~poptart/hosaka-pki

ref: 8d6f421fbd4ea6b5ac74c4add9e8321b9c370982 hosaka-pki/config.def -rw-r--r-- 1.2 KiB
8d6f421f — poptart Updated to begin adding the interactive functions 1 year, 7 months ago
                                                                                
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
#This is the hosaka-pki configuration file. It is parsed by the PKI shell 
#script and functions a KEY=VALUE pair set of settings.
#
CONFIGDIR=/etc/hosaka/pki
SSL_CA_DIR=/etc/hosaka/pki/ssl
SSH_CA_DIR=/etc/ssh/pki/ssh

### SSL CONFIG OPTIONS
#How many days should the cert be valid for
DAYSVALID=375
CADAYSVALID=3750

#Which signing algorithm to use
MDALGORITHM=sha512

#Should we configure an intermediate CA
USEINTERMEDIATE=yes

#Remember passwords for the hosaka-pki in the shell script. Generally
#this is "less secure" and leaves open oppurtunistic attacks, but 
#if it is false prompting can be... excessive.
CACHECREDENTIALS=yes

#If an intermediate was generated and the root CA keys are still
#accessible then emit a warning that that's a bad idea
WARNROOTCERT=yes

#Default settings for signing if they are not set
COUNTRYDEFAULT=US
STATEDEFAULT=Cyberspace
LOCALITYDEFAULT=Fakeland
ORGNAMEDEFAULT=Hosaka Corporation Examples
ORGUNITDEFAULT=Certificate Land
USERCERTCOMMENT=Hosaka PKI Generated Client Certificate
SRVCERTCOMMENT=Hosaka PKI Generated Server Certificate

#Default starting serial number
SSLSERIALDEFAULT=1000

### SSH CONFIG OPTIONS
SSHSERIALDEFAULT=1000