30 lines
1006 B
Plaintext
30 lines
1006 B
Plaintext
|
# default settings
|
||
|
|
CERTPATHLEN = 1
|
||
|
|
CERTUSAGE = digitalSignature,keyCertSign,cRLSign
|
||
|
|
EXTCERTUSAGE = serverAuth,clientAuth
|
||
|
|
CERTIP = 0.0.0.0
|
||
|
|
CERTFQDN = nohost.nodomain
|
||
|
|
|
||
|
|
# This section should be referenced when building an x509v3 CA
|
||
|
|
# Certificate.
|
||
|
|
# The default path length and the key usage can be overridden
|
||
|
|
# modified by setting the CERTPATHLEN and CERTUSAGE environment
|
||
|
|
# variables.
|
||
|
|
[x509v3_CA]
|
||
|
|
basicConstraints=critical,CA:true,pathlen:$ENV::CERTPATHLEN
|
||
|
|
keyUsage=$ENV::CERTUSAGE
|
||
|
|
|
||
|
|
# This section should be referenced to add an IP Address
|
||
|
|
# as an alternate subject name, needed by isakmpd
|
||
|
|
# The address must be provided in the CERTIP environment variable
|
||
|
|
[x509v3_IPAddr]
|
||
|
|
subjectAltName=IP:$ENV::CERTIP
|
||
|
|
extendedKeyUsage=$ENV::EXTCERTUSAGE
|
||
|
|
|
||
|
|
# This section should be referenced to add a FQDN hostname
|
||
|
|
# as an alternate subject name, needed by isakmpd
|
||
|
|
# The address must be provided in the CERTFQDN environment variable
|
||
|
|
[x509v3_FQDN]
|
||
|
|
subjectAltName=DNS:$ENV::CERTFQDN
|
||
|
|
extendedKeyUsage=$ENV::EXTCERTUSAGE
|