~mdw / ca / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
config.tcl: New profile for devices which can't accept certificate updates.
[ca] / etc / config.tcl
1 ### -*-tcl-*-
2
3 set C(ca-owner) "root"
4 set C(ca-group) "ca"
5
6 set C(ca-name) {
7 countryName "GB"
8 stateOrProvinceName "Cambridgeshire"
9 localityName "Cambridge"
10 organizationName "distorted.org.uk"
11 commonName "distorted.org.uk Certificate Authority"
12 emailAddress "ca@distorted.org.uk"
13 }
14
15 set P(tls-client) {
16 extensions tls-client-extensions
17 issue-time "*-*-* 00:00:00"
18 start-skew 1
19 expire-interval 32
20 }
21
22 set P(tls-server) {
23 extensions tls-server-extensions
24 issue-time "*-*-* 00:00:00"
25 start-skew 1
26 expire-interval 32
27 }
28
29 set P(tls-server-longterm) {
30 extensions tls-server-extensions
31 issue-time "*-*-* 00:00:00"
32 start-skew 1
33 expire-interval 43838
34 }
35
36 proc update-hook {} {
37 exec 2>@stderr rsync -av --delete-after ca.cert crl cert req publish/
38 exec 2>@stderr userv root publish-ca
39 }
A simple X.509 certificate authority.