| 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556 |
- {{ ansible_managed | comment }}
- # Source: http://docs.sensu.io/sensu-core/1.3/files/sensu_ssl_tool.tar
- [ ca ]
- default_ca = sensu_ca
- [ sensu_ca ]
- dir = .
- certificate = $dir/cacert.pem
- database = $dir/index.txt
- new_certs_dir = $dir/certs
- private_key = $dir/private/cakey.pem
- serial = $dir/serial
- default_crl_days = 7
- default_days = 1825
- default_md = sha1
- policy = sensu_ca_policy
- x509_extensions = certificate_extensions
- [ sensu_ca_policy ]
- commonName = supplied
- stateOrProvinceName = optional
- countryName = optional
- emailAddress = optional
- organizationName = optional
- organizationalUnitName = optional
- [ certificate_extensions ]
- basicConstraints = CA:false
- [ req ]
- default_bits = 2048
- default_keyfile = ./private/cakey.pem
- default_md = sha1
- prompt = yes
- distinguished_name = root_ca_distinguished_name
- x509_extensions = root_ca_extensions
- [ root_ca_distinguished_name ]
- commonName = sensu
- [ root_ca_extensions ]
- basicConstraints = CA:true
- keyUsage = keyCertSign, cRLSign
- [ client_ca_extensions ]
- basicConstraints = CA:false
- keyUsage = digitalSignature
- extendedKeyUsage = 1.3.6.1.5.5.7.3.2
- [ server_ca_extensions ]
- basicConstraints = CA:false
- keyUsage = keyEncipherment
- extendedKeyUsage = 1.3.6.1.5.5.7.3.1
|
