All new accounts created on Gitlab now require administrator approval. If you invite any collaborators, please let Flux staff know so they can approve the accounts.

Commit 4e1c22fd authored by Leigh B. Stoller's avatar Leigh B. Stoller

Small changes for Protogeni.

parent 8071f0d8
......@@ -252,9 +252,7 @@ boss-installX: $(INSTALL_ETCDIR)/emulab.pem \
$(INSTALL_ETCDIR)/capture.sha1fingerprint \
$(INSTALL_ETCDIR)/emulab_privkey.pem \
$(INSTALL_ETCDIR)/emulab_pubkey.pem \
usercert.cnf syscert.cnf
$(INSTALL_DATA) usercert.cnf $(INSTALL_LIBDIR)/ssl/usercert.cnf
$(INSTALL_DATA) ca.cnf $(INSTALL_LIBDIR)/ssl/ca.cnf
install-conf
$(INSTALL_DATA) localnode.pem $(INSTALL_ETCDIR)/client.pem
chmod 640 $(INSTALL_ETCDIR)/emulab.pem
chmod 600 $(INSTALL_ETCDIR)/emulab.key
......@@ -269,6 +267,11 @@ boss-installX: $(INSTALL_ETCDIR)/emulab.pem \
chmod 644 $(INSTALL_ETCDIR)/capture.fingerprint
chmod 644 $(INSTALL_ETCDIR)/capture.sha1fingerprint
install-conf: usercert.cnf syscert.cnf ca.cnf
$(INSTALL_DATA) usercert.cnf $(INSTALL_LIBDIR)/ssl/usercert.cnf
$(INSTALL_DATA) syscert.cnf $(INSTALL_LIBDIR)/ssl/syscert.cnf
$(INSTALL_DATA) ca.cnf $(INSTALL_LIBDIR)/ssl/ca.cnf
remote-site-boss-install: install-dirs \
$(INSTALL_ETCDIR)/emulab.pem \
$(INSTALL_ETCDIR)/emulab.key \
......@@ -277,9 +280,7 @@ remote-site-boss-install: install-dirs \
$(INSTALL_ETCDIR)/capture.sha1fingerprint \
$(INSTALL_ETCDIR)/ctrlnode.pem \
$(INSTALL_ETCDIR)/server.pem \
usercert.cnf
$(INSTALL_DATA) usercert.cnf $(INSTALL_LIBDIR)/ssl/usercert.cnf
$(INSTALL_DATA) ca.cnf $(INSTALL_LIBDIR)/ssl/ca.cnf
install-conf
$(INSTALL_DATA) localnode.pem $(INSTALL_ETCDIR)/client.pem
chmod 640 $(INSTALL_ETCDIR)/emulab.pem
chmod 600 $(INSTALL_ETCDIR)/emulab.key
......
......@@ -69,6 +69,7 @@ default_crl_days= 2000 # how long before next CRL
default_md = md5 # which md to use.
preserve = no # keep passed DN ordering
unique_subject = no
copy_extensions = copy
# A few difference way of specifying how similar the request should look
# For type CA, the listed attributes must be the same, and the optional
......@@ -95,3 +96,23 @@ basicConstraints=CA:FALSE
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
[ CA_syscerts ]
dir = . # Where everything is kept
certs = $dir/certs # Where the issued certs are kept
crl_dir = $dir/crl # Where the issued crl are kept
database = $dir/index.txt # database index file.
new_certs_dir = $dir/newcerts # default place for new certs.
certificate = $dir/cacert.pem # The CA certificate
serial = $dir/serial # The current serial number
crl = $dir/crl.pem # The current CRL
private_key = $dir/cakey.pem # The private key
RANDFILE = $dir/.rand # private random number file
default_days = 2000 # how long to certify for
default_crl_days= 2000 # how long before next CRL
default_md = md5 # which md to use.
preserve = no # keep passed DN ordering
unique_subject = no
copy_extensions = copy
policy = policy_sslxmlrpc
......@@ -5,16 +5,13 @@ prompt = no
default_bits = 1024
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca # The extentions to add to the self signed cert
req_extensions = request_extensions
string_mask = nombstr
[ req_attributes ]
[ v3_ca ]
[ request_extensions ]
basicConstraints=critical,CA:TRUE
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
basicConstraints = CA:true
subjectAltName=@req_altname
# This will be appended to by mkusercert.
[ req_distinguished_name ]
......
......@@ -5,16 +5,12 @@ prompt = no
default_bits = 1024
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca # The extentions to add to the self signed cert
req_extensions = request_extensions
string_mask = nombstr
[ req_attributes ]
[ v3_ca ]
[ request_extensions ]
basicConstraints=critical,CA:TRUE
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
basicConstraints = CA:true
# This will be appended to by mkusercert.
[ req_distinguished_name ]
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment