From f2816881b3c27065ddb2c52702de71d29eed9877 Mon Sep 17 00:00:00 2001
From: nono <nono@gresse.eu>
Date: Wed, 21 Dec 2022 01:31:34 +0100
Subject: [PATCH] add auth key and server_client role

---
 templates/cfssl.json.j2 | 24 +++++++++++++++++++++++-
 1 file changed, 23 insertions(+), 1 deletion(-)

diff --git a/templates/cfssl.json.j2 b/templates/cfssl.json.j2
index 0fdd001..7ef00f4 100644
--- a/templates/cfssl.json.j2
+++ b/templates/cfssl.json.j2
@@ -1,6 +1,13 @@
 {
+    "auth_keys": {
+      "key_srv": {
+        "type": "standard",
+        "key":"{{cfssl_auth_key}}"
+      }
+    },
     "signing": {
       "default": {
+          "auth_key": "key_srv",
           "crl_url": "http://{{inventory_hostname_short}}.{{vm_domain_name}}:8888/crl",
           "expiry": "26280h",
           "usages": [
@@ -11,6 +18,7 @@
         },
       "profiles": {
         "intermediate_ca": {
+          "auth_key": "key_srv",
           "usages": [
               "signing",
               "digital signature",
@@ -27,16 +35,29 @@
               "max_path_len_zero": true
           }
         },
-        "server": {
+        "server_client": {
+          "auth_key": "key_srv",
           "usages": [
             "signing",
             "digital signing",
             "key encipherment",
+            "server auth",
+            "client auth"
+          ],
+          "expiry": "8760h"
+        },
+        "server": {
+          "auth_key": "key_srv",
+          "usages": [
+            "signing",
+            "digital signature",
+            "key encipherment", 
             "server auth"
           ],
           "expiry": "8760h"
         },
         "client": {
+          "auth_key": "key_srv",
           "usages": [
             "signing",
             "digital signature",
@@ -46,5 +67,6 @@
           "expiry": "8760h"
         }
       }
+      }
     }
 }
\ No newline at end of file