57 lines
1.2 KiB
Plaintext
57 lines
1.2 KiB
Plaintext
|
{{ ansible_managed | comment }}
|
||
|
# Source: http://docs.sensu.io/sensu-core/1.3/files/sensu_ssl_tool.tar
|
||
|
|
||
|
[ ca ]
|
||
|
default_ca = sensu_ca
|
||
|
|
||
|
[ sensu_ca ]
|
||
|
dir = .
|
||
|
certificate = $dir/cacert.pem
|
||
|
database = $dir/index.txt
|
||
|
new_certs_dir = $dir/certs
|
||
|
private_key = $dir/private/cakey.pem
|
||
|
serial = $dir/serial
|
||
|
|
||
|
default_crl_days = 7
|
||
|
default_days = 1825
|
||
|
default_md = sha1
|
||
|
|
||
|
policy = sensu_ca_policy
|
||
|
x509_extensions = certificate_extensions
|
||
|
|
||
|
[ sensu_ca_policy ]
|
||
|
commonName = supplied
|
||
|
stateOrProvinceName = optional
|
||
|
countryName = optional
|
||
|
emailAddress = optional
|
||
|
organizationName = optional
|
||
|
organizationalUnitName = optional
|
||
|
|
||
|
[ certificate_extensions ]
|
||
|
basicConstraints = CA:false
|
||
|
|
||
|
[ req ]
|
||
|
default_bits = 2048
|
||
|
default_keyfile = ./private/cakey.pem
|
||
|
default_md = sha1
|
||
|
prompt = yes
|
||
|
distinguished_name = root_ca_distinguished_name
|
||
|
x509_extensions = root_ca_extensions
|
||
|
|
||
|
[ root_ca_distinguished_name ]
|
||
|
commonName = sensu
|
||
|
|
||
|
[ root_ca_extensions ]
|
||
|
basicConstraints = CA:true
|
||
|
keyUsage = keyCertSign, cRLSign
|
||
|
|
||
|
[ client_ca_extensions ]
|
||
|
basicConstraints = CA:false
|
||
|
keyUsage = digitalSignature
|
||
|
extendedKeyUsage = 1.3.6.1.5.5.7.3.2
|
||
|
|
||
|
[ server_ca_extensions ]
|
||
|
basicConstraints = CA:false
|
||
|
keyUsage = keyEncipherment
|
||
|
extendedKeyUsage = 1.3.6.1.5.5.7.3.1
|