diff options
| author | Parménides GV <parmegv@sdf.org> | 2015-06-04 19:20:15 +0200 |
|---|---|---|
| committer | Parménides GV <parmegv@sdf.org> | 2015-06-04 19:20:15 +0200 |
| commit | 27594eeae6f40a402bc3110f06d57975168e74e3 (patch) | |
| tree | cdabf6571e6f4ff07205fd6921d8095539a1fcdc /app/openvpn/sample/sample-keys/openssl.cnf | |
| parent | 8dc4f58d96892fbfd83094fb85b1d17656035290 (diff) | |
ics-openvpn as a submodule! beautiful
ics-openvpn is now officially on GitHub, and they track openssl and
openvpn as submodules, so it's easier to update everything. Just a git
submodule update --recursive.
I've also set up soft links to native modules from ics-openvpn in app,
so that we don't copy files in Gradle (which was causing problems with
the submodules .git* files, not being copied). That makes the repo
cleaner.
Diffstat (limited to 'app/openvpn/sample/sample-keys/openssl.cnf')
| -rw-r--r-- | app/openvpn/sample/sample-keys/openssl.cnf | 139 |
1 files changed, 0 insertions, 139 deletions
diff --git a/app/openvpn/sample/sample-keys/openssl.cnf b/app/openvpn/sample/sample-keys/openssl.cnf deleted file mode 100644 index aabfd48f..00000000 --- a/app/openvpn/sample/sample-keys/openssl.cnf +++ /dev/null @@ -1,139 +0,0 @@ -# Heavily borrowed from EasyRSA 3, for use with OpenSSL 1.0.* - -#################################################################### -[ ca ] -default_ca = CA_default # The default ca section - -#################################################################### -[ CA_default ] - -dir = sample-ca # Where everything is kept -certs = $dir # Where the issued certs are kept -crl_dir = $dir # Where the issued crl are kept -database = $dir/index.txt # database index file. -new_certs_dir = $dir # default place for new certs. - -certificate = $dir/ca.crt # The CA certificate -serial = $dir/serial # The current serial number -crl = $dir/crl.pem # The current CRL -private_key = $dir/ca.key # The private key -RANDFILE = $dir/.rand # private random number file - -x509_extensions = basic_exts # The extentions to add to the cert - -# This allows a V2 CRL. Ancient browsers don't like it, but anything Easy-RSA -# is designed for will. In return, we get the Issuer attached to CRLs. -crl_extensions = crl_ext - -default_days = 3650 # how long to certify for -default_crl_days= 30 # how long before next CRL -default_md = sha256 # use public key default MD -preserve = no # keep passed DN ordering - -# A few difference way of specifying how similar the request should look -# For type CA, the listed attributes must be the same, and the optional -# and supplied fields are just that :-) -policy = policy_anything - -# For the 'anything' policy, which defines allowed DN fields -[ policy_anything ] -countryName = optional -stateOrProvinceName = optional -localityName = optional -organizationName = optional -organizationalUnitName = optional -commonName = supplied -name = optional -emailAddress = optional - -#################################################################### -# Easy-RSA request handling -# We key off $DN_MODE to determine how to format the DN -[ req ] -default_bits = 2048 -default_keyfile = privkey.pem -default_md = sha256 -distinguished_name = cn_only -x509_extensions = easyrsa_ca # The extentions to add to the self signed cert - -# A placeholder to handle the $EXTRA_EXTS feature: -#%EXTRA_EXTS% # Do NOT remove or change this line as $EXTRA_EXTS support requires it - -#################################################################### -# Easy-RSA DN (Subject) handling - -# Easy-RSA DN for cn_only support: -[ cn_only ] -commonName = Common Name (eg: your user, host, or server name) -commonName_max = 64 -commonName_default = changeme - -# Easy-RSA DN for org support: -[ org ] -countryName = Country Name (2 letter code) -countryName_default = KG -countryName_min = 2 -countryName_max = 2 - -stateOrProvinceName = State or Province Name (full name) -stateOrProvinceName_default = NA - -localityName = Locality Name (eg, city) -localityName_default = BISHKEK - -0.organizationName = Organization Name (eg, company) -0.organizationName_default = OpenVPN-TEST - -organizationalUnitName = Organizational Unit Name (eg, section) -organizationalUnitName_default = - -commonName = Common Name (eg: your user, host, or server name) -commonName_max = 64 -commonName_default = - -emailAddress = Email Address -emailAddress_default = me@myhost.mydomain -emailAddress_max = 64 - -#################################################################### - -[ basic_exts ] -basicConstraints = CA:FALSE -subjectKeyIdentifier = hash -authorityKeyIdentifier = keyid,issuer:always - -# The Easy-RSA CA extensions -[ easyrsa_ca ] - -# PKIX recommendations: - -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid:always,issuer:always - -# This could be marked critical, but it's nice to support reading by any -# broken clients who attempt to do so. -basicConstraints = CA:true - -# Limit key usage to CA tasks. If you really want to use the generated pair as -# a self-signed cert, comment this out. -keyUsage = cRLSign, keyCertSign - -# CRL extensions. -[ crl_ext ] - -# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL. - -# issuerAltName=issuer:copy -authorityKeyIdentifier=keyid:always,issuer:always - - -# Server extensions. -[ server ] - -basicConstraints = CA:FALSE -nsCertType = server -nsComment = "OpenSSL Generated Server Certificate" -subjectKeyIdentifier = hash -authorityKeyIdentifier = keyid,issuer:always -extendedKeyUsage = serverAuth -keyUsage = digitalSignature, keyEncipherment |