summaryrefslogtreecommitdiffstats
path: root/roles/etcd_ca/templates/openssl_append.j2
blob: de2adaead0898f212cb7543afe0a6e83d92e2dd9 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51


[ etcd_v3_req ]
basicConstraints = critical,CA:FALSE
keyUsage         = digitalSignature,keyEncipherment
subjectAltName   = ${ENV::SAN}

[ etcd_ca ]
dir             = {{ etcd_ca_dir }}
crl_dir         = $dir/crl
database        = $dir/index.txt
new_certs_dir   = $dir/certs
certificate     = $dir/ca.crt
serial          = $dir/serial
private_key     = $dir/ca.key
crl_number      = $dir/crlnumber
x509_extensions = etcd_v3_ca_client
default_days    = 365
default_md      = sha256
preserve        = no
name_opt        = ca_default
cert_opt        = ca_default
policy          = policy_anything
unique_subject  = no
copy_extensions = copy

[ etcd_v3_ca_self ]
authorityKeyIdentifier = keyid,issuer
basicConstraints       = critical,CA:TRUE,pathlen:0
keyUsage               = critical,digitalSignature,keyEncipherment,keyCertSign
subjectKeyIdentifier   = hash

[ etcd_v3_ca_peer ]
authorityKeyIdentifier = keyid,issuer:always
basicConstraints       = critical,CA:FALSE
extendedKeyUsage       = clientAuth,serverAuth
keyUsage               = digitalSignature,keyEncipherment
subjectKeyIdentifier   = hash

[ etcd_v3_ca_server ]
authorityKeyIdentifier = keyid,issuer:always
basicConstraints       = critical,CA:FALSE
extendedKeyUsage       = serverAuth
keyUsage               = digitalSignature,keyEncipherment
subjectKeyIdentifier   = hash

[ etcd_v3_ca_client ]
authorityKeyIdentifier = keyid,issuer:always
basicConstraints       = critical,CA:FALSE
extendedKeyUsage       = clientAuth
keyUsage               = digitalSignature,keyEncipherment
subjectKeyIdentifier   = hash
generated by cgit v1.2.1 (git 2.18.0) at 2024-05-19 15:50:59 +0000