k3s/scripts/test-certs-openssl.cnf

# db OpenSSL configuration file.
SAN = "IP:127.0.0.1, IP:172.17.0.1, DNS:host.docker.internal"
dir = .

[ ca ]
default_ca = db_ca

[ db_ca ]
certs            = $dir/certs
certificate      = $dir/certs/ca.crt
crl              = $dir/crl.pem
crl_dir          = $dir/crl
crlnumber        = $dir/crlnumber
database         = $dir/index.txt
email_in_dn      = no
new_certs_dir    = $dir/newcerts
private_key      = $dir/private/ca.key
serial           = $dir/serial
RANDFILE         = $dir/private/.rand
name_opt         = ca_default
cert_opt         = ca_default
default_days     = 3650
default_crl_days = 30
default_md       = sha512
preserve         = no
policy           = policy_db

[ policy_db ]
organizationName = optional
commonName       = supplied

[ req ]
default_bits       = 1024
default_keyfile    = privkey.pem
distinguished_name = req_distinguished_name
attributes         = req_attributes
x509_extensions    = v3_ca
string_mask        = utf8only
req_extensions     = db_client

[ req_distinguished_name ]
countryName                = Country Name (2 letter code)
countryName_default        = US
countryName_min            = 2
countryName_max            = 2
commonName                 = Common Name (FQDN)
0.organizationName         = Organization Name (eg, company)
0.organizationName_default = db-ca

[ req_attributes ]

[ v3_ca ]
basicConstraints       = CA:true
keyUsage               = keyCertSign,cRLSign
subjectKeyIdentifier   = hash

[ db_client ]
basicConstraints       = CA:FALSE
extendedKeyUsage       = clientAuth
keyUsage               = digitalSignature, keyEncipherment

[ db_peer ]
basicConstraints       = CA:FALSE
extendedKeyUsage       = clientAuth, serverAuth
keyUsage               = digitalSignature, keyEncipherment
subjectAltName         = ${ENV::SAN}

[ db_server ]
basicConstraints       = CA:FALSE
extendedKeyUsage       = clientAuth, serverAuth
keyUsage               = digitalSignature, keyEncipherment
subjectAltName         = ${ENV::SAN}
Test cleanup 2019-11-01 16:48:28 +00:00			`# db OpenSSL configuration file.`
			`SAN = "IP:127.0.0.1, IP:172.17.0.1, DNS:host.docker.internal"`
			`dir = .`

			`[ ca ]`
			`default_ca = db_ca`

			`[ db_ca ]`
			`certs = $dir/certs`
			`certificate = $dir/certs/ca.crt`
			`crl = $dir/crl.pem`
			`crl_dir = $dir/crl`
			`crlnumber = $dir/crlnumber`
			`database = $dir/index.txt`
			`email_in_dn = no`
			`new_certs_dir = $dir/newcerts`
			`private_key = $dir/private/ca.key`
			`serial = $dir/serial`
			`RANDFILE = $dir/private/.rand`
			`name_opt = ca_default`
			`cert_opt = ca_default`
			`default_days = 3650`
			`default_crl_days = 30`
			`default_md = sha512`
			`preserve = no`
			`policy = policy_db`

			`[ policy_db ]`
			`organizationName = optional`
			`commonName = supplied`

			`[ req ]`
			`default_bits = 1024`
			`default_keyfile = privkey.pem`
			`distinguished_name = req_distinguished_name`
			`attributes = req_attributes`
			`x509_extensions = v3_ca`
			`string_mask = utf8only`
			`req_extensions = db_client`

			`[ req_distinguished_name ]`
			`countryName = Country Name (2 letter code)`
			`countryName_default = US`
			`countryName_min = 2`
			`countryName_max = 2`
			`commonName = Common Name (FQDN)`
			`0.organizationName = Organization Name (eg, company)`
			`0.organizationName_default = db-ca`

			`[ req_attributes ]`

			`[ v3_ca ]`
			`basicConstraints = CA:true`
			`keyUsage = keyCertSign,cRLSign`
			`subjectKeyIdentifier = hash`

			`[ db_client ]`
			`basicConstraints = CA:FALSE`
			`extendedKeyUsage = clientAuth`
			`keyUsage = digitalSignature, keyEncipherment`

			`[ db_peer ]`
			`basicConstraints = CA:FALSE`
			`extendedKeyUsage = clientAuth, serverAuth`
			`keyUsage = digitalSignature, keyEncipherment`
			`subjectAltName = ${ENV::SAN}`

			`[ db_server ]`
			`basicConstraints = CA:FALSE`
			`extendedKeyUsage = clientAuth, serverAuth`
			`keyUsage = digitalSignature, keyEncipherment`
			`subjectAltName = ${ENV::SAN}`