IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

csrgen: Add a CSR generation profile for user certificates

Browse Source 
https://fedorahosted.org/freeipa/ticket/4899

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
This commit is contained in:
Ben Lipton 2016-08-22 10:45:04 -04:00 committed by Jan Cholasta
parent fc58eff6a3
commit f1a1c6eca1
4 changed files with 41 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
install/share/csrgen/Makefile.am
View File

@ -3,12 +3,15 @@ NULL =
profiledir = $(IPA_DATA_DIR)/csrgen/profiles
profile_DATA = \
profiles/caIPAserviceCert.json \
profiles/userCert.json \
$(NULL)
ruledir = $(IPA_DATA_DIR)/csrgen/rules
rule_DATA = \
rules/dataDNS.json \
rules/dataEmail.json \
rules/dataHostCN.json \
rules/dataUsernameCN.json \
rules/syntaxSAN.json \
rules/syntaxSubject.json \
$(NULL)

14
install/share/csrgen/profiles/userCert.json Normal file
View File

@ -0,0 +1,14 @@
[
{
"syntax": "syntaxSubject",
"data": [
"dataUsernameCN"
]
},
{
"syntax": "syntaxSAN",
"data": [
"dataEmail"
]
}
]

12
install/share/csrgen/rules/dataEmail.json Normal file
View File

@ -0,0 +1,12 @@
{
"rules": [
{
"helper": "openssl",
"template": "email = {{ipa.datafield(subject.mail.0)}}"
},
{
"helper": "certutil",
"template": "email:{{ipa.datafield(subject.mail.0)|quote}}"
}
]
}

12
install/share/csrgen/rules/dataUsernameCN.json Normal file
View File

@ -0,0 +1,12 @@
{
"rules": [
{
"helper": "openssl",
"template": "{{ipa.datafield(config.ipacertificatesubjectbase.0)}}\nCN={{ipa.datafield(subject.uid.0)}}"
},
{
"helper": "certutil",
"template": "CN={{ipa.datafield(subject.uid.0)|quote}},{{ipa.datafield(config.ipacertificatesubjectbase.0)|quote}}"
}
]
}