From bce1fff3b924092e3131d066cca0f894739a86f0 Mon Sep 17 00:00:00 2001 From: Nathan Angelacos Date: Wed, 9 Jul 2008 18:45:36 +0000 Subject: Remove ssl config from ssh git-svn-id: svn://svn.alpinelinux.org/acf/openssh/trunk@1293 ab2d0c66-481e-0410-8bed-d214d4d58bed --- openssl-ca-acf.cnf | 180 ----------------------------------------------------- 1 file changed, 180 deletions(-) delete mode 100644 openssl-ca-acf.cnf diff --git a/openssl-ca-acf.cnf b/openssl-ca-acf.cnf deleted file mode 100644 index b7367e4..0000000 --- a/openssl-ca-acf.cnf +++ /dev/null @@ -1,180 +0,0 @@ -# -# OpenSSL Certifying Authority (CA) configuration file for ACF -# - -# This definition stops the following lines choking if HOME isn't -# defined. -HOME = /etc/ssl -RANDFILE = /dev/urandom - -database = $dir/index.txt # database index file. -new_certs_dir = $dir/certs # default place for new certs. -certificate = $dir/cacert.pem # The CA certificate -serial = $dir/serial # The current serial number -private_key = $dir/private/cakey.pem # The private key -default_md = sha1 # which md to use. -#policy = policy_match - - -dir = /etc/ssl # Where everything is kept -crl_dir = $dir/crl # Where the issued crl are kept -certs = $dir/certs # Where the issued certs are kept -crl = $dir/crl.pem # The current CRL -RANDFILE = $dir/private/.rand # private random number file - -x509_extensions = ssl_client_cert - -default_days = 365 -default_crl_days= 365 -preserve = no # keep passed DN ordering -#name_opt = ca_default_cert -#cert_opt = ca_default_cert - -#################################################################### -[ ca ] -default_ca = general_cert # The default ca section - -#################################################################### -# -# The "Certificate Type" dropdown in the web interface is built -# from any section in which all of the CA Mandatory Entries are -# Defined. The CA Mandadory Entries are: -# new_certs_dir, certificat, private_key, default_md, database, -# serial, and policy -# -# In this file, we will define all but the policy in the -# CA_default section, and then define the policy in each section -# that will be presented as a "Certificate Type" -# -# To add a new certificate type, just add a new section name, -# and make sure "policy" is defined there - -#[ CA_default ] -# RANDFILE = $dir/private/.rand # private random number file -# preserve = no # keep passed DN ordering - -# A few difference way of specifying how similar the request should look -# For type CA, the listed attributes must be the same, and the optional -# and supplied fields are just that :-) - -# For the CA policy -[ policy_match ] -countryName = match -stateOrProvinceName = match -organizationName = match -organizationalUnitName = optional -commonName = supplied -emailAddress = optional - - -# For the 'anything' policy -# At this point in time, you must list all acceptable 'object' -# types. -[ policy_anything ] -countryName = optional -stateOrProvinceName = optional -localityName = optional -organizationName = optional -organizationalUnitName = optional -commonName = supplied -emailAddress = optional - -#################################################################### -[ req ] -default_bits = 2048 -default_keyfile = privkey.pem -distinguished_name = req_distinguished_name -attributes = req_attributes -x509_extensions = ssl_client_cert -string_mask = nombstr - -[ req_distinguished_name ] -countryName = Country Name (2 letter code) -countryName_default = -countryName_min = 2 -countryName_max = 2 - -stateOrProvinceName = State or Province Name (full name) -stateOrProvinceName_default = - -localityName = Locality Name (eg, city) -localityName_default = - -organizationName = Organization Name (eg, company) -organizationName_default = Watchtower - -organizationalUnitName = Organizational Unit Name (eg, division) -organizationalUnitName_default = OpenVPN - -commonName = Common Name (eg, the certificate CN) -commonName_max = 64 -commonName_default = - -emailAddress = Email Address -emailAddress_max = 60 - - -[ req_attributes ] -challengePassword = A challenge password -challengePassword_min = 4 -challengePassword_max = 20 - - -# Use -extensions "section_name" to load one of these sections - -[ general_cert ] -# Non-specific -basicConstraints = CA:FALSE -#nsCertType = -#keyUsage = -#extendedKeyUsage = -subjectKeyIdentifier = hash -authorityKeyIdentifier = keyid,issuer:always -policy = policy_anything -dir = /etc/ssl # Where everything is kept - - -[ ssl_server_cert ] -# SSL server -basicConstraints = CA:FALSE -nsCertType = server -keyUsage = digitalSignature, keyEncipherment -extendedKeyUsage = serverAuth -subjectKeyIdentifier = hash -authorityKeyIdentifier = keyid,issuer:always -policy = policy_anything - -[ ssl_client_cert ] -# SSL client -basicConstraints = CA:FALSE -nsCertType = client -keyUsage = digitalSignature, keyEncipherment -extendedKeyUsage = clientAuth -subjectKeyIdentifier = hash -authorityKeyIdentifier = keyid,issuer:always -policy = policy_anything - -[ v3_ca_cert ] -# SSL Certifying Authority -basicConstraints = critical, CA:true -nsCertType = sslCA -# Below is correct, but may prevent self-signed certs from working -keyUsage = cRLSign, keyCertSign -#extendedKeyUsage = serverAuth, clientAuth -extenedKeyUsage = -subjectKeyIdentifier = hash -authorityKeyIdentifier = keyid,issuer:always -policy = policy_anything - - -[ crl_ext ] -basicConstraints = CA:FALSE -keyUsage = digitalSignature, keyEncipherment -subjectKeyIdentifier = hash -authorityKeyIdentifier = keyid,issuer:always - -[ v3_req ] -# Extensions to add to a certificate request -basicConstraints = CA:FALSE -keyUsage = nonRepudiation, digitalSignature, keyEncipherment - -- cgit v1.2.3