freeipa

FreeIPA is an integrated Identity and Authentication solution for Linux/UNIX networked environments.  |  http://www.freeipa.org/

Commit f1a1c6e csrgen: Add a CSR generation profile for user certificates

4 files Authored by benlipton a year ago , Committed by jcholast a year ago ,
csrgen: Add a CSR generation profile for user certificates

https://fedorahosted.org/freeipa/ticket/4899

Reviewed-By: Jan Cholasta <jcholast@redhat.com>

    
 1 @@ -3,12 +3,15 @@
 2   profiledir = $(IPA_DATA_DIR)/csrgen/profiles
 3   profile_DATA =»       »       »       »       \
 4   »       profiles/caIPAserviceCert.json»       \
 5 + »       profiles/userCert.json»       »       \
 6   »       $(NULL)
 7   
 8   ruledir = $(IPA_DATA_DIR)/csrgen/rules
 9   rule_DATA =»       »       »       »       \
10   »       rules/dataDNS.json»       »       \
11 + »       rules/dataEmail.json»       »       \
12   »       rules/dataHostCN.json»       »       \
13 + »       rules/dataUsernameCN.json»       \
14   »       rules/syntaxSAN.json»       »       \
15   »       rules/syntaxSubject.json»       \
16   »       $(NULL)
 1 @@ -0,0 +1,14 @@
 2 + [
 3 +     {
 4 +         "syntax": "syntaxSubject",
 5 +         "data": [
 6 +             "dataUsernameCN"
 7 +         ]
 8 +     },
 9 +     {
10 +         "syntax": "syntaxSAN",
11 +         "data": [
12 +             "dataEmail"
13 +         ]
14 +     }
15 + ]
 1 @@ -0,0 +1,12 @@
 2 + {
 3 +   "rules": [
 4 +     {
 5 +       "helper": "openssl",
 6 +       "template": "email = {{ipa.datafield(subject.mail.0)}}"
 7 +     },
 8 +     {
 9 +       "helper": "certutil",
10 +       "template": "email:{{ipa.datafield(subject.mail.0)|quote}}"
11 +     }
12 +   ]
13 + }
 1 @@ -0,0 +1,12 @@
 2 + {
 3 +   "rules": [
 4 +     {
 5 +       "helper": "openssl",
 6 +       "template": "{{ipa.datafield(config.ipacertificatesubjectbase.0)}}\nCN={{ipa.datafield(subject.uid.0)}}"
 7 +     },
 8 +     {
 9 +       "helper": "certutil",
10 +       "template": "CN={{ipa.datafield(subject.uid.0)|quote}},{{ipa.datafield(config.ipacertificatesubjectbase.0)|quote}}"
11 +     }
12 +   ]
13 + }