WIP: re-org
This commit is contained in:
JohnE
parent
7e075560fe
commit
e0b1142239
|
|
@ -1,5 +1,5 @@
|
||||||
#
|
#
|
||||||
pki-lifecycle*
|
pki-lifecycle_*
|
||||||
|
|
||||||
# Project specific files
|
# Project specific files
|
||||||
sftp-config.json
|
sftp-config.json
|
||||||
|
|
|
||||||
|
|
@ -78,9 +78,11 @@ ca-i_gen_pki() {
|
||||||
CDD=`pwd`
|
CDD=`pwd`
|
||||||
SERIAL=$1
|
SERIAL=$1
|
||||||
LOOP_NUM=$2
|
LOOP_NUM=$2
|
||||||
|
ORG_URL=$3
|
||||||
|
|
||||||
UNIQ_DIR_CA="ca_i_${SERIAL}.${ORG_URL}"
|
UNIQ_DIR_CA="ca_i_${SERIAL}.${ORG_URL}"
|
||||||
mkdir -p "distrobution/${UNIQ_DIR_CA}"
|
mkdir -p "distribution/${UNIQ_DIR_CA}"
|
||||||
cd "distrobution/${UNIQ_DIR_CA}"
|
cd "distribution/${UNIQ_DIR_CA}"
|
||||||
|
|
||||||
# geneate certificates, organize the files
|
# geneate certificates, organize the files
|
||||||
ca-i_gen_pki_certs $SERIAL $LOOP_NUM
|
ca-i_gen_pki_certs $SERIAL $LOOP_NUM
|
||||||
|
|
@ -130,10 +132,10 @@ ca-i_gen_pki_certs() {
|
||||||
# IN: UNIQ_ID_CA, SERIAL
|
# IN: UNIQ_ID_CA, SERIAL
|
||||||
#
|
#
|
||||||
ca-i_gen_cert() {
|
ca-i_gen_cert() {
|
||||||
|
UNIQ_ID_CA=$1
|
||||||
|
SERIAL=$2
|
||||||
|
|
||||||
echo_block "Create CA Intermediate (${UNIQ_ID_CA})"
|
echo_block "Create CA Intermediate (${UNIQ_ID_CA})"
|
||||||
# params
|
|
||||||
UNIQ_ID_CA=$3
|
|
||||||
SERIAL=$4
|
|
||||||
|
|
||||||
openssl genrsa -out "ca_i_${UNIQ_ID_CA}.keys.pem" 4096
|
openssl genrsa -out "ca_i_${UNIQ_ID_CA}.keys.pem" 4096
|
||||||
|
|
||||||
|
|
@ -213,16 +215,16 @@ ca-i_cp_docs() {
|
||||||
cp $CD_ROOT/docs/SERIAL $CD_ROOT/$UNIQ_DIR_LC/
|
cp $CD_ROOT/docs/SERIAL $CD_ROOT/$UNIQ_DIR_LC/
|
||||||
|
|
||||||
# client
|
# client
|
||||||
cp $CD_ROOT/libs/gen_client.sh $CD_ROOT/$UNIQ_DIR_LC/distrobution/$UNIQ_DIR_CA/clients/
|
cp $CD_ROOT/libs/gen_client.sh $CD_ROOT/$UNIQ_DIR_LC/distribution/$UNIQ_DIR_CA/clients/
|
||||||
cp $CD_ROOT/libs/pki_funcs.sh $CD_ROOT/$UNIQ_DIR_LC/distrobution/$UNIQ_DIR_CA/clients/
|
cp $CD_ROOT/libs/pki_funcs.sh $CD_ROOT/$UNIQ_DIR_LC/distribution/$UNIQ_DIR_CA/clients/
|
||||||
cp $CD_ROOT/docs/README_C $CD_ROOT/$UNIQ_DIR_LC/distrobution/$UNIQ_DIR_CA/clients/README
|
cp $CD_ROOT/docs/README_C $CD_ROOT/$UNIQ_DIR_LC/distribution/$UNIQ_DIR_CA/clients/README
|
||||||
cp $CD_ROOT/docs/SERIAL $CD_ROOT/$UNIQ_DIR_LC/distrobution/$UNIQ_DIR_CA/clients/
|
cp $CD_ROOT/docs/SERIAL $CD_ROOT/$UNIQ_DIR_LC/distribution/$UNIQ_DIR_CA/clients/
|
||||||
|
|
||||||
# server
|
# server
|
||||||
cp $CD_ROOT/libs/gen_server.sh $CD_ROOT/$UNIQ_DIR_LC/distrobution/$UNIQ_DIR_CA/servers/
|
cp $CD_ROOT/libs/gen_server.sh $CD_ROOT/$UNIQ_DIR_LC/distribution/$UNIQ_DIR_CA/servers/
|
||||||
cp $CD_ROOT/libs/pki_funcs.sh $CD_ROOT/$UNIQ_DIR_LC/distrobution/$UNIQ_DIR_CA/servers/
|
cp $CD_ROOT/libs/pki_funcs.sh $CD_ROOT/$UNIQ_DIR_LC/distribution/$UNIQ_DIR_CA/servers/
|
||||||
cp $CD_ROOT/docs/README_S $CD_ROOT/$UNIQ_DIR_LC/distrobution/$UNIQ_DIR_CA/servers/README
|
cp $CD_ROOT/docs/README_S $CD_ROOT/$UNIQ_DIR_LC/distribution/$UNIQ_DIR_CA/servers/README
|
||||||
cp $CD_ROOT/docs/SERIAL $CD_ROOT/$UNIQ_DIR_LC/distrobution/$UNIQ_DIR_CA/servers/
|
cp $CD_ROOT/docs/SERIAL $CD_ROOT/$UNIQ_DIR_LC/distribution/$UNIQ_DIR_CA/servers/
|
||||||
}
|
}
|
||||||
|
|
||||||
#
|
#
|
||||||
|
|
@ -230,12 +232,12 @@ ca-i_cp_docs() {
|
||||||
# IN: UNIQ_ID, UNIQ_ID_CA, SERIAL
|
# IN: UNIQ_ID, UNIQ_ID_CA, SERIAL
|
||||||
#
|
#
|
||||||
gen_server() {
|
gen_server() {
|
||||||
echo_block "Generate Server Certificates (${UNIQ_ID})"
|
|
||||||
# params
|
|
||||||
UNIQ_ID=$1
|
UNIQ_ID=$1
|
||||||
UNIQ_ID_CA=$2
|
UNIQ_ID_CA=$2
|
||||||
SERIAL=$3
|
SERIAL=$3
|
||||||
|
|
||||||
|
echo_block "Generate Server Certificates (${UNIQ_ID})"
|
||||||
|
|
||||||
openssl genrsa -out "server_${UNIQ_ID}.keys.pem" 4096
|
openssl genrsa -out "server_${UNIQ_ID}.keys.pem" 4096
|
||||||
|
|
||||||
openssl req -new -config $CNF_PATH/${UNIQ_ID}.cnf -key "server_${UNIQ_ID}.keys.pem" \
|
openssl req -new -config $CNF_PATH/${UNIQ_ID}.cnf -key "server_${UNIQ_ID}.keys.pem" \
|
||||||
|
|
@ -261,12 +263,12 @@ gen_server() {
|
||||||
# IN: UNIQ_ID, UNIQ_ID_CA, SERIAL
|
# IN: UNIQ_ID, UNIQ_ID_CA, SERIAL
|
||||||
#
|
#
|
||||||
gen_client() {
|
gen_client() {
|
||||||
echo_block "Generate Client Certificates (${UNIQ_ID})"
|
|
||||||
# params
|
|
||||||
UNIQ_ID=$1
|
UNIQ_ID=$1
|
||||||
UNIQ_ID_CA=$2
|
UNIQ_ID_CA=$2
|
||||||
SERIAL=$3
|
SERIAL=$3
|
||||||
|
|
||||||
|
echo_block "Generate Client Certificates (${UNIQ_ID})"
|
||||||
|
|
||||||
openssl genrsa -out "client_${UNIQ_ID}.keys.pem" 4096
|
openssl genrsa -out "client_${UNIQ_ID}.keys.pem" 4096
|
||||||
|
|
||||||
openssl req -new -key "client_${UNIQ_ID}.keys.pem" \
|
openssl req -new -key "client_${UNIQ_ID}.keys.pem" \
|
||||||
|
|
|
||||||
|
|
@ -97,7 +97,7 @@ main() {
|
||||||
|
|
||||||
app_init
|
app_init
|
||||||
one-time-ca
|
one-time-ca
|
||||||
ca-i_gen_pki 1001 2
|
ca-i_gen_pki ${ORG_URL} 1001 2
|
||||||
# gen_pki 50001 5
|
# gen_pki 50001 5
|
||||||
# gen_pki 80001 10
|
# gen_pki 80001 10
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,113 @@
|
||||||
|
# Root CA configuration file.
|
||||||
|
|
||||||
|
[ ca ]
|
||||||
|
# `man ca`
|
||||||
|
default_ca = CA_default
|
||||||
|
|
||||||
|
[ CA_default ]
|
||||||
|
# SHA-1 is deprecated, so use SHA-2 instead.
|
||||||
|
default_md = sha256
|
||||||
|
|
||||||
|
name_opt = ca_default
|
||||||
|
cert_opt = ca_default
|
||||||
|
default_days = 375
|
||||||
|
preserve = no
|
||||||
|
policy = policy_strict
|
||||||
|
|
||||||
|
[ policy_strict ]
|
||||||
|
# The root CA should only sign intermediate certificates that match.
|
||||||
|
# See the POLICY FORMAT section of `man ca`.
|
||||||
|
countryName = match
|
||||||
|
stateOrProvinceName = match
|
||||||
|
organizationName = match
|
||||||
|
organizationalUnitName = optional
|
||||||
|
commonName = supplied
|
||||||
|
emailAddress = optional
|
||||||
|
|
||||||
|
[ policy_loose ]
|
||||||
|
# Allow the intermediate CA to sign a more diverse range of certificates.
|
||||||
|
# See the POLICY FORMAT section of the `ca` man page.
|
||||||
|
countryName = optional
|
||||||
|
stateOrProvinceName = optional
|
||||||
|
localityName = optional
|
||||||
|
organizationName = optional
|
||||||
|
organizationalUnitName = optional
|
||||||
|
commonName = supplied
|
||||||
|
emailAddress = optional
|
||||||
|
|
||||||
|
[ req ]
|
||||||
|
# Options for the `req` tool (`man req`).
|
||||||
|
default_bits = 4096
|
||||||
|
distinguished_name = req_distinguished_name
|
||||||
|
string_mask = utf8only
|
||||||
|
|
||||||
|
# SHA-1 is deprecated, so use SHA-2 instead.
|
||||||
|
default_md = sha256
|
||||||
|
|
||||||
|
# Extension to add when the -x509 option is used.
|
||||||
|
x509_extensions = v3_ca
|
||||||
|
|
||||||
|
[ req_distinguished_name ]
|
||||||
|
# See <https://en.wikipedia.org/wiki/Certificate_signing_request>.
|
||||||
|
countryName = Country Name (2 letter code)
|
||||||
|
stateOrProvinceName = State or Province Name
|
||||||
|
localityName = Locality Name
|
||||||
|
0.organizationName = Organization Name
|
||||||
|
organizationalUnitName = Organizational Unit Name
|
||||||
|
commonName = Common Name
|
||||||
|
emailAddress = Email Address
|
||||||
|
|
||||||
|
# Optionally, specify some defaults.
|
||||||
|
countryName_default = US
|
||||||
|
stateOrProvinceName_default = State51
|
||||||
|
localityName_default =
|
||||||
|
0.organizationName_default = ACME R&D
|
||||||
|
organizationalUnitName_default =
|
||||||
|
emailAddress_default =
|
||||||
|
|
||||||
|
[ v3_ca ]
|
||||||
|
# Extensions for a typical CA (`man x509v3_config`).
|
||||||
|
basicConstraints = critical, CA:true
|
||||||
|
keyUsage = critical, cRLSign, digitalSignature, keyCertSign
|
||||||
|
subjectKeyIdentifier = hash
|
||||||
|
authorityKeyIdentifier = keyid:always,issuer
|
||||||
|
|
||||||
|
[ v3_ca_i ]
|
||||||
|
# Extensions for a typical intermediate CA (`man x509v3_config`).
|
||||||
|
basicConstraints = critical, CA:true, pathlen:0
|
||||||
|
keyUsage = critical, cRLSign, digitalSignature, keyCertSign
|
||||||
|
subjectKeyIdentifier = hash
|
||||||
|
authorityKeyIdentifier = keyid:always,issuer
|
||||||
|
|
||||||
|
[ usr_cert ]
|
||||||
|
# Extensions for client certificates (`man x509v3_config`).
|
||||||
|
basicConstraints = CA:FALSE
|
||||||
|
nsCertType = client, email
|
||||||
|
nsComment = "ACME Generated"
|
||||||
|
subjectKeyIdentifier = hash
|
||||||
|
authorityKeyIdentifier = keyid,issuer
|
||||||
|
keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
|
||||||
|
extendedKeyUsage = clientAuth, emailProtection
|
||||||
|
|
||||||
|
[ server_cert ]
|
||||||
|
# Extensions for server certificates (`man x509v3_config`).
|
||||||
|
basicConstraints = CA:FALSE
|
||||||
|
nsCertType = server
|
||||||
|
nsComment = "ACME Generated"
|
||||||
|
subjectKeyIdentifier = hash
|
||||||
|
authorityKeyIdentifier = keyid,issuer:always
|
||||||
|
keyUsage = critical, digitalSignature, keyEncipherment
|
||||||
|
extendedKeyUsage = serverAuth
|
||||||
|
#subjectAltName = "192.168.123.129"
|
||||||
|
|
||||||
|
[ crl_ext ]
|
||||||
|
# Extension for CRLs (`man x509v3_config`).
|
||||||
|
authorityKeyIdentifier=keyid:always
|
||||||
|
|
||||||
|
[ ocsp ]
|
||||||
|
# Extension for OCSP signing certificates (`man ocsp`).
|
||||||
|
basicConstraints = CA:FALSE
|
||||||
|
subjectKeyIdentifier = hash
|
||||||
|
authorityKeyIdentifier = keyid,issuer
|
||||||
|
keyUsage = critical, digitalSignature
|
||||||
|
extendedKeyUsage = critical, OCSPSigning
|
||||||
|
|
@ -0,0 +1,51 @@
|
||||||
|
-----BEGIN RSA PRIVATE KEY-----
|
||||||
|
MIIJKgIBAAKCAgEA8dHeXccOqDHXVOtyXd3yBzcQrb8z5hyc1/pDjRxTIto66xhD
|
||||||
|
JjnJdIersrdov/SM/RuYJf12xvOhNKaCHfBWqH60NvouLPVDR/j0LpJklHAsoch7
|
||||||
|
z9fom8dLh04t0nhWdQFpn7AL7cDvSdQEEoHwvfK9MuyfQFOEah7yzFGmkbjB7C/N
|
||||||
|
lmykXZ6NFfYvkn8X0vVDO0FQi/gKusmwDFE0NF7wiSGI/LlAgFpg5EDQIPynRIKc
|
||||||
|
BPGOcUiG7Vw15IFSrfHRRxeCBXM+u20gDG6NFUN43ELQ45Gd4fhUqED52/c/a7Y0
|
||||||
|
3scKYaZh1nGFzOOLQ/044jBkv6smiNRRUKl5ozpEL7xGb5jOzp1bsoXLLvZdwlsX
|
||||||
|
EgtexpoqwQ4bRszk4FUK9J9vHlkIk8Dh2EogpdNAHRL0XA2ZjMUo4vDxsVSBGRN3
|
||||||
|
SD9R9NjLgWQBu6dMS9QKaqb53Rox8B5DcSkd/yE2SFtYEk7gSATikCijIulSY28X
|
||||||
|
MfDpsTy1Zz/xGAWx03BsoB80RZbkFo+YfsDvJCoT3gOlUXazcFKHwBgN0GIdJnLi
|
||||||
|
Pv2o9q3T6K1csXV8lN+W7Ls7hXI7oXHrbECGIF7LqrSi0B0Vqb9lzCILPAru80Le
|
||||||
|
ohoKXFsLeL/mFYDLYGgsqE2WF4NpiJLW4b1eFtq/4lwxOVvQeCkoFaizuJECAwEA
|
||||||
|
AQKCAgEAnLXb/Dvu1LMQD/lRMWGO4nwd8+sQEBUE07ZcporvmYuBWS9s/M3ALyNo
|
||||||
|
8rWHTbaG09RZIm2C1uW116/8bLh/AEy0L1isKfh7tJ2yaKf4RHX5hpKtIgGSvblG
|
||||||
|
yhWw/k97//F9aL4mzNoWeGrMhM3unLo9QE412fMFwdvyjtRvNMpd6dkEy3H2hrEk
|
||||||
|
T1IufCqe3tiQzErEjyCcm3Xu/9x0D2hjSwsPgm/vS/7GAcW621XAdFaME2wTWnic
|
||||||
|
8B+s0Tu5v/4RGJg0a6HGyqGqfkP6bAhAv8URKBkLDxDmk+8fvRwa3ovC8YhdwvCX
|
||||||
|
QOhqxF/FtbbZcUPZVpjsrQmi9LoPl6S0BXcQL5sIRpoJYIG+vviVEcoqnDAG3UQy
|
||||||
|
+B30RC4aty2QgacPqoWXKxNqfFe4QDMukMLAG+s3zM6JBk3druKWJoC6NeuJVJYM
|
||||||
|
qYp2rHlV/dv740u/00RINEzDJbKOMbUPK/8M8dnGJeENmj8J5VAs6yvh1uxG5nk0
|
||||||
|
ULY1Nce/AWUt5iw+eEKXDl3I4gQRpEnyEA3YiBYsnTn0J7XXUhzRGG0+/w3IS4du
|
||||||
|
OaUAFvWYgkiVz69SikWQWUfOfb7I3WKcvtGV3D+nWr6NdYeYGH3yOe4JPckdMI/U
|
||||||
|
4stdqSnj69Mgc4wQMKmVR1iQw9wrNpbahCEJcUixLQ/fMpYNJ70CggEBAP29iEg4
|
||||||
|
UMZkNAVo2xH/s+4QvVSWKN3zhz8W0AWOgyEsUy+cLHV9FhkizQVwIVJYj5YY11uL
|
||||||
|
bz1QlmJOkVZp8NttLEzgn8EB9vsOThX5TGRZfvXh0KlbcNL21kyhoeB3ttPzw/Vu
|
||||||
|
WoSvzZkwwgdlWfMDRFIH6VABE7+IXzghc9mP2Txua1Ee23HTF3rB3f2Wrosw1hNe
|
||||||
|
OHWq8RZn2qOkNLRc78HeBx+Wg0dd4hO4pnFlV+36zNgyw1AC93Xs57gCwVOrkvab
|
||||||
|
IW6+aI0tsox5EYIRmLS+6ymopwLE1boUNnGlOBZ311lih2gd9WmLtryROIVhkoo9
|
||||||
|
MWRvjQxL57RBKRcCggEBAPP5KQRaXbT/B99xTeaaEVRn1yQ91Ua9oawZnJSfufts
|
||||||
|
z/R1xcwu/Htql2TDaKfQuAxfhEBXMZfTZi9RRncYBmRZOu5Oblov8q6+/jsM9KpN
|
||||||
|
NraeaPz3lXC7/5xjIB9OfPzmaI+khve0QCZ21DU3Uj3D72ZftKe+vJQz6M9pMhA4
|
||||||
|
UitdnBNkQlmVVWRlTzvEkbAWbcCF8Tkut0Ov3lqsn6yZKkQ1fg3+6c8UCjvElJrW
|
||||||
|
24fOW3gjfk3SUlRWMtCZn9HU8xYSWi6zrh3BCpx8pyly42MY+IL2R5foNDiZlomL
|
||||||
|
vK7qhkSwqxTpjDfo9QB6+O1RkD2AQyUYcYp6KtM05JcCggEAJPCj14fDUq6h2CvE
|
||||||
|
wOEOC9mKBrd5qZ5bkTa8ACMYOgse7S56VnxobC5h1KnXYAqelMZ3C8/H2RBTZGp1
|
||||||
|
xDPWKcvCCEsnVsz3bONPQOmzUmSpFBjU7OLwEPZ4il15mJk1F7REUgXHzcteTjAH
|
||||||
|
/1Wk+7j9CEg4kjol6ttqqVxNZl4HzUFyBDRO1Epb/7YboGCAdqkccWNlKtRBFvb1
|
||||||
|
oJ82QQ/Ko9m0Bcg+wnQLhr16FcYgP/gkPFFfl9Vmu1dLAMH97TVsRtSc0GeOBweh
|
||||||
|
F8xEXUA8kAu/Zqgz8DZBuz5YEsFv4e1+f3fVqLW71arOZrNpnBlxYQi5mRqYWTLv
|
||||||
|
v5FA7wKCAQEA72EmlKXR0dh1shBrHftHS6kDWATvcZR4v/L1RoKeKgqu1C6GX/wu
|
||||||
|
MS35051D33yUSVei3Lpw54Y9eenmGM5S3z0J7G66KfVnyXuO2QOyQDK4n2A4pRSL
|
||||||
|
5WwgtiIwj2ckjcPJDj+hSgPq+ZKYToq0P/QyviDjkb89KrDwGioeO/n27aPQktpJ
|
||||||
|
m7pBadtZbcxGIh8vmroRYEjs+hXiNtevZ9t0tC5EO5lFcbA5BkGwiWiNR+f6qZsx
|
||||||
|
v0vBCgz1mOVTAcBOrvZc0/vquDkDn11TawDWCRKkK2NYBb2JF4vjP5wDCyEDkvxB
|
||||||
|
MKiisuz5D3qZKclgnGdv+kLMjNGnmUoJiwKCAQEAqi/xTluBlmWtzi9fcic7WTeG
|
||||||
|
FgXDaX5/llyr04bpT9NwMLCM3nMV/XHO7p7kVlC6+mIrLh0IwSN9UQ/evKdGHEQf
|
||||||
|
EQ7CrE68xnD64Z8EUWAjarw+N+8plEfbgYjzayEVcLs6wMlkzoKWnKy3YHmTENQI
|
||||||
|
KvDwk6LWW1R6kIJVE5IKzhCv7y8H9xVITy+4oIqGo75cB+I2Jo8+mEA/VAdQTtmd
|
||||||
|
/NPDLnifmebU79Wjyf7FRPPlfk00wu6OChlaqLrlfJI6AvB/TccA9qM8oGXVTz2B
|
||||||
|
/qYayhhOULBjcIKpiadQkM+CH3nJqEor7ZV8e5oo99wQSXSyeugchT1MjEqsQg==
|
||||||
|
-----END RSA PRIVATE KEY-----
|
||||||
|
|
@ -0,0 +1 @@
|
||||||
|
10028
|
||||||
|
|
@ -0,0 +1,51 @@
|
||||||
|
-----BEGIN RSA PRIVATE KEY-----
|
||||||
|
MIIJKgIBAAKCAgEA8dHeXccOqDHXVOtyXd3yBzcQrb8z5hyc1/pDjRxTIto66xhD
|
||||||
|
JjnJdIersrdov/SM/RuYJf12xvOhNKaCHfBWqH60NvouLPVDR/j0LpJklHAsoch7
|
||||||
|
z9fom8dLh04t0nhWdQFpn7AL7cDvSdQEEoHwvfK9MuyfQFOEah7yzFGmkbjB7C/N
|
||||||
|
lmykXZ6NFfYvkn8X0vVDO0FQi/gKusmwDFE0NF7wiSGI/LlAgFpg5EDQIPynRIKc
|
||||||
|
BPGOcUiG7Vw15IFSrfHRRxeCBXM+u20gDG6NFUN43ELQ45Gd4fhUqED52/c/a7Y0
|
||||||
|
3scKYaZh1nGFzOOLQ/044jBkv6smiNRRUKl5ozpEL7xGb5jOzp1bsoXLLvZdwlsX
|
||||||
|
EgtexpoqwQ4bRszk4FUK9J9vHlkIk8Dh2EogpdNAHRL0XA2ZjMUo4vDxsVSBGRN3
|
||||||
|
SD9R9NjLgWQBu6dMS9QKaqb53Rox8B5DcSkd/yE2SFtYEk7gSATikCijIulSY28X
|
||||||
|
MfDpsTy1Zz/xGAWx03BsoB80RZbkFo+YfsDvJCoT3gOlUXazcFKHwBgN0GIdJnLi
|
||||||
|
Pv2o9q3T6K1csXV8lN+W7Ls7hXI7oXHrbECGIF7LqrSi0B0Vqb9lzCILPAru80Le
|
||||||
|
ohoKXFsLeL/mFYDLYGgsqE2WF4NpiJLW4b1eFtq/4lwxOVvQeCkoFaizuJECAwEA
|
||||||
|
AQKCAgEAnLXb/Dvu1LMQD/lRMWGO4nwd8+sQEBUE07ZcporvmYuBWS9s/M3ALyNo
|
||||||
|
8rWHTbaG09RZIm2C1uW116/8bLh/AEy0L1isKfh7tJ2yaKf4RHX5hpKtIgGSvblG
|
||||||
|
yhWw/k97//F9aL4mzNoWeGrMhM3unLo9QE412fMFwdvyjtRvNMpd6dkEy3H2hrEk
|
||||||
|
T1IufCqe3tiQzErEjyCcm3Xu/9x0D2hjSwsPgm/vS/7GAcW621XAdFaME2wTWnic
|
||||||
|
8B+s0Tu5v/4RGJg0a6HGyqGqfkP6bAhAv8URKBkLDxDmk+8fvRwa3ovC8YhdwvCX
|
||||||
|
QOhqxF/FtbbZcUPZVpjsrQmi9LoPl6S0BXcQL5sIRpoJYIG+vviVEcoqnDAG3UQy
|
||||||
|
+B30RC4aty2QgacPqoWXKxNqfFe4QDMukMLAG+s3zM6JBk3druKWJoC6NeuJVJYM
|
||||||
|
qYp2rHlV/dv740u/00RINEzDJbKOMbUPK/8M8dnGJeENmj8J5VAs6yvh1uxG5nk0
|
||||||
|
ULY1Nce/AWUt5iw+eEKXDl3I4gQRpEnyEA3YiBYsnTn0J7XXUhzRGG0+/w3IS4du
|
||||||
|
OaUAFvWYgkiVz69SikWQWUfOfb7I3WKcvtGV3D+nWr6NdYeYGH3yOe4JPckdMI/U
|
||||||
|
4stdqSnj69Mgc4wQMKmVR1iQw9wrNpbahCEJcUixLQ/fMpYNJ70CggEBAP29iEg4
|
||||||
|
UMZkNAVo2xH/s+4QvVSWKN3zhz8W0AWOgyEsUy+cLHV9FhkizQVwIVJYj5YY11uL
|
||||||
|
bz1QlmJOkVZp8NttLEzgn8EB9vsOThX5TGRZfvXh0KlbcNL21kyhoeB3ttPzw/Vu
|
||||||
|
WoSvzZkwwgdlWfMDRFIH6VABE7+IXzghc9mP2Txua1Ee23HTF3rB3f2Wrosw1hNe
|
||||||
|
OHWq8RZn2qOkNLRc78HeBx+Wg0dd4hO4pnFlV+36zNgyw1AC93Xs57gCwVOrkvab
|
||||||
|
IW6+aI0tsox5EYIRmLS+6ymopwLE1boUNnGlOBZ311lih2gd9WmLtryROIVhkoo9
|
||||||
|
MWRvjQxL57RBKRcCggEBAPP5KQRaXbT/B99xTeaaEVRn1yQ91Ua9oawZnJSfufts
|
||||||
|
z/R1xcwu/Htql2TDaKfQuAxfhEBXMZfTZi9RRncYBmRZOu5Oblov8q6+/jsM9KpN
|
||||||
|
NraeaPz3lXC7/5xjIB9OfPzmaI+khve0QCZ21DU3Uj3D72ZftKe+vJQz6M9pMhA4
|
||||||
|
UitdnBNkQlmVVWRlTzvEkbAWbcCF8Tkut0Ov3lqsn6yZKkQ1fg3+6c8UCjvElJrW
|
||||||
|
24fOW3gjfk3SUlRWMtCZn9HU8xYSWi6zrh3BCpx8pyly42MY+IL2R5foNDiZlomL
|
||||||
|
vK7qhkSwqxTpjDfo9QB6+O1RkD2AQyUYcYp6KtM05JcCggEAJPCj14fDUq6h2CvE
|
||||||
|
wOEOC9mKBrd5qZ5bkTa8ACMYOgse7S56VnxobC5h1KnXYAqelMZ3C8/H2RBTZGp1
|
||||||
|
xDPWKcvCCEsnVsz3bONPQOmzUmSpFBjU7OLwEPZ4il15mJk1F7REUgXHzcteTjAH
|
||||||
|
/1Wk+7j9CEg4kjol6ttqqVxNZl4HzUFyBDRO1Epb/7YboGCAdqkccWNlKtRBFvb1
|
||||||
|
oJ82QQ/Ko9m0Bcg+wnQLhr16FcYgP/gkPFFfl9Vmu1dLAMH97TVsRtSc0GeOBweh
|
||||||
|
F8xEXUA8kAu/Zqgz8DZBuz5YEsFv4e1+f3fVqLW71arOZrNpnBlxYQi5mRqYWTLv
|
||||||
|
v5FA7wKCAQEA72EmlKXR0dh1shBrHftHS6kDWATvcZR4v/L1RoKeKgqu1C6GX/wu
|
||||||
|
MS35051D33yUSVei3Lpw54Y9eenmGM5S3z0J7G66KfVnyXuO2QOyQDK4n2A4pRSL
|
||||||
|
5WwgtiIwj2ckjcPJDj+hSgPq+ZKYToq0P/QyviDjkb89KrDwGioeO/n27aPQktpJ
|
||||||
|
m7pBadtZbcxGIh8vmroRYEjs+hXiNtevZ9t0tC5EO5lFcbA5BkGwiWiNR+f6qZsx
|
||||||
|
v0vBCgz1mOVTAcBOrvZc0/vquDkDn11TawDWCRKkK2NYBb2JF4vjP5wDCyEDkvxB
|
||||||
|
MKiisuz5D3qZKclgnGdv+kLMjNGnmUoJiwKCAQEAqi/xTluBlmWtzi9fcic7WTeG
|
||||||
|
FgXDaX5/llyr04bpT9NwMLCM3nMV/XHO7p7kVlC6+mIrLh0IwSN9UQ/evKdGHEQf
|
||||||
|
EQ7CrE68xnD64Z8EUWAjarw+N+8plEfbgYjzayEVcLs6wMlkzoKWnKy3YHmTENQI
|
||||||
|
KvDwk6LWW1R6kIJVE5IKzhCv7y8H9xVITy+4oIqGo75cB+I2Jo8+mEA/VAdQTtmd
|
||||||
|
/NPDLnifmebU79Wjyf7FRPPlfk00wu6OChlaqLrlfJI6AvB/TccA9qM8oGXVTz2B
|
||||||
|
/qYayhhOULBjcIKpiadQkM+CH3nJqEor7ZV8e5oo99wQSXSyeugchT1MjEqsQg==
|
||||||
|
-----END RSA PRIVATE KEY-----
|
||||||
|
|
@ -0,0 +1,55 @@
|
||||||
|
#
|
||||||
|
#
|
||||||
|
# IMPORTANT INFO
|
||||||
|
#
|
||||||
|
#
|
||||||
|
[ v3_server ]
|
||||||
|
# Extensions for server certificates (`man x509v3_config`).
|
||||||
|
basicConstraints = CA:FALSE
|
||||||
|
nsCertType = server
|
||||||
|
nsComment = "ACME Corp"
|
||||||
|
subjectKeyIdentifier = hash
|
||||||
|
authorityKeyIdentifier = keyid,issuer:always
|
||||||
|
keyUsage = critical, digitalSignature, keyEncipherment
|
||||||
|
extendedKeyUsage = serverAuth
|
||||||
|
subjectAltName = @alt_names
|
||||||
|
#subjectAltName = IP:192.168.123.129
|
||||||
|
|
||||||
|
[ alt_names ]
|
||||||
|
DNS.1 = "skunkworks.acme.xyz"
|
||||||
|
|
||||||
|
#
|
||||||
|
#
|
||||||
|
# FORCED TO INCLUDE THIS JUNK
|
||||||
|
#
|
||||||
|
#
|
||||||
|
[ req ]
|
||||||
|
# Options for the `req` tool (`man req`).
|
||||||
|
default_bits = 4096
|
||||||
|
distinguished_name = req_distinguished_name
|
||||||
|
string_mask = utf8only
|
||||||
|
|
||||||
|
# SHA-1 is deprecated, so use SHA-2 instead.
|
||||||
|
default_md = sha256
|
||||||
|
|
||||||
|
# Extension to add when the -x509 option is used.
|
||||||
|
#x509_extensions = v3_ca
|
||||||
|
|
||||||
|
[ req_distinguished_name ]
|
||||||
|
# See <https://en.wikipedia.org/wiki/Certificate_signing_request>.
|
||||||
|
countryName = Country Name (2 letter code)
|
||||||
|
stateOrProvinceName = State or Province Name
|
||||||
|
localityName = Locality Name
|
||||||
|
0.organizationName = Organization Name
|
||||||
|
organizationalUnitName = Organizational Unit Name
|
||||||
|
commonName = Common Name
|
||||||
|
emailAddress = Email Address
|
||||||
|
|
||||||
|
# Optionally, specify some defaults.
|
||||||
|
countryName_default = US
|
||||||
|
stateOrProvinceName_default = State51
|
||||||
|
localityName_default =
|
||||||
|
0.organizationName_default = ACME R&D
|
||||||
|
organizationalUnitName_default =
|
||||||
|
emailAddress_default =
|
||||||
|
|
||||||
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue