### -*-tcl-*-
-set C(ca-owner) "mdw"
-set C(ca-group) "mdw"
-set C(ca-user) "mdw"
+set C(ca-owner) "root"
+set C(ca-group) "ca"
+
+set C(ca-name) {
+ countryName "GB"
+ stateOrProvinceName "Cambridgeshire"
+ localityName "Cambridge"
+ organizationName "distorted.org.uk"
+ commonName "distorted.org.uk Certificate Authority"
+ emailAddress "ca@distorted.org.uk"
+}
set P(tls-client) {
extensions tls-client-extensions
- issue-time "*-*-* 03:00:00"
+ issue-time "*-*-* 00:00:00"
start-skew 1
- expire-interval 28
+ expire-interval 32
}
set P(tls-server) {
extensions tls-server-extensions
- issue-time "*-*-* 03:00:00"
+ issue-time "*-*-* 00:00:00"
+ start-skew 1
+ expire-interval 32
+}
+
+set P(tls-server-longterm) {
+ extensions tls-server-extensions
+ issue-time "*-*-* 00:00:00"
start-skew 1
- expire-interval 28
+ expire-interval 43838
}
proc update-hook {} {
- exec rsync -av --delete-after crl ca.cert cert req test/publish 2>@stderr
+ global env
+ if {![info exists env(CA_BODGE)]} {
+ exec 2>@stderr rsync -rtl --delete-delay \
+ ca.cert crl cert req archive \
+ sysupl-ca@stratocaster.distorted.org.uk:files/
+ }
}