WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-04-28 12:32:50 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
3782dad657e4e3f6a0263de4d8fec00a0669de4a
fedora-infra_ansible/roles/etcd_ca/templates/openssl_append.j2

52 lines
1.5 KiB
Django/Jinja
Raw Blame History

[ etcd_v3_req ]
basicConstraints = critical,CA:FALSE
keyUsage = digitalSignature,keyEncipherment
subjectAltName = ${ENV::SAN}
[ etcd_ca ]
dir = {{ etcd_ca_dir }}
crl_dir = $dir/crl
database = $dir/index.txt
new_certs_dir = $dir/certs
certificate = $dir/ca.crt
serial = $dir/serial
private_key = $dir/ca.key
crl_number = $dir/crlnumber
x509_extensions = etcd_v3_ca_client
default_days = 365
default_md = sha256
preserve = no
name_opt = ca_default
cert_opt = ca_default
policy = policy_anything
unique_subject = no
copy_extensions = copy
[ etcd_v3_ca_self ]
authorityKeyIdentifier = keyid,issuer
basicConstraints = critical,CA:TRUE,pathlen:0
keyUsage = critical,digitalSignature,keyEncipherment,keyCertSign
subjectKeyIdentifier = hash
[ etcd_v3_ca_peer ]
authorityKeyIdentifier = keyid,issuer:always
basicConstraints = critical,CA:FALSE
extendedKeyUsage = clientAuth,serverAuth
keyUsage = digitalSignature,keyEncipherment
subjectKeyIdentifier = hash
[ etcd_v3_ca_server ]
authorityKeyIdentifier = keyid,issuer:always
basicConstraints = critical,CA:FALSE
extendedKeyUsage = serverAuth
keyUsage = digitalSignature,keyEncipherment
subjectKeyIdentifier = hash
[ etcd_v3_ca_client ]
authorityKeyIdentifier = keyid,issuer:always
basicConstraints = critical,CA:FALSE
extendedKeyUsage = clientAuth
keyUsage = digitalSignature,keyEncipherment
subjectKeyIdentifier = hash
Reference in New Issue View Git Blame Copy Permalink