mirror of https://github.com/k3s-io/k3s
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
72 lines
1.9 KiB
72 lines
1.9 KiB
5 years ago
|
# db OpenSSL configuration file.
|
||
|
SAN = "IP:127.0.0.1, IP:172.17.0.1, DNS:host.docker.internal"
|
||
|
dir = .
|
||
|
|
||
|
[ ca ]
|
||
|
default_ca = db_ca
|
||
|
|
||
|
[ db_ca ]
|
||
|
certs = $dir/certs
|
||
|
certificate = $dir/certs/ca.crt
|
||
|
crl = $dir/crl.pem
|
||
|
crl_dir = $dir/crl
|
||
|
crlnumber = $dir/crlnumber
|
||
|
database = $dir/index.txt
|
||
|
email_in_dn = no
|
||
|
new_certs_dir = $dir/newcerts
|
||
|
private_key = $dir/private/ca.key
|
||
|
serial = $dir/serial
|
||
|
RANDFILE = $dir/private/.rand
|
||
|
name_opt = ca_default
|
||
|
cert_opt = ca_default
|
||
|
default_days = 3650
|
||
|
default_crl_days = 30
|
||
|
default_md = sha512
|
||
|
preserve = no
|
||
|
policy = policy_db
|
||
|
|
||
|
[ policy_db ]
|
||
|
organizationName = optional
|
||
|
commonName = supplied
|
||
|
|
||
|
[ req ]
|
||
|
default_bits = 1024
|
||
|
default_keyfile = privkey.pem
|
||
|
distinguished_name = req_distinguished_name
|
||
|
attributes = req_attributes
|
||
|
x509_extensions = v3_ca
|
||
|
string_mask = utf8only
|
||
|
req_extensions = db_client
|
||
|
|
||
|
[ req_distinguished_name ]
|
||
|
countryName = Country Name (2 letter code)
|
||
|
countryName_default = US
|
||
|
countryName_min = 2
|
||
|
countryName_max = 2
|
||
|
commonName = Common Name (FQDN)
|
||
|
0.organizationName = Organization Name (eg, company)
|
||
|
0.organizationName_default = db-ca
|
||
|
|
||
|
[ req_attributes ]
|
||
|
|
||
|
[ v3_ca ]
|
||
|
basicConstraints = CA:true
|
||
|
keyUsage = keyCertSign,cRLSign
|
||
|
subjectKeyIdentifier = hash
|
||
|
|
||
|
[ db_client ]
|
||
|
basicConstraints = CA:FALSE
|
||
|
extendedKeyUsage = clientAuth
|
||
|
keyUsage = digitalSignature, keyEncipherment
|
||
|
|
||
|
[ db_peer ]
|
||
|
basicConstraints = CA:FALSE
|
||
|
extendedKeyUsage = clientAuth, serverAuth
|
||
|
keyUsage = digitalSignature, keyEncipherment
|
||
|
subjectAltName = ${ENV::SAN}
|
||
|
|
||
|
[ db_server ]
|
||
|
basicConstraints = CA:FALSE
|
||
|
extendedKeyUsage = clientAuth, serverAuth
|
||
|
keyUsage = digitalSignature, keyEncipherment
|
||
|
subjectAltName = ${ENV::SAN}
|