2021-11-05 15:06:45 +00:00
|
|
|
[req]
|
|
|
|
default_bits = 2048
|
|
|
|
distinguished_name = req_distinguished_name
|
|
|
|
x509_extensions = v3_server_sign
|
|
|
|
string_mask = utf8only
|
|
|
|
prompt = no
|
|
|
|
req_extensions = v3_req
|
|
|
|
|
|
|
|
[v3_server_sign]
|
|
|
|
basicConstraints = CA:false
|
|
|
|
nsComment = "Rancher Server Certificate"
|
|
|
|
nsCertType = server
|
|
|
|
keyUsage = digitalSignature, keyEncipherment, keyAgreement
|
|
|
|
extendedKeyUsage = serverAuth, clientAuth
|
|
|
|
subjectKeyIdentifier = hash
|
|
|
|
authorityKeyIdentifier = keyid,issuer:always
|
|
|
|
subjectAltName = @alt_names
|
|
|
|
|
|
|
|
[v3_req]
|
|
|
|
basicConstraints = CA:false
|
|
|
|
keyUsage = digitalSignature, keyEncipherment, keyAgreement
|
|
|
|
subjectAltName = @alt_names
|
|
|
|
|
|
|
|
[req_distinguished_name]
|
|
|
|
CN = rancher.{{ pillar['network']['domain'] }}
|
|
|
|
|
|
|
|
[alt_names]
|
2021-11-08 19:45:20 +00:00
|
|
|
DNS.1 = rancher.{{ pillar['network']['domain'] }}
|
|
|
|
IP.1 = {{ pillar['network']['ip'] }}
|