-
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathintermediate.cnf
More file actions
37 lines (29 loc) · 804 Bytes
/
intermediate.cnf
File metadata and controls
37 lines (29 loc) · 804 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
# Configuration for issuing intermediate CA certificates
openssl_conf = openssl_conf
[ openssl_conf ]
providers = providers
[ providers ]
pkcs11 = pkcs11
[ pkcs11 ]
activate = 1
[ ca ]
default_ca = ca_intermediate
[ ca_intermediate ]
certificate = ipxe-sb-ca.crt
database = ipxe-sb-ca.db
default_days = 5000
default_md = sha256
new_certs_dir = signed
policy = ca_policy
private_key = pkcs11:id=%02 # 02 translates to Yubikey slot 9c
rand_serial = yes
unique_subject = no
x509_extensions = ca_exts
[ ca_policy ]
commonName = supplied
[ ca_exts ]
authorityInfoAccess = caIssuers;URI:https://ipxe.org/secure-boot-ca
authorityKeyIdentifier = keyid:always
basicConstraints = critical,CA:true
extendedKeyUsage = codeSigning
keyUsage = critical,digitalSignature,keyCertSign,cRLSign