.. _preenchendo_arquivo_conf: Preenchendo o Arquivo de Configuração ************************************* Esta página mostra como preparar o arquivo de configuração `ssl_anspca.conf `_ para uso de * pesquisadores/estudantes (People); * servidores/hosts (Services); * servidor web (Services). .. contents:: Índice ------------------------------------------------------------------------------- Arquivo de Configuração para Pesquisadores e Estudantes ------------------------------------------------------- Há 3 linhas que devem ser preenchidas: * 1.organizationalUnitName = People * 0.commonName = Fulano da Silva * email.1 = username@email.com Observações: * todas as demais linhas devem ser mantidas intactas; * não são permitidos caracteres especiais como ('), (ç), (:), (^), (~), (") etc. :: [ req ] default_bits = 2048 default_keyfile = privkey.pem distinguished_name = req_dn x509_extensions = extensions string_mask = nombstr prompt = no default_md = sha256 [ req_dn ] 0.countryName = BR 0.organizationName = ANSP 0.organizationalUnitName = ANSPGrid CA # FILL OUT THE DESIRED OPTION # use "People" for users or "Services" for servers # 1.organizationalUnitName = People 1.organizationalUnitName = People # FILL OUT THE DESIRED OPTION # user name (no accent) or server DNS 0.commonName = Fulano da Silva [ extensions ] basicConstraints = critical,CA:FALSE keyUsage = critical, digitalSignature, keyEncipherment, dataEncipherment extendedKeyUsage = clientAuth,emailProtection crlDistributionPoints = URI:http://gridca.ansp.br/media/ca/anspca.crl certificatePolicies = ia5org,@certpolicy subjectAltName = @altnames [ altnames ] # FILL OUT THE INFORMATION #user email or server admin email email.1 = username@email.com # SERVICE ONLY - FILL OUT THE INFORMATION AND REMOVE THE COMMENT SYMBOL # FROM THE LINE # server DNS # DNS.1 = www.my.server.com #DNS.1 = [certpolicy] policyIdentifier = 1.3.6.1.4.1.19550.3.1.1 ------------------------------------------------------------------------------- Arquivo de Configuração para Servidores --------------------------------------- Há 4 linhas que devem ser preenchidas: * 1.organizationalUnitName = Services * 0.commonName = www.my.server.com * email.1 = username@my.server.com * DNS.1 = www.my.server.com Observações: * todas as demais linhas devem ser mantidas intactas; * não são permitidos caracteres especiais como ('), (ç), (:), (^), (~), (") etc. Arquivo de Configuração com apenas 1 DNS ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Em regra, deve-se inserir apenas o DNS principal, como o exemplo abaixo. :: [ req ] default_bits = 2048 default_keyfile = privkey.pem distinguished_name = req_dn x509_extensions = extensions string_mask = nombstr prompt = no default_md = sha256 [ req_dn ] 0.countryName = BR 0.organizationName = ANSP 0.organizationalUnitName = ANSPGrid CA # FILL OUT THE DESIRED OPTION # use "People" for users or "Services" for servers 1.organizationalUnitName = Services # FILL OUT THE DESIRED OPTION # user name (no accent) or server DNS 0.commonName = www.my.server.com [ extensions ] basicConstraints = critical,CA:FALSE keyUsage = critical, digitalSignature, keyEncipherment, dataEncipherment extendedKeyUsage = clientAuth,emailProtection crlDistributionPoints = URI:http://gridca.ansp.br/media/ca/anspca.crl certificatePolicies = ia5org,@certpolicy subjectAltName = @altnames [ altnames ] # FILL OUT THE INFORMATION #user email or server admin email email.1 = username@my.server.com # SERVICE ONLY - FILL OUT THE INFORMATION AND REMOVE THE COMMENT SYMBOL # FROM THE LINE # server DNS DNS.1 = www.my.server.com [certpolicy] policyIdentifier = 1.3.6.1.4.1.19550.3.1.1 .. _mais_de_1_dns: Arquivo de Configuração com mais de 1 DNS ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Em determinados casos, há necessidade de informar o DNS principal e vários DNSs secundários. Veja o exemplo abaixo. Observe que o nome do DNS em **0.commonName** é repetido em **DNS.1**. :: [ req ] default_bits = 2048 default_keyfile = privkey.pem distinguished_name = req_dn x509_extensions = extensions string_mask = nombstr prompt = no default_md = sha256 [ req_dn ] 0.countryName = BR 0.organizationName = ANSP 0.organizationalUnitName = ANSPGrid CA # FILL OUT THE DESIRED OPTION # use "People" for users or "Services" for servers 1.organizationalUnitName = Services # FILL OUT THE DESIRED OPTION # user name (no accent) or server DNS 0.commonName = my.server.org.br [ extensions ] basicConstraints = critical,CA:FALSE keyUsage = critical, digitalSignature, keyEncipherment, dataEncipherment extendedKeyUsage = clientAuth,emailProtection crlDistributionPoints = URI:http://gridca.ansp.br/media/ca/anspca.crl certificatePolicies = ia5org,@certpolicy subjectAltName = @altnames [ altnames ] # FILL OUT THE INFORMATION #user email or server admin email email.1 = username@my.server.com # SERVICE ONLY - FILL OUT THE INFORMATION AND REMOVE THE COMMENT SYMBOL # FROM THE LINE # server DNS DNS.1 = my.server.org.br DNS.2 = server01.org.br DNS.2 = server02.org.br DNS.2 = server03.org.br [certpolicy] policyIdentifier = 1.3.6.1.4.1.19550.3.1.1 ------------------------------------------------------------------------------- Arquivo de Configuração para Servidor Web ----------------------------------------- Há 5 linhas que devem ser preenchidas: * 1.organizationalUnitName = Services * 0.commonName = www.my.server.com * extendedKeyUsage = serverAuth,clientAuth,emailProtection * email.1 = username@my.server.com * DNS.1 = www.my.server.com .. note:: Aqui a diferença é a inclusão da extensão *serverAuth*. Observações: * todas as demais linhas devem ser mantidas intactas; * não são permitidos caracteres especiais como ('), (ç), (:), (^), (~), (") etc. :: [ req ] default_bits = 2048 default_keyfile = privkey.pem distinguished_name = req_dn x509_extensions = extensions string_mask = nombstr prompt = no default_md = sha256 [ req_dn ] 0.countryName = BR 0.organizationName = ANSP 0.organizationalUnitName = ANSPGrid CA # FILL OUT THE DESIRED OPTION # use "People" for users or "Services" for servers 1.organizationalUnitName = Services # FILL OUT THE DESIRED OPTION # user name (no accent) or server DNS 0.commonName = www.my.server.com [ extensions ] basicConstraints = critical,CA:FALSE keyUsage = critical, digitalSignature, keyEncipherment, dataEncipherment extendedKeyUsage = serverAuth,clientAuth,emailProtection crlDistributionPoints = URI:http://gridca.ansp.br/media/ca/anspca.crl certificatePolicies = ia5org,@certpolicy subjectAltName = @altnames [ altnames ] # FILL OUT THE INFORMATION #user email or server admin email email.1 = username@my.server.com # SERVICE ONLY - FILL OUT THE INFORMATION AND REMOVE THE COMMENT SYMBOL # FROM THE LINE # server DNS DNS.1 = www.my.server.com [certpolicy] policyIdentifier = 1.3.6.1.4.1.19550.3.1.1