diff options
Diffstat (limited to 'myrpki/myrpki.conf')
| -rw-r--r-- | myrpki/myrpki.conf | 119 |
1 files changed, 62 insertions, 57 deletions
diff --git a/myrpki/myrpki.conf b/myrpki/myrpki.conf index f79fc3fb..65c3b18a 100644 --- a/myrpki/myrpki.conf +++ b/myrpki/myrpki.conf @@ -2,82 +2,87 @@ # # Config file for myrpi.py; note that this is also read by the OpenSSL # command line tool running under mypki.py, so syntax must remain -# OpenSSL-compatible and portions of this are OpenSSL voodoo. +# compatable with both OpenSSL and Python config file parsers, and +# large portions of this are OpenSSL voodoo. [myrpki] -handle = wombat -roa_csv = roas.csv -children_csv = children.csv -parents_csv = parents.csv -prefix_csv = prefixes.csv -asn_csv = asns.csv -repositories_csv = repositories.csv -xml_filename = myrpki.xml -bpki_directory = bpki.myrpki +handle = wombat +roa_csv = roas.csv +children_csv = children.csv +parents_csv = parents.csv +prefix_csv = prefixes.csv +asn_csv = asns.csv +repositories_csv = repositories.csv +xml_filename = myrpki.xml +bpki_directory = bpki.myrpki +repository_bpki_certificate = bpki.pubd/ca.cer [constants] -digest = sha256 -key_length = 2048 -cert_days = 365 -crl_days = 365 +digest = sha256 +key_length = 2048 +cert_days = 365 +crl_days = 365 [myirbe] -irdbd_conf = irdbd.conf -rpkid_ca_directory = bpki.rpkid -pubd_ca_directory = bpki.pubd -rootd_ca_directory = bpki.rootd +irdbd_conf = irdbd.conf +rpkid_ca_directory = bpki.rpkid +pubd_ca_directory = bpki.pubd +rootd_ca_directory = bpki.rootd +rsync_base = rsync://server.example/ +pubd_base = https://localhost:4402 +rpkid_base = https://localhost:4404 [req] -default_bits = ${constants::key_length} -default_md = ${constants::digest} -distinguished_name = req_dn -prompt = no -encrypt_key = no +default_bits = ${constants::key_length} +default_md = ${constants::digest} +distinguished_name = req_dn +prompt = no +encrypt_key = no [req_dn] -CN = Dummy name for certificate request +CN = Dummy name for certificate request [ca_x509_ext_ee] -subjectKeyIdentifier = hash -authorityKeyIdentifier = keyid:always +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always [ca_x509_ext_xcert0] -basicConstraints = critical,CA:true,pathlen:0 -subjectKeyIdentifier = hash -authorityKeyIdentifier = keyid:always +basicConstraints = critical,CA:true,pathlen:0 +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always [ca_x509_ext_xcert1] -basicConstraints = critical,CA:true,pathlen:1 -subjectKeyIdentifier = hash -authorityKeyIdentifier = keyid:always +basicConstraints = critical,CA:true,pathlen:1 +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always [ca_x509_ext_ca] -basicConstraints = critical,CA:true -subjectKeyIdentifier = hash -authorityKeyIdentifier = keyid:always +basicConstraints = critical,CA:true +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always [ca] -default_ca = ca -dir = ${ENV::BPKI_DIRECTORY} -new_certs_dir = $dir -database = $dir/index -certificate = $dir/ca.cer -private_key = $dir/ca.key -default_days = ${constants::cert_days} -default_crl_days = ${constants::crl_days} -default_md = ${constants::digest} -policy = ca_dn_policy -unique_subject = no -serial = $dir/serial -crlnumber = $dir/crl_number +default_ca = ca +dir = ${ENV::BPKI_DIRECTORY} +new_certs_dir = $dir +database = $dir/index +certificate = $dir/ca.cer +private_key = $dir/ca.key +default_days = ${constants::cert_days} +default_crl_days = ${constants::crl_days} +default_md = ${constants::digest} +policy = ca_dn_policy +unique_subject = no +serial = $dir/serial +crlnumber = $dir/crl_number [ca_dn_policy] -countryName = optional -stateOrProvinceName = optional -localityName = optional -organizationName = optional -organizationalUnitName = optional -commonName = supplied -emailAddress = optional -givenName = optional -surname = optional +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = supplied +emailAddress = optional +givenName = optional +surname = optional |