pki management

2020-04-02 16:18:18 +02:00
parent 0a74735ba9
commit 393c48b4cb
7 changed files with 120 additions and 0 deletions
--- a/base/pki/signing_policies.conf
+++ b/base/pki/signing_policies.conf
@@ -0,0 +1,18 @@
+# -*- coding: utf-8 -*-
+# vim: ft=yaml
+---
+
+x509_signing_policies:
+  host:
+    #- minions: 'host'
+    - signing_private_key: /etc/pki/ca.key
+    - signing_cert: /etc/pki/ca.crt
+    - C: DE
+    - ST: Berlin
+    - L: Berlin
+    - basicConstraints: "critical CA:false"
+    - keyUsage: "critical keyEncipherment"
+    - subjectKeyIdentifier: hash
+    - authorityKeyIdentifier: keyid,issuer:always
+    - days_valid: 360
+    - copypath: /etc/pki/issued_certs/