c0rp.ed448.key
|
||||
certificate = $dir/certs/c4.n3tw3rk.1ns3cur1ty.c0rp.ed448.crt
|
||||
crlnumber = $dir/crlnumber
|
||||
crl = $dir/crl/c4.n3tw3rk.1ns3cur1ty.c0rp.ed448.crl
|
||||
crl_extensions = crl_ext
|
||||
default_crl_days = 3650
|
||||
default_md = sha512
|
||||
name_opt = ca_default
|
||||
cert_opt = ca_default
|
||||
default_days = 825
|
||||
preserve = no
|
||||
policy = policy_strict
|
||||
|
||||
[policy_strict]
|
||||
countryName = match
|
||||
stateOrProvinceName = match
|
||||
organizationName = match
|
||||
organizationalUnitName = optional
|
||||
commonName = supplied
|
||||
emailAddress = optional
|
||||
|
||||
[policy_loose]
|
||||
countryName = optional
|
||||
stateOrProvinceName = optional
|
||||
localityName = optional
|
||||
organizationName = optional
|
||||
organizationalUnitName = optional
|
||||
commonName = supplied
|
||||
emailAddress = optional
|
||||
|
||||
[req]
|
||||
prompt = no
|
||||
default_bits = 4096
|
||||
distinguished_name = req_distinguished_name
|
||||
string_mask = utf8only
|
||||
default_md = sha512
|
||||
x509_extensions = v3_ca
|
||||
|
||||
[req_distinguished_name]
|
||||
countryName = XY
|
||||
stateOrProvinceName = Nowhere
|
||||
localityName = Village
|
||||
0.organizationName = n3tw3rk
|
||||
organizationalUnitName = c3rt1f1c4t3 4uth0r1ty
|
||||
commonName = h0pm.n3tw3rk.1ns3cur1ty.c0rp
|
||||
emailAddress = commodus@n3tw3rk.1ns3cur1ty.c0rp
|
||||
|
||||
[v3_ca]
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid:always,issuer
|
||||
basicConstraints = critical, CA:true
|
||||
keyUsage = critical, digitalSignature, cRLSign, keyCertSign
|
||||
|
||||
[v3_intermediate_ca]
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid:always,issuer
|
||||
basicConstraints = critical, CA:true, pathlen:0
|
||||
keyUsage = critical, digitalSignature, cRLSign, keyCertSign
|
||||
crlDistributionPoints = @crl_info
|
||||
authorityInfoAccess = @ocsp_info
|
||||
|
||||
[usr_cert]
|
||||
basicConstraints = CA:FALSE
|
||||
nsCertType = client, email
|
||||
nsComment = "n3tw3rk cl13nt c3rt1f1c4t3"
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid,issuer
|
||||
keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
|
||||
extendedKeyUsage = clientAuth, emailProtection
|
||||
|
||||
[server_cert]
|
||||
basicConstraints = CA:FALSE
|
||||
nsCertType = server
|
||||
nsComment = "n3tw3rk s3rv3r c3rt1f1c4t3"
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid,issuer:always
|
||||
keyUsage = critical, digitalSignature, keyEncipherment
|
||||
extendedKeyUsage = serverAuth
|
||||
|
||||
[crl_ext]
|
||||
authorityKeyIdentifier = keyid:always
|
||||
|
||||
[ocsp]
|
||||
basicConstraints = CA:FALSE
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid,issuer
|
||||
keyUsage = critical, digitalSignature
|
||||
extendedKeyUsage = critical, OCSPSigning
|
||||
|
||||
[alt_names]
|
||||
DNS.1 = h0pm.n3tw3rk.1ns3cur1ty.c0rp
|
||||
DNS.2 = h0pm
|
||||
IP.1 =
|
||||
|
||||
|
|
@ -0,0 +1,127 @@
|
|||
[ca]
|
||||
default_ca = CA_Intermediate
|
||||
|
||||
[CA_Intermediate]
|
||||
unique_subject = no
|
||||
dir = config/ssl/intermediate
|
||||
certs = $dir/certs
|
||||
crl_dir = $dir/crl
|
||||
new_certs_dir = $dir/newcerts
|
||||
database = $dir/index.txt
|
||||
serial = $dir/serial
|
||||
RANDFILE = $dir/private/.rand
|
||||
private_key = $dir/private/1nt3rm3d14t3.n3tw3rk.1ns3cur1ty.c0rp.key
|
||||
certificate = $dir/certs/1nt3rm3d14t3.n3tw3rk.1ns3cur1ty.c0rp.crt
|
||||
crlnumber = $dir/crlnumber
|
||||
crl = $dir/crl/1nt3rm3d14t3.n3tw3rk.1ns3cur1ty.c0rp.crl
|
||||
crl_extensions = crl_ext
|
||||
default_crl_days = 3650
|
||||
default_md = sha512
|
||||
name_opt = ca_default
|
||||
cert_opt = ca_default
|
||||
default_days = 825
|
||||
preserve = no
|
||||
policy = policy_loose
|
||||
|
||||
|
||||
[CA_default]
|
||||
dir = config/ssl/ca
|
||||
certs = $dir/certs
|
||||
crl_dir = $dir/crl
|
||||
new_certs_dir = $dir/newcerts
|
||||
database = $dir/index.txt
|
||||
serial = $dir/serial
|
||||
RANDFILE = $dir/private/.rand
|
||||
private_key = $dir/private/c4.n3tw3rk.1ns3cur1ty.c0rp.key
|
||||
certificate = $dir/certs/c4.n3tw3rk.1ns3cur1ty.c0rp.crt
|
||||
crlnumber = $dir/crlnumber
|
||||
crl = $dir/crl/c4.n3tw3rk.1ns3cur1ty.c0rp.crl
|
||||
crl_extensions = crl_ext
|
||||
default_crl_days = 3650
|
||||
default_md = sha512
|
||||
name_opt = ca_default
|
||||
cert_opt = ca_default
|
||||
default_days = 825
|
||||
preserve = no
|
||||
policy = policy_strict
|
||||
|
||||
[policy_strict]
|
||||
countryName = match
|
||||
stateOrProvinceName = match
|
||||
organizationName = match
|
||||
organizationalUnitName = optional
|
||||
commonName = supplied
|
||||
emailAddress = optional
|
||||
|
||||
[policy_loose]
|
||||
countryName = optional
|
||||
stateOrProvinceName = optional
|
||||
localityName = optional
|
||||
organizationName = optional
|
||||
organizationalUnitName = optional
|
||||
commonName = supplied
|
||||
emailAddress = optional
|
||||
|
||||
[req]
|
||||
prompt = no
|
||||
default_bits = 4096
|
||||
distinguished_name = req_distinguished_name
|
||||
string_mask = utf8only
|
||||
default_md = sha512
|
||||
x509_extensions = v3_ca
|
||||
|
||||
[req_distinguished_name]
|
||||
countryName = XY
|
||||
stateOrProvinceName = Nowhere
|
||||
localityName = Village
|
||||
0.organizationName = n3tw3rk
|
||||
organizationalUnitName = c3rt1f1c4t3 4uth0r1ty
|
||||
commonName = h0pm.n3tw3rk.1ns3cur1ty.c0rp
|
||||
emailAddress = commodus@n3tw3rk.1ns3cur1ty.c0rp
|
||||
|
||||
[v3_ca]
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid:always,issuer
|
||||
basicConstraints = critical, CA:true
|
||||
keyUsage = critical, digitalSignature, cRLSign, keyCertSign
|
||||
|
||||
[v3_intermediate_ca]
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid:always,issuer
|
||||
basicConstraints = critical, CA:true, pathlen:0
|
||||
keyUsage = critical, digitalSignature, cRLSign, keyCertSign
|
||||
crlDistributionPoints = @crl_info
|
||||
authorityInfoAccess = @ocsp_info
|
||||
|
||||
[usr_cert]
|
||||
basicConstraints = CA:FALSE
|
||||
nsCertType = client, email
|
||||
nsComment = "n3tw3rk cl13nt c3rt1f1c4t3"
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid,issuer
|
||||
keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
|
||||
extendedKeyUsage = clientAuth, emailProtection
|
||||
|
||||
[server_cert]
|
||||
basicConstraints = CA:FALSE
|
||||
nsCertType = server
|
||||
nsComment = "n3tw3rk s3rv3r c3rt1f1c4t3"
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid,issuer:always
|
||||
keyUsage = critical, digitalSignature, keyEncipherment
|
||||
extendedKeyUsage = serverAuth
|
||||
|
||||
[crl_ext]
|
||||
authorityKeyIdentifier = keyid:always
|
||||
|
||||
[ocsp]
|
||||
basicConstraints = CA:FALSE
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid,issuer
|
||||
keyUsage = critical, digitalSignature
|
||||
extendedKeyUsage = critical, OCSPSigning
|
||||
|
||||
[alt_names]
|
||||
DNS.1 = h0pm.n3tw3rk.1ns3cur1ty.c0rp
|
||||
DNS.2 = h0pm
|
||||
IP.1 =
|
||||
|
|
@ -0,0 +1,136 @@
|
|||
[ca]
|
||||
default_ca = CA_Intermediate
|
||||
|
||||
[CA_Intermediate]
|
||||
unique_subject = no
|
||||
dir = config/ssl/intermediate
|
||||
certs = $dir/certs
|
||||
crl_dir = $dir/crl
|
||||
new_certs_dir = $dir/newcerts
|
||||
database = $dir/index.txt
|
||||
serial = $dir/serial
|
||||
RANDFILE = $dir/private/.rand
|
||||
private_key = $dir/private/1nt3rm3d14t3.n3tw3rk.1ns3cur1ty.c0rp.ed25519.key
|
||||
certificate = $dir/certs/1nt3rm3d14t3.n3tw3rk.1ns3cur1ty.c0rp.ed25519.crt
|
||||
crlnumber = $dir/crlnumber
|
||||
crl = $dir/crl/1nt3rm3d14t3.n3tw3rk.1ns3cur1ty.c0rp.ed25519.crl
|
||||
crl_extensions = crl_ext
|
||||
default_crl_days = 3650
|
||||
default_md = sha512
|
||||
name_opt = ca_default
|
||||
cert_opt = ca_default
|
||||
default_days = 825
|
||||
preserve = no
|
||||
policy = policy_loose
|
||||
|
||||
|
||||
[CA_default]
|
||||
dir = config/ssl/ca
|
||||
certs = $dir/certs
|
||||
crl_dir = $dir/crl
|
||||
new_certs_dir = $dir/newcerts
|
||||
database = $dir/index.txt
|
||||
serial = $dir/serial
|
||||
RANDFILE = $dir/private/.rand
|
||||
private_key = $dir/private/c4.n3tw3rk.1ns3cur1ty.c0rp.ed25519.key
|
||||
certificate = $dir/certs/c4.n3tw3rk.1ns3cur1ty.c0rp.ed25519.crt
|
||||
crlnumber = $dir/crlnumber
|
||||
crl = $dir/crl/c4.n3tw3rk.1ns3cur1ty.c0rp.ed25519.crl
|
||||
crl_extensions = crl_ext
|
||||
default_crl_days = 3650
|
||||
default_md = sha512
|
||||
name_opt = ca_default
|
||||
cert_opt = ca_default
|
||||
default_days = 825
|
||||
preserve = no
|
||||
policy = policy_strict
|
||||
|
||||
[policy_strict]
|
||||
countryName = match
|
||||
stateOrProvinceName = match
|
||||
organizationName = match
|
||||
organizationalUnitName = optional
|
||||
commonName = supplied
|
||||
emailAddress = optional
|
||||
|
||||
[policy_loose]
|
||||
countryName = optional
|
||||
stateOrProvinceName = optional
|
||||
localityName = optional
|
||||
organizationName = optional
|
||||
organizationalUnitName = optional
|
||||
commonName = supplied
|
||||
emailAddress = optional
|
||||
|
||||
[req]
|
||||
prompt = no
|
||||
default_bits = 4096
|
||||
distinguished_name = req_distinguished_name
|
||||
string_mask = utf8only
|
||||
default_md = sha512
|
||||
x509_extensions = v3_ca
|
||||
|
||||
[req_distinguished_name]
|
||||
countryName = XY
|
||||
stateOrProvinceName = Nowhere
|
||||
localityName = Village
|
||||
0.organizationName = n3tw3rk
|
||||
organizationalUnitName = c3rt1f1c4t3 4uth0r1ty
|
||||
commonName = hub.n3tw3rk.1ns3cur1ty.c0rp
|
||||
emailAddress = commodus@n3tw3rk.1ns3cur1ty.c0rp
|
||||
|
||||
[v3_ca]
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid:always,issuer
|
||||
basicConstraints = critical, CA:true
|
||||
keyUsage = critical, digitalSignature, cRLSign, keyCertSign
|
||||
|
||||
[v3_intermediate_ca]
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid:always,issuer
|
||||
basicConstraints = critical, CA:true, pathlen:0
|
||||
keyUsage = critical, digitalSignature, cRLSign, keyCertSign
|
||||
crlDistributionPoints = @crl_info
|
||||
authorityInfoAccess = @ocsp_info
|
||||
|
||||
[usr_cert]
|
||||
basicConstraints = CA:FALSE
|
||||
nsCertType = client, email
|
||||
nsComment = "n3tw3rk cl13nt c3rt1f1c4t3"
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid,issuer
|
||||
keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
|
||||
extendedKeyUsage = clientAuth, emailProtection
|
||||
|
||||
[server_cert]
|
||||
basicConstraints = CA:FALSE
|
||||
nsCertType = server
|
||||
nsComment = "n3tw3rk s3rv3r c3rt1f1c4t3"
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid,issuer:always
|
||||
keyUsage = critical, digitalSignature, keyEncipherment
|
||||
extendedKeyUsage = serverAuth
|
||||
|
||||
[crl_ext]
|
||||
authorityKeyIdentifier = keyid:always
|
||||
|
||||
[ocsp]
|
||||
basicConstraints = CA:FALSE
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid,issuer
|
||||
keyUsage = critical, digitalSignature
|
||||
extendedKeyUsage = critical, OCSPSigning
|
||||
|
||||
[alt_names]
|
||||
DNS.1 = hub.n3tw3rk.1ns3cur1ty.c0rp
|
||||
DNS.2 = hub
|
||||
IP.1 = 100.64.0.2
|
||||
IP.2 = 100.64.64.2
|
||||
IP.3 = 100.64.64.10
|
||||
IP.4 = 100.64.64.18
|
||||
IP.5 = 100.64.64.26
|
||||
IP.6 = 100.64.64.34
|
||||
IP.7 = 100.64.64.32
|
||||
IP.8 = 100.64.64.50
|
||||
IP.9 = 100.64.64.58
|
||||
|
||||
|
|
@ -0,0 +1,136 @@
|
|||
[ca]
|
||||
default_ca = CA_Intermediate
|
||||
|
||||
[CA_Intermediate]
|
||||
unique_subject = no
|
||||
dir = config/ssl/intermediate
|
||||
certs = $dir/certs
|
||||
crl_dir = $dir/crl
|
||||
new_certs_dir = $dir/newcerts
|
||||
database = $dir/index.txt
|
||||
serial = $dir/serial
|
||||
RANDFILE = $dir/private/.rand
|
||||
private_key = $dir/private/1nt3rm3d14t3.n3tw3rk.1ns3cur1ty.c0rp.ed448.key
|
||||
certificate = $dir/certs/1nt3rm3d14t3.n3tw3rk.1ns3cur1ty.c0rp.ed448.crt
|
||||
crlnumber = $dir/crlnumber
|
||||
crl = $dir/crl/1nt3rm3d14t3.n3tw3rk.1ns3cur1ty.c0rp.ed448.crl
|
||||
crl_extensions = crl_ext
|
||||
default_crl_days = 3650
|
||||
default_md = sha512
|
||||
name_opt = ca_default
|
||||
cert_opt = ca_default
|
||||
default_days = 825
|
||||
preserve = no
|
||||
policy = policy_loose
|
||||
|
||||
|
||||
[CA_default]
|
||||
dir = config/ssl/ca
|
||||
certs = $dir/certs
|
||||
crl_dir = $dir/crl
|
||||
new_certs_dir = $dir/newcerts
|
||||
database = $dir/index.txt
|
||||
serial = $dir/serial
|
||||
RANDFILE = $dir/private/.rand
|
||||
private_key = $dir/private/c4.n3tw3rk.1ns3cur1ty.c0rp.ed448.key
|
||||
certificate = $dir/certs/c4.n3tw3rk.1ns3cur1ty.c0rp.ed448.crt
|
||||
crlnumber = $dir/crlnumber
|
||||
crl = $dir/crl/c4.n3tw3rk.1ns3cur1ty.c0rp.ed448.crl
|
||||
crl_extensions = crl_ext
|
||||
default_crl_days = 3650
|
||||
default_md = sha512
|
||||
name_opt = ca_default
|
||||
cert_opt = ca_default
|
||||
default_days = 825
|
||||
preserve = no
|
||||
policy = policy_strict
|
||||
|
||||
[policy_strict]
|
||||
countryName = match
|
||||
stateOrProvinceName = match
|
||||
organizationName = match
|
||||
organizationalUnitName = optional
|
||||
commonName = supplied
|
||||
emailAddress = optional
|
||||
|
||||
[policy_loose]
|
||||
countryName = optional
|
||||
stateOrProvinceName = optional
|
||||
localityName = optional
|
||||
organizationName = optional
|
||||
organizationalUnitName = optional
|
||||
commonName = supplied
|
||||
emailAddress = optional
|
||||
|
||||
[req]
|
||||
prompt = no
|
||||
default_bits = 4096
|
||||
distinguished_name = req_distinguished_name
|
||||
string_mask = utf8only
|
||||
default_md = sha512
|
||||
x509_extensions = v3_ca
|
||||
|
||||
[req_distinguished_name]
|
||||
countryName = XY
|
||||
stateOrProvinceName = Nowhere
|
||||
localityName = Village
|
||||
0.organizationName = n3tw3rk
|
||||
organizationalUnitName = c3rt1f1c4t3 4uth0r1ty
|
||||
commonName = hub.n3tw3rk.1ns3cur1ty.c0rp
|
||||
emailAddress = commodus@n3tw3rk.1ns3cur1ty.c0rp
|
||||
|
||||
[v3_ca]
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid:always,issuer
|
||||
basicConstraints = critical, CA:true
|
||||
keyUsage = critical, digitalSignature, cRLSign, keyCertSign
|
||||
|
||||
[v3_intermediate_ca]
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid:always,issuer
|
||||
basicConstraints = critical, CA:true, pathlen:0
|
||||
keyUsage = critical, digitalSignature, cRLSign, keyCertSign
|
||||
crlDistributionPoints = @crl_info
|
||||
authorityInfoAccess = @ocsp_info
|
||||
|
||||
[usr_cert]
|
||||
basicConstraints = CA:FALSE
|
||||
nsCertType = client, email
|
||||
nsComment = "n3tw3rk cl13nt c3rt1f1c4t3"
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid,issuer
|
||||
keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
|
||||
extendedKeyUsage = clientAuth, emailProtection
|
||||
|
||||
[server_cert]
|
||||
basicConstraints = CA:FALSE
|
||||
nsCertType = server
|
||||
nsComment = "n3tw3rk s3rv3r c3rt1f1c4t3"
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid,issuer:always
|
||||
keyUsage = critical, digitalSignature, keyEncipherment
|
||||
extendedKeyUsage = serverAuth
|
||||
|
||||
[crl_ext]
|
||||
authorityKeyIdentifier = keyid:always
|
||||
|
||||
[ocsp]
|
||||
basicConstraints = CA:FALSE
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid,issuer
|
||||
keyUsage = critical, digitalSignature
|
||||
extendedKeyUsage = critical, OCSPSigning
|
||||
|
||||
[alt_names]
|
||||
DNS.1 = hub.n3tw3rk.1ns3cur1ty.c0rp
|
||||
DNS.2 = hub
|
||||
IP.1 = 100.64.0.2
|
||||
IP.2 = 100.64.64.2
|
||||
IP.3 = 100.64.64.10
|
||||
IP.4 = 100.64.64.18
|
||||
IP.5 = 100.64.64.26
|
||||
IP.6 = 100.64.64.34
|
||||
IP.7 = 100.64.64.32
|
||||
IP.8 = 100.64.64.50
|
||||
IP.9 = 100.64.64.58
|
||||
|
||||
|
|
@ -0,0 +1,135 @@
|
|||
[ca]
|
||||
default_ca = CA_Intermediate
|
||||
|
||||
[CA_Intermediate]
|
||||
unique_subject = no
|
||||
dir = config/ssl/intermediate
|
||||
certs = $dir/certs
|
||||
crl_dir = $dir/crl
|
||||
new_certs_dir = $dir/newcerts
|
||||
database = $dir/index.txt
|
||||
serial = $dir/serial
|
||||
RANDFILE = $dir/private/.rand
|
||||
private_key = $dir/private/1nt3rm3d14t3.n3tw3rk.1ns3cur1ty.c0rp.key
|
||||
certificate = $dir/certs/1nt3rm3d14t3.n3tw3rk.1ns3cur1ty.c0rp.crt
|
||||
crlnumber = $dir/crlnumber
|
||||
crl = $dir/crl/1nt3rm3d14t3.n3tw3rk.1ns3cur1ty.c0rp.crl
|
||||
crl_extensions = crl_ext
|
||||
default_crl_days = 3650
|
||||
default_md = sha512
|
||||
name_opt = ca_default
|
||||
cert_opt = ca_default
|
||||
default_days = 825
|
||||
preserve = no
|
||||
policy = policy_loose
|
||||
|
||||
|
||||
[CA_default]
|
||||
dir = config/ssl/ca
|
||||
certs = $dir/certs
|
||||
crl_dir = $dir/crl
|
||||
new_certs_dir = $dir/newcerts
|
||||
database = $dir/index.txt
|
||||
serial = $dir/serial
|
||||
RANDFILE = $dir/private/.rand
|
||||
private_key = $dir/private/c4.n3tw3rk.1ns3cur1ty.c0rp.key
|
||||
certificate = $dir/certs/c4.n3tw3rk.1ns3cur1ty.c0rp.crt
|
||||
crlnumber = $dir/crlnumber
|
||||
crl = $dir/crl/c4.n3tw3rk.1ns3cur1ty.c0rp.crl
|
||||
crl_extensions = crl_ext
|
||||
default_crl_days = 3650
|
||||
default_md = sha512
|
||||
name_opt = ca_default
|
||||
cert_opt = ca_default
|
||||
default_days = 825
|
||||
preserve = no
|
||||
policy = policy_strict
|
||||
|
||||
[policy_strict]
|
||||
countryName = match
|
||||
stateOrProvinceName = match
|
||||
organizationName = match
|
||||
organizationalUnitName = optional
|
||||
commonName = supplied
|
||||
emailAddress = optional
|
||||
|
||||
[policy_loose]
|
||||
countryName = optional
|
||||
stateOrProvinceName = optional
|
||||
localityName = optional
|
||||
organizationName = optional
|
||||
organizationalUnitName = optional
|
||||
commonName = supplied
|
||||
emailAddress = optional
|
||||
|
||||
[req]
|
||||
prompt = no
|
||||
default_bits = 4096
|
||||
distinguished_name = req_distinguished_name
|
||||
string_mask = utf8only
|
||||
default_md = sha512
|
||||
x509_extensions = v3_ca
|
||||
|
||||
[req_distinguished_name]
|
||||
countryName = XY
|
||||
stateOrProvinceName = Nowhere
|
||||
localityName = Village
|
||||
0.organizationName = n3tw3rk
|
||||
organizationalUnitName = c3rt1f1c4t3 4uth0r1ty
|
||||
commonName = hub.n3tw3rk.1ns3cur1ty.c0rp
|
||||
emailAddress = commodus@n3tw3rk.1ns3cur1ty.c0rp
|
||||
|
||||
[v3_ca]
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid:always,issuer
|
||||
basicConstraints = critical, CA:true
|
||||
keyUsage = critical, digitalSignature, cRLSign, keyCertSign
|
||||
|
||||
[v3_intermediate_ca]
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid:always,issuer
|
||||
basicConstraints = critical, CA:true, pathlen:0
|
||||
keyUsage = critical, digitalSignature, cRLSign, keyCertSign
|
||||
crlDistributionPoints = @crl_info
|
||||
authorityInfoAccess = @ocsp_info
|
||||
|
||||
[usr_cert]
|
||||
basicConstraints = CA:FALSE
|
||||
nsCertType = client, email
|
||||
nsComment = "n3tw3rk cl13nt c3rt1f1c4t3"
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid,issuer
|
||||
keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
|
||||
extendedKeyUsage = clientAuth, emailProtection
|
||||
|
||||
[server_cert]
|
||||
basicConstraints = CA:FALSE
|
||||
nsCertType = server
|
||||
nsComment = "n3tw3rk s3rv3r c3rt1f1c4t3"
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid,issuer:always
|
||||
keyUsage = critical, digitalSignature, keyEncipherment
|
||||
extendedKeyUsage = serverAuth
|
||||
|
||||
[crl_ext]
|
||||
authorityKeyIdentifier = keyid:always
|
||||
|
||||
[ocsp]
|
||||
basicConstraints = CA:FALSE
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid,issuer
|
||||
keyUsage = critical, digitalSignature
|
||||
extendedKeyUsage = critical, OCSPSigning
|
||||
|
||||
[alt_names]
|
||||
DNS.1 = hub.n3tw3rk.1ns3cur1ty.c0rp
|
||||
DNS.2 = hub
|
||||
IP.1 = 100.64.0.2
|
||||
IP.2 = 100.64.64.2
|
||||
IP.3 = 100.64.64.10
|
||||
IP.4 = 100.64.64.18
|
||||
IP.5 = 100.64.64.26
|
||||
IP.6 = 100.64.64.34
|
||||
IP.7 = 100.64.64.32
|
||||
IP.8 = 100.64.64.50
|
||||
IP.9 = 100.64.64.58
|
||||
|
|
@ -0,0 +1,128 @@
|
|||
[ca]
|
||||
default_ca = CA_Intermediate
|
||||
|
||||
[CA_Intermediate]
|
||||
unique_subject = no
|
||||
dir = config/ssl/intermediate
|
||||
certs = $dir/certs
|
||||
crl_dir = $dir/crl
|
||||
new_certs_dir = $dir/newcerts
|
||||
database = $dir/index.txt
|
||||
serial = $dir/serial
|
||||
RANDFILE = $dir/private/.rand
|
||||
private_key = $dir/private/1nt3rm3d14t3.n3tw3rk.1ns3cur1ty.c0rp.ed25519.key
|
||||
certificate = $dir/certs/1nt3rm3d14t3.n3tw3rk.1ns3cur1ty.c0rp.ed25519.crt
|
||||
crlnumber = $dir/crlnumber
|
||||
crl = $dir/crl/1nt3rm3d14t3.n3tw3rk.1ns3cur1ty.c0rp.ed25519.crl
|
||||
crl_extensions = crl_ext
|
||||
default_crl_days = 3650
|
||||
default_md = sha512
|
||||
name_opt = ca_default
|
||||
cert_opt = ca_default
|
||||
default_days = 825
|
||||
preserve = no
|
||||
policy = policy_loose
|
||||
|
||||
|
||||
[CA_default]
|
||||
dir = config/ssl/ca
|
||||
certs = $dir/certs
|
||||
crl_dir = $dir/crl
|
||||
new_certs_dir = $dir/newcerts
|
||||
database = $dir/index.txt
|
||||
serial = $dir/serial
|
||||
RANDFILE = $dir/private/.rand
|
||||
private_key = $dir/private/c4.n3tw3rk.1ns3cur1ty.c0rp.ed25519.key
|
||||
certificate = $dir/certs/c4.n3tw3rk.1ns3cur1ty.c0rp.ed25519.crt
|
||||
crlnumber = $dir/crlnumber
|
||||
crl = $dir/crl/c4.n3tw3rk.1ns3cur1ty.c0rp.ed25519.crl
|
||||
crl_extensions = crl_ext
|
||||
default_crl_days = 3650
|
||||
default_md = sha512
|
||||
name_opt = ca_default
|
||||
cert_opt = ca_default
|
||||
default_days = 825
|
||||
preserve = no
|
||||
policy = policy_strict
|
||||
|
||||
[policy_strict]
|
||||
countryName = match
|
||||
stateOrProvinceName = match
|
||||
organizationName = match
|
||||
organizationalUnitName = optional
|
||||
commonName = supplied
|
||||
emailAddress = optional
|
||||
|
||||
[policy_loose]
|
||||
countryName = optional
|
||||
stateOrProvinceName = optional
|
||||
localityName = optional
|
||||
organizationName = optional
|
||||
organizationalUnitName = optional
|
||||
commonName = supplied
|
||||
emailAddress = optional
|
||||
|
||||
[req]
|
||||
prompt = no
|
||||
default_bits = 4096
|
||||
distinguished_name = req_distinguished_name
|
||||
string_mask = utf8only
|
||||
default_md = sha512
|
||||
x509_extensions = v3_ca
|
||||
|
||||
[req_distinguished_name]
|
||||
countryName = XY
|
||||
stateOrProvinceName = Nowhere
|
||||
localityName = Village
|
||||
0.organizationName = n3tw3rk
|
||||
organizationalUnitName = c3rt1f1c4t3 4uth0r1ty
|
||||
commonName = mysql.n3tw3rk.1ns3cur1ty.c0rp
|
||||
emailAddress = commodus@n3tw3rk.1ns3cur1ty.c0rp
|
||||
|
||||
[v3_ca]
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid:always,issuer
|
||||
basicConstraints = critical, CA:true
|
||||
keyUsage = critical, digitalSignature, cRLSign, keyCertSign
|
||||
|
||||
[v3_intermediate_ca]
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid:always,issuer
|
||||
basicConstraints = critical, CA:true, pathlen:0
|
||||
keyUsage = critical, digitalSignature, cRLSign, keyCertSign
|
||||
crlDistributionPoints = @crl_info
|
||||
authorityInfoAccess = @ocsp_info
|
||||
|
||||
[usr_cert]
|
||||
basicConstraints = CA:FALSE
|
||||
nsCertType = client, email
|
||||
nsComment = "n3tw3rk cl13nt c3rt1f1c4t3"
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid,issuer
|
||||
keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
|
||||
extendedKeyUsage = clientAuth, emailProtection
|
||||
|
||||
[server_cert]
|
||||
basicConstraints = CA:FALSE
|
||||
nsCertType = server
|
||||
nsComment = "n3tw3rk s3rv3r c3rt1f1c4t3"
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid,issuer:always
|
||||
keyUsage = critical, digitalSignature, keyEncipherment
|
||||
extendedKeyUsage = serverAuth
|
||||
|
||||
[crl_ext]
|
||||
authorityKeyIdentifier = keyid:always
|
||||
|
||||
[ocsp]
|
||||
basicConstraints = CA:FALSE
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid,issuer
|
||||
keyUsage = critical, digitalSignature
|
||||
extendedKeyUsage = critical, OCSPSigning
|
||||
|
||||
[alt_names]
|
||||
DNS.1 = mysql.n3tw3rk.1ns3cur1ty.c0rp
|
||||
DNS.2 = mysql
|
||||
IP.1 =
|
||||
|
||||
|
|
@ -0,0 +1,128 @@
|
|||
[ca]
|
||||
default_ca = CA_Intermediate
|
||||
|
||||
[CA_Intermediate]
|
||||
unique_subject = no
|
||||
dir = config/ssl/intermediate
|
||||
certs = $dir/certs
|
||||
crl_dir = $dir/crl
|
||||
new_certs_dir = $dir/newcerts
|
||||
database = $dir/index.txt
|
||||
serial = $dir/serial
|
||||
RANDFILE = $dir/private/.rand
|
||||
private_key = $dir/private/1nt3rm3d14t3.n3tw3rk.1ns3cur1ty.c0rp.ed448.key
|
||||
certificate = $dir/certs/1nt3rm3d14t3.n3tw3rk.1ns3cur1ty.c0rp.ed448.crt
|
||||
crlnumber = $dir/crlnumber
|
||||
crl = $dir/crl/1nt3rm3d14t3.n3tw3rk.1ns3cur1ty.c0rp.ed448.crl
|
||||
crl_extensions = crl_ext
|
||||
default_crl_days = 3650
|
||||
default_md = sha512
|
||||
name_opt = ca_default
|
||||
cert_opt = ca_default
|
||||
default_days = 825
|
||||
preserve = no
|
||||
policy = policy_loose
|
||||
|
||||
|
||||
[CA_default]
|
||||
dir = config/ssl/ca
|
||||
certs = $dir/certs
|
||||
crl_dir = $dir/crl
|
||||
new_certs_dir = $dir/newcerts
|
||||
database = $dir/index.txt
|
||||
serial = $dir/serial
|
||||
RANDFILE = $dir/private/.rand
|
||||
private_key = $dir/private/c4.n3tw3rk.1ns3cur1ty.c0rp.ed448.key
|
||||
certificate = $dir/certs/c4.n3tw3rk.1ns3cur1ty.c0rp.ed448.crt
|
||||
crlnumber = $dir/crlnumber
|
||||
crl = $dir/crl/c4.n3tw3rk.1ns3cur1ty.c0rp.ed448.crl
|
||||
crl_extensions = crl_ext
|
||||
default_crl_days = 3650
|
||||
default_md = sha512
|
||||
name_opt = ca_default
|
||||
cert_opt = ca_default
|
||||
default_days = 825
|
||||
preserve = no
|
||||
policy = policy_strict
|
||||
|
||||
[policy_strict]
|
||||
countryName = match
|
||||
stateOrProvinceName = match
|
||||
organizationName = match
|
||||
organizationalUnitName = optional
|
||||
commonName = supplied
|
||||
emailAddress = optional
|
||||
|
||||
[policy_loose]
|
||||
countryName = optional
|
||||
stateOrProvinceName = optional
|
||||
localityName = optional
|
||||
organizationName = optional
|
||||
organizationalUnitName = optional
|
||||
commonName = supplied
|
||||
emailAddress = optional
|
||||
|
||||
[req]
|
||||
prompt = no
|
||||
default_bits = 4096
|
||||
distinguished_name = req_distinguished_name
|
||||
string_mask = utf8only
|
||||
default_md = sha512
|
||||
x509_extensions = v3_ca
|
||||
|
||||
[req_distinguished_name]
|
||||
countryName = XY
|
||||
stateOrProvinceName = Nowhere
|
||||
localityName = Village
|
||||
0.organizationName = n3tw3rk
|
||||
organizationalUnitName = c3rt1f1c4t3 4uth0r1ty
|
||||
commonName = mysql.n3tw3rk.1ns3cur1ty.c0rp
|
||||
emailAddress = commodus@n3tw3rk.1ns3cur1ty.c0rp
|
||||
|
||||
[v3_ca]
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid:always,issuer
|
||||
basicConstraints = critical, CA:true
|
||||
keyUsage = critical, digitalSignature, cRLSign, keyCertSign
|
||||
|
||||
[v3_intermediate_ca]
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid:always,issuer
|
||||
basicConstraints = critical, CA:true, pathlen:0
|
||||
keyUsage = critical, digitalSignature, cRLSign, keyCertSign
|
||||
crlDistributionPoints = @crl_info
|
||||
authorityInfoAccess = @ocsp_info
|
||||
|
||||
[usr_cert]
|
||||
basicConstraints = CA:FALSE
|
||||
nsCertType = client, email
|
||||
nsComment = "n3tw3rk cl13nt c3rt1f1c4t3"
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid,issuer
|
||||
keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
|
||||
extendedKeyUsage = clientAuth, emailProtection
|
||||
|
||||
[server_cert]
|
||||
basicConstraints = CA:FALSE
|
||||
nsCertType = server
|
||||
nsComment = "n3tw3rk s3rv3r c3rt1f1c4t3"
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid,issuer:always
|
||||
keyUsage = critical, digitalSignature, keyEncipherment
|
||||
extendedKeyUsage = serverAuth
|
||||
|
||||
[crl_ext]
|
||||
authorityKeyIdentifier = keyid:always
|
||||
|
||||
[ocsp]
|
||||
basicConstraints = CA:FALSE
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid,issuer
|
||||
keyUsage = critical, digitalSignature
|
||||
extendedKeyUsage = critical, OCSPSigning
|
||||
|
||||
[alt_names]
|
||||
DNS.1 = mysql.n3tw3rk.1ns3cur1ty.c0rp
|
||||
DNS.2 = mysql
|
||||
IP.1 =
|
||||
|
||||
|
|
@ -0,0 +1,127 @@
|
|||
[ca]
|
||||
default_ca = CA_Intermediate
|
||||
|
||||
[CA_Intermediate]
|
||||
unique_subject = no
|
||||
dir = config/ssl/intermediate
|
||||
certs = $dir/certs
|
||||
crl_dir = $dir/crl
|
||||
new_certs_dir = $dir/newcerts
|
||||
database = $dir/index.txt
|
||||
serial = $dir/serial
|
||||
RANDFILE = $dir/private/.rand
|
||||
private_key = $dir/private/1nt3rm3d14t3.n3tw3rk.1ns3cur1ty.c0rp.key
|
||||
certificate = $dir/certs/1nt3rm3d14t3.n3tw3rk.1ns3cur1ty.c0rp.crt
|
||||
crlnumber = $dir/crlnumber
|
||||
crl = $dir/crl/1nt3rm3d14t3.n3tw3rk.1ns3cur1ty.c0rp.crl
|
||||
crl_extensions = crl_ext
|
||||
default_crl_days = 3650
|
||||
default_md = sha512
|
||||
name_opt = ca_default
|
||||
cert_opt = ca_default
|
||||
default_days = 825
|
||||
preserve = no
|
||||
policy = policy_loose
|
||||
|
||||
|
||||
[CA_default]
|
||||
dir = config/ssl/ca
|
||||
certs = $dir/certs
|
||||
crl_dir = $dir/crl
|
||||
new_certs_dir = $dir/newcerts
|
||||
database = $dir/index.txt
|
||||
serial = $dir/serial
|
||||
RANDFILE = $dir/private/.rand
|
||||
private_key = $dir/private/c4.n3tw3rk.1ns3cur1ty.c0rp.key
|
||||
certificate = $dir/certs/c4.n3tw3rk.1ns3cur1ty.c0rp.crt
|
||||
crlnumber = $dir/crlnumber
|
||||
crl = $dir/crl/c4.n3tw3rk.1ns3cur1ty.c0rp.crl
|
||||
crl_extensions = crl_ext
|
||||
default_crl_days = 3650
|
||||
default_md = sha512
|
||||
name_opt = ca_default
|
||||
cert_opt = ca_default
|
||||
default_days = 825
|
||||
preserve = no
|
||||
policy = policy_strict
|
||||
|
||||
[policy_strict]
|
||||
countryName = match
|
||||
stateOrProvinceName = match
|
||||
organizationName = match
|
||||
organizationalUnitName = optional
|
||||
commonName = supplied
|
||||
emailAddress = optional
|
||||
|
||||
[policy_loose]
|
||||
countryName = optional
|
||||
stateOrProvinceName = optional
|
||||
localityName = optional
|
||||
organizationName = optional
|
||||
organizationalUnitName = optional
|
||||
commonName = supplied
|
||||
emailAddress = optional
|
||||
|
||||
[req]
|
||||
prompt = no
|
||||
default_bits = 4096
|
||||
distinguished_name = req_distinguished_name
|
||||
string_mask = utf8only
|
||||
default_md = sha512
|
||||
x509_extensions = v3_ca
|
||||
|
||||
[req_distinguished_name]
|
||||
countryName = XY
|
||||
stateOrProvinceName = Nowhere
|
||||
localityName = Village
|
||||
0.organizationName = n3tw3rk
|
||||
organizationalUnitName = c3rt1f1c4t3 4uth0r1ty
|
||||
commonName = mysql.n3tw3rk.1ns3cur1ty.c0rp
|
||||
emailAddress = commodus@n3tw3rk.1ns3cur1ty.c0rp
|
||||
|
||||
[v3_ca]
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid:always,issuer
|
||||
basicConstraints = critical, CA:true
|
||||
keyUsage = critical, digitalSignature, cRLSign, keyCertSign
|
||||
|
||||
[v3_intermediate_ca]
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid:always,issuer
|
||||
basicConstraints = critical, CA:true, pathlen:0
|
||||
keyUsage = critical, digitalSignature, cRLSign, keyCertSign
|
||||
crlDistributionPoints = @crl_info
|
||||
authorityInfoAccess = @ocsp_info
|
||||
|
||||
[usr_cert]
|
||||
basicConstraints = CA:FALSE
|
||||
nsCertType = client, email
|
||||
nsComment = "n3tw3rk cl13nt c3rt1f1c4t3"
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid,issuer
|
||||
keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
|
||||
extendedKeyUsage = clientAuth, emailProtection
|
||||
|
||||
[server_cert]
|
||||
basicConstraints = CA:FALSE
|
||||
nsCertType = server
|
||||
nsComment = "n3tw3rk s3rv3r c3rt1f1c4t3"
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid,issuer:always
|
||||
keyUsage = critical, digitalSignature, keyEncipherment
|
||||
extendedKeyUsage = serverAuth
|
||||
|
||||
[crl_ext]
|
||||
authorityKeyIdentifier = keyid:always
|
||||
|
||||
[ocsp]
|
||||
basicConstraints = CA:FALSE
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid,issuer
|
||||
keyUsage = critical, digitalSignature
|
||||
extendedKeyUsage = critical, OCSPSigning
|
||||
|
||||
[alt_names]
|
||||
DNS.1 = mysql.n3tw3rk.1ns3cur1ty.c0rp
|
||||
DNS.2 = mysql
|
||||
IP.1 =
|
||||
|
|
@ -0,0 +1,128 @@
|
|||
[ca]
|
||||
default_ca = CA_Intermediate
|
||||
|
||||
[CA_Intermediate]
|
||||
unique_subject = no
|
||||
dir = config/ssl/intermediate
|
||||
certs = $dir/certs
|
||||
crl_dir = $dir/crl
|
||||
new_certs_dir = $dir/newcerts
|
||||
database = $dir/index.txt
|
||||
serial = $dir/serial
|
||||
RANDFILE = $dir/private/.rand
|
||||
private_key = $dir/private/1nt3rm3d14t3.n3tw3rk.1ns3cur1ty.c0rp.ed25519.key
|
||||
certificate = $dir/certs/1nt3rm3d14t3.n3tw3rk.1ns3cur1ty.c0rp.ed25519.crt
|
||||
crlnumber = $dir/crlnumber
|
||||
crl = $dir/crl/1nt3rm3d14t3.n3tw3rk.1ns3cur1ty.c0rp.ed25519.crl
|
||||
crl_extensions = crl_ext
|
||||
default_crl_days = 3650
|
||||
default_md = sha512
|
||||
name_opt = ca_default
|
||||
cert_opt = ca_default
|
||||
default_days = 825
|
||||
preserve = no
|
||||
policy = policy_loose
|
||||
|
||||
|
||||
[CA_default]
|
||||
dir = config/ssl/ca
|
||||
certs = $dir/certs
|
||||
crl_dir = $dir/crl
|
||||
new_certs_dir = $dir/newcerts
|
||||
database = $dir/index.txt
|
||||
serial = $dir/serial
|
||||
RANDFILE = $dir/private/.rand
|
||||
private_key = $dir/private/c4.n3tw3rk.1ns3cur1ty.c0rp.ed25519.key
|
||||
certificate = $dir/certs/c4.n3tw3rk.1ns3cur1ty.c0rp.ed25519.crt
|
||||
crlnumber = $dir/crlnumber
|
||||
crl = $dir/crl/c4.n3tw3rk.1ns3cur1ty.c0rp.ed25519.crl
|
||||
crl_extensions = crl_ext
|
||||
default_crl_days = 3650
|
||||
default_md = sha512
|
||||
name_opt = ca_default
|
||||
cert_opt = ca_default
|
||||
default_days = 825
|
||||
preserve = no
|
||||
policy = policy_strict
|
||||
|
||||
[policy_strict]
|
||||
countryName = match
|
||||
stateOrProvinceName = match
|
||||
organizationName = match
|
||||
organizationalUnitName = optional
|
||||
commonName = supplied
|
||||
emailAddress = optional
|
||||
|
||||
[policy_loose]
|
||||
countryName = optional
|
||||
stateOrProvinceName = optional
|
||||
localityName = optional
|
||||
organizationName = optional
|
||||
organizationalUnitName = optional
|
||||
commonName = supplied
|
||||
emailAddress = optional
|
||||
|
||||
[req]
|
||||
prompt = no
|
||||
default_bits = 4096
|
||||
distinguished_name = req_distinguished_name
|
||||
string_mask = utf8only
|
||||
default_md = sha512
|
||||
x509_extensions = v3_ca
|
||||
|
||||
[req_distinguished_name]
|
||||
countryName = XY
|
||||
stateOrProvinceName = Nowhere
|
||||
localityName = Village
|
||||
0.organizationName = n3tw3rk
|
||||
organizationalUnitName = c3rt1f1c4t3 4uth0r1ty
|
||||
commonName = p0stf1x.n3tw3rk.1ns3cur1ty.c0rp
|
||||
emailAddress = commodus@n3tw3rk.1ns3cur1ty.c0rp
|
||||
|
||||
[v3_ca]
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid:always,issuer
|
||||
basicConstraints = critical, CA:true
|
||||
keyUsage = critical, digitalSignature, cRLSign, keyCertSign
|
||||
|
||||
[v3_intermediate_ca]
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid:always,issuer
|
||||
basicConstraints = critical, CA:true, pathlen:0
|
||||
keyUsage = critical, digitalSignature, cRLSign, keyCertSign
|
||||
crlDistributionPoints = @crl_info
|
||||
authorityInfoAccess = @ocsp_info
|
||||
|
||||
[usr_cert]
|
||||
basicConstraints = CA:FALSE
|
||||
nsCertType = client, email
|
||||
nsComment = "n3tw3rk cl13nt c3rt1f1c4t3"
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid,issuer
|
||||
keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
|
||||
extendedKeyUsage = clientAuth, emailProtection
|
||||
|
||||
[server_cert]
|
||||
basicConstraints = CA:FALSE
|
||||
nsCertType = server
|
||||
nsComment = "n3tw3rk s3rv3r c3rt1f1c4t3"
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid,issuer:always
|
||||
keyUsage = critical, digitalSignature, keyEncipherment
|
||||
extendedKeyUsage = serverAuth
|
||||
|
||||
[crl_ext]
|
||||
authorityKeyIdentifier = keyid:always
|
||||
|
||||
[ocsp]
|
||||
basicConstraints = CA:FALSE
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid,issuer
|
||||
keyUsage = critical, digitalSignature
|
||||
extendedKeyUsage = critical, OCSPSigning
|
||||
|
||||
[alt_names]
|
||||
DNS.1 = p0stf1x.n3tw3rk.1ns3cur1ty.c0rp
|
||||
DNS.2 = p0stf1x
|
||||
IP.1 =
|
||||
|
||||
|
|
@ -0,0 +1,128 @@
|
|||
[ca]
|
||||
default_ca = CA_Intermediate
|
||||
|
||||
[CA_Intermediate]
|
||||
unique_subject = no
|
||||
dir = config/ssl/intermediate
|
||||
certs = $dir/certs
|
||||
crl_dir = $dir/crl
|
||||
new_certs_dir = $dir/newcerts
|
||||
database = $dir/index.txt
|
||||
serial = $dir/serial
|
||||
RANDFILE = $dir/private/.rand
|
||||
private_key = $dir/private/1nt3rm3d14t3.n3tw3rk.1ns3cur1ty.c0rp.ed448.key
|
||||
certificate = $dir/certs/1nt3rm3d14t3.n3tw3rk.1ns3cur1ty.c0rp.ed448.crt
|
||||
crlnumber = $dir/crlnumber
|
||||
crl = $dir/crl/1nt3rm3d14t3.n3tw3rk.1ns3cur1ty.c0rp.ed448.crl
|
||||
crl_extensions = crl_ext
|
||||
default_crl_days = 3650
|
||||
default_md = sha512
|
||||
name_opt = ca_default
|
||||
cert_opt = ca_default
|
||||
default_days = 825
|
||||
preserve = no
|
||||
policy = policy_loose
|
||||
|
||||
|
||||
[CA_default]
|
||||
dir = config/ssl/ca
|
||||
certs = $dir/certs
|
||||
crl_dir = $dir/crl
|
||||
new_certs_dir = $dir/newcerts
|
||||
database = $dir/index.txt
|
||||
serial = $dir/serial
|
||||
RANDFILE = $dir/private/.rand
|
||||
private_key = $dir/private/c4.n3tw3rk.1ns3cur1ty.c0rp.ed448.key
|
||||
certificate = $dir/certs/c4.n3tw3rk.1ns3cur1ty.c0rp.ed448.crt
|
||||
crlnumber = $dir/crlnumber
|
||||
crl = $dir/crl/c4.n3tw3rk.1ns3cur1ty.c0rp.ed448.crl
|
||||
crl_extensions = crl_ext
|
||||
default_crl_days = 3650
|
||||
default_md = sha512
|
||||
name_opt = ca_default
|
||||
cert_opt = ca_default
|
||||
default_days = 825
|
||||
preserve = no
|
||||
policy = policy_strict
|
||||
|
||||
[policy_strict]
|
||||
countryName = match
|
||||
stateOrProvinceName = match
|
||||
organizationName = match
|
||||
organizationalUnitName = optional
|
||||
commonName = supplied
|
||||
emailAddress = optional
|
||||
|
||||
[policy_loose]
|
||||
countryName = optional
|
||||
stateOrProvinceName = optional
|
||||
localityName = optional
|
||||
organizationName = optional
|
||||
organizationalUnitName = optional
|
||||
commonName = supplied
|
||||
emailAddress = optional
|
||||
|
||||
[req]
|
||||
prompt = no
|
||||
default_bits = 4096
|
||||
distinguished_name = req_distinguished_name
|
||||
string_mask = utf8only
|
||||
default_md = sha512
|
||||
x509_extensions = v3_ca
|
||||
|
||||
[req_distinguished_name]
|
||||
countryName = XY
|
||||
stateOrProvinceName = Nowhere
|
||||
localityName = Village
|
||||
0.organizationName = n3tw3rk
|
||||
organizationalUnitName = c3rt1f1c4t3 4uth0r1ty
|
||||
commonName = _.n3tw3rk.1ns3cur1ty.c0rp
|
||||
emailAddress = commodus@n3tw3rk.1ns3cur1ty.c0rp
|
||||
|
||||
[v3_ca]
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid:always,issuer
|
||||
basicConstraints = critical, CA:true
|
||||
keyUsage = critical, digitalSignature, cRLSign, keyCertSign
|
||||
|
||||
[v3_intermediate_ca]
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid:always,issuer
|
||||
basicConstraints = critical, CA:true, pathlen:0
|
||||
keyUsage = critical, digitalSignature, cRLSign, keyCertSign
|
||||
crlDistributionPoints = @crl_info
|
||||
authorityInfoAccess = @ocsp_info
|
||||
|
||||
[usr_cert]
|
||||
basicConstraints = CA:FALSE
|
||||
nsCertType = client, email
|
||||
nsComment = "n3tw3rk cl13nt c3rt1f1c4t3"
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid,issuer
|
||||
keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
|
||||
extendedKeyUsage = clientAuth, emailProtection
|
||||
|
||||
[server_cert]
|
||||
basicConstraints = CA:FALSE
|
||||
nsCertType = server
|
||||
nsComment = "n3tw3rk s3rv3r c3rt1f1c4t3"
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid,issuer:always
|
||||
keyUsage = critical, digitalSignature, keyEncipherment
|
||||
extendedKeyUsage = serverAuth
|
||||
|
||||
[crl_ext]
|
||||
authorityKeyIdentifier = keyid:always
|
||||
|
||||
[ocsp]
|
||||
basicConstraints = CA:FALSE
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid,issuer
|
||||
keyUsage = critical, digitalSignature
|
||||
extendedKeyUsage = critical, OCSPSigning
|
||||
|
||||
[alt_names]
|
||||
DNS.1 = _.n3tw3rk.1ns3cur1ty.c0rp
|
||||
DNS.2 = _
|
||||
IP.1 =
|
||||
|
||||
|
|
@ -0,0 +1,127 @@
|
|||
[ca]
|
||||
default_ca = CA_Intermediate
|
||||
|
||||
[CA_Intermediate]
|
||||
unique_subject = no
|
||||
dir = config/ssl/intermediate
|
||||
certs = $dir/certs
|
||||
crl_dir = $dir/crl
|
||||
new_certs_dir = $dir/newcerts
|
||||
database = $dir/index.txt
|
||||
serial = $dir/serial
|
||||
RANDFILE = $dir/private/.rand
|
||||
private_key = $dir/private/1nt3rm3d14t3.n3tw3rk.1ns3cur1ty.c0rp.key
|
||||
certificate = $dir/certs/1nt3rm3d14t3.n3tw3rk.1ns3cur1ty.c0rp.crt
|
||||
crlnumber = $dir/crlnumber
|
||||
crl = $dir/crl/1nt3rm3d14t3.n3tw3rk.1ns3cur1ty.c0rp.crl
|
||||
crl_extensions = crl_ext
|
||||
default_crl_days = 3650
|
||||
default_md = sha512
|
||||
name_opt = ca_default
|
||||
cert_opt = ca_default
|
||||
default_days = 825
|
||||
preserve = no
|
||||
policy = policy_loose
|
||||
|
||||
|
||||
[CA_default]
|
||||
dir = config/ssl/ca
|
||||
certs = $dir/certs
|
||||
crl_dir = $dir/crl
|
||||
new_certs_dir = $dir/newcerts
|
||||
database = $dir/index.txt
|
||||
serial = $dir/serial
|
||||
RANDFILE = $dir/private/.rand
|
||||
private_key = $dir/private/c4.n3tw3rk.1ns3cur1ty.c0rp.key
|
||||
certificate = $dir/certs/c4.n3tw3rk.1ns3cur1ty.c0rp.crt
|
||||
crlnumber = $dir/crlnumber
|
||||
crl = $dir/crl/c4.n3tw3rk.1ns3cur1ty.c0rp.crl
|
||||
crl_extensions = crl_ext
|
||||
default_crl_days = 3650
|
||||
default_md = sha512
|
||||
name_opt = ca_default
|
||||
cert_opt = ca_default
|
||||
default_days = 825
|
||||
preserve = no
|
||||
policy = policy_strict
|
||||
|
||||
[policy_strict]
|
||||
countryName = match
|
||||
stateOrProvinceName = match
|
||||
organizationName = match
|
||||
organizationalUnitName = optional
|
||||
commonName = supplied
|
||||
emailAddress = optional
|
||||
|
||||
[policy_loose]
|
||||
countryName = optional
|
||||
stateOrProvinceName = optional
|
||||
localityName = optional
|
||||
organizationName = optional
|
||||
organizationalUnitName = optional
|
||||
commonName = supplied
|
||||
emailAddress = optional
|
||||
|
||||
[req]
|
||||
prompt = no
|
||||
default_bits = 4096
|
||||
distinguished_name = req_distinguished_name
|
||||
string_mask = utf8only
|
||||
default_md = sha512
|
||||
x509_extensions = v3_ca
|
||||
|
||||
[req_distinguished_name]
|
||||
countryName = XY
|
||||
stateOrProvinceName = Nowhere
|
||||
localityName = Village
|
||||
0.organizationName = n3tw3rk
|
||||
organizationalUnitName = c3rt1f1c4t3 4uth0r1ty
|
||||
commonName = p0stf1x.n3tw3rk.1ns3cur1ty.c0rp
|
||||
emailAddress = commodus@n3tw3rk.1ns3cur1ty.c0rp
|
||||
|
||||
[v3_ca]
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid:always,issuer
|
||||
basicConstraints = critical, CA:true
|
||||
keyUsage = critical, digitalSignature, cRLSign, keyCertSign
|
||||
|
||||
[v3_intermediate_ca]
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid:always,issuer
|
||||
basicConstraints = critical, CA:true, pathlen:0
|
||||
keyUsage = critical, digitalSignature, cRLSign, keyCertSign
|
||||
crlDistributionPoints = @crl_info
|
||||
authorityInfoAccess = @ocsp_info
|
||||
|
||||
[usr_cert]
|
||||
basicConstraints = CA:FALSE
|
||||
nsCertType = client, email
|
||||
nsComment = "n3tw3rk cl13nt c3rt1f1c4t3"
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid,issuer
|
||||
keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
|
||||
extendedKeyUsage = clientAuth, emailProtection
|
||||
|
||||
[server_cert]
|
||||
basicConstraints = CA:FALSE
|
||||
nsCertType = server
|
||||
nsComment = "n3tw3rk s3rv3r c3rt1f1c4t3"
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid,issuer:always
|
||||
keyUsage = critical, digitalSignature, keyEncipherment
|
||||
extendedKeyUsage = serverAuth
|
||||
|
||||
[crl_ext]
|
||||
authorityKeyIdentifier = keyid:always
|
||||
|
||||
[ocsp]
|
||||
basicConstraints = CA:FALSE
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid,issuer
|
||||
keyUsage = critical, digitalSignature
|
||||
extendedKeyUsage = critical, OCSPSigning
|
||||
|
||||
[alt_names]
|
||||
DNS.1 = p0stf1x.n3tw3rk.1ns3cur1ty.c0rp
|
||||
DNS.2 = p0stf1x
|
||||
IP.1 =
|
||||
|
|
@ -0,0 +1,128 @@
|
|||
[ca]
|
||||
default_ca = CA_Intermediate
|
||||
|
||||
[CA_Intermediate]
|
||||
unique_subject = no
|
||||
dir = config/ssl/intermediate
|
||||
certs = $dir/certs
|
||||
crl_dir = $dir/crl
|
||||
new_certs_dir = $dir/newcerts
|
||||
database = $dir/index.txt
|
||||
serial = $dir/serial
|
||||
RANDFILE = $dir/private/.rand
|
||||
private_key = $dir/private/1nt3rm3d14t3.n3tw3rk.1ns3cur1ty.c0rp.ed25519.key
|
||||
certificate = $dir/certs/1nt3rm3d14t3.n3tw3rk.1ns3cur1ty.c0rp.ed25519.crt
|
||||
crlnumber = $dir/crlnumber
|
||||
crl = $dir/crl/1nt3rm3d14t3.n3tw3rk.1ns3cur1ty.c0rp.ed25519.crl
|
||||
crl_extensions = crl_ext
|
||||
default_crl_days = 3650
|
||||
default_md = sha512
|
||||
name_opt = ca_default
|
||||
cert_opt = ca_default
|
||||
default_days = 825
|
||||
preserve = no
|
||||
policy = policy_loose
|
||||
|
||||
|
||||
[CA_default]
|
||||
dir = config/ssl/ca
|
||||
certs = $dir/certs
|
||||
crl_dir = $dir/crl
|
||||
new_certs_dir = $dir/newcerts
|
||||
database = $dir/index.txt
|
||||
serial = $dir/serial
|
||||
RANDFILE = $dir/private/.rand
|
||||
private_key = $dir/private/c4.n3tw3rk.1ns3cur1ty.c0rp.ed25519.key
|
||||
certificate = $dir/certs/c4.n3tw3rk.1ns3cur1ty.c0rp.ed25519.crt
|
||||
crlnumber = $dir/crlnumber
|
||||
crl = $dir/crl/c4.n3tw3rk.1ns3cur1ty.c0rp.ed25519.crl
|
||||
crl_extensions = crl_ext
|
||||
default_crl_days = 3650
|
||||
default_md = sha512
|
||||
name_opt = ca_default
|
||||
cert_opt = ca_default
|
||||
default_days = 825
|
||||
preserve = no
|
||||
policy = policy_strict
|
||||
|
||||
[policy_strict]
|
||||
countryName = match
|
||||
stateOrProvinceName = match
|
||||
organizationName = match
|
||||
organizationalUnitName = optional
|
||||
commonName = supplied
|
||||
emailAddress = optional
|
||||
|
||||
[policy_loose]
|
||||
countryName = optional
|
||||
stateOrProvinceName = optional
|
||||
localityName = optional
|
||||
organizationName = optional
|
||||
organizationalUnitName = optional
|
||||
commonName = supplied
|
||||
emailAddress = optional
|
||||
|
||||
[req]
|
||||
prompt = no
|
||||
default_bits = 4096
|
||||
distinguished_name = req_distinguished_name
|
||||
string_mask = utf8only
|
||||
default_md = sha512
|
||||
x509_extensions = v3_ca
|
||||
|
||||
[req_distinguished_name]
|
||||
countryName = XY
|
||||
stateOrProvinceName = Nowhere
|
||||
localityName = Village
|
||||
0.organizationName = n3tw3rk
|
||||
organizationalUnitName = c3rt1f1c4t3 4uth0r1ty
|
||||
commonName = pr0xy-dmz.n3tw3rk.1ns3cur1ty.c0rp
|
||||
emailAddress = commodus@n3tw3rk.1ns3cur1ty.c0rp
|
||||
|
||||
[v3_ca]
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid:always,issuer
|
||||
basicConstraints = critical, CA:true
|
||||
keyUsage = critical, digitalSignature, cRLSign, keyCertSign
|
||||
|
||||
[v3_intermediate_ca]
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid:always,issuer
|
||||
basicConstraints = critical, CA:true, pathlen:0
|
||||
keyUsage = critical, digitalSignature, cRLSign, keyCertSign
|
||||
crlDistributionPoints = @crl_info
|
||||
authorityInfoAccess = @ocsp_info
|
||||
|
||||
[usr_cert]
|
||||
basicConstraints = CA:FALSE
|
||||
nsCertType = client, email
|
||||
nsComment = "n3tw3rk cl13nt c3rt1f1c4t3"
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid,issuer
|
||||
keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
|
||||
extendedKeyUsage = clientAuth, emailProtection
|
||||
|
||||
[server_cert]
|
||||
basicConstraints = CA:FALSE
|
||||
nsCertType = server
|
||||
nsComment = "n3tw3rk s3rv3r c3rt1f1c4t3"
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid,issuer:always
|
||||
keyUsage = critical, digitalSignature, keyEncipherment
|
||||
extendedKeyUsage = serverAuth
|
||||
|
||||
[crl_ext]
|
||||
authorityKeyIdentifier = keyid:always
|
||||
|
||||
[ocsp]
|
||||
basicConstraints = CA:FALSE
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid,issuer
|
||||
keyUsage = critical, digitalSignature
|
||||
extendedKeyUsage = critical, OCSPSigning
|
||||
|
||||
[alt_names]
|
||||
DNS.1 = pr0xy-dmz.n3tw3rk.1ns3cur1ty.c0rp
|
||||
DNS.2 = proxy-dmz
|
||||
IP.1 =
|
||||
|
||||
|
|
@ -0,0 +1,128 @@
|
|||
[ca]
|
||||
default_ca = CA_Intermediate
|
||||
|
||||
[CA_Intermediate]
|
||||
unique_subject = no
|
||||
dir = config/ssl/intermediate
|
||||
certs = $dir/certs
|
||||
crl_dir = $dir/crl
|
||||
new_certs_dir = $dir/newcerts
|
||||
database = $dir/index.txt
|
||||
serial = $dir/serial
|
||||
RANDFILE = $dir/private/.rand
|
||||
private_key = $dir/private/1nt3rm3d14t3.n3tw3rk.1ns3cur1ty.c0rp.ed448.key
|
||||
certificate = $dir/certs/1nt3rm3d14t3.n3tw3rk.1ns3cur1ty.c0rp.ed448.crt
|
||||
crlnumber = $dir/crlnumber
|
||||
crl = $dir/crl/1nt3rm3d14t3.n3tw3rk.1ns3cur1ty.c0rp.ed448.crl
|
||||
crl_extensions = crl_ext
|
||||
default_crl_days = 3650
|
||||
default_md = sha512
|
||||
name_opt = ca_default
|
||||
cert_opt = ca_default
|
||||
default_days = 825
|
||||
preserve = no
|
||||
policy = policy_loose
|
||||
|
||||
|
||||
[CA_default]
|
||||
dir = config/ssl/ca
|
||||
certs = $dir/certs
|
||||
crl_dir = $dir/crl
|
||||
new_certs_dir = $dir/newcerts
|
||||
database = $dir/index.txt
|
||||
serial = $dir/serial
|
||||
RANDFILE = $dir/private/.rand
|
||||
private_key = $dir/private/c4.n3tw3rk.1ns3cur1ty.c0rp.ed448.key
|
||||
certificate = $dir/certs/c4.n3tw3rk.1ns3cur1ty.c0rp.ed448.crt
|
||||
crlnumber = $dir/crlnumber
|
||||
crl = $dir/crl/c4.n3tw3rk.1ns3cur1ty.c0rp.ed448.crl
|
||||
crl_extensions = crl_ext
|
||||
default_crl_days = 3650
|
||||
default_md = sha512
|
||||
name_opt = ca_default
|
||||
cert_opt = ca_default
|
||||
default_days = 825
|
||||
preserve = no
|
||||
policy = policy_strict
|
||||
|
||||
[policy_strict]
|
||||
countryName = match
|
||||
stateOrProvinceName = match
|
||||
organizationName = match
|
||||
organizationalUnitName = optional
|
||||
commonName = supplied
|
||||
emailAddress = optional
|
||||
|
||||
[policy_loose]
|
||||
countryName = optional
|
||||
stateOrProvinceName = optional
|
||||
localityName = optional
|
||||
organizationName = optional
|
||||
organizationalUnitName = optional
|
||||
commonName = supplied
|
||||
emailAddress = optional
|
||||
|
||||
[req]
|
||||
prompt = no
|
||||
default_bits = 4096
|
||||
distinguished_name = req_distinguished_name
|
||||
string_mask = utf8only
|
||||
default_md = sha512
|
||||
x509_extensions = v3_ca
|
||||
|
||||
[req_distinguished_name]
|
||||
countryName = XY
|
||||
stateOrProvinceName = Nowhere
|
||||
localityName = Village
|
||||
0.organizationName = n3tw3rk
|
||||
organizationalUnitName = c3rt1f1c4t3 4uth0r1ty
|
||||
commonName = pr0xy-dmz.n3tw3rk.1ns3cur1ty.c0rp
|
||||
emailAddress = commodus@n3tw3rk.1ns3cur1ty.c0rp
|
||||
|
||||
[v3_ca]
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid:always,issuer
|
||||
basicConstraints = critical, CA:true
|
||||
keyUsage = critical, digitalSignature, cRLSign, keyCertSign
|
||||
|
||||
[v3_intermediate_ca]
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid:always,issuer
|
||||
basicConstraints = critical, CA:true, pathlen:0
|
||||
keyUsage = critical, digitalSignature, cRLSign, keyCertSign
|
||||
crlDistributionPoints = @crl_info
|
||||
authorityInfoAccess = @ocsp_info
|
||||
|
||||
[usr_cert]
|
||||
basicConstraints = CA:FALSE
|
||||
nsCertType = client, email
|
||||
nsComment = "n3tw3rk cl13nt c3rt1f1c4t3"
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid,issuer
|
||||
keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
|
||||
extendedKeyUsage = clientAuth, emailProtection
|
||||
|
||||
[server_cert]
|
||||
basicConstraints = CA:FALSE
|
||||
nsCertType = server
|
||||
nsComment = "n3tw3rk s3rv3r c3rt1f1c4t3"
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid,issuer:always
|
||||
keyUsage = critical, digitalSignature, keyEncipherment
|
||||
extendedKeyUsage = serverAuth
|
||||
|
||||
[crl_ext]
|
||||
authorityKeyIdentifier = keyid:always
|
||||
|
||||
[ocsp]
|
||||
basicConstraints = CA:FALSE
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid,issuer
|
||||
keyUsage = critical, digitalSignature
|
||||
extendedKeyUsage = critical, OCSPSigning
|
||||
|
||||
[alt_names]
|
||||
DNS.1 = pr0xy-dmz.n3tw3rk.1ns3cur1ty.c0rp
|
||||
DNS.2 = proxy-dmz
|
||||
IP.1 =
|
||||
|
||||
|
|
@ -0,0 +1,127 @@
|
|||
[ca]
|
||||
default_ca = CA_Intermediate
|
||||
|
||||
[CA_Intermediate]
|
||||
unique_subject = no
|
||||
dir = config/ssl/intermediate
|
||||
certs = $dir/certs
|
||||
crl_dir = $dir/crl
|
||||
new_certs_dir = $dir/newcerts
|
||||
database = $dir/index.txt
|
||||
serial = $dir/serial
|
||||
RANDFILE = $dir/private/.rand
|
||||
private_key = $dir/private/1nt3rm3d14t3.n3tw3rk.1ns3cur1ty.c0rp.key
|
||||
certificate = $dir/certs/1nt3rm3d14t3.n3tw3rk.1ns3cur1ty.c0rp.crt
|
||||
crlnumber = $dir/crlnumber
|
||||
crl = $dir/crl/1nt3rm3d14t3.n3tw3rk.1ns3cur1ty.c0rp.crl
|
||||
crl_extensions = crl_ext
|
||||
default_crl_days = 3650
|
||||
default_md = sha512
|
||||
name_opt = ca_default
|
||||
cert_opt = ca_default
|
||||
default_days = 825
|
||||
preserve = no
|
||||
policy = policy_loose
|
||||
|
||||
|
||||
[CA_default]
|
||||
dir = config/ssl/ca
|
||||
certs = $dir/certs
|
||||
crl_dir = $dir/crl
|
||||
new_certs_dir = $dir/newcerts
|
||||
database = $dir/index.txt
|
||||
serial = $dir/serial
|
||||
RANDFILE = $dir/private/.rand
|
||||
private_key = $dir/private/c4.n3tw3rk.1ns3cur1ty.c0rp.key
|
||||
certificate = $dir/certs/c4.n3tw3rk.1ns3cur1ty.c0rp.crt
|
||||
crlnumber = $dir/crlnumber
|
||||
crl = $dir/crl/c4.n3tw3rk.1ns3cur1ty.c0rp.crl
|
||||
crl_extensions = crl_ext
|
||||
default_crl_days = 3650
|
||||
default_md = sha512
|
||||
name_opt = ca_default
|
||||
cert_opt = ca_default
|
||||
default_days = 825
|
||||
preserve = no
|
||||
policy = policy_strict
|
||||
|
||||
[policy_strict]
|
||||
countryName = match
|
||||
stateOrProvinceName = match
|
||||
organizationName = match
|
||||
organizationalUnitName = optional
|
||||
commonName = supplied
|
||||
emailAddress = optional
|
||||
|
||||
[policy_loose]
|
||||
countryName = optional
|
||||
stateOrProvinceName = optional
|
||||
localityName = optional
|
||||
organizationName = optional
|
||||
organizationalUnitName = optional
|
||||
commonName = supplied
|
||||
emailAddress = optional
|
||||
|
||||
[req]
|
||||
prompt = no
|
||||
default_bits = 4096
|
||||
distinguished_name = req_distinguished_name
|
||||
string_mask = utf8only
|
||||
default_md = sha512
|
||||
x509_extensions = v3_ca
|
||||
|
||||
[req_distinguished_name]
|
||||
countryName = XY
|
||||
stateOrProvinceName = Nowhere
|
||||
localityName = Village
|
||||
0.organizationName = n3tw3rk
|
||||
organizationalUnitName = c3rt1f1c4t3 4uth0r1ty
|
||||
commonName = pr0xy-dmz.n3tw3rk.1ns3cur1ty.c0rp
|
||||
emailAddress = commodus@n3tw3rk.1ns3cur1ty.c0rp
|
||||
|
||||
[v3_ca]
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid:always,issuer
|
||||
basicConstraints = critical, CA:true
|
||||
keyUsage = critical, digitalSignature, cRLSign, keyCertSign
|
||||
|
||||
[v3_intermediate_ca]
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid:always,issuer
|
||||
basicConstraints = critical, CA:true, pathlen:0
|
||||
keyUsage = critical, digitalSignature, cRLSign, keyCertSign
|
||||
crlDistributionPoints = @crl_info
|
||||
authorityInfoAccess = @ocsp_info
|
||||
|
||||
[usr_cert]
|
||||
basicConstraints = CA:FALSE
|
||||
nsCertType = client, email
|
||||
nsComment = "n3tw3rk cl13nt c3rt1f1c4t3"
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid,issuer
|
||||
keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
|
||||
extendedKeyUsage = clientAuth, emailProtection
|
||||
|
||||
[server_cert]
|
||||
basicConstraints = CA:FALSE
|
||||
nsCertType = server
|
||||
nsComment = "n3tw3rk s3rv3r c3rt1f1c4t3"
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid,issuer:always
|
||||
keyUsage = critical, digitalSignature, keyEncipherment
|
||||
extendedKeyUsage = serverAuth
|
||||
|
||||
[crl_ext]
|
||||
authorityKeyIdentifier = keyid:always
|
||||
|
||||
[ocsp]
|
||||
basicConstraints = CA:FALSE
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid,issuer
|
||||
keyUsage = critical, digitalSignature
|
||||
extendedKeyUsage = critical, OCSPSigning
|
||||
|
||||
[alt_names]
|
||||
DNS.1 = pr0xy-dmz.n3tw3rk.1ns3cur1ty.c0rp
|
||||
DNS.2 = pr0xy-dmz
|
||||
IP.1 =
|
||||
|
|
@ -0,0 +1,128 @@
|
|||
[ca]
|
||||
default_ca = CA_Intermediate
|
||||
|
||||
[CA_Intermediate]
|
||||
unique_subject = no
|
||||
dir = config/ssl/intermediate
|
||||
certs = $dir/certs
|
||||
crl_dir = $dir/crl
|
||||
new_certs_dir = $dir/newcerts
|
||||
database = $dir/index.txt
|
||||
serial = $dir/serial
|
||||
RANDFILE = $dir/private/.rand
|
||||
private_key = $dir/private/1nt3rm3d14t3.n3tw3rk.1ns3cur1ty.c0rp.ed25519.key
|
||||
certificate = $dir/certs/1nt3rm3d14t3.n3tw3rk.1ns3cur1ty.c0rp.ed25519.crt
|
||||
crlnumber = $dir/crlnumber
|
||||
crl = $dir/crl/1nt3rm3d14t3.n3tw3rk.1ns3cur1ty.c0rp.ed25519.crl
|
||||
crl_extensions = crl_ext
|
||||
default_crl_days = 3650
|
||||
default_md = sha512
|
||||
name_opt = ca_default
|
||||
cert_opt = ca_default
|
||||
default_days = 825
|
||||
preserve = no
|
||||
policy = policy_loose
|
||||
|
||||
|
||||
[CA_default]
|
||||
dir = config/ssl/ca
|
||||
certs = $dir/certs
|
||||
crl_dir = $dir/crl
|
||||
new_certs_dir = $dir/newcerts
|
||||
database = $dir/index.txt
|
||||
serial = $dir/serial
|
||||
RANDFILE = $dir/private/.rand
|
||||
private_key = $dir/private/c4.n3tw3rk.1ns3cur1ty.c0rp.ed25519.key
|
||||
certificate = $dir/certs/c4.n3tw3rk.1ns3cur1ty.c0rp.ed25519.crt
|
||||
crlnumber = $dir/crlnumber
|
||||
crl = $dir/crl/c4.n3tw3rk.1ns3cur1ty.c0rp.ed25519.crl
|
||||
crl_extensions = crl_ext
|
||||
default_crl_days = 3650
|
||||
default_md = sha512
|
||||
name_opt = ca_default
|
||||
cert_opt = ca_default
|
||||
default_days = 825
|
||||
preserve = no
|
||||
policy = policy_strict
|
||||
|
||||
[policy_strict]
|
||||
countryName = match
|
||||
stateOrProvinceName = match
|
||||
organizationName = match
|
||||
organizationalUnitName = optional
|
||||
commonName = supplied
|
||||
emailAddress = optional
|
||||
|
||||
[policy_loose]
|
||||
countryName = optional
|
||||
stateOrProvinceName = optional
|
||||
localityName = optional
|
||||
organizationName = optional
|
||||
organizationalUnitName = optional
|
||||
commonName = supplied
|
||||
emailAddress = optional
|
||||
|
||||
[req]
|
||||
prompt = no
|
||||
default_bits = 4096
|
||||
distinguished_name = req_distinguished_name
|
||||
string_mask = utf8only
|
||||
default_md = sha512
|
||||
x509_extensions = v3_ca
|
||||
|
||||
[req_distinguished_name]
|
||||
countryName = XY
|
||||
stateOrProvinceName = Nowhere
|
||||
localityName = Village
|
||||
0.organizationName = n3tw3rk
|
||||
organizationalUnitName = c3rt1f1c4t3 4uth0r1ty
|
||||
commonName = s3rv1c3z.n3tw3rk.1ns3cur1ty.c0rp
|
||||
emailAddress = commodus@n3tw3rk.1ns3cur1ty.c0rp
|
||||
|
||||
[v3_ca]
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid:always,issuer
|
||||
basicConstraints = critical, CA:true
|
||||
keyUsage = critical, digitalSignature, cRLSign, keyCertSign
|
||||
|
||||
[v3_intermediate_ca]
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid:always,issuer
|
||||
basicConstraints = critical, CA:true, pathlen:0
|
||||
keyUsage = critical, digitalSignature, cRLSign, keyCertSign
|
||||
crlDistributionPoints = @crl_info
|
||||
authorityInfoAccess = @ocsp_info
|
||||
|
||||
[usr_cert]
|
||||
basicConstraints = CA:FALSE
|
||||
nsCertType = client, email
|
||||
nsComment = "n3tw3rk cl13nt c3rt1f1c4t3"
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid,issuer
|
||||
keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
|
||||
extendedKeyUsage = clientAuth, emailProtection
|
||||
|
||||
[server_cert]
|
||||
basicConstraints = CA:FALSE
|
||||
nsCertType = server
|
||||
nsComment = "n3tw3rk s3rv3r c3rt1f1c4t3"
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid,issuer:always
|
||||
keyUsage = critical, digitalSignature, keyEncipherment
|
||||
extendedKeyUsage = serverAuth
|
||||
|
||||
[crl_ext]
|
||||
authorityKeyIdentifier = keyid:always
|
||||
|
||||
[ocsp]
|
||||
basicConstraints = CA:FALSE
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid,issuer
|
||||
keyUsage = critical, digitalSignature
|
||||
extendedKeyUsage = critical, OCSPSigning
|
||||
|
||||
[alt_names]
|
||||
DNS.1 = s3rv1c3z.n3tw3rk.1ns3cur1ty.c0rp
|
||||
DNS.2 = s3rv1c3z
|
||||
IP.1 =
|
||||
|
||||
|
|
@ -0,0 +1,128 @@
|
|||
[ca]
|
||||
default_ca = CA_Intermediate
|
||||
|
||||
[CA_Intermediate]
|
||||
unique_subject = no
|
||||
dir = config/ssl/intermediate
|
||||
certs = $dir/certs
|
||||
crl_dir = $dir/crl
|
||||
new_certs_dir = $dir/newcerts
|
||||
database = $dir/index.txt
|
||||
serial = $dir/serial
|
||||
RANDFILE = $dir/private/.rand
|
||||
private_key = $dir/private/1nt3rm3d14t3.n3tw3rk.1ns3cur1ty.c0rp.ed448.key
|
||||
certificate = $dir/certs/1nt3rm3d14t3.n3tw3rk.1ns3cur1ty.c0rp.ed448.crt
|
||||
crlnumber = $dir/crlnumber
|
||||
crl = $dir/crl/1nt3rm3d14t3.n3tw3rk.1ns3cur1ty.c0rp.ed448.crl
|
||||
crl_extensions = crl_ext
|
||||
default_crl_days = 3650
|
||||
default_md = sha512
|
||||
name_opt = ca_default
|
||||
cert_opt = ca_default
|
||||
default_days = 825
|
||||
preserve = no
|
||||
policy = policy_loose
|
||||
|
||||
|
||||
[CA_default]
|
||||
dir = config/ssl/ca
|
||||
certs = $dir/certs
|
||||
crl_dir = $dir/crl
|
||||
new_certs_dir = $dir/newcerts
|
||||
database = $dir/index.txt
|
||||
serial = $dir/serial
|
||||
RANDFILE = $dir/private/.rand
|
||||
private_key = $dir/private/c4.n3tw3rk.1ns3cur1ty.c0rp.ed448.key
|
||||
certificate = $dir/certs/c4.n3tw3rk.1ns3cur1ty.c0rp.ed448.crt
|
||||
crlnumber = $dir/crlnumber
|
||||
crl = $dir/crl/c4.n3tw3rk.1ns3cur1ty.c0rp.ed448.crl
|
||||
crl_extensions = crl_ext
|
||||
default_crl_days = 3650
|
||||
default_md = sha512
|
||||
name_opt = ca_default
|
||||
cert_opt = ca_default
|
||||
default_days = 825
|
||||
preserve = no
|
||||
policy = policy_strict
|
||||
|
||||
[policy_strict]
|
||||
countryName = match
|
||||
stateOrProvinceName = match
|
||||
organizationName = match
|
||||
organizationalUnitName = optional
|
||||
commonName = supplied
|
||||
emailAddress = optional
|
||||
|
||||
[policy_loose]
|
||||
countryName = optional
|
||||
stateOrProvinceName = optional
|
||||
localityName = optional
|
||||
organizationName = optional
|
||||
organizationalUnitName = optional
|
||||
commonName = supplied
|
||||
emailAddress = optional
|
||||
|
||||
[req]
|
||||
prompt = no
|
||||
default_bits = 4096
|
||||
distinguished_name = req_distinguished_name
|
||||
string_mask = utf8only
|
||||
default_md = sha512
|
||||
x509_extensions = v3_ca
|
||||
|
||||
[req_distinguished_name]
|
||||
countryName = XY
|
||||
stateOrProvinceName = Nowhere
|
||||
localityName = Village
|
||||
0.organizationName = n3tw3rk
|
||||
organizationalUnitName = c3rt1f1c4t3 4uth0r1ty
|
||||
commonName = s3rv1c3z.n3tw3rk.1ns3cur1ty.c0rp
|
||||
emailAddress = commodus@n3tw3rk.1ns3cur1ty.c0rp
|
||||
|
||||
[v3_ca]
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid:always,issuer
|
||||
basicConstraints = critical, CA:true
|
||||
keyUsage = critical, digitalSignature, cRLSign, keyCertSign
|
||||
|
||||
[v3_intermediate_ca]
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid:always,issuer
|
||||
basicConstraints = critical, CA:true, pathlen:0
|
||||
keyUsage = critical, digitalSignature, cRLSign, keyCertSign
|
||||
crlDistributionPoints = @crl_info
|
||||
authorityInfoAccess = @ocsp_info
|
||||
|
||||
[usr_cert]
|
||||
basicConstraints = CA:FALSE
|
||||
nsCertType = client, email
|
||||
nsComment = "n3tw3rk cl13nt c3rt1f1c4t3"
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid,issuer
|
||||
keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
|
||||
extendedKeyUsage = clientAuth, emailProtection
|
||||
|
||||
[server_cert]
|
||||
basicConstraints = CA:FALSE
|
||||
nsCertType = server
|
||||
nsComment = "n3tw3rk s3rv3r c3rt1f1c4t3"
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid,issuer:always
|
||||
keyUsage = critical, digitalSignature, keyEncipherment
|
||||
extendedKeyUsage = serverAuth
|
||||
|
||||
[crl_ext]
|
||||
authorityKeyIdentifier = keyid:always
|
||||
|
||||
[ocsp]
|
||||
basicConstraints = CA:FALSE
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid,issuer
|
||||
keyUsage = critical, digitalSignature
|
||||
extendedKeyUsage = critical, OCSPSigning
|
||||
|
||||
[alt_names]
|
||||
DNS.1 = s3rv1c3z.n3tw3rk.1ns3cur1ty.c0rp
|
||||
DNS.2 = s3rv1c3z
|
||||
IP.1 =
|
||||
|
||||
|
|
@ -0,0 +1,127 @@
|
|||
[ca]
|
||||
default_ca = CA_Intermediate
|
||||
|
||||
[CA_Intermediate]
|
||||
unique_subject = no
|
||||
dir = config/ssl/intermediate
|
||||
certs = $dir/certs
|
||||
crl_dir = $dir/crl
|
||||
new_certs_dir = $dir/newcerts
|
||||
database = $dir/index.txt
|
||||
serial = $dir/serial
|
||||
RANDFILE = $dir/private/.rand
|
||||
private_key = $dir/private/1nt3rm3d14t3.n3tw3rk.1ns3cur1ty.c0rp.key
|
||||
certificate = $dir/certs/1nt3rm3d14t3.n3tw3rk.1ns3cur1ty.c0rp.crt
|
||||
crlnumber = $dir/crlnumber
|
||||
crl = $dir/crl/1nt3rm3d14t3.n3tw3rk.1ns3cur1ty.c0rp.crl
|
||||
crl_extensions = crl_ext
|
||||
default_crl_days = 3650
|
||||
default_md = sha512
|
||||
name_opt = ca_default
|
||||
cert_opt = ca_default
|
||||
default_days = 825
|
||||
preserve = no
|
||||
policy = policy_loose
|
||||
|
||||
|
||||
[CA_default]
|
||||
dir = config/ssl/ca
|
||||
certs = $dir/certs
|
||||
crl_dir = $dir/crl
|
||||
new_certs_dir = $dir/newcerts
|
||||
database = $dir/index.txt
|
||||
serial = $dir/serial
|
||||
RANDFILE = $dir/private/.rand
|
||||
private_key = $dir/private/c4.n3tw3rk.1ns3cur1ty.c0rp.key
|
||||
certificate = $dir/certs/c4.n3tw3rk.1ns3cur1ty.c0rp.crt
|
||||
crlnumber = $dir/crlnumber
|
||||
crl = $dir/crl/c4.n3tw3rk.1ns3cur1ty.c0rp.crl
|
||||
crl_extensions = crl_ext
|
||||
default_crl_days = 3650
|
||||
default_md = sha512
|
||||
name_opt = ca_default
|
||||
cert_opt = ca_default
|
||||
default_days = 825
|
||||
preserve = no
|
||||
policy = policy_strict
|
||||
|
||||
[policy_strict]
|
||||
countryName = match
|
||||
stateOrProvinceName = match
|
||||
organizationName = match
|
||||
organizationalUnitName = optional
|
||||
commonName = supplied
|
||||
emailAddress = optional
|
||||
|
||||
[policy_loose]
|
||||
countryName = optional
|
||||
stateOrProvinceName = optional
|
||||
localityName = optional
|
||||
organizationName = optional
|
||||
organizationalUnitName = optional
|
||||
commonName = supplied
|
||||
emailAddress = optional
|
||||
|
||||
[req]
|
||||
prompt = no
|
||||
default_bits = 4096
|
||||
distinguished_name = req_distinguished_name
|
||||
string_mask = utf8only
|
||||
default_md = sha512
|
||||
x509_extensions = v3_ca
|
||||
|
||||
[req_distinguished_name]
|
||||
countryName = XY
|
||||
stateOrProvinceName = Nowhere
|
||||
localityName = Village
|
||||
0.organizationName = n3tw3rk
|
||||
organizationalUnitName = c3rt1f1c4t3 4uth0r1ty
|
||||
commonName = _.n3tw3rk.1ns3cur1ty.c0rp
|
||||
emailAddress = commodus@n3tw3rk.1ns3cur1ty.c0rp
|
||||
|
||||
[v3_ca]
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid:always,issuer
|
||||
basicConstraints = critical, CA:true
|
||||
keyUsage = critical, digitalSignature, cRLSign, keyCertSign
|
||||
|
||||
[v3_intermediate_ca]
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid:always,issuer
|
||||
basicConstraints = critical, CA:true, pathlen:0
|
||||
keyUsage = critical, digitalSignature, cRLSign, keyCertSign
|
||||
crlDistributionPoints = @crl_info
|
||||
authorityInfoAccess = @ocsp_info
|
||||
|
||||
[usr_cert]
|
||||
basicConstraints = CA:FALSE
|
||||
nsCertType = client, email
|
||||
nsComment = "n3tw3rk cl13nt c3rt1f1c4t3"
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid,issuer
|
||||
keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
|
||||
extendedKeyUsage = clientAuth, emailProtection
|
||||
|
||||
[server_cert]
|
||||
basicConstraints = CA:FALSE
|
||||
nsCertType = server
|
||||
nsComment = "n3tw3rk s3rv3r c3rt1f1c4t3"
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid,issuer:always
|
||||
keyUsage = critical, digitalSignature, keyEncipherment
|
||||
extendedKeyUsage = serverAuth
|
||||
|
||||
[crl_ext]
|
||||
authorityKeyIdentifier = keyid:always
|
||||
|
||||
[ocsp]
|
||||
basicConstraints = CA:FALSE
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid,issuer
|
||||
keyUsage = critical, digitalSignature
|
||||
extendedKeyUsage = critical, OCSPSigning
|
||||
|
||||
[alt_names]
|
||||
DNS.1 = _.n3tw3rk.1ns3cur1ty.c0rp
|
||||
DNS.2 = _
|
||||
IP.1 =
|
||||
|
|
@ -0,0 +1,128 @@
|
|||
[ca]
|
||||
default_ca = CA_Intermediate
|
||||
|
||||
[CA_Intermediate]
|
||||
unique_subject = no
|
||||
dir = config/ssl/intermediate
|
||||
certs = $dir/certs
|
||||
crl_dir = $dir/crl
|
||||
new_certs_dir = $dir/newcerts
|
||||
database = $dir/index.txt
|
||||
serial = $dir/serial
|
||||
RANDFILE = $dir/private/.rand
|
||||
private_key = $dir/private/1nt3rm3d14t3.n3tw3rk.1ns3cur1ty.c0rp.ed25519.key
|
||||
certificate = $dir/certs/1nt3rm3d14t3.n3tw3rk.1ns3cur1ty.c0rp.ed25519.crt
|
||||
crlnumber = $dir/crlnumber
|
||||
crl = $dir/crl/1nt3rm3d14t3.n3tw3rk.1ns3cur1ty.c0rp.ed25519.crl
|
||||
crl_extensions = crl_ext
|
||||
default_crl_days = 3650
|
||||
default_md = sha512
|
||||
name_opt = ca_default
|
||||
cert_opt = ca_default
|
||||
default_days = 825
|
||||
preserve = no
|
||||
policy = policy_loose
|
||||
|
||||
|
||||
[CA_default]
|
||||
dir = config/ssl/ca
|
||||
certs = $dir/certs
|
||||
crl_dir = $dir/crl
|
||||
new_certs_dir = $dir/newcerts
|
||||
database = $dir/index.txt
|
||||
serial = $dir/serial
|
||||
RANDFILE = $dir/private/.rand
|
||||
private_key = $dir/private/c4.n3tw3rk.1ns3cur1ty.c0rp.ed25519.key
|
||||
certificate = $dir/certs/c4.n3tw3rk.1ns3cur1ty.c0rp.ed25519.crt
|
||||
crlnumber = $dir/crlnumber
|
||||
crl = $dir/crl/c4.n3tw3rk.1ns3cur1ty.c0rp.ed25519.crl
|
||||
crl_extensions = crl_ext
|
||||
default_crl_days = 3650
|
||||
default_md = sha512
|
||||
name_opt = ca_default
|
||||
cert_opt = ca_default
|
||||
default_days = 825
|
||||
preserve = no
|
||||
policy = policy_strict
|
||||
|
||||
[policy_strict]
|
||||
countryName = match
|
||||
stateOrProvinceName = match
|
||||
organizationName = match
|
||||
organizationalUnitName = optional
|
||||
commonName = supplied
|
||||
emailAddress = optional
|
||||
|
||||
[policy_loose]
|
||||
countryName = optional
|
||||
stateOrProvinceName = optional
|
||||
localityName = optional
|
||||
organizationName = optional
|
||||
organizationalUnitName = optional
|
||||
commonName = supplied
|
||||
emailAddress = optional
|
||||
|
||||
[req]
|
||||
prompt = no
|
||||
default_bits = 4096
|
||||
distinguished_name = req_distinguished_name
|
||||
string_mask = utf8only
|
||||
default_md = sha512
|
||||
x509_extensions = v3_ca
|
||||
|
||||
[req_distinguished_name]
|
||||
countryName = XY
|
||||
stateOrProvinceName = Nowhere
|
||||
localityName = Village
|
||||
0.organizationName = n3tw3rk
|
||||
organizationalUnitName = c3rt1f1c4t3 4uth0r1ty
|
||||
commonName = t0r-3dg3.n3tw3rk.1ns3cur1ty.c0rp
|
||||
emailAddress = commodus@n3tw3rk.1ns3cur1ty.c0rp
|
||||
|
||||
[v3_ca]
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid:always,issuer
|
||||
basicConstraints = critical, CA:true
|
||||
keyUsage = critical, digitalSignature, cRLSign, keyCertSign
|
||||
|
||||
[v3_intermediate_ca]
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid:always,issuer
|
||||
basicConstraints = critical, CA:true, pathlen:0
|
||||
keyUsage = critical, digitalSignature, cRLSign, keyCertSign
|
||||
crlDistributionPoints = @crl_info
|
||||
authorityInfoAccess = @ocsp_info
|
||||
|
||||
[usr_cert]
|
||||
basicConstraints = CA:FALSE
|
||||
nsCertType = client, email
|
||||
nsComment = "n3tw3rk cl13nt c3rt1f1c4t3"
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid,issuer
|
||||
keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
|
||||
extendedKeyUsage = clientAuth, emailProtection
|
||||
|
||||
[server_cert]
|
||||
basicConstraints = CA:FALSE
|
||||
nsCertType = server
|
||||
nsComment = "n3tw3rk s3rv3r c3rt1f1c4t3"
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid,issuer:always
|
||||
keyUsage = critical, digitalSignature, keyEncipherment
|
||||
extendedKeyUsage = serverAuth
|
||||
|
||||
[crl_ext]
|
||||
authorityKeyIdentifier = keyid:always
|
||||
|
||||
[ocsp]
|
||||
basicConstraints = CA:FALSE
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid,issuer
|
||||
keyUsage = critical, digitalSignature
|
||||
extendedKeyUsage = critical, OCSPSigning
|
||||
|
||||
[alt_names]
|
||||
DNS.1 = t0r-3dg3.n3tw3rk.1ns3cur1ty.c0rp
|
||||
DNS.2 = t0r-3dg3
|
||||
IP.1 =
|
||||
|
||||
|
|
@ -0,0 +1,128 @@
|
|||
[ca]
|
||||
default_ca = CA_Intermediate
|
||||
|
||||
[CA_Intermediate]
|
||||
unique_subject = no
|
||||
dir = config/ssl/intermediate
|
||||
certs = $dir/certs
|
||||
crl_dir = $dir/crl
|
||||
new_certs_dir = $dir/newcerts
|
||||
database = $dir/index.txt
|
||||
serial = $dir/serial
|
||||
RANDFILE = $dir/private/.rand
|
||||
private_key = $dir/private/1nt3rm3d14t3.n3tw3rk.1ns3cur1ty.c0rp.ed448.key
|
||||
certificate = $dir/certs/1nt3rm3d14t3.n3tw3rk.1ns3cur1ty.c0rp.ed448.crt
|
||||
crlnumber = $dir/crlnumber
|
||||
crl = $dir/crl/1nt3rm3d14t3.n3tw3rk.1ns3cur1ty.c0rp.ed448.crl
|
||||
crl_extensions = crl_ext
|
||||
default_crl_days = 3650
|
||||
default_md = sha512
|
||||
name_opt = ca_default
|
||||
cert_opt = ca_default
|
||||
default_days = 825
|
||||
preserve = no
|
||||
policy = policy_loose
|
||||
|
||||
|
||||
[CA_default]
|
||||
dir = config/ssl/ca
|
||||
certs = $dir/certs
|
||||
crl_dir = $dir/crl
|
||||
new_certs_dir = $dir/newcerts
|
||||
database = $dir/index.txt
|
||||
serial = $dir/serial
|
||||
RANDFILE = $dir/private/.rand
|
||||
private_key = $dir/private/c4.n3tw3rk.1ns3cur1ty.c0rp.ed448.key
|
||||
certificate = $dir/certs/c4.n3tw3rk.1ns3cur1ty.c0rp.ed448.crt
|
||||
crlnumber = $dir/crlnumber
|
||||
crl = $dir/crl/c4.n3tw3rk.1ns3cur1ty.c0rp.ed448.crl
|
||||
crl_extensions = crl_ext
|
||||
default_crl_days = 3650
|
||||
default_md = sha512
|
||||
name_opt = ca_default
|
||||
cert_opt = ca_default
|
||||
default_days = 825
|
||||
preserve = no
|
||||
policy = policy_strict
|
||||
|
||||
[policy_strict]
|
||||
countryName = match
|
||||
stateOrProvinceName = match
|
||||
organizationName = match
|
||||
organizationalUnitName = optional
|
||||
commonName = supplied
|
||||
emailAddress = optional
|
||||
|
||||
[policy_loose]
|
||||
countryName = optional
|
||||
stateOrProvinceName = optional
|
||||
localityName = optional
|
||||
organizationName = optional
|
||||
organizationalUnitName = optional
|
||||
commonName = supplied
|
||||
emailAddress = optional
|
||||
|
||||
[req]
|
||||
prompt = no
|
||||
default_bits = 4096
|
||||
distinguished_name = req_distinguished_name
|
||||
string_mask = utf8only
|
||||
default_md = sha512
|
||||
x509_extensions = v3_ca
|
||||
|
||||
[req_distinguished_name]
|
||||
countryName = XY
|
||||
stateOrProvinceName = Nowhere
|
||||
localityName = Village
|
||||
0.organizationName = n3tw3rk
|
||||
organizationalUnitName = c3rt1f1c4t3 4uth0r1ty
|
||||
commonName = _.n3tw3rk.1ns3cur1ty.c0rp
|
||||
emailAddress = commodus@n3tw3rk.1ns3cur1ty.c0rp
|
||||
|
||||
[v3_ca]
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid:always,issuer
|
||||
basicConstraints = critical, CA:true
|
||||
keyUsage = critical, digitalSignature, cRLSign, keyCertSign
|
||||
|
||||
[v3_intermediate_ca]
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid:always,issuer
|
||||
basicConstraints = critical, CA:true, pathlen:0
|
||||
keyUsage = critical, digitalSignature, cRLSign, keyCertSign
|
||||
crlDistributionPoints = @crl_info
|
||||
authorityInfoAccess = @ocsp_info
|
||||
|
||||
[usr_cert]
|
||||
basicConstraints = CA:FALSE
|
||||
nsCertType = client, email
|
||||
nsComment = "n3tw3rk cl13nt c3rt1f1c4t3"
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid,issuer
|
||||
keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
|
||||
extendedKeyUsage = clientAuth, emailProtection
|
||||
|
||||
[server_cert]
|
||||
basicConstraints = CA:FALSE
|
||||
nsCertType = server
|
||||
nsComment = "n3tw3rk s3rv3r c3rt1f1c4t3"
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid,issuer:always
|
||||
keyUsage = critical, digitalSignature, keyEncipherment
|
||||
extendedKeyUsage = serverAuth
|
||||
|
||||
[crl_ext]
|
||||
authorityKeyIdentifier = keyid:always
|
||||
|
||||
[ocsp]
|
||||
basicConstraints = CA:FALSE
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid,issuer
|
||||
keyUsage = critical, digitalSignature
|
||||
extendedKeyUsage = critical, OCSPSigning
|
||||
|
||||
[alt_names]
|
||||
DNS.1 = _.n3tw3rk.1ns3cur1ty.c0rp
|
||||
DNS.2 = _
|
||||
IP.1 =
|
||||
|
||||
|
|
@ -0,0 +1,127 @@
|
|||
[ca]
|
||||
default_ca = CA_Intermediate
|
||||
|
||||
[CA_Intermediate]
|
||||
unique_subject = no
|
||||
dir = config/ssl/intermediate
|
||||
certs = $dir/certs
|
||||
crl_dir = $dir/crl
|
||||
new_certs_dir = $dir/newcerts
|
||||
database = $dir/index.txt
|
||||
serial = $dir/serial
|
||||
RANDFILE = $dir/private/.rand
|
||||
private_key = $dir/private/1nt3rm3d14t3.n3tw3rk.1ns3cur1ty.c0rp.key
|
||||
certificate = $dir/certs/1nt3rm3d14t3.n3tw3rk.1ns3cur1ty.c0rp.crt
|
||||
crlnumber = $dir/crlnumber
|
||||
crl = $dir/crl/1nt3rm3d14t3.n3tw3rk.1ns3cur1ty.c0rp.crl
|
||||
crl_extensions = crl_ext
|
||||
default_crl_days = 3650
|
||||
default_md = sha512
|
||||
name_opt = ca_default
|
||||
cert_opt = ca_default
|
||||
default_days = 825
|
||||
preserve = no
|
||||
policy = policy_loose
|
||||
|
||||
|
||||
[CA_default]
|
||||
dir = config/ssl/ca
|
||||
certs = $dir/certs
|
||||
crl_dir = $dir/crl
|
||||
new_certs_dir = $dir/newcerts
|
||||
database = $dir/index.txt
|
||||
serial = $dir/serial
|
||||
RANDFILE = $dir/private/.rand
|
||||
private_key = $dir/private/c4.n3tw3rk.1ns3cur1ty.c0rp.key
|
||||
certificate = $dir/certs/c4.n3tw3rk.1ns3cur1ty.c0rp.crt
|
||||
crlnumber = $dir/crlnumber
|
||||
crl = $dir/crl/c4.n3tw3rk.1ns3cur1ty.c0rp.crl
|
||||
crl_extensions = crl_ext
|
||||
default_crl_days = 3650
|
||||
default_md = sha512
|
||||
name_opt = ca_default
|
||||
cert_opt = ca_default
|
||||
default_days = 825
|
||||
preserve = no
|
||||
policy = policy_strict
|
||||
|
||||
[policy_strict]
|
||||
countryName = match
|
||||
stateOrProvinceName = match
|
||||
organizationName = match
|
||||
organizationalUnitName = optional
|
||||
commonName = supplied
|
||||
emailAddress = optional
|
||||
|
||||
[policy_loose]
|
||||
countryName = optional
|
||||
stateOrProvinceName = optional
|
||||
localityName = optional
|
||||
organizationName = optional
|
||||
organizationalUnitName = optional
|
||||
commonName = supplied
|
||||
emailAddress = optional
|
||||
|
||||
[req]
|
||||
prompt = no
|
||||
default_bits = 4096
|
||||
distinguished_name = req_distinguished_name
|
||||
string_mask = utf8only
|
||||
default_md = sha512
|
||||
x509_extensions = v3_ca
|
||||
|
||||
[req_distinguished_name]
|
||||
countryName = XY
|
||||
stateOrProvinceName = Nowhere
|
||||
localityName = Village
|
||||
0.organizationName = n3tw3rk
|
||||
organizationalUnitName = c3rt1f1c4t3 4uth0r1ty
|
||||
commonName = t0r-3dg3.n3tw3rk.1ns3cur1ty.c0rp
|
||||
emailAddress = commodus@n3tw3rk.1ns3cur1ty.c0rp
|
||||
|
||||
[v3_ca]
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid:always,issuer
|
||||
basicConstraints = critical, CA:true
|
||||
keyUsage = critical, digitalSignature, cRLSign, keyCertSign
|
||||
|
||||
[v3_intermediate_ca]
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid:always,issuer
|
||||
basicConstraints = critical, CA:true, pathlen:0
|
||||
keyUsage = critical, digitalSignature, cRLSign, keyCertSign
|
||||
crlDistributionPoints = @crl_info
|
||||
authorityInfoAccess = @ocsp_info
|
||||
|
||||
[usr_cert]
|
||||
basicConstraints = CA:FALSE
|
||||
nsCertType = client, email
|
||||
nsComment = "n3tw3rk cl13nt c3rt1f1c4t3"
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid,issuer
|
||||
keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
|
||||
extendedKeyUsage = clientAuth, emailProtection
|
||||
|
||||
[server_cert]
|
||||
basicConstraints = CA:FALSE
|
||||
nsCertType = server
|
||||
nsComment = "n3tw3rk s3rv3r c3rt1f1c4t3"
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid,issuer:always
|
||||
keyUsage = critical, digitalSignature, keyEncipherment
|
||||
extendedKeyUsage = serverAuth
|
||||
|
||||
[crl_ext]
|
||||
authorityKeyIdentifier = keyid:always
|
||||
|
||||
[ocsp]
|
||||
basicConstraints = CA:FALSE
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid,issuer
|
||||
keyUsage = critical, digitalSignature
|
||||
extendedKeyUsage = critical, OCSPSigning
|
||||
|
||||
[alt_names]
|
||||
DNS.1 = t0r-3dg3.n3tw3rk.1ns3cur1ty.c0rp
|
||||
DNS.2 = t0r-3dg3
|
||||
IP.1 =
|
||||
|
|
@ -0,0 +1,128 @@
|
|||
[ca]
|
||||
default_ca = CA_Intermediate
|
||||
|
||||
[CA_Intermediate]
|
||||
unique_subject = no
|
||||
dir = config/ssl/intermediate
|
||||
certs = $dir/certs
|
||||
crl_dir = $dir/crl
|
||||
new_certs_dir = $dir/newcerts
|
||||
database = $dir/index.txt
|
||||
serial = $dir/serial
|
||||
RANDFILE = $dir/private/.rand
|
||||
private_key = $dir/private/1nt3rm3d14t3.n3tw3rk.1ns3cur1ty.c0rp.ed25519.key
|
||||
certificate = $dir/certs/1nt3rm3d14t3.n3tw3rk.1ns3cur1ty.c0rp.ed25519.crt
|
||||
crlnumber = $dir/crlnumber
|
||||
crl = $dir/crl/1nt3rm3d14t3.n3tw3rk.1ns3cur1ty.c0rp.ed25519.crl
|
||||
crl_extensions = crl_ext
|
||||
default_crl_days = 3650
|
||||
default_md = sha512
|
||||
name_opt = ca_default
|
||||
cert_opt = ca_default
|
||||
default_days = 825
|
||||
preserve = no
|
||||
policy = policy_loose
|
||||
|
||||
|
||||
[CA_default]
|
||||
dir = config/ssl/ca
|
||||
certs = $dir/certs
|
||||
crl_dir = $dir/crl
|
||||
new_certs_dir = $dir/newcerts
|
||||
database = $dir/index.txt
|
||||
serial = $dir/serial
|
||||
RANDFILE = $dir/private/.rand
|
||||
private_key = $dir/private/c4.n3tw3rk.1ns3cur1ty.c0rp.ed25519.key
|
||||
certificate = $dir/certs/c4.n3tw3rk.1ns3cur1ty.c0rp.ed25519.crt
|
||||
crlnumber = $dir/crlnumber
|
||||
crl = $dir/crl/c4.n3tw3rk.1ns3cur1ty.c0rp.ed25519.crl
|
||||
crl_extensions = crl_ext
|
||||
default_crl_days = 3650
|
||||
default_md = sha512
|
||||
name_opt = ca_default
|
||||
cert_opt = ca_default
|
||||
default_days = 825
|
||||
preserve = no
|
||||
policy = policy_strict
|
||||
|
||||
[policy_strict]
|
||||
countryName = match
|
||||
stateOrProvinceName = match
|
||||
organizationName = match
|
||||
organizationalUnitName = optional
|
||||
commonName = supplied
|
||||
emailAddress = optional
|
||||
|
||||
[policy_loose]
|
||||
countryName = optional
|
||||
stateOrProvinceName = optional
|
||||
localityName = optional
|
||||
organizationName = optional
|
||||
organizationalUnitName = optional
|
||||
commonName = supplied
|
||||
emailAddress = optional
|
||||
|
||||
[req]
|
||||
prompt = no
|
||||
default_bits = 4096
|
||||
distinguished_name = req_distinguished_name
|
||||
string_mask = utf8only
|
||||
default_md = sha512
|
||||
x509_extensions = v3_ca
|
||||
|
||||
[req_distinguished_name]
|
||||
countryName = XY
|
||||
stateOrProvinceName = Nowhere
|
||||
localityName = Village
|
||||
0.organizationName = n3tw3rk
|
||||
organizationalUnitName = c3rt1f1c4t3 4uth0r1ty
|
||||
commonName = t0r-dmz.n3tw3rk.1ns3cur1ty.c0rp
|
||||
emailAddress = commodus@n3tw3rk.1ns3cur1ty.c0rp
|
||||
|
||||
[v3_ca]
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid:always,issuer
|
||||
basicConstraints = critical, CA:true
|
||||
keyUsage = critical, digitalSignature, cRLSign, keyCertSign
|
||||
|
||||
[v3_intermediate_ca]
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid:always,issuer
|
||||
basicConstraints = critical, CA:true, pathlen:0
|
||||
keyUsage = critical, digitalSignature, cRLSign, keyCertSign
|
||||
crlDistributionPoints = @crl_info
|
||||
authorityInfoAccess = @ocsp_info
|
||||
|
||||
[usr_cert]
|
||||
basicConstraints = CA:FALSE
|
||||
nsCertType = client, email
|
||||
nsComment = "n3tw3rk cl13nt c3rt1f1c4t3"
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid,issuer
|
||||
keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
|
||||
extendedKeyUsage = clientAuth, emailProtection
|
||||
|
||||
[server_cert]
|
||||
basicConstraints = CA:FALSE
|
||||
nsCertType = server
|
||||
nsComment = "n3tw3rk s3rv3r c3rt1f1c4t3"
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid,issuer:always
|
||||
keyUsage = critical, digitalSignature, keyEncipherment
|
||||
extendedKeyUsage = serverAuth
|
||||
|
||||
[crl_ext]
|
||||
authorityKeyIdentifier = keyid:always
|
||||
|
||||
[ocsp]
|
||||
basicConstraints = CA:FALSE
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid,issuer
|
||||
keyUsage = critical, digitalSignature
|
||||
extendedKeyUsage = critical, OCSPSigning
|
||||
|
||||
[alt_names]
|
||||
DNS.1 = t0r-dmz.n3tw3rk.1ns3cur1ty.c0rp
|
||||
DNS.2 = t0r-dmz
|
||||
IP.1 =
|
||||
|
||||
|
|
@ -0,0 +1,128 @@
|
|||
[ca]
|
||||
default_ca = CA_Intermediate
|
||||
|
||||
[CA_Intermediate]
|
||||
unique_subject = no
|
||||
dir = config/ssl/intermediate
|
||||
certs = $dir/certs
|
||||
crl_dir = $dir/crl
|
||||
new_certs_dir = $dir/newcerts
|
||||
database = $dir/index.txt
|
||||
serial = $dir/serial
|
||||
RANDFILE = $dir/private/.rand
|
||||
private_key = $dir/private/1nt3rm3d14t3.n3tw3rk.1ns3cur1ty.c0rp.ed448.key
|
||||
certificate = $dir/certs/1nt3rm3d14t3.n3tw3rk.1ns3cur1ty.c0rp.ed448.crt
|
||||
crlnumber = $dir/crlnumber
|
||||
crl = $dir/crl/1nt3rm3d14t3.n3tw3rk.1ns3cur1ty.c0rp.ed448.crl
|
||||
crl_extensions = crl_ext
|
||||
default_crl_days = 3650
|
||||
default_md = sha512
|
||||
name_opt = ca_default
|
||||
cert_opt = ca_default
|
||||
default_days = 825
|
||||
preserve = no
|
||||
policy = policy_loose
|
||||
|
||||
|
||||
[CA_default]
|
||||
dir = config/ssl/ca
|
||||
certs = $dir/certs
|
||||
crl_dir = $dir/crl
|
||||
new_certs_dir = $dir/newcerts
|
||||
database = $dir/index.txt
|
||||
serial = $dir/serial
|
||||
RANDFILE = $dir/private/.rand
|
||||
private_key = $dir/private/c4.n3tw3rk.1ns3cur1ty.c0rp.ed448.key
|
||||
certificate = $dir/certs/c4.n3tw3rk.1ns3cur1ty.c0rp.ed448.crt
|
||||
crlnumber = $dir/crlnumber
|
||||
crl = $dir/crl/c4.n3tw3rk.1ns3cur1ty.c0rp.ed448.crl
|
||||
crl_extensions = crl_ext
|
||||
default_crl_days = 3650
|
||||
default_md = sha512
|
||||
name_opt = ca_default
|
||||
cert_opt = ca_default
|
||||
default_days = 825
|
||||
preserve = no
|
||||
policy = policy_strict
|
||||
|
||||
[policy_strict]
|
||||
countryName = match
|
||||
stateOrProvinceName = match
|
||||
organizationName = match
|
||||
organizationalUnitName = optional
|
||||
commonName = supplied
|
||||
emailAddress = optional
|
||||
|
||||
[policy_loose]
|
||||
countryName = optional
|
||||
stateOrProvinceName = optional
|
||||
localityName = optional
|
||||
organizationName = optional
|
||||
organizationalUnitName = optional
|
||||
commonName = supplied
|
||||
emailAddress = optional
|
||||
|
||||
[req]
|
||||
prompt = no
|
||||
default_bits = 4096
|
||||
distinguished_name = req_distinguished_name
|
||||
string_mask = utf8only
|
||||
default_md = sha512
|
||||
x509_extensions = v3_ca
|
||||
|
||||
[req_distinguished_name]
|
||||
countryName = XY
|
||||
stateOrProvinceName = Nowhere
|
||||
localityName = Village
|
||||
0.organizationName = n3tw3rk
|
||||
organizationalUnitName = c3rt1f1c4t3 4uth0r1ty
|
||||
commonName = t0r-dmz.n3tw3rk.1ns3cur1ty.c0rp
|
||||
emailAddress = commodus@n3tw3rk.1ns3cur1ty.c0rp
|
||||
|
||||
[v3_ca]
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid:always,issuer
|
||||
basicConstraints = critical, CA:true
|
||||
keyUsage = critical, digitalSignature, cRLSign, keyCertSign
|
||||
|
||||
[v3_intermediate_ca]
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid:always,issuer
|
||||
basicConstraints = critical, CA:true, pathlen:0
|
||||
keyUsage = critical, digitalSignature, cRLSign, keyCertSign
|
||||
crlDistributionPoints = @crl_info
|
||||
authorityInfoAccess = @ocsp_info
|
||||
|
||||
[usr_cert]
|
||||
basicConstraints = CA:FALSE
|
||||
nsCertType = client, email
|
||||
nsComment = "n3tw3rk cl13nt c3rt1f1c4t3"
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid,issuer
|
||||
keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
|
||||
extendedKeyUsage = clientAuth, emailProtection
|
||||
|
||||
[server_cert]
|
||||
basicConstraints = CA:FALSE
|
||||
nsCertType = server
|
||||
nsComment = "n3tw3rk s3rv3r c3rt1f1c4t3"
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid,issuer:always
|
||||
keyUsage = critical, digitalSignature, keyEncipherment
|
||||
extendedKeyUsage = serverAuth
|
||||
|
||||
[crl_ext]
|
||||
authorityKeyIdentifier = keyid:always
|
||||
|
||||
[ocsp]
|
||||
basicConstraints = CA:FALSE
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid,issuer
|
||||
keyUsage = critical, digitalSignature
|
||||
extendedKeyUsage = critical, OCSPSigning
|
||||
|
||||
[alt_names]
|
||||
DNS.1 = t0r-dmz.n3tw3rk.1ns3cur1ty.c0rp
|
||||
DNS.2 = t0r-dmz
|
||||
IP.1 =
|
||||
|
||||
|
|
@ -0,0 +1,127 @@
|
|||
[ca]
|
||||
default_ca = CA_Intermediate
|
||||
|
||||
[CA_Intermediate]
|
||||
unique_subject = no
|
||||
dir = config/ssl/intermediate
|
||||
certs = $dir/certs
|
||||
crl_dir = $dir/crl
|
||||
new_certs_dir = $dir/newcerts
|
||||
database = $dir/index.txt
|
||||
serial = $dir/serial
|
||||
RANDFILE = $dir/private/.rand
|
||||
private_key = $dir/private/1nt3rm3d14t3.n3tw3rk.1ns3cur1ty.c0rp.key
|
||||
certificate = $dir/certs/1nt3rm3d14t3.n3tw3rk.1ns3cur1ty.c0rp.crt
|
||||
crlnumber = $dir/crlnumber
|
||||
crl = $dir/crl/1nt3rm3d14t3.n3tw3rk.1ns3cur1ty.c0rp.crl
|
||||
crl_extensions = crl_ext
|
||||
default_crl_days = 3650
|
||||
default_md = sha512
|
||||
name_opt = ca_default
|
||||
cert_opt = ca_default
|
||||
default_days = 825
|
||||
preserve = no
|
||||
policy = policy_loose
|
||||
|
||||
|
||||
[CA_default]
|
||||
dir = config/ssl/ca
|
||||
certs = $dir/certs
|
||||
crl_dir = $dir/crl
|
||||
new_certs_dir = $dir/newcerts
|
||||
database = $dir/index.txt
|
||||
serial = $dir/serial
|
||||
RANDFILE = $dir/private/.rand
|
||||
private_key = $dir/private/c4.n3tw3rk.1ns3cur1ty.c0rp.key
|
||||
certificate = $dir/certs/c4.n3tw3rk.1ns3cur1ty.c0rp.crt
|
||||
crlnumber = $dir/crlnumber
|
||||
crl = $dir/crl/c4.n3tw3rk.1ns3cur1ty.c0rp.crl
|
||||
crl_extensions = crl_ext
|
||||
default_crl_days = 3650
|
||||
default_md = sha512
|
||||
name_opt = ca_default
|
||||
cert_opt = ca_default
|
||||
default_days = 825
|
||||
preserve = no
|
||||
policy = policy_strict
|
||||
|
||||
[policy_strict]
|
||||
countryName = match
|
||||
stateOrProvinceName = match
|
||||
organizationName = match
|
||||
organizationalUnitName = optional
|
||||
commonName = supplied
|
||||
emailAddress = optional
|
||||
|
||||
[policy_loose]
|
||||
countryName = optional
|
||||
stateOrProvinceName = optional
|
||||
localityName = optional
|
||||
organizationName = optional
|
||||
organizationalUnitName = optional
|
||||
commonName = supplied
|
||||
emailAddress = optional
|
||||
|
||||
[req]
|
||||
prompt = no
|
||||
default_bits = 4096
|
||||
distinguished_name = req_distinguished_name
|
||||
string_mask = utf8only
|
||||
default_md = sha512
|
||||
x509_extensions = v3_ca
|
||||
|
||||
[req_distinguished_name]
|
||||
countryName = XY
|
||||
stateOrProvinceName = Nowhere
|
||||
localityName = Village
|
||||
0.organizationName = n3tw3rk
|
||||
organizationalUnitName = c3rt1f1c4t3 4uth0r1ty
|
||||
commonName = t0r-dmz.n3tw3rk.1ns3cur1ty.c0rp
|
||||
emailAddress = commodus@n3tw3rk.1ns3cur1ty.c0rp
|
||||
|
||||
[v3_ca]
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid:always,issuer
|
||||
basicConstraints = critical, CA:true
|
||||
keyUsage = critical, digitalSignature, cRLSign, keyCertSign
|
||||
|
||||
[v3_intermediate_ca]
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid:always,issuer
|
||||
basicConstraints = critical, CA:true, pathlen:0
|
||||
keyUsage = critical, digitalSignature, cRLSign, keyCertSign
|
||||
crlDistributionPoints = @crl_info
|
||||
authorityInfoAccess = @ocsp_info
|
||||
|
||||
[usr_cert]
|
||||
basicConstraints = CA:FALSE
|
||||
nsCertType = client, email
|
||||
nsComment = "n3tw3rk cl13nt c3rt1f1c4t3"
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid,issuer
|
||||
keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
|
||||
extendedKeyUsage = clientAuth, emailProtection
|
||||
|
||||
[server_cert]
|
||||
basicConstraints = CA:FALSE
|
||||
nsCertType = server
|
||||
nsComment = "n3tw3rk s3rv3r c3rt1f1c4t3"
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid,issuer:always
|
||||
keyUsage = critical, digitalSignature, keyEncipherment
|
||||
extendedKeyUsage = serverAuth
|
||||
|
||||
[crl_ext]
|
||||
authorityKeyIdentifier = keyid:always
|
||||
|
||||
[ocsp]
|
||||
basicConstraints = CA:FALSE
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid,issuer
|
||||
keyUsage = critical, digitalSignature
|
||||
extendedKeyUsage = critical, OCSPSigning
|
||||
|
||||
[alt_names]
|
||||
DNS.1 = t0r-dmz.n3tw3rk.1ns3cur1ty.c0rp
|
||||
DNS.2 = t0r-dmz
|
||||
IP.1 =
|
||||
|
|
@ -0,0 +1,128 @@
|
|||
[ca]
|
||||
default_ca = CA_Intermediate
|
||||
|
||||
[CA_Intermediate]
|
||||
unique_subject = no
|
||||
dir = config/ssl/intermediate
|
||||
certs = $dir/certs
|
||||
crl_dir = $dir/crl
|
||||
new_certs_dir = $dir/newcerts
|
||||
database = $dir/index.txt
|
||||
serial = $dir/serial
|
||||
RANDFILE = $dir/private/.rand
|
||||
private_key = $dir/private/1nt3rm3d14t3.n3tw3rk.1ns3cur1ty.c0rp.ed25519.key
|
||||
certificate = $dir/certs/1nt3rm3d14t3.n3tw3rk.1ns3cur1ty.c0rp.ed25519.crt
|
||||
crlnumber = $dir/crlnumber
|
||||
crl = $dir/crl/1nt3rm3d14t3.n3tw3rk.1ns3cur1ty.c0rp.ed25519.crl
|
||||
crl_extensions = crl_ext
|
||||
default_crl_days = 3650
|
||||
default_md = sha512
|
||||
name_opt = ca_default
|
||||
cert_opt = ca_default
|
||||
default_days = 825
|
||||
preserve = no
|
||||
policy = policy_loose
|
||||
|
||||
|
||||
[CA_default]
|
||||
dir = config/ssl/ca
|
||||
certs = $dir/certs
|
||||
crl_dir = $dir/crl
|
||||
new_certs_dir = $dir/newcerts
|
||||
database = $dir/index.txt
|
||||
serial = $dir/serial
|
||||
RANDFILE = $dir/private/.rand
|
||||
private_key = $dir/private/c4.n3tw3rk.1ns3cur1ty.c0rp.ed25519.key
|
||||
certificate = $dir/certs/c4.n3tw3rk.1ns3cur1ty.c0rp.ed25519.crt
|
||||
crlnumber = $dir/crlnumber
|
||||
crl = $dir/crl/c4.n3tw3rk.1ns3cur1ty.c0rp.ed25519.crl
|
||||
crl_extensions = crl_ext
|
||||
default_crl_days = 3650
|
||||
default_md = sha512
|
||||
name_opt = ca_default
|
||||
cert_opt = ca_default
|
||||
default_days = 825
|
||||
preserve = no
|
||||
policy = policy_strict
|
||||
|
||||
[policy_strict]
|
||||
countryName = match
|
||||
stateOrProvinceName = match
|
||||
organizationName = match
|
||||
organizationalUnitName = optional
|
||||
commonName = supplied
|
||||
emailAddress = optional
|
||||
|
||||
[policy_loose]
|
||||
countryName = optional
|
||||
stateOrProvinceName = optional
|
||||
localityName = optional
|
||||
organizationName = optional
|
||||
organizationalUnitName = optional
|
||||
commonName = supplied
|
||||
emailAddress = optional
|
||||
|
||||
[req]
|
||||
prompt = no
|
||||
default_bits = 4096
|
||||
distinguished_name = req_distinguished_name
|
||||
string_mask = utf8only
|
||||
default_md = sha512
|
||||
x509_extensions = v3_ca
|
||||
|
||||
[req_distinguished_name]
|
||||
countryName = XY
|
||||
stateOrProvinceName = Nowhere
|
||||
localityName = Village
|
||||
0.organizationName = n3tw3rk
|
||||
organizationalUnitName = c3rt1f1c4t3 4uth0r1ty
|
||||
commonName = _.n3tw3rk.1ns3cur1ty.c0rp
|
||||
emailAddress = commodus@n3tw3rk.1ns3cur1ty.c0rp
|
||||
|
||||
[v3_ca]
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid:always,issuer
|
||||
basicConstraints = critical, CA:true
|
||||
keyUsage = critical, digitalSignature, cRLSign, keyCertSign
|
||||
|
||||
[v3_intermediate_ca]
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid:always,issuer
|
||||
basicConstraints = critical, CA:true, pathlen:0
|
||||
keyUsage = critical, digitalSignature, cRLSign, keyCertSign
|
||||
crlDistributionPoints = @crl_info
|
||||
authorityInfoAccess = @ocsp_info
|
||||
|
||||
[usr_cert]
|
||||
basicConstraints = CA:FALSE
|
||||
nsCertType = client, email
|
||||
nsComment = "n3tw3rk cl13nt c3rt1f1c4t3"
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid,issuer
|
||||
keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
|
||||
extendedKeyUsage = clientAuth, emailProtection
|
||||
|
||||
[server_cert]
|
||||
basicConstraints = CA:FALSE
|
||||
nsCertType = server
|
||||
nsComment = "n3tw3rk s3rv3r c3rt1f1c4t3"
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid,issuer:always
|
||||
keyUsage = critical, digitalSignature, keyEncipherment
|
||||
extendedKeyUsage = serverAuth
|
||||
|
||||
[crl_ext]
|
||||
authorityKeyIdentifier = keyid:always
|
||||
|
||||
[ocsp]
|
||||
basicConstraints = CA:FALSE
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid,issuer
|
||||
keyUsage = critical, digitalSignature
|
||||
extendedKeyUsage = critical, OCSPSigning
|
||||
|
||||
[alt_names]
|
||||
DNS.1 = _.n3tw3rk.1ns3cur1ty.c0rp
|
||||
DNS.2 = _
|
||||
IP.1 =
|
||||
|
||||
|
|
@ -0,0 +1,128 @@
|
|||
[ca]
|
||||
default_ca = CA_Intermediate
|
||||
|
||||
[CA_Intermediate]
|
||||
unique_subject = no
|
||||
dir = config/ssl/intermediate
|
||||
certs = $dir/certs
|
||||
crl_dir = $dir/crl
|
||||
new_certs_dir = $dir/newcerts
|
||||
database = $dir/index.txt
|
||||
serial = $dir/serial
|
||||
RANDFILE = $dir/private/.rand
|
||||
private_key = $dir/private/1nt3rm3d14t3.n3tw3rk.1ns3cur1ty.c0rp.ed448.key
|
||||
certificate = $dir/certs/1nt3rm3d14t3.n3tw3rk.1ns3cur1ty.c0rp.ed448.crt
|
||||
crlnumber = $dir/crlnumber
|
||||
crl = $dir/crl/1nt3rm3d14t3.n3tw3rk.1ns3cur1ty.c0rp.ed448.crl
|
||||
crl_extensions = crl_ext
|
||||
default_crl_days = 3650
|
||||
default_md = sha512
|
||||
name_opt = ca_default
|
||||
cert_opt = ca_default
|
||||
default_days = 825
|
||||
preserve = no
|
||||
policy = policy_loose
|
||||
|
||||
|
||||
[CA_default]
|
||||
dir = config/ssl/ca
|
||||
certs = $dir/certs
|
||||
crl_dir = $dir/crl
|
||||
new_certs_dir = $dir/newcerts
|
||||
database = $dir/index.txt
|
||||
serial = $dir/serial
|
||||
RANDFILE = $dir/private/.rand
|
||||
private_key = $dir/private/c4.n3tw3rk.1ns3cur1ty.c0rp.ed448.key
|
||||
certificate = $dir/certs/c4.n3tw3rk.1ns3cur1ty.c0rp.ed448.crt
|
||||
crlnumber = $dir/crlnumber
|
||||
crl = $dir/crl/c4.n3tw3rk.1ns3cur1ty.c0rp.ed448.crl
|
||||
crl_extensions = crl_ext
|
||||
default_crl_days = 3650
|
||||
default_md = sha512
|
||||
name_opt = ca_default
|
||||
cert_opt = ca_default
|
||||
default_days = 825
|
||||
preserve = no
|
||||
policy = policy_strict
|
||||
|
||||
[policy_strict]
|
||||
countryName = match
|
||||
stateOrProvinceName = match
|
||||
organizationName = match
|
||||
organizationalUnitName = optional
|
||||
commonName = supplied
|
||||
emailAddress = optional
|
||||
|
||||
[policy_loose]
|
||||
countryName = optional
|
||||
stateOrProvinceName = optional
|
||||
localityName = optional
|
||||
organizationName = optional
|
||||
organizationalUnitName = optional
|
||||
commonName = supplied
|
||||
emailAddress = optional
|
||||
|
||||
[req]
|
||||
prompt = no
|
||||
default_bits = 4096
|
||||
distinguished_name = req_distinguished_name
|
||||
string_mask = utf8only
|
||||
default_md = sha512
|
||||
x509_extensions = v3_ca
|
||||
|
||||
[req_distinguished_name]
|
||||
countryName = XY
|
||||
stateOrProvinceName = Nowhere
|
||||
localityName = Village
|
||||
0.organizationName = n3tw3rk
|
||||
organizationalUnitName = c3rt1f1c4t3 4uth0r1ty
|
||||
commonName = _.n3tw3rk.1ns3cur1ty.c0rp
|
||||
emailAddress = commodus@n3tw3rk.1ns3cur1ty.c0rp
|
||||
|
||||
[v3_ca]
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid:always,issuer
|
||||
basicConstraints = critical, CA:true
|
||||
keyUsage = critical, digitalSignature, cRLSign, keyCertSign
|
||||
|
||||
[v3_intermediate_ca]
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid:always,issuer
|
||||
basicConstraints = critical, CA:true, pathlen:0
|
||||
keyUsage = critical, digitalSignature, cRLSign, keyCertSign
|
||||
crlDistributionPoints = @crl_info
|
||||
authorityInfoAccess = @ocsp_info
|
||||
|
||||
[usr_cert]
|
||||
basicConstraints = CA:FALSE
|
||||
nsCertType = client, email
|
||||
nsComment = "n3tw3rk cl13nt c3rt1f1c4t3"
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid,issuer
|
||||
keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
|
||||
extendedKeyUsage = clientAuth, emailProtection
|
||||
|
||||
[server_cert]
|
||||
basicConstraints = CA:FALSE
|
||||
nsCertType = server
|
||||
nsComment = "n3tw3rk s3rv3r c3rt1f1c4t3"
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid,issuer:always
|
||||
keyUsage = critical, digitalSignature, keyEncipherment
|
||||
extendedKeyUsage = serverAuth
|
||||
|
||||
[crl_ext]
|
||||
authorityKeyIdentifier = keyid:always
|
||||
|
||||
[ocsp]
|
||||
basicConstraints = CA:FALSE
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid,issuer
|
||||
keyUsage = critical, digitalSignature
|
||||
extendedKeyUsage = critical, OCSPSigning
|
||||
|
||||
[alt_names]
|
||||
DNS.1 = _.n3tw3rk.1ns3cur1ty.c0rp
|
||||
DNS.2 = _
|
||||
IP.1 =
|
||||
|
||||
|
|
@ -0,0 +1,127 @@
|
|||
[ca]
|
||||
default_ca = CA_Intermediate
|
||||
|
||||
[CA_Intermediate]
|
||||
unique_subject = no
|
||||
dir = config/ssl/intermediate
|
||||
certs = $dir/certs
|
||||
crl_dir = $dir/crl
|
||||
new_certs_dir = $dir/newcerts
|
||||
database = $dir/index.txt
|
||||
serial = $dir/serial
|
||||
RANDFILE = $dir/private/.rand
|
||||
private_key = $dir/private/1nt3rm3d14t3.n3tw3rk.1ns3cur1ty.c0rp.key
|
||||
certificate = $dir/certs/1nt3rm3d14t3.n3tw3rk.1ns3cur1ty.c0rp.crt
|
||||
crlnumber = $dir/crlnumber
|
||||
crl = $dir/crl/1nt3rm3d14t3.n3tw3rk.1ns3cur1ty.c0rp.crl
|
||||
crl_extensions = crl_ext
|
||||
default_crl_days = 3650
|
||||
default_md = sha512
|
||||
name_opt = ca_default
|
||||
cert_opt = ca_default
|
||||
default_days = 825
|
||||
preserve = no
|
||||
policy = policy_loose
|
||||
|
||||
|
||||
[CA_default]
|
||||
dir = config/ssl/ca
|
||||
certs = $dir/certs
|
||||
crl_dir = $dir/crl
|
||||
new_certs_dir = $dir/newcerts
|
||||
database = $dir/index.txt
|
||||
serial = $dir/serial
|
||||
RANDFILE = $dir/private/.rand
|
||||
private_key = $dir/private/c4.n3tw3rk.1ns3cur1ty.c0rp.key
|
||||
certificate = $dir/certs/c4.n3tw3rk.1ns3cur1ty.c0rp.crt
|
||||
crlnumber = $dir/crlnumber
|
||||
crl = $dir/crl/c4.n3tw3rk.1ns3cur1ty.c0rp.crl
|
||||
crl_extensions = crl_ext
|
||||
default_crl_days = 3650
|
||||
default_md = sha512
|
||||
name_opt = ca_default
|
||||
cert_opt = ca_default
|
||||
default_days = 825
|
||||
preserve = no
|
||||
policy = policy_strict
|
||||
|
||||
[policy_strict]
|
||||
countryName = match
|
||||
stateOrProvinceName = match
|
||||
organizationName = match
|
||||
organizationalUnitName = optional
|
||||
commonName = supplied
|
||||
emailAddress = optional
|
||||
|
||||
[policy_loose]
|
||||
countryName = optional
|
||||
stateOrProvinceName = optional
|
||||
localityName = optional
|
||||
organizationName = optional
|
||||
organizationalUnitName = optional
|
||||
commonName = supplied
|
||||
emailAddress = optional
|
||||
|
||||
[req]
|
||||
prompt = no
|
||||
default_bits = 4096
|
||||
distinguished_name = req_distinguished_name
|
||||
string_mask = utf8only
|
||||
default_md = sha512
|
||||
x509_extensions = v3_ca
|
||||
|
||||
[req_distinguished_name]
|
||||
countryName = XY
|
||||
stateOrProvinceName = Nowhere
|
||||
localityName = Village
|
||||
0.organizationName = n3tw3rk
|
||||
organizationalUnitName = c3rt1f1c4t3 4uth0r1ty
|
||||
commonName = _.n3tw3rk.1ns3cur1ty.c0rp
|
||||
emailAddress = commodus@n3tw3rk.1ns3cur1ty.c0rp
|
||||
|
||||
[v3_ca]
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid:always,issuer
|
||||
basicConstraints = critical, CA:true
|
||||
keyUsage = critical, digitalSignature, cRLSign, keyCertSign
|
||||
|
||||
[v3_intermediate_ca]
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid:always,issuer
|
||||
basicConstraints = critical, CA:true, pathlen:0
|
||||
keyUsage = critical, digitalSignature, cRLSign, keyCertSign
|
||||
crlDistributionPoints = @crl_info
|
||||
authorityInfoAccess = @ocsp_info
|
||||
|
||||
[usr_cert]
|
||||
basicConstraints = CA:FALSE
|
||||
nsCertType = client, email
|
||||
nsComment = "n3tw3rk cl13nt c3rt1f1c4t3"
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid,issuer
|
||||
keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
|
||||
extendedKeyUsage = clientAuth, emailProtection
|
||||
|
||||
[server_cert]
|
||||
basicConstraints = CA:FALSE
|
||||
nsCertType = server
|
||||
nsComment = "n3tw3rk s3rv3r c3rt1f1c4t3"
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid,issuer:always
|
||||
keyUsage = critical, digitalSignature, keyEncipherment
|
||||
extendedKeyUsage = serverAuth
|
||||
|
||||
[crl_ext]
|
||||
authorityKeyIdentifier = keyid:always
|
||||
|
||||
[ocsp]
|
||||
basicConstraints = CA:FALSE
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid,issuer
|
||||
keyUsage = critical, digitalSignature
|
||||
extendedKeyUsage = critical, OCSPSigning
|
||||
|
||||
[alt_names]
|
||||
DNS.1 = _.n3tw3rk.1ns3cur1ty.c0rp
|
||||
DNS.2 = _
|
||||
IP.1 =
|
||||
|
|
@ -0,0 +1,39 @@
|
|||
Version = 1.6.5
|
||||
|
||||
HideVersion = true
|
||||
Motd = Unauthorized access prohibited
|
||||
ServerThrottle = 1
|
||||
AnonIPLimit = 0
|
||||
|
||||
<Listener l>
|
||||
Host = 100.64.48.22
|
||||
Port = 6667
|
||||
IPv4 = true
|
||||
IPv6 = false
|
||||
SSL = false
|
||||
AllowWeb = false
|
||||
</Listener>
|
||||
|
||||
<User g0d>
|
||||
IRCConnectEnabled = false;
|
||||
Admin = true
|
||||
Nick = g0d
|
||||
AltNick = g0d_
|
||||
LoadModule = controlpanel
|
||||
<Network n3tw3rk>
|
||||
Server = 100.64.48.42 6666
|
||||
<Chan #partyline>
|
||||
</Chan>
|
||||
<Chan #>
|
||||
</Chan>
|
||||
<Chan &>
|
||||
</Chan>
|
||||
</Network>
|
||||
|
||||
<Pass password>
|
||||
Method = sha256
|
||||
Hash = changeme
|
||||
Salt = changeme (znc --makepass)
|
||||
</Pass>
|
||||
|
||||
</User>
|
||||
|
|
@ -0,0 +1 @@
|
|||
znc.conf
|
||||
|
|
@ -0,0 +1,38 @@
|
|||
# 100.64.48.20/30 100.64.66.32/27
|
||||
|
||||
version: "3.8"
|
||||
|
||||
networks:
|
||||
default:
|
||||
ipam:
|
||||
driver: default
|
||||
config:
|
||||
- subnet: 100.64.48.20/30
|
||||
hub:
|
||||
external:
|
||||
name: hb_hub_bounce
|
||||
|
||||
services:
|
||||
bounce:
|
||||
restart: unless-stopped
|
||||
hostname: b0unc3.n3tw3rk.1ns3cur1ty.c0rp
|
||||
build:
|
||||
context: ../znc
|
||||
dockerfile: Dockerfile
|
||||
image: znc:latest
|
||||
command: "znc -f -r -d /home/znc/.znc"
|
||||
environment:
|
||||
LANG: en_US.utf8
|
||||
TZ: UTC
|
||||
ulimits:
|
||||
nproc: 65535
|
||||
nofile:
|
||||
soft: 1024000
|
||||
hard: 1024000
|
||||
networks:
|
||||
default:
|
||||
ipv4_address: 100.64.48.22
|
||||
hub:
|
||||
ipv4_address: 100.64.64.43
|
||||
volumes:
|
||||
- ../configs/znc/znc.conf:/home/znc/.znc/configs/znc.conf:rw
|
||||
|
|
@ -0,0 +1,65 @@
|
|||
# 100.64.0.20/30 100.64.66.64/27
|
||||
|
||||
version: "3.8"
|
||||
|
||||
networks:
|
||||
default:
|
||||
ipam:
|
||||
driver: default
|
||||
config:
|
||||
- subnet: 100.64.0.20/30
|
||||
hub:
|
||||
external:
|
||||
name: hb_hub_console
|
||||
edge:
|
||||
external:
|
||||
name: hb_edge_console
|
||||
general:
|
||||
external:
|
||||
name: hb_general_console
|
||||
tor_dmz:
|
||||
external:
|
||||
name: hb_tor_dmz_console
|
||||
proxy_dmz:
|
||||
external:
|
||||
name: hb_proxy_dmz_console
|
||||
|
||||
services:
|
||||
console:
|
||||
restart: unless-stopped
|
||||
hostname: console
|
||||
hostname: c0ns0l3.n3tw3rk.1ns3cur1ty.c0rp
|
||||
build:
|
||||
context: ../irssi
|
||||
dockerfile: Dockerfile
|
||||
image: irssi:latest
|
||||
command: "/usr/bin/irssi"
|
||||
environment:
|
||||
LANG: en_US.utf8
|
||||
TZ: UTC
|
||||
TERM: xterm-256color
|
||||
IRCNICK: internal_hub_operator
|
||||
IRCUSER: internal_hub_operator
|
||||
IRCNAME: internal_hub_operator
|
||||
ulimits:
|
||||
nproc: 65535
|
||||
nofile:
|
||||
soft: 1024000
|
||||
hard: 1024000
|
||||
tty: true
|
||||
stdin_open: true
|
||||
networks:
|
||||
default:
|
||||
ipv4_address: 100.64.0.22
|
||||
hub:
|
||||
ipv4_address: 100.64.64.51
|
||||
edge:
|
||||
ipv4_address: 100.64.65.196
|
||||
general:
|
||||
ipv4_address: 100.64.65.163
|
||||
tor_dmz:
|
||||
ipv4_address: 100.64.65.131
|
||||
proxy_dmz:
|
||||
ipv4_address: 100.64.65.4
|
||||
volumes:
|
||||
- ../config/.irssi/:/home/console/.irssi
|
||||
|
|
@ -25,7 +25,7 @@ networks:
|
|||
services:
|
||||
tor_dmz:
|
||||
restart: unless-stopped
|
||||
hostname: tor-dmz.n3tw3rk.1ns3cur1ty.c0rp
|
||||
hostname: t0r-dmz.n3tw3rk.1ns3cur1ty.c0rp
|
||||
build:
|
||||
context: ../hybrid
|
||||
dockerfile: Dockerfile
|
||||
|
|
|
|||
|
|
@ -1 +1,8 @@
|
|||
#
|
||||
# Host configuration
|
||||
## Debian
|
||||
### packages
|
||||
- `nftables docker`
|
||||
### Configuration files
|
||||
- `cp sysctl.conf /etc/`
|
||||
- `rm -rf /etc/nftables/*`
|
||||
- `cp -rvp nftables/ /etc`
|
||||
|
|
|
|||
|
|
@ -1,63 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
I=/usr/sbin/iptables
|
||||
|
||||
$I -t nat -D POSTROUTING -s 100.64.0.0/10 -j HB_NAT
|
||||
$I -D INPUT -s 100.64.0.0/10 -j HB_INPUT \
|
||||
&> /dev/null
|
||||
$I -D INPUT -d 100.64.0.0/10 -j HB_INPUT \
|
||||
&> /dev/null
|
||||
$I -D FORWARD -s 100.64.0.0/10 -j HB_FORWARD \
|
||||
&> /dev/null
|
||||
$I -D FORWARD -d 100.64.0.0/10 -j HB_FORWARD \
|
||||
&> /dev/null
|
||||
$I -D OUTPUT -s 100.64.0.0/10 -j HB_OUTPUT \
|
||||
&> /dev/null
|
||||
$I -D OUTPUT -d 100.64.0.0/10 -j HB_OUTPUT \
|
||||
&> /dev/null
|
||||
|
||||
$I -t nat -F HB_NAT &> /dev/null
|
||||
$I -F HB_INPUT &> /dev/null
|
||||
$I -F HB_FORWARD &> /dev/null
|
||||
$I -F HB_OUTPUT &> /dev/null
|
||||
|
||||
$I -t nat -X HB_NAT &> /dev/null
|
||||
$I -X HB_INPUT &> /dev/null
|
||||
$I -X HB_FORWARD &> /dev/null
|
||||
$I -X HB_OUTPUT &> /dev/null
|
||||
|
||||
$I -t nat -N HB_NAT
|
||||
$I -N HB_INPUT
|
||||
$I -N HB_FORWARD
|
||||
$I -N HB_OUTPUT
|
||||
|
||||
$I -t nat -A HB_NAT -s 100.64.48.0/20 -o $1 -j MASQUERADE
|
||||
$I -A HB_INPUT -s 100.64.48.0/20 -d 100.64.48.0/20 -m state --state RELATED,ESTABLISHED -j ACCEPT
|
||||
$I -A HB_INPUT -s 100.64.48.0/20 -d 100.64.48.0/20 -p udp -m udp --dport 53 -j ACCEPT
|
||||
$I -A HB_FORWARD -s 100.64.0.0/20 -d 100.64.16.0/20 -j ACCEPT
|
||||
$I -A HB_FORWARD -s 100.64.48.0/20 -d 100.64.16.0/20 -j ACCEPT
|
||||
$I -A HB_FORWARD -s 100.64.16.0/20 -d 100.64.0.0/20 -m state --state RELATED,ESTABLISHED -j ACCEPT
|
||||
$I -A HB_FORWARD -s 100.64.16.0/20 -d 100.64.48.0/20 -m state --state RELATED,ESTABLISHED -j ACCEPT
|
||||
$I -A HB_FORWARD -s 100.64.48.0/20 ! -d 100.64.0.0/17 -j ACCEPT
|
||||
$I -A HB_OUTPUT -s 100.64.48.0/20 -d 100.64.48.0/20 -j ACCEPT
|
||||
|
||||
$I -A HB_FORWARD -m limit --limit 2/min -j LOG \
|
||||
--log-prefix "4_HB_FWD dropped: "
|
||||
$I -A HB_INPUT -m limit --limit 2/min -j LOG \
|
||||
--log-prefix "4_HB_IN dropped: "
|
||||
$I -A HB_OUTPUT -m limit --limit 2/min -j LOG \
|
||||
--log-prefix "4_HB_OUT dropped: "
|
||||
$I -A HB_FORWARD -j DROP
|
||||
$I -A HB_INPUT -j DROP
|
||||
$I -A HB_OUTPUT -j DROP
|
||||
|
||||
$I -I INPUT 1 -s 100.64.0.0/10 -j HB_INPUT
|
||||
$I -I INPUT 1 -d 100.64.0.0/10 -j HB_INPUT
|
||||
|
||||
$I -I FORWARD 1 -s 100.64.0.0/10 -j HB_FORWARD
|
||||
$I -I FORWARD 1 -d 100.64.0.0/10 -j HB_FORWARD
|
||||
|
||||
$I -I OUTPUT 1 -s 100.64.0.0/10 -j HB_OUTPUT
|
||||
$I -I OUTPUT 1 -d 100.64.0.0/10 -j HB_OUTPUT
|
||||
|
||||
$I -t nat -I POSTROUTING 1 -s 100.64.0.0/10 -j HB_NAT
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
table inet hybrid {
|
||||
table inet hybrid {
|
||||
chain input {
|
||||
type filter hook input priority -50; policy accept;
|
||||
ct state {established, related} counter accept comment "related/established in to docker host";
|
||||
|
|
|
|||
|
|
@ -0,0 +1 @@
|
|||
DOCKER_OPTS="--iptables=false --ip-masq=false --bip=100.64.63.129/25 --fixed-cidr=100.64.63.128/25 --default-address-pool base=100.64.15.128/25,size=29"
|
||||
|
|
@ -0,0 +1,8 @@
|
|||
FROM debian:latest
|
||||
ENV DEBIAN_FRONTEND noninteractive
|
||||
RUN apt-get update && apt-get -y install irssi
|
||||
RUN groupadd -g 2002 console
|
||||
RUN useradd -m -u 2003 -g console console -d /home/console
|
||||
RUN mkdir -p /home/console
|
||||
RUN chown -R 2003:2002 /home/console
|
||||
USER console
|
||||
|
|
@ -0,0 +1,19 @@
|
|||
FROM debian:latest
|
||||
ENV DEBIAN_FRONTEND noninteractive
|
||||
RUN apt-get update && apt-get -y install znc git znc-dev build-essential
|
||||
RUN mkdir -p /tmp
|
||||
WORKDIR /tmp
|
||||
RUN git clone https://github.com/cynix/znc-identd.git
|
||||
WORKDIR /tmp/znc-identd
|
||||
RUN znc-buildmod identd.cc
|
||||
RUN groupadd -g 2005 znc
|
||||
RUN useradd -m -u 2006 -g znc znc -d /home/znc
|
||||
RUN mkdir -p /home/znc/.znc/modules
|
||||
RUN cp identd.so /home/znc/.znc/modules
|
||||
RUN setcap CAP_NET_BIND_SERVICE=+eip $(which znc)
|
||||
RUN chown -R 2006:2005 /home/znc
|
||||
RUN apt-get update && apt-get -y remove git znc-dev build-essential
|
||||
WORKDIR /tmp
|
||||
RUN rm -rf znc-identd
|
||||
USER znc
|
||||
WORKDIR /home/znc
|
||||
Loading…
Reference in New Issue