Software / code / prosody
Annotate
certs/openssl.cnf @ 13627:2db7b3b65363
core.configmanager: Add function for getting secrets from separate files
Idea is to enable easily retrieving of secret values from files outside
of the config, e.g. via the method used by systemd credentials.
CREDENTIALS_DIRECTORY is expected to be set by the process manager
invoking Prosody, so being unset and unavailable from prosodyctl is
going to be normal and a warning is reported in that case. Care will
have to be taken to make it clear that prosodyctl check will not work
with such values. An error is thrown if the directory is unavailable
when running under Prosody.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Thu, 16 Jan 2025 15:21:34 +0100 |
| parent | 12604:bd9e006a7a74 |
| rev | line source |
|---|---|
|
3701
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
1 oid_section = new_oids |
|
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
2 |
|
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
3 [ new_oids ] |
|
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
4 |
|
5350
fba042a2c228
certs/openssl.cnf: Update XMPP-Core references to reflect RFC publication
Kim Alvefur <zash@zash.se>
parents:
4098
diff
changeset
|
5 # RFC 6120 section 13.7.1.4. defines this OID |
|
3701
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
6 xmppAddr = 1.3.6.1.5.5.7.8.5 |
|
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
7 |
|
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
8 # RFC 4985 defines this OID |
|
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
9 SRVName = 1.3.6.1.5.5.7.8.7 |
|
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
10 |
|
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
11 [ req ] |
|
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
12 |
|
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
13 default_bits = 4096 |
|
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
14 default_keyfile = example.com.key |
|
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
15 distinguished_name = distinguished_name |
|
6922
e0672860d208
cert/openssl.cnf: Split CSR and self-signed extensions into separate sections (see d2d7ad2563f9)
Kim Alvefur <zash@zash.se>
parents:
5350
diff
changeset
|
16 req_extensions = certrequest |
|
e0672860d208
cert/openssl.cnf: Split CSR and self-signed extensions into separate sections (see d2d7ad2563f9)
Kim Alvefur <zash@zash.se>
parents:
5350
diff
changeset
|
17 x509_extensions = selfsigned |
|
3701
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
18 |
|
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
19 # ask about the DN? |
|
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
20 prompt = no |
|
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
21 |
|
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
22 [ distinguished_name ] |
|
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
23 |
|
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
24 commonName = example.com |
|
3704
320738c67100
certs/openssl.cnf: Change countryName from UK to GB
Matthew Wild <mwild1@gmail.com>
parents:
3701
diff
changeset
|
25 countryName = GB |
|
3701
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
26 localityName = The Internet |
|
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
27 organizationName = Your Organisation |
|
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
28 organizationalUnitName = XMPP Department |
|
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
29 emailAddress = xmpp@example.com |
|
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
30 |
|
6922
e0672860d208
cert/openssl.cnf: Split CSR and self-signed extensions into separate sections (see d2d7ad2563f9)
Kim Alvefur <zash@zash.se>
parents:
5350
diff
changeset
|
31 [ certrequest ] |
|
3701
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
32 |
|
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
33 # for certificate requests (req_extensions) |
|
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
34 |
|
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
35 basicConstraints = CA:FALSE |
|
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
36 keyUsage = digitalSignature,keyEncipherment |
|
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
37 extendedKeyUsage = serverAuth,clientAuth |
|
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
38 subjectAltName = @subject_alternative_name |
|
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
39 |
|
6922
e0672860d208
cert/openssl.cnf: Split CSR and self-signed extensions into separate sections (see d2d7ad2563f9)
Kim Alvefur <zash@zash.se>
parents:
5350
diff
changeset
|
40 [ selfsigned ] |
|
e0672860d208
cert/openssl.cnf: Split CSR and self-signed extensions into separate sections (see d2d7ad2563f9)
Kim Alvefur <zash@zash.se>
parents:
5350
diff
changeset
|
41 |
|
e0672860d208
cert/openssl.cnf: Split CSR and self-signed extensions into separate sections (see d2d7ad2563f9)
Kim Alvefur <zash@zash.se>
parents:
5350
diff
changeset
|
42 # and self-signed certificates (x509_extensions) |
|
e0672860d208
cert/openssl.cnf: Split CSR and self-signed extensions into separate sections (see d2d7ad2563f9)
Kim Alvefur <zash@zash.se>
parents:
5350
diff
changeset
|
43 |
|
e0672860d208
cert/openssl.cnf: Split CSR and self-signed extensions into separate sections (see d2d7ad2563f9)
Kim Alvefur <zash@zash.se>
parents:
5350
diff
changeset
|
44 basicConstraints = CA:TRUE |
|
e0672860d208
cert/openssl.cnf: Split CSR and self-signed extensions into separate sections (see d2d7ad2563f9)
Kim Alvefur <zash@zash.se>
parents:
5350
diff
changeset
|
45 subjectAltName = @subject_alternative_name |
|
e0672860d208
cert/openssl.cnf: Split CSR and self-signed extensions into separate sections (see d2d7ad2563f9)
Kim Alvefur <zash@zash.se>
parents:
5350
diff
changeset
|
46 |
|
3701
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
47 [ subject_alternative_name ] |
|
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
48 |
|
12604
bd9e006a7a74
various: Update IETF RFC URLs for tools.ietf.org transition
Kim Alvefur <zash@zash.se>
parents:
6922
diff
changeset
|
49 # See https://www.rfc-editor.org/rfc/rfc6120.html#section-13.7.1.2 for more info. |
|
3701
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
50 |
|
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
51 DNS.0 = example.com |
|
4098
7d687c348295
certs/openssl.cnf: Specify output encoding.
Kim Alvefur <zash@zash.se>
parents:
3704
diff
changeset
|
52 otherName.0 = xmppAddr;FORMAT:UTF8,UTF8:example.com |
|
3701
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
53 otherName.1 = SRVName;IA5STRING:_xmpp-client.example.com |
|
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
54 otherName.2 = SRVName;IA5STRING:_xmpp-server.example.com |
|
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
55 |
|
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
56 DNS.1 = conference.example.com |
|
4098
7d687c348295
certs/openssl.cnf: Specify output encoding.
Kim Alvefur <zash@zash.se>
parents:
3704
diff
changeset
|
57 otherName.3 = xmppAddr;FORMAT:UTF8,UTF8:conference.example.com |
|
3701
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
58 otherName.4 = SRVName;IA5STRING:_xmpp-server.conference.example.com |
