Commit 4e1c22fd authored by Leigh Stoller's avatar Leigh Stoller

Small changes for Protogeni.

parent 8071f0d8
......@@ -252,9 +252,7 @@ boss-installX: $(INSTALL_ETCDIR)/emulab.pem \
$(INSTALL_ETCDIR)/capture.sha1fingerprint \
$(INSTALL_ETCDIR)/emulab_privkey.pem \
$(INSTALL_ETCDIR)/emulab_pubkey.pem \
usercert.cnf syscert.cnf
$(INSTALL_DATA) usercert.cnf $(INSTALL_LIBDIR)/ssl/usercert.cnf
$(INSTALL_DATA) ca.cnf $(INSTALL_LIBDIR)/ssl/ca.cnf
install-conf
$(INSTALL_DATA) localnode.pem $(INSTALL_ETCDIR)/client.pem
chmod 640 $(INSTALL_ETCDIR)/emulab.pem
chmod 600 $(INSTALL_ETCDIR)/emulab.key
......@@ -269,6 +267,11 @@ boss-installX: $(INSTALL_ETCDIR)/emulab.pem \
chmod 644 $(INSTALL_ETCDIR)/capture.fingerprint
chmod 644 $(INSTALL_ETCDIR)/capture.sha1fingerprint
install-conf: usercert.cnf syscert.cnf ca.cnf
$(INSTALL_DATA) usercert.cnf $(INSTALL_LIBDIR)/ssl/usercert.cnf
$(INSTALL_DATA) syscert.cnf $(INSTALL_LIBDIR)/ssl/syscert.cnf
$(INSTALL_DATA) ca.cnf $(INSTALL_LIBDIR)/ssl/ca.cnf
remote-site-boss-install: install-dirs \
$(INSTALL_ETCDIR)/emulab.pem \
$(INSTALL_ETCDIR)/emulab.key \
......@@ -277,9 +280,7 @@ remote-site-boss-install: install-dirs \
$(INSTALL_ETCDIR)/capture.sha1fingerprint \
$(INSTALL_ETCDIR)/ctrlnode.pem \
$(INSTALL_ETCDIR)/server.pem \
usercert.cnf
$(INSTALL_DATA) usercert.cnf $(INSTALL_LIBDIR)/ssl/usercert.cnf
$(INSTALL_DATA) ca.cnf $(INSTALL_LIBDIR)/ssl/ca.cnf
install-conf
$(INSTALL_DATA) localnode.pem $(INSTALL_ETCDIR)/client.pem
chmod 640 $(INSTALL_ETCDIR)/emulab.pem
chmod 600 $(INSTALL_ETCDIR)/emulab.key
......
......@@ -69,6 +69,7 @@ default_crl_days= 2000 # how long before next CRL
default_md = md5 # which md to use.
preserve = no # keep passed DN ordering
unique_subject = no
copy_extensions = copy
# A few difference way of specifying how similar the request should look
# For type CA, the listed attributes must be the same, and the optional
......@@ -95,3 +96,23 @@ basicConstraints=CA:FALSE
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
[ CA_syscerts ]
dir = . # Where everything is kept
certs = $dir/certs # Where the issued certs are kept
crl_dir = $dir/crl # Where the issued crl are kept
database = $dir/index.txt # database index file.
new_certs_dir = $dir/newcerts # default place for new certs.
certificate = $dir/cacert.pem # The CA certificate
serial = $dir/serial # The current serial number
crl = $dir/crl.pem # The current CRL
private_key = $dir/cakey.pem # The private key
RANDFILE = $dir/.rand # private random number file
default_days = 2000 # how long to certify for
default_crl_days= 2000 # how long before next CRL
default_md = md5 # which md to use.
preserve = no # keep passed DN ordering
unique_subject = no
copy_extensions = copy
policy = policy_sslxmlrpc
......@@ -5,16 +5,13 @@ prompt = no
default_bits = 1024
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca # The extentions to add to the self signed cert
req_extensions = request_extensions
string_mask = nombstr
[ req_attributes ]
[ v3_ca ]
[ request_extensions ]
basicConstraints=critical,CA:TRUE
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
basicConstraints = CA:true
subjectAltName=@req_altname
# This will be appended to by mkusercert.
[ req_distinguished_name ]
......
......@@ -5,16 +5,12 @@ prompt = no
default_bits = 1024
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca # The extentions to add to the self signed cert
req_extensions = request_extensions
string_mask = nombstr
[ req_attributes ]
[ v3_ca ]
[ request_extensions ]
basicConstraints=critical,CA:TRUE
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
basicConstraints = CA:true
# This will be appended to by mkusercert.
[ req_distinguished_name ]
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment