diff options
| -rw-r--r-- | myrpki/README | 1 | ||||
| -rw-r--r-- | myrpki/examples/asns.csv | 1 | ||||
| -rw-r--r-- | myrpki/examples/children.csv | 2 | ||||
| -rw-r--r-- | myrpki/examples/myrpki.conf | 162 | ||||
| -rw-r--r-- | myrpki/examples/parents.csv | 1 | ||||
| -rw-r--r-- | myrpki/examples/prefixes.csv | 2 | ||||
| -rw-r--r-- | myrpki/examples/roas.csv | 1 |
7 files changed, 170 insertions, 0 deletions
diff --git a/myrpki/README b/myrpki/README index 66b71f4d..9ce12228 100644 --- a/myrpki/README +++ b/myrpki/README @@ -163,6 +163,7 @@ CSV file formats: === +See the examples/ subdirectory for examples of these files. [Still need to doc [myirbe] parameters, and need better BPKI doc] diff --git a/myrpki/examples/asns.csv b/myrpki/examples/asns.csv new file mode 100644 index 00000000..c8b74ee1 --- /dev/null +++ b/myrpki/examples/asns.csv @@ -0,0 +1 @@ +Alice 64533 diff --git a/myrpki/examples/children.csv b/myrpki/examples/children.csv new file mode 100644 index 00000000..e279b3f1 --- /dev/null +++ b/myrpki/examples/children.csv @@ -0,0 +1,2 @@ +Alice 2009-07-27T08:24:53Z Alice.ta.cer +Bob 2009-07-27T08:24:53Z Bob.ta.cer diff --git a/myrpki/examples/myrpki.conf b/myrpki/examples/myrpki.conf new file mode 100644 index 00000000..07bc281c --- /dev/null +++ b/myrpki/examples/myrpki.conf @@ -0,0 +1,162 @@ +# Automatically generated, do not edit +[myrpki] +handle = Me +roa_csv = roas.csv +children_csv = children.csv +parents_csv = parents.csv +prefix_csv = prefixes.csv +asn_csv = asns.csv +xml_filename = myrpki.xml +bpki_directory = bpki.myrpki +repository_bpki_certificate = pubd.ta.cer + +[constants] +digest = sha256 +key_length = 2048 +cert_days = 365 +crl_days = 365 + +[myirbe] +irdbd_conf = myrpki.conf +rpkid_ca_directory = bpki.rpkid +pubd_ca_directory = bpki.pubd +rootd_ca_directory = bpki.rootd +rsync_base = rsync://localhost:4409/ +pubd_base = https://localhost:4411/ +rpkid_base = https://localhost:4410/ + +[req] +default_bits = ${constants::key_length} +default_md = ${constants::digest} +distinguished_name = req_dn +prompt = no +encrypt_key = no + +[req_dn] +CN = Dummy name for certificate request + +[ca_x509_ext_ee] +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always + +[ca_x509_ext_xcert0] +basicConstraints = critical,CA:true,pathlen:0 +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always + +[ca_x509_ext_xcert1] +basicConstraints = critical,CA:true,pathlen:1 +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always + +[ca_x509_ext_ca] +basicConstraints = critical,CA:true +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always + +[ca] +default_ca = ca +dir = ${ENV::BPKI_DIRECTORY} +new_certs_dir = $dir +database = $dir/index +certificate = $dir/ca.cer +private_key = $dir/ca.key +default_days = ${constants::cert_days} +default_crl_days = ${constants::crl_days} +default_md = ${constants::digest} +policy = ca_dn_policy +unique_subject = no +serial = $dir/serial +crlnumber = $dir/crl_number + +[ca_dn_policy] +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = supplied +emailAddress = optional +givenName = optional +surname = optional + +[rpkid] + +sql-database = rpki +sql-username = rpki +sql-password = fnord +bpki-ta = bpki.rpkid/ca.cer +rpkid-key = bpki.rpkid/rpkid.key +rpkid-cert = bpki.rpkid/rpkid.cer +irdb-cert = bpki.rpkid/irdbd.cer +irbe-cert = bpki.rpkid/irbe_cli.cer +irdb-url = https://localhost:4412/ +server-host = localhost +server-port = 4410 + +[irdbd] + +sql-database = irdb +sql-username = irdb +sql-password = fnord +bpki-ta = bpki.rpkid/ca.cer +rpkid-cert = bpki.rpkid/rpkid.cer +irdbd-cert = bpki.rpkid/irdbd.cer +irdbd-key = bpki.rpkid/irdbd.key +https-url = https://localhost:4412/ + +[pubd] + +startup-message = This is pubd + +sql-database = pubd +sql-username = pubd +sql-password = fnord +bpki-ta = bpki.pubd/ca.cer +pubd-cert = bpki.pubd/pubd.cer +pubd-key = bpki.pubd/pubd.key +irbe-cert = bpki.pubd/irbe_cli.cer +server-host = localhost +server-port = 4411 +publication-base = publication/ + +[rootd] + +startup-message = This is rootd + +bpki-ta = bpki.rootd/ca.cer +rootd-bpki-crl = bpki.rootd/ca.crl +rootd-bpki-cert = bpki.rootd/rootd.cer +rootd-bpki-key = bpki.rootd/rootd.key +child-bpki-cert = bpki.rootd/child.cer + +server-port = 4401 + +rpki-root-dir = publication/localhost:4409/ +rpki-base-uri = rsync://localhost:4409/ +rpki-root-cert-uri = rsync://localhost:4409/rootd.cer + +rpki-root-key = bpki.rootd/ca.key +rpki-root-cert = bpki.rootd/rpkiroot.cer + +rpki-subject-pkcs10 = rootd.subject.pkcs10 +rpki-subject-lifetime = 30d + +rpki-root-crl = Bandicoot.crl +rpki-root-manifest = Bandicoot.mnf + +rpki-class-name = Wombat +rpki-subject-cert = Wombat.cer + +[rpki_x509_extensions] +basicConstraints = critical,CA:true +subjectKeyIdentifier = hash +keyUsage = critical,keyCertSign,cRLSign +subjectInfoAccess = 1.3.6.1.5.5.7.48.5;URI:rsync://localhost:4409/,1.3.6.1.5.5.7.48.10;URI:rsync://localhost:4409/Bandicoot.mnf +sbgp-autonomousSysNum = critical,AS:0-4294967295 +sbgp-ipAddrBlock = critical,IPv4:0.0.0.0/0,IPv6:0::/0 +certificatePolicies = critical, @rpki_certificate_policy + +[rpki_certificate_policy] + +policyIdentifier = 1.3.6.1.5.5.7.14.2 diff --git a/myrpki/examples/parents.csv b/myrpki/examples/parents.csv new file mode 100644 index 00000000..80615b74 --- /dev/null +++ b/myrpki/examples/parents.csv @@ -0,0 +1 @@ +RIR https://localhost:4414/up-down/RIR/Me RIR.ta.cer RIR.rpkid.cer diff --git a/myrpki/examples/prefixes.csv b/myrpki/examples/prefixes.csv new file mode 100644 index 00000000..994f42b2 --- /dev/null +++ b/myrpki/examples/prefixes.csv @@ -0,0 +1,2 @@ +Alice 192.0.2.1-192.0.2.33 +Bob 192.0.2.44-192.0.2.100 diff --git a/myrpki/examples/roas.csv b/myrpki/examples/roas.csv new file mode 100644 index 00000000..5d894441 --- /dev/null +++ b/myrpki/examples/roas.csv @@ -0,0 +1 @@ +10.3.0.44/32 666 |