Ansible/roles/sensu.sensu/templates/openssl.cnf.j2

{{ ansible_managed | comment }}
# Source: http://docs.sensu.io/sensu-core/1.3/files/sensu_ssl_tool.tar

[ ca ]
default_ca = sensu_ca

[ sensu_ca ]
dir = .
certificate = $dir/cacert.pem
database = $dir/index.txt
new_certs_dir = $dir/certs
private_key = $dir/private/cakey.pem
serial = $dir/serial

default_crl_days = 7
default_days = 1825
default_md = sha1

policy = sensu_ca_policy
x509_extensions = certificate_extensions

[ sensu_ca_policy ]
commonName = supplied
stateOrProvinceName = optional
countryName = optional
emailAddress = optional
organizationName = optional
organizationalUnitName = optional

[ certificate_extensions ]
basicConstraints = CA:false

[ req ]
default_bits = 2048
default_keyfile = ./private/cakey.pem
default_md = sha1
prompt = yes
distinguished_name = root_ca_distinguished_name
x509_extensions = root_ca_extensions

[ root_ca_distinguished_name ]
commonName = sensu

[ root_ca_extensions ]
basicConstraints = CA:true
keyUsage = keyCertSign, cRLSign

[ client_ca_extensions ]
basicConstraints = CA:false
keyUsage = digitalSignature
extendedKeyUsage = 1.3.6.1.5.5.7.3.2

[ server_ca_extensions ]
basicConstraints = CA:false
keyUsage = keyEncipherment
extendedKeyUsage = 1.3.6.1.5.5.7.3.1
Role Adjustments Added Sensu Moved default role downloads to ./roles Added unattended-upgrades 2019-04-29 07:08:11 -07:00			`{{ ansible_managed \| comment }}`
			`# Source: http://docs.sensu.io/sensu-core/1.3/files/sensu_ssl_tool.tar`

			`[ ca ]`
			`default_ca = sensu_ca`

			`[ sensu_ca ]`
			`dir = .`
			`certificate = $dir/cacert.pem`
			`database = $dir/index.txt`
			`new_certs_dir = $dir/certs`
			`private_key = $dir/private/cakey.pem`
			`serial = $dir/serial`

			`default_crl_days = 7`
			`default_days = 1825`
			`default_md = sha1`

			`policy = sensu_ca_policy`
			`x509_extensions = certificate_extensions`

			`[ sensu_ca_policy ]`
			`commonName = supplied`
			`stateOrProvinceName = optional`
			`countryName = optional`
			`emailAddress = optional`
			`organizationName = optional`
			`organizationalUnitName = optional`

			`[ certificate_extensions ]`
			`basicConstraints = CA:false`

			`[ req ]`
			`default_bits = 2048`
			`default_keyfile = ./private/cakey.pem`
			`default_md = sha1`
			`prompt = yes`
			`distinguished_name = root_ca_distinguished_name`
			`x509_extensions = root_ca_extensions`

			`[ root_ca_distinguished_name ]`
			`commonName = sensu`

			`[ root_ca_extensions ]`
			`basicConstraints = CA:true`
			`keyUsage = keyCertSign, cRLSign`

			`[ client_ca_extensions ]`
			`basicConstraints = CA:false`
			`keyUsage = digitalSignature`
			`extendedKeyUsage = 1.3.6.1.5.5.7.3.2`

			`[ server_ca_extensions ]`
			`basicConstraints = CA:false`
			`keyUsage = keyEncipherment`
			`extendedKeyUsage = 1.3.6.1.5.5.7.3.1`