34 lines
1.2 KiB
Plaintext
34 lines
1.2 KiB
Plaintext
|
[req]
|
||
|
|
default_bits = 2048
|
||
|
|
distinguished_name = req_distinguished_name
|
||
|
|
x509_extensions = v3_server_sign
|
||
|
|
string_mask = utf8only
|
||
|
|
prompt = no
|
||
|
|
req_extensions = v3_req
|
||
|
|
|
||
|
|
[v3_server_sign]
|
||
|
|
basicConstraints = CA:false
|
||
|
|
nsComment = "RMT Generated Server Certificate"
|
||
|
|
nsCertType = server
|
||
|
|
keyUsage = digitalSignature, keyEncipherment, keyAgreement
|
||
|
|
extendedKeyUsage = serverAuth, clientAuth
|
||
|
|
subjectKeyIdentifier = hash
|
||
|
|
authorityKeyIdentifier = keyid,issuer:always
|
||
|
|
subjectAltName = @alt_names
|
||
|
|
|
||
|
|
[v3_req]
|
||
|
|
basicConstraints = CA:false
|
||
|
|
keyUsage = digitalSignature, keyEncipherment, keyAgreement
|
||
|
|
subjectAltName = @alt_names
|
||
|
|
|
||
|
|
[req_distinguished_name]
|
||
|
|
CN = localhost
|
||
|
|
|
||
|
|
[alt_names]
|
||
|
|
DNS.0 = localhost
|
||
|
|
DNS.1 = rmt.{{ pillar['network']['domain'] }}
|
||
|
|
IP.0 = {{ pillar['network']['ip'] }}
|
||
|
|
{% for vlan in pillar['network']['vlan'] -%}
|
||
|
|
IP.{{ loop.index }} = {{ vlan['address'] }}
|
||
|
|
{% endfor -%}
|