added RFC 3779 CA
This commit is contained in:
Andreas Steffen
parent
7c697964d3
commit
c5454eaf61
|
|
@ -38,4 +38,8 @@ cd /etc/openssl/monster
|
|||
openssl ca -gencrl -crldays 15 -config /etc/openssl/monster/openssl.cnf -out crl.pem
|
||||
openssl crl -in crl.pem -outform der -out strongswan-monster.crl
|
||||
cp strongswan-monster.crl /var/www/localhost/htdocs/
|
||||
cd /etc/openssl/rfc3779
|
||||
openssl ca -gencrl -crldays 15 -config /etc/openssl/rfc3779/openssl.cnf -out crl.pem
|
||||
openssl crl -in crl.pem -outform der -out strongswan_rfc3779.crl
|
||||
cp strongswan_rfc3779.crl /var/www/localhost/htdocs/
|
||||
|
||||
|
|
|
|||
Binary file not shown.
|
|
@ -0,0 +1,15 @@
|
|||
-----BEGIN X509 CRL-----
|
||||
MIICRTCCAS0CAQEwDQYJKoZIhvcNAQELBQAwWjELMAkGA1UEBhMCQ0gxGTAXBgNV
|
||||
BAoTEExpbnV4IHN0cm9uZ1N3YW4xEDAOBgNVBAsTB1JGQzM3NzkxHjAcBgNVBAMT
|
||||
FXN0cm9uZ1N3YW4gUkZDMzc3OSBDQRcNMDkxMjIzMDk0MjUxWhcNMTAwMTA3MDk0
|
||||
MjUxWqCBnjCBmzCBjAYDVR0jBIGEMIGBgBQhf6frN9CjCx+h3EIGHhFfPNIQFKFe
|
||||
pFwwWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xEDAO
|
||||
BgNVBAsTB1JGQzM3NzkxHjAcBgNVBAMTFXN0cm9uZ1N3YW4gUkZDMzc3OSBDQYIJ
|
||||
AMxcts8OCFQAMAoGA1UdFAQDAgECMA0GCSqGSIb3DQEBCwUAA4IBAQDLEmxXy56A
|
||||
UkZSg59BlPW1R2Fv9fBWiup4OoC1vBcSpPzbiBcD68h62T7hFMx935maBoYa4eLw
|
||||
sADS2TkRCBEZzAhYkAMQi72jCtPfJwYUJewlQ+V2As3cygkErBm2Vvo3Om37GKil
|
||||
uQaHvHlBSFGrC5IxeIxR2FOH1BeBD6MM9p7yRJ9yEt++jH2dLiGFYX1cmJ6m8aFr
|
||||
09tfjTwzw5VclQBjjXaqhrzr33hjAEv0thpx0VQVngq+8WX6HQv/QS1xNJVq8bes
|
||||
9GChW+MdNIx0ZH4Tb1hv8dafnSyHIVYzY8UuL4X/+LJDSPjyS8wtZWuj1k+cA9u2
|
||||
3TDt0F6MgNAH
|
||||
-----END X509 CRL-----
|
||||
|
|
@ -0,0 +1 @@
|
|||
03
|
||||
|
|
@ -0,0 +1 @@
|
|||
02
|
||||
|
|
@ -0,0 +1,4 @@
|
|||
V 141222133356Z 01 unknown /C=CH/O=Linux strongSwan/OU=RFC3779/CN=moon.strongswan.org
|
||||
V 141222133521Z 02 unknown /C=CH/O=Linux strongSwan/OU=RFC3779/CN=sun.strongswan.org
|
||||
V 141222133612Z 03 unknown /C=CH/O=Linux strongSwan/OU=RFC3779/CN=carol@strongswan.org
|
||||
V 141222133736Z 04 unknown /C=CH/O=Linux strongSwan/OU=RFC3779/CN=dave@strongswan.org
|
||||
|
|
@ -0,0 +1 @@
|
|||
unique_subject = yes
|
||||
|
|
@ -0,0 +1 @@
|
|||
unique_subject = yes
|
||||
|
|
@ -0,0 +1,3 @@
|
|||
V 141222133356Z 01 unknown /C=CH/O=Linux strongSwan/OU=RFC3779/CN=moon.strongswan.org
|
||||
V 141222133521Z 02 unknown /C=CH/O=Linux strongSwan/OU=RFC3779/CN=sun.strongswan.org
|
||||
V 141222133612Z 03 unknown /C=CH/O=Linux strongSwan/OU=RFC3779/CN=carol@strongswan.org
|
||||
|
|
@ -0,0 +1,28 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIEuDCCA6CgAwIBAgIBATANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJDSDEZ
|
||||
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEQMA4GA1UECxMHUkZDMzc3OTEeMBwG
|
||||
A1UEAxMVc3Ryb25nU3dhbiBSRkMzNzc5IENBMB4XDTA5MTIyMzEzMzM1NloXDTE0
|
||||
MTIyMjEzMzM1NlowWDELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9u
|
||||
Z1N3YW4xEDAOBgNVBAsTB1JGQzM3NzkxHDAaBgNVBAMTE21vb24uc3Ryb25nc3dh
|
||||
bi5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDTKaLLTmKX45Qm
|
||||
RjIaBSxBwofzqqkZWtl1mu0cDp6rGWr//hC31OO9MbLeRZBX0UBtuKouceAjdrwG
|
||||
aK7ChR0Ft+qlLZ6Z9BH2Dna4vTdESsB3Sn+uXuU4WNdwmmJuRBXfl/7h/Rt+34Cs
|
||||
BP82/RtR4GVpS7u73iSLlN4RaeWdySTqhtYH4cKt1H9MiSbwwomwdLedQo3UoOeU
|
||||
lkWPrzFKT3gzU4vHr1sgpbF54o/iBr5/YyJpUT9UVeDTffAEMxnAe8/Q/a3pgSLO
|
||||
wJ3HnSvcSH0w8zuH1YXOtfmqsphkwVBJGiLzUHWlYxVIAoCKdrv4eoSJLqlL5b51
|
||||
vGkmL83RAgMBAAGjggGJMIIBhTAJBgNVHRMEAjAAMAsGA1UdDwQEAwIDqDAdBgNV
|
||||
HQ4EFgQU5zzmRRlKa8+cm1g4RYg4lKNkQz4wgYwGA1UdIwSBhDCBgYAUIX+n6zfQ
|
||||
owsfodxCBh4RXzzSEBShXqRcMFoxCzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51
|
||||
eCBzdHJvbmdTd2FuMRAwDgYDVQQLEwdSRkMzNzc5MR4wHAYDVQQDExVzdHJvbmdT
|
||||
d2FuIFJGQzM3NzkgQ0GCCQDyr+ZHsk6LRjAeBgNVHREEFzAVghNtb29uLnN0cm9u
|
||||
Z3N3YW4ub3JnMBMGA1UdJQQMMAoGCCsGAQUFBwMBMEEGA1UdHwQ6MDgwNqA0oDKG
|
||||
MGh0dHA6Ly9jcmwuc3Ryb25nc3dhbi5vcmcvc3Ryb25nc3dhbl9yZmMzNzc5LmNy
|
||||
bDBFBggrBgEFBQcBBwEB/wQ2MDQwEgQCAAEwDAMDAAoBAwUAwKgAATAeBAIAAjAY
|
||||
AxEA/sAAAAAAAAAAAAAAAAAAAQMDAP7BMA0GCSqGSIb3DQEBCwUAA4IBAQBVFKeX
|
||||
QIH5Zk0dp/7u/V0TKqu5vZ9x6ZrshAZ9nzbLgmSP+++yDXmlQe0D0i2Men4D095S
|
||||
smFqw1nMWM5oEPpP58+jhCOHzn7InMp+SRRBkX2j06wT9qbynAHiIun/qcdq13w1
|
||||
Fs0PiKVQZbbz72mwl9J3Hkj/JkLtOX00wMPqIFU6veeagGiwOW7KkehFUVqoD9+O
|
||||
vgkHnUti2XzgskEGcEWmE1EYv7Qo0OdZB15oNoUV5i8WelfmWO+nz9/QKciATNoC
|
||||
kAUVcEV9XY9sSKjazdyG6QfEd3l6lQ+KAt8MnqA89i0yIQ1lg+3Jfe67SMvM1gy6
|
||||
Y0Y2hqCja6SsIjVc
|
||||
-----END CERTIFICATE-----
|
||||
|
|
@ -0,0 +1,28 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIEtjCCA56gAwIBAgIBAjANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJDSDEZ
|
||||
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEQMA4GA1UECxMHUkZDMzc3OTEeMBwG
|
||||
A1UEAxMVc3Ryb25nU3dhbiBSRkMzNzc5IENBMB4XDTA5MTIyMzEzMzUyMVoXDTE0
|
||||
MTIyMjEzMzUyMVowVzELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9u
|
||||
Z1N3YW4xEDAOBgNVBAsTB1JGQzM3NzkxGzAZBgNVBAMTEnN1bi5zdHJvbmdzd2Fu
|
||||
Lm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK1HhvoVh/fM14RE
|
||||
CTXr4to9ZEeGSqHLl5du+eYZl1fC7qLYaCtlaH+eLfDsCgYpe+XsDLHIxpTK9R6k
|
||||
XgLP1Jraxz3rtv5qJKkV3aDTjQ2d+cFc0EgiZmn53VEmI/IlcJS/VZzHhNvEJk7H
|
||||
k0YpoazpGPtNzFGaehV5mXUAeVPx4RH8fjcSiPbuPS3WC7cqtYvVwk97dj05VfEC
|
||||
VnG+90+eFKztvawBzNGwGQ7xZV7kSiPHNyGAV0qrKvhXZ0VPnm/OEiGCAlIo8uno
|
||||
Yb/4UMM/a5usCaA9Hgbf8+qqmrzavSUkFEa0y/p9bOBHaqfNP002xktbqBCCodRr
|
||||
6QgmiysCAwEAAaOCAYgwggGEMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1Ud
|
||||
DgQWBBTaKhy7PH1ihWsD+3/bJQ3e3Isj+DCBjAYDVR0jBIGEMIGBgBQhf6frN9Cj
|
||||
Cx+h3EIGHhFfPNIQFKFepFwwWjELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4
|
||||
IHN0cm9uZ1N3YW4xEDAOBgNVBAsTB1JGQzM3NzkxHjAcBgNVBAMTFXN0cm9uZ1N3
|
||||
YW4gUkZDMzc3OSBDQYIJAPKv5keyTotGMB0GA1UdEQQWMBSCEnN1bi5zdHJvbmdz
|
||||
d2FuLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDATBBBgNVHR8EOjA4MDagNKAyhjBo
|
||||
dHRwOi8vY3JsLnN0cm9uZ3N3YW4ub3JnL3N0cm9uZ3N3YW5fcmZjMzc3OS5jcmww
|
||||
RQYIKwYBBQUHAQcBAf8ENjA0MBIEAgABMAwDAwAKAgMFAMCoAAIwHgQCAAIwGAMR
|
||||
AP7AAAAAAAAAAAAAAAAAAAIDAwD+wjANBgkqhkiG9w0BAQsFAAOCAQEAOqdCIldA
|
||||
mPp2aAWVPBiKXNrk4VJoIGlwZaUtYNxGQ46wUqAro/taKwZd4B1yvwsX/cHX3Y6j
|
||||
C1mQtiXw9onJm1qJM1a804U9yPcgdI+9RMiU0hA+aVmyMlS6WQsKFubU17qP2Ljd
|
||||
4hOwVQ681Hi8zfQjJdYpaO1yLcpy2dkotreJS3wA24ssnskRBI/cuAN0dfbV6SDQ
|
||||
TK91qz0emHoK3efgtvX4oEpsxI4NrwMstaZSVsHn4npKTGYu82dmPoK6WPblGEHZ
|
||||
Iavl08lGcYBV5I2ZGuWOekWQzUuBSveV3AFjieeaDIG3Ue3AKaihn6dCLz6l+t7E
|
||||
dXN+1axy9zQ34g==
|
||||
-----END CERTIFICATE-----
|
||||
|
|
@ -0,0 +1,27 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIEojCCA4qgAwIBAgIBAzANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJDSDEZ
|
||||
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEQMA4GA1UECxMHUkZDMzc3OTEeMBwG
|
||||
A1UEAxMVc3Ryb25nU3dhbiBSRkMzNzc5IENBMB4XDTA5MTIyMzEzMzYxMloXDTE0
|
||||
MTIyMjEzMzYxMlowWTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9u
|
||||
Z1N3YW4xEDAOBgNVBAsTB1JGQzM3NzkxHTAbBgNVBAMUFGNhcm9sQHN0cm9uZ3N3
|
||||
YW4ub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArD8OrNy0w+T2
|
||||
cru3RQgskGCGppwpvLH/QZVHD/UbumxjKVTrz4FskqN39sFxDFDSre1bps+F7jW/
|
||||
zmOFe7c7jmZhK1mPnbviYTS4LXdo1j02pPeBNBk4b6VAIKPaYmO3UIoZZ4SPnnVZ
|
||||
P7Aj3mU1ztsTbUQqgRmTsdfqiPaBNZ0zylWYPDOkTS+1sbRQHkgdZvw4fYno+Rd+
|
||||
hDK1scggL4kRg4uGvFojYciSxo5lC53Am4r8T2zI0aI6L8g57j4cX1XYQwM3tkHM
|
||||
2BiCRM/c1wQc+vn+xp1oh/GYM4qoSoZyLTD9A0gqmbnF9//wvSmwpDpSkDoHZ5O3
|
||||
Ur6HZ8mByQIDAQABo4IBcjCCAW4wCQYDVR0TBAIwADALBgNVHQ8EBAMCA6gwHQYD
|
||||
VR0OBBYEFL9rU6QFDLvUOEIFNZROVYWN5v++MIGMBgNVHSMEgYQwgYGAFCF/p+s3
|
||||
0KMLH6HcQgYeEV880hAUoV6kXDBaMQswCQYDVQQGEwJDSDEZMBcGA1UEChMQTGlu
|
||||
dXggc3Ryb25nU3dhbjEQMA4GA1UECxMHUkZDMzc3OTEeMBwGA1UEAxMVc3Ryb25n
|
||||
U3dhbiBSRkMzNzc5IENBggkA8q/mR7JOi0YwHwYDVR0RBBgwFoEUY2Fyb2xAc3Ry
|
||||
b25nc3dhbi5vcmcwQQYDVR0fBDowODA2oDSgMoYwaHR0cDovL2NybC5zdHJvbmdz
|
||||
d2FuLm9yZy9zdHJvbmdzd2FuX3JmYzM3NzkuY3JsMEIGCCsGAQUFBwEHAQH/BDMw
|
||||
MTAUBAIAATAOAwUACgMAAQMFAMCoAGQwGQQCAAIwEwMRAP7AAAAAAAAAAAAAAAAA
|
||||
ABAwDQYJKoZIhvcNAQELBQADggEBAHhgG8qqLZX3uXDVX9uBZM8jErI78pyL9F8q
|
||||
ibTW5UPp+rbbMDY7tphBbFkg5Q0pzJhOzB6I6Oy/QWVVEC20DE7lhOpMu7auS3Gn
|
||||
z1t6DCIDR9NYXtKs6UXcMA0PSQ1r7iHQWvtZ0uD998k6UQfZCCOwBbonng2DAp/m
|
||||
FKkaCYiZmJw2YBwf+oVNLQp2fHI61uoguiiRQ4AV5Htho0z6MDqpMyrg2F7Uf2cq
|
||||
kQY/ZyvMe8VG5KuiaMJPIMdJPnRED2R4qiyHe8eDXgGYHsNhkt7VHRRgo3izqIdG
|
||||
1oCv+CHQ2XSK+4dA42U0Vw7V/ExmcLy99bZfCEZwNWG6Y/5Qwww=
|
||||
-----END CERTIFICATE-----
|
||||
|
|
@ -0,0 +1,27 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIEoDCCA4igAwIBAgIBBDANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJDSDEZ
|
||||
MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEQMA4GA1UECxMHUkZDMzc3OTEeMBwG
|
||||
A1UEAxMVc3Ryb25nU3dhbiBSRkMzNzc5IENBMB4XDTA5MTIyMzEzMzczNloXDTE0
|
||||
MTIyMjEzMzczNlowWDELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9u
|
||||
Z1N3YW4xEDAOBgNVBAsTB1JGQzM3NzkxHDAaBgNVBAMUE2RhdmVAc3Ryb25nc3dh
|
||||
bi5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDPLwvUPUNIZnbX
|
||||
eyz8U0COp5RM7ZLFT2iJmSGxznZ30phUNHSy3WX9V8h2kQ2fBks2x0KYWEg8Lh2y
|
||||
ggZipePRpuHRnZlcll5/HY/YOUgdV2GE6euNiWKcDB6uE51sxZ+on5KasI9EJMdp
|
||||
hJpytYUFjx6pExsoqWMQLigrT6A4bYogkweOZHiUyHiqgtUQcHnmmKwxgeUAkZCb
|
||||
00dk7CYnXNQZ1uHj/08TDwrS37SGXfWEIcBGEx/awqlF+s2HTI6zw7NC2HhQsiSp
|
||||
Yo1nz8TBr/8XnO9KyYUg04TMkcQqBFDt/qiUswLRLapn9HSyd43BxaF+YuvJ1+ip
|
||||
M4G05K1nAgMBAAGjggFxMIIBbTAJBgNVHRMEAjAAMAsGA1UdDwQEAwIDqDAdBgNV
|
||||
HQ4EFgQUJ/+79KP+Ea9vdAIMkUYx++cu6R0wgYwGA1UdIwSBhDCBgYAUIX+n6zfQ
|
||||
owsfodxCBh4RXzzSEBShXqRcMFoxCzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51
|
||||
eCBzdHJvbmdTd2FuMRAwDgYDVQQLEwdSRkMzNzc5MR4wHAYDVQQDExVzdHJvbmdT
|
||||
d2FuIFJGQzM3NzkgQ0GCCQDyr+ZHsk6LRjAeBgNVHREEFzAVgRNkYXZlQHN0cm9u
|
||||
Z3N3YW4ub3JnMEEGA1UdHwQ6MDgwNqA0oDKGMGh0dHA6Ly9jcmwuc3Ryb25nc3dh
|
||||
bi5vcmcvc3Ryb25nc3dhbl9yZmMzNzc5LmNybDBCBggrBgEFBQcBBwEB/wQzMDEw
|
||||
FAQCAAEwDgMFAAoDAAIDBQDAqADIMBkEAgACMBMDEQD+wAAAAAAAAAAAAAAAAAAg
|
||||
MA0GCSqGSIb3DQEBCwUAA4IBAQBlOlqceKqgr0putV9fUf2vekg5QtZGDtHFUOTH
|
||||
0gDIe2DJ60bWY5IXpjj2KtzRdoP448fpPaprrh8VEljWoVvAF8LaePKGggqwcG+D
|
||||
Z7ioDYlnV1j+/NnbZGM/hPqa841dh5jesTuTAF2giMod6P6eMiiRcnl9X3ltgSWp
|
||||
Ahk5C8CNYw+sISJcCHtFQHdKOM4QN7wAWksvpjMWkSDQgf/rnDUgW8DXAwX/9K4V
|
||||
G2etJ6/8drpjB115p6h+GYz8xFG28/MSf9BqNX03dBs5oyko2+FgSrb3ACK+pAO4
|
||||
Cpi2NKZfUH+M7Loo4baI+f5iavpDjDfar8KTiV610DAp0W2S
|
||||
-----END CERTIFICATE-----
|
||||
|
|
@ -0,0 +1,214 @@
|
|||
# openssl.cnf - OpenSSL configuration file for the ZHW PKI
|
||||
# Mario Strasser <mario.strasser@zhwin.ch>
|
||||
#
|
||||
|
||||
# This definitions were set by the ca_init script DO NOT change
|
||||
# them manualy.
|
||||
CAHOME = /etc/openssl/rfc3779
|
||||
RANDFILE = $CAHOME/.rand
|
||||
|
||||
# Extra OBJECT IDENTIFIER info:
|
||||
oid_section = new_oids
|
||||
|
||||
[ new_oids ]
|
||||
SmartcardLogin = 1.3.6.1.4.1.311.20.2
|
||||
ClientAuthentication = 1.3.6.1.4.1.311.20.2.2
|
||||
|
||||
####################################################################
|
||||
|
||||
[ ca ]
|
||||
default_ca = root_ca # The default ca section
|
||||
|
||||
####################################################################
|
||||
|
||||
[ root_ca ]
|
||||
|
||||
dir = $CAHOME
|
||||
certs = $dir/certs # Where the issued certs are kept
|
||||
crl_dir = $dir/crl # Where the issued crl are kept
|
||||
database = $dir/index.txt # database index file.
|
||||
new_certs_dir = $dir/newcerts # default place for new certs.
|
||||
|
||||
certificate = $dir/strongswanCert.pem # The CA certificate
|
||||
serial = $dir/serial # The current serial number
|
||||
crl = $dir/crl.pem # The current CRL
|
||||
crlnumber = $dir/crlnumber # The current CRL serial number
|
||||
private_key = $dir/strongswanKey.pem # The private key
|
||||
RANDFILE = $dir/.rand # private random number file
|
||||
|
||||
x509_extensions = host_ext # The extentions to add to the cert
|
||||
|
||||
crl_extensions = crl_ext # The extentions to add to the CRL
|
||||
|
||||
default_days = 1825 # how long to certify for
|
||||
default_crl_days= 30 # how long before next CRL
|
||||
default_md = sha256 # which md to use.
|
||||
preserve = no # keep passed DN ordering
|
||||
email_in_dn = no # allow/forbid EMail in DN
|
||||
|
||||
policy = policy_match # specifying how similar the request must look
|
||||
|
||||
####################################################################
|
||||
|
||||
# the 'match' policy
|
||||
[ policy_match ]
|
||||
countryName = match
|
||||
stateOrProvinceName = optional
|
||||
localityName = optional
|
||||
organizationName = match
|
||||
organizationalUnitName = optional
|
||||
userId = optional
|
||||
serialNumber = optional
|
||||
commonName = supplied
|
||||
emailAddress = optional
|
||||
|
||||
# the 'anything' policy
|
||||
[ policy_anything ]
|
||||
countryName = optional
|
||||
stateOrProvinceName = optional
|
||||
localityName = optional
|
||||
organizationName = optional
|
||||
organizationalUnitName = optional
|
||||
commonName = supplied
|
||||
emailAddress = optional
|
||||
|
||||
####################################################################
|
||||
|
||||
[ req ]
|
||||
default_bits = 1024
|
||||
default_keyfile = privkey.pem
|
||||
distinguished_name = req_distinguished_name
|
||||
attributes = req_attributes
|
||||
x509_extensions = ca_ext # The extentions to add to the self signed cert
|
||||
# req_extensions = v3_req # The extensions to add to a certificate request
|
||||
|
||||
|
||||
# This sets a mask for permitted string types. There are several options.
|
||||
# default: PrintableString, T61String, BMPString.
|
||||
# pkix : PrintableString, BMPString.
|
||||
# utf8only: only UTF8Strings.
|
||||
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
|
||||
# MASK:XXXX a literal mask value.
|
||||
# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
|
||||
# so use this option with caution!
|
||||
string_mask = nombstr
|
||||
|
||||
# req_extensions = v3_req # The extensions to add to a certificate request
|
||||
|
||||
####################################################################
|
||||
|
||||
[ req_distinguished_name ]
|
||||
countryName = Country Name (2 letter code)
|
||||
countryName_default = CH
|
||||
countryName_min = 2
|
||||
countryName_max = 2
|
||||
|
||||
#stateOrProvinceName = State or Province Name (full name)
|
||||
#stateOrProvinceName_default = ZH
|
||||
|
||||
#localityName = Locality Name (eg, city)
|
||||
#localityName_default = Winterthur
|
||||
|
||||
organizationName = Organization Name (eg, company)
|
||||
organizationName_default = Linux strongSwan
|
||||
|
||||
0.organizationalUnitName = Organizational Unit Name (eg, section)
|
||||
0.organizationalUnitName_default = RFC3779
|
||||
|
||||
#1.organizationalUnitName = Type (eg, Staff)
|
||||
#1.organizationalUnitName_default = Staff
|
||||
|
||||
#userId = UID
|
||||
|
||||
commonName = Common Name (eg, YOUR name)
|
||||
commonName_default = $ENV::COMMON_NAME
|
||||
commonName_max = 64
|
||||
|
||||
#0.emailAddress = Email Address (eg, foo@bar.com)
|
||||
#0.emailAddress_min = 0
|
||||
#0.emailAddress_max = 40
|
||||
|
||||
#1.emailAddress = Second Email Address (eg, foo@bar.com)
|
||||
#1.emailAddress_min = 0
|
||||
#1.emailAddress_max = 40
|
||||
|
||||
####################################################################
|
||||
|
||||
[ req_attributes ]
|
||||
|
||||
####################################################################
|
||||
|
||||
[ host_ext ]
|
||||
|
||||
basicConstraints = CA:FALSE
|
||||
keyUsage = digitalSignature, keyEncipherment, keyAgreement
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid, issuer:always
|
||||
subjectAltName = DNS:$ENV::COMMON_NAME
|
||||
#extendedKeyUsage = OCSPSigning
|
||||
extendedKeyUsage = serverAuth
|
||||
crlDistributionPoints = URI:http://crl.strongswan.org/strongswan_rfc3779.crl
|
||||
|
||||
sbgp-ipAddrBlock = critical, @host-addr-section
|
||||
|
||||
[host-addr-section]
|
||||
|
||||
IPv4.0 = 192.168.0.2
|
||||
IPv4.1 = 10.2.0.0/16
|
||||
IPv6.0 = fec0::2
|
||||
IPv6.1 = fec2::/16
|
||||
|
||||
####################################################################
|
||||
|
||||
[ user_ext ]
|
||||
|
||||
basicConstraints = CA:FALSE
|
||||
keyUsage = digitalSignature, keyEncipherment, keyAgreement
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid, issuer:always
|
||||
subjectAltName = email:$ENV::COMMON_NAME
|
||||
#authorityInfoAccess = OCSP;URI:http://ocsp.strongswan.org:8880
|
||||
crlDistributionPoints = URI:http://crl.strongswan.org/strongswan_rfc3779.crl
|
||||
|
||||
#sbgp-ipAddrBlock = critical, IPv4:192.168.0.0/24, IPv6:inherit
|
||||
|
||||
sbgp-ipAddrBlock = critical, @user-addr-section
|
||||
|
||||
[user-addr-section]
|
||||
|
||||
IPv4.0 = 192.168.0.200
|
||||
IPv4.1 = 10.3.0.2
|
||||
IPv6.0 = fec0::20
|
||||
|
||||
####################################################################
|
||||
|
||||
[ ca_ext ]
|
||||
|
||||
basicConstraints = critical, CA:TRUE, pathlen:1
|
||||
keyUsage = cRLSign, keyCertSign
|
||||
subjectKeyIdentifier = hash
|
||||
authorityKeyIdentifier = keyid, issuer:always
|
||||
|
||||
sbgp-ipAddrBlock = critical, @ca-addr-section
|
||||
|
||||
[ca-addr-section]
|
||||
|
||||
IPv4.0 = 192.168.0.0/24
|
||||
IPv4.1 = 10.1.0.0/16
|
||||
IPv4.2 = 10.2.0.0/16
|
||||
IPv4.3 = 10.3.0.1 - 10.3.3.232
|
||||
IPv6.0 = fec0::/16
|
||||
IPv6.1 = fec1::/16
|
||||
IPv6.2 = fec2::/16
|
||||
|
||||
####################################################################
|
||||
|
||||
[ crl_ext ]
|
||||
|
||||
# CRL extensions.
|
||||
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
|
||||
|
||||
#issuerAltName = issuer:copy
|
||||
authorityKeyIdentifier = keyid:always, issuer:always
|
||||
|
||||
# eof
|
||||
|
|
@ -0,0 +1 @@
|
|||
05
|
||||
|
|
@ -0,0 +1 @@
|
|||
04
|
||||
|
|
@ -0,0 +1,26 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIEXTCCA0WgAwIBAgIJAPKv5keyTotGMA0GCSqGSIb3DQEBCwUAMFoxCzAJBgNV
|
||||
BAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMRAwDgYDVQQLEwdSRkMz
|
||||
Nzc5MR4wHAYDVQQDExVzdHJvbmdTd2FuIFJGQzM3NzkgQ0EwHhcNMDkxMjIzMTMz
|
||||
MDUwWhcNMTkxMjIxMTMzMDUwWjBaMQswCQYDVQQGEwJDSDEZMBcGA1UEChMQTGlu
|
||||
dXggc3Ryb25nU3dhbjEQMA4GA1UECxMHUkZDMzc3OTEeMBwGA1UEAxMVc3Ryb25n
|
||||
U3dhbiBSRkMzNzc5IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
|
||||
zP4z54hRFM3bg0WWxpa9yBh8CrloV8wWd3YQR9daJjErXdZfbnECZqoK5obWPkQJ
|
||||
Cp2xGijnB5CDxvAdiFANgNxDeDuAD5jGzQALWVYgbhQ/y4qRw49IPs9k+Uf1OHVr
|
||||
b3qP8uSvWEmb1SlAJ24PGChB8Y5NwJJzFY5P0TJI/Zg3zgbLTsbgiplImgi/ZG7Y
|
||||
GE/DCb6UAzcRwE2y41U4ZVG86UW2ARnvOCXJZHdt16O3KzUJ78BA1IgMsNZs8cQF
|
||||
Avg1ZAUJW6oMLXu2XCwKOKTwJxdA2wpYadus2KEY/UyVovHSpyBa/zzSDXsP01PU
|
||||
EKNZhloVQVt9NX3MCUItfQIDAQABo4IBJDCCASAwEgYDVR0TAQH/BAgwBgEB/wIB
|
||||
ATALBgNVHQ8EBAMCAQYwHQYDVR0OBBYEFCF/p+s30KMLH6HcQgYeEV880hAUMIGM
|
||||
BgNVHSMEgYQwgYGAFCF/p+s30KMLH6HcQgYeEV880hAUoV6kXDBaMQswCQYDVQQG
|
||||
EwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEQMA4GA1UECxMHUkZDMzc3
|
||||
OTEeMBwGA1UEAxMVc3Ryb25nU3dhbiBSRkMzNzc5IENBggkA8q/mR7JOi0YwTwYI
|
||||
KwYBBQUHAQcBAf8EQDA+MCgEAgABMCIwCgMDAAoBAwMACgIwDgMFAAoDAAEDBQAK
|
||||
AwPoAwQAwKgAMBIEAgACMAwwCgMDBv7AAwMA/sIwDQYJKoZIhvcNAQELBQADggEB
|
||||
ABXhehDhC9jLipmZbP9r2t8ARjIjeHUk5UIX3sW9pKlwuOiFy/oEmJD72LYSPDFm
|
||||
uKK4NDAllhJWKw1KA1j1h1NxE6tEjQTpj9mizjULI6T1HPWyn5E93vqFIK71k4ud
|
||||
rxZXyq7fPrXM2QVKHpiT1DlAcopGe92Vxo0qooYEXIHd6XwVftSIo/1bi08p8jZS
|
||||
Oc+kjoOKkfqmBSKpqYzTtlbafdVOPBAEaTa3k516ks3bDQn3gtU+2ucNB3fIvVVA
|
||||
MI2//EaIMBIXorpcnOU3ja0nYCAf9kHAybRpBObWt7OLKFHcSatdE9El4Ri3YeJX
|
||||
fN8iF5kHn7S+Nd9ZFlf3S1w=
|
||||
-----END CERTIFICATE-----
|
||||
|
|
@ -0,0 +1,27 @@
|
|||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIEpAIBAAKCAQEAzP4z54hRFM3bg0WWxpa9yBh8CrloV8wWd3YQR9daJjErXdZf
|
||||
bnECZqoK5obWPkQJCp2xGijnB5CDxvAdiFANgNxDeDuAD5jGzQALWVYgbhQ/y4qR
|
||||
w49IPs9k+Uf1OHVrb3qP8uSvWEmb1SlAJ24PGChB8Y5NwJJzFY5P0TJI/Zg3zgbL
|
||||
TsbgiplImgi/ZG7YGE/DCb6UAzcRwE2y41U4ZVG86UW2ARnvOCXJZHdt16O3KzUJ
|
||||
78BA1IgMsNZs8cQFAvg1ZAUJW6oMLXu2XCwKOKTwJxdA2wpYadus2KEY/UyVovHS
|
||||
pyBa/zzSDXsP01PUEKNZhloVQVt9NX3MCUItfQIDAQABAoIBAQC4iI1I/BmhVL8q
|
||||
qNZV5xTor8HaFZWsk3gWCh4VzfLFNrYHPxehX/H9YU12wCLU4oIRIGtxVSjEUn+N
|
||||
8lFjiEzfl2jVLxrU737mxAdzYGjJL0lOfWtCVBWBFUmcbf592JXiQL6ctOhz3a9+
|
||||
cCfkVtsXsAXM4YF0vWEEIpwPgeja/zKX9M0vRBgIfXdeh2cYQKDGxmEspbfMnTyW
|
||||
XVGmTbgDHQGkvN88OyJEOPulYwmZ1BgsQ2buQgR6OlxzulUmH1VOO+Xm8O6rA0Qn
|
||||
SjQRd6Q38KLPSEKXucHUIzpQemGdar3ziUoCgUiHJkl79h50W+WIIZTNv1LUR48u
|
||||
u14aT5eBAoGBAPZDaOK7/w5639WBG84iqLDMiFIuzKADjxrQqmVJXXH3nf1wnS93
|
||||
Iy9iAelUmq/He6aruvLJf8GdkFfC/sj4vdnlbvtT1wHiFznLxO49craxgr1J0SXO
|
||||
HLE5RvyrJrAArWQr33oy6YSOMob95imK58kwMwfpoQuWK3CZaVdMfbzFAoGBANUZ
|
||||
Ebo/N8bl9Opo/81zYcFpkUlxBP3vJR8aJ5Bx/0fbXCSwvt1AEHqnYiLBStfMyUTC
|
||||
N4MWCUoZ1H6yRyxqPg+QFnYFCqX/Y3DFhkV5d9kTRWvzxc+mumh81+bRsNU6AyxD
|
||||
9VFWpAkSA+K8IWCjx5fQ+jeLc7GQ1EjYpSiaEClZAoGBALL6tS0ssyfD+BBFQH8l
|
||||
w3KThHQuXTviukwj4eOxWX/uFl5PTX5k2Saj1X3OpoogsmalIz83YWnHaVPPfbt0
|
||||
xQ6raGizO22782NnDJ6V/Fx5UOrfzmjqjwHi/gu/HGQIafyGwmoevIdBjcl8mJ4S
|
||||
vXkEVeJnU0uHfdTdOqlfB3d9AoGALimZGoSZW5/zF1iZmXMWSSTKUWOHVk8Y9oze
|
||||
5z6as4FEi7oyDpHTQA7Ehozi3q7BJwD/r4j1iDTiQHP0UR3OxeZLx1M+REl3zDUt
|
||||
6hzvJnozPrh3MI2IshvhVWI1cWt4xn0ORomDTWe2qcZhYKL6GNwvaBrwfBXItuMf
|
||||
nBULzTkCgYAcK5LKu6dwUlnv9iro6Jff24qb3P32HdSC2uZTZMcaTXqqUBO/lST2
|
||||
elKAHqQxjGGxFf5buQwfFrOKfNlMhQRHppo2/gJLiiChZ7R3GaF49f/4I5YJOo2a
|
||||
k/bv70YB3Zf/8p+ip9w9H6N65YAyvzu5yUfoFXgKQQNv0y0B5rtZsw==
|
||||
-----END RSA PRIVATE KEY-----
|
||||
Loading…
Reference in New Issue