Skip to content
Permalink
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
88 lines (76 sloc) 3.99 KB
HOME = .
RANDFILE = $ENV::HOME/.rnd
[ca]
default_ca = IPSEC # The default ca section
[IPSEC]
dir = /etc/ssl/ipsec # Where everything is kept
certs = $dir/certs # Where the issued certs are kept
new_certs_dir = $dir/newcerts # default place for new certs.
database = $dir/index.db # database index file.
certificate = $dir/certs/ca.pem # The CA certificate
serial = $dir/serial # The current serial number
private_key = $dir/private/ca.key # The private key
default_days = 3650 # how long to certify for
default_md = sha256 # which md to use.
preserve = no # keep passed DN ordering
policy = policy_match # voir le champs ci dessous
[IPSEC_CA]
nsComment = "IPSEC_CA"
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid,issuer:always
basicConstraints = critical,CA:TRUE,pathlen:0
keyUsage = critical, digitalSignature, cRLSign, keyCertSign
[req]
default_bits = 2048
distinguished_name = req_distinguished_name
string_mask = utf8only
default_md = sha256 # SHA-2
x509_extensions = IPSEC_CA # Extension to add when the -x509 option is used.
[req_distinguished_name]
countryName = Country Name (2 letter code)
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
localityName = Locality Name (eg, city)
organizationName = Organization Name (eg, company)
organizationalUnitName = Organizational Unit Name (eg, section)
commonName = Common Name (eg, YOUR name)
commonName_max = 64
emailAddress = Email Address
emailAddress_max = 40
stateOrProvinceName_default = NullPart
commonName_default = windows.172.16.254.1
organizationalUnitName_default = Certificat Acces IPSec
localityName_default = Paris
organizationName_default = Toto
countryName_default = FR
emailAddress_default = toto@gamel.net
[policy_match]
countryName = match
stateOrProvinceName = match
localityName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
[HOTE]
nsComment = "IPSec Secure Digital Certificate Hote"
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid,issuer:always
issuerAltName = issuer:copy
subjectAltName = @alt_names
basicConstraints = critical,CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment
nsCertType = server
extendedKeyUsage = serverAuth
[alt_names]
DNS.1 = 172.16.254.1
[ACCES]
nsComment = "IPSec Secure Digital Certificate Access"
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid,issuer:always
issuerAltName = issuer:copy
basicConstraints = critical,CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment
nsCertType = server
extendedKeyUsage = clientAuth
You can’t perform that action at this time.