X-Git-Url: https://git.distorted.org.uk/~mdw/ca/blobdiff_plain/69ab55f79b5b6109be503ff8d61fba82b1468360..7e0f58bf390f14e3ff92dd4d260b57bd45715643:/etc/config.tcl

diff --git a/etc/config.tcl b/etc/config.tcl
index 8192461..ee8dd31 100644
--- a/etc/config.tcl
+++ b/etc/config.tcl
@@ -1,19 +1,43 @@
 ### -*-tcl-*-
 
-set C(ca-owner) "mdw"
-set C(ca-group) "mdw"
-set C(ca-user) "mdw"
+set C(ca-owner) "root"
+set C(ca-group) "ca"
+
+set C(ca-name) {
+  countryName "GB"
+  stateOrProvinceName "Cambridgeshire"
+  localityName "Cambridge"
+  organizationName "distorted.org.uk"
+  commonName "distorted.org.uk Certificate Authority"
+  emailAddress "ca@distorted.org.uk"
+}
 
 set P(tls-client) {
   extensions tls-client-extensions
-  issue-time "*-*-* 03:00:00"
+  issue-time "*-*-* 00:00:00"
   start-skew 1
-  expire-interval 28
+  expire-interval 32
 }
 
 set P(tls-server) {
   extensions tls-server-extensions
-  issue-time "*-*-* 03:00:00"
+  issue-time "*-*-* 00:00:00"
+  start-skew 1
+  expire-interval 32
+}
+
+set P(tls-server-longterm) {
+  extensions tls-server-extensions
+  issue-time "*-*-* 00:00:00"
   start-skew 1
-  expire-interval 28
+  expire-interval 43838
+}
+
+proc update-hook {} {
+  global env
+  if {![info exists env(CA_BODGE)]} {
+    exec 2>@stderr rsync -rtv --delete-delay \
+	ca.cert crl cert req archive \
+	sysupl-ca@stratocaster.distorted.org.uk:files/
+  }
 }