diff options
Diffstat (limited to 'roles/openshift_logging/files/signing.conf')
| -rw-r--r-- | roles/openshift_logging/files/signing.conf | 103 |
1 files changed, 0 insertions, 103 deletions
diff --git a/roles/openshift_logging/files/signing.conf b/roles/openshift_logging/files/signing.conf deleted file mode 100644 index 810a057d9..000000000 --- a/roles/openshift_logging/files/signing.conf +++ /dev/null @@ -1,103 +0,0 @@ -# Simple Signing CA - -# The [default] section contains global constants that can be referred to from -# the entire configuration file. It may also hold settings pertaining to more -# than one openssl command. - -[ default ] -#dir = _output # Top dir - -# The next part of the configuration file is used by the openssl req command. -# It defines the CA's key pair, its DN, and the desired extensions for the CA -# certificate. - -[ req ] -default_bits = 2048 # RSA key size -encrypt_key = yes # Protect private key -default_md = sha1 # MD to use -utf8 = yes # Input is UTF-8 -string_mask = utf8only # Emit UTF-8 strings -prompt = no # Don't prompt for DN -distinguished_name = ca_dn # DN section -req_extensions = ca_reqext # Desired extensions - -[ ca_dn ] -0.domainComponent = "io" -1.domainComponent = "openshift" -organizationName = "OpenShift Origin" -organizationalUnitName = "Logging Signing CA" -commonName = "Logging Signing CA" - -[ ca_reqext ] -keyUsage = critical,keyCertSign,cRLSign -basicConstraints = critical,CA:true,pathlen:0 -subjectKeyIdentifier = hash - -# The remainder of the configuration file is used by the openssl ca command. -# The CA section defines the locations of CA assets, as well as the policies -# applying to the CA. - -[ ca ] -default_ca = signing_ca # The default CA section - -[ signing_ca ] -certificate = $dir/ca.crt # The CA cert -private_key = $dir/ca.key # CA private key -new_certs_dir = $dir/ # Certificate archive -serial = $dir/ca.serial.txt # Serial number file -crlnumber = $dir/ca.crl.srl # CRL number file -database = $dir/ca.db # Index file -unique_subject = no # Require unique subject -default_days = 730 # How long to certify for -default_md = sha1 # MD to use -policy = any_pol # Default naming policy -email_in_dn = no # Add email to cert DN -preserve = no # Keep passed DN ordering -name_opt = ca_default # Subject DN display options -cert_opt = ca_default # Certificate display options -copy_extensions = copy # Copy extensions from CSR -x509_extensions = client_ext # Default cert extensions -default_crl_days = 7 # How long before next CRL -crl_extensions = crl_ext # CRL extensions - -# Naming policies control which parts of a DN end up in the certificate and -# under what circumstances certification should be denied. - -[ match_pol ] -domainComponent = match # Must match 'simple.org' -organizationName = match # Must match 'Simple Inc' -organizationalUnitName = optional # Included if present -commonName = supplied # Must be present - -[ any_pol ] -domainComponent = optional -countryName = optional -stateOrProvinceName = optional -localityName = optional -organizationName = optional -organizationalUnitName = optional -commonName = optional -emailAddress = optional - -# Certificate extensions define what types of certificates the CA is able to -# create. - -[ client_ext ] -keyUsage = critical,digitalSignature,keyEncipherment -basicConstraints = CA:false -extendedKeyUsage = clientAuth -subjectKeyIdentifier = hash -authorityKeyIdentifier = keyid - -[ server_ext ] -keyUsage = critical,digitalSignature,keyEncipherment -basicConstraints = CA:false -extendedKeyUsage = serverAuth,clientAuth -subjectKeyIdentifier = hash -authorityKeyIdentifier = keyid - -# CRL extensions exist solely to point to the CA certificate that has issued -# the CRL. - -[ crl_ext ] -authorityKeyIdentifier = keyid |