Skip to content
Snippets Groups Projects
Normal view Permalink
untrusted_voms.conf 728 B
Newer Older
Francesco Giacomini's avatar
Add cert configuration for an untrusted voms
Francesco Giacomini committed
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 

[ untrusted_voms ]

default_bits           = 2048
default_keyfile        = ${ENV::CA_NAME}/certs/untrusted_voms.key.pem
distinguished_name     = untrusted_voms_dn
prompt                 = no
encrypt_key            = no
default_md             = sha512
x509_extensions        = untrusted_voms_extensions

[ untrusted_voms_dn ]

C                      = IT
O                      = IGI
CN                     = untrusted-voms.example

[ untrusted_voms_extensions ]

basicConstraints       = critical,CA:FALSE
subjectKeyIdentifier   = hash
keyUsage               = critical, digitalSignature
extendedKeyUsage       = serverAuth, clientAuth
authorityKeyIdentifier = keyid, issuer
subjectAltName         = DNS:untrusted-voms.example