-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathpkitool.conf
99 lines (77 loc) · 2.1 KB
/
pkitool.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
# pkitool.conf
#
# Defaults will be used for any variables which are
# commented or removed. Command line options will
# override any variables set here.
# pki command ('ipsec pki' requires root on default installs)
#PKI="/usr/sbin/ipsec pki"
PKI="/usr/lib/ipsec/pki"
# RSA private key size in bits
#SIZE=2048
# X.509 certificate lifetime in days
#LIFETIME=1095
# File Names
#
# filename = <PREFIX><SUFFIX>.<FORMAT>
# Prefix
CA="ca"
SERVER="server"
CLIENT="client"
PKCS12="client"
# Suffix for Key, Cert, and PKCS #12
KEY="-key"
CERT="-cert"
P12=""
# Suffix for PKCS #12 Files with CA Certificate
P12CA="-ca"
# Format: binary "der" or text "pem"
FORMAT="pem"
# Path for preexisting CA key and certificate
# only used for server, client, and pkcs12.
# Leave unspecified to read cakey and cacert with
# filename <prefix><suffix>.<format> from the the
# current directory.
#CAKEY=~/private/ca-key.pem
#CACERT=~/cert/ca/ca-cert.pem
# subjectAltName and extendedKeyUsage
#
# Both SAN and EKU are optional. However some VPN clients
# expect the server certificate to include them.
# SAN for server and client certificate
# (e.g. FQDN, IP Address, Email)
SERVER_SAN="myvpn.mydynamicdns.com"
#CLIENT_SAN="[email protected]"
# EKU flag for server and client certificate
SERVER_FLAG="serverAuth"
#CLIENT_FLAG="clientAuth"
# Distinguished Name (DN)
#
# RDNs (partial list):
#
# C Country (two characters)
# ST State or province
# L Locality or town
# O Organization
# OU Organization Unit
# CN Common Name
#
# DN is a sequence of RDNs:
#
# "C=US, ST=New York, O=ABC Inc, OU=Sales, CN=Road Warrior"
# These RDNs are not used by pkitool. They are only
# defined locally to construct the DNs.
C="MY"
O="My Organization"
SERVER_CN="My Server"
CLIENT_CN="My Client"
# DN
CA_DN="C=$C, O=$O, CN=$O CA"
SERVER_DN="C=$C, O=$O, CN=$SERVER_CN"
CLIENT_DN="C=$C, O=$O, CN=$CLIENT_CN"
# PKCS #12
# Friendly Name for key and certificate in PKCS #12
#FNAME="My Client"
# Include CA certificate in PKCS #12 ("yes" or "no")
#WITHCA="no"
# Friendly Name for CA in PKCS #12
#CANAME="$O CA"