add auth key and server_client role

2022-12-21 01:31:34 +01:00 · 2022-12-21 01:31:34 +01:00 · f2816881b3
commit f2816881b3
parent b518e20b2e
1 changed files with 23 additions and 1 deletions
--- a/templates/cfssl.json.j2
+++ b/templates/cfssl.json.j2
@ -1,6 +1,13 @@
 {
+    "auth_keys": {
+      "key_srv": {
+        "type": "standard",
+        "key":"{{cfssl_auth_key}}"
+      }
+    },
    "signing": {
      "default": {
+          "auth_key": "key_srv",
          "crl_url": "http://{{inventory_hostname_short}}.{{vm_domain_name}}:8888/crl",
          "expiry": "26280h",
          "usages": [
@ -11,6 +18,7 @@
        },
      "profiles": {
        "intermediate_ca": {
+          "auth_key": "key_srv",
          "usages": [
              "signing",
              "digital signature",
@ -27,16 +35,29 @@
              "max_path_len_zero": true
          }
        },
-        "server": {
+        "server_client": {
+          "auth_key": "key_srv",
          "usages": [
            "signing",
            "digital signing",
            "key encipherment",
+            "server auth",
+            "client auth"
+          ],
+          "expiry": "8760h"
+        },
+        "server": {
+          "auth_key": "key_srv",
+          "usages": [
+            "signing",
+            "digital signature",
+            "key encipherment", 
            "server auth"
          ],
          "expiry": "8760h"
        },
        "client": {
+          "auth_key": "key_srv",
          "usages": [
            "signing",
            "digital signature",
@ -47,4 +68,5 @@
        }
      }
      }
+    }
 }