Ver código fonte

x509 subject properties

tags/0.4
Ales Komarek 8 anos atrás
pai
commit
bca80b792f
2 arquivos alterados com 24 adições e 0 exclusões
  1. +12
    -0
      salt/files/_pki.conf
  2. +12
    -0
      salt/minion/ca.sls

+ 12
- 0
salt/files/_pki.conf Ver arquivo

@@ -7,9 +7,21 @@ x509_signing_policies:
- minions: '{{ signing_policy.minions }}'
- signing_private_key: /etc/pki/ca/{{ ca_name }}/ca.key
- signing_cert: /etc/pki/ca/{{ ca_name }}/ca.crt
{%- if ca.country is defined %}
- C: {{ ca.country }}
{%- endif %}
{%- if ca.state is defined %}
- ST: {{ ca.state }}
{%- endif %}
{%- if ca.locality is defined %}
- L: {{ ca.locality }}
{%- endif %}
{%- if ca.organization is defined %}
- O: {{ ca.organization }}
{%- endif %}
{%- if ca.organization_unit is defined %}
- OU: {{ ca.organization_unit }}
{%- endif %}
{%- if signing_policy.type == 'v3_edge_cert_client' %}
- basicConstraints: "CA:FALSE"
- keyUsage: "critical digitalSignature,nonRepudiation,keyEncipherment"

+ 12
- 0
salt/minion/ca.sls Ver arquivo

@@ -30,9 +30,21 @@ include:
x509.certificate_managed:
- signing_private_key: /etc/pki/ca/{{ ca_name }}/ca.key
- CN: {{ ca.common_name }}
{%- if ca.country is defined %}
- C: {{ ca.country }}
{%- endif %}
{%- if ca.state is defined %}
- ST: {{ ca.state }}
{%- endif %}
{%- if ca.locality is defined %}
- L: {{ ca.locality }}
{%- endif %}
{%- if ca.organization is defined %}
- O: {{ ca.organization }}
{%- endif %}
{%- if ca.organization_unit is defined %}
- OU: {{ ca.organization_unit }}
{%- endif %}
- basicConstraints: "critical,CA:TRUE"
- keyUsage: "critical,cRLSign,keyCertSign"
- subjectKeyIdentifier: hash

Carregando…
Cancelar
Salvar