68 lines
2.1 KiB
YAML
68 lines
2.1 KiB
YAML
|
---
|
||
|
# defaults file for hashistack_ca
|
||
|
hashistack_ca_directory: "/etc/hashistack/certificates"
|
||
|
hashistack_ca_use_cryptography: false
|
||
|
hashistack_ca_action: "noop"
|
||
|
hashistack_ca_domain: example.com
|
||
|
|
||
|
##############################
|
||
|
# Root Certificate Authority #
|
||
|
##############################
|
||
|
hashistack_ca_root_org_name: EDNZ Cloud
|
||
|
hashistack_ca_root_country: FR
|
||
|
hashistack_ca_root_locality: Paris
|
||
|
hashistack_ca_root_common_name: "{{ hashistack_ca_domain }} Root CA"
|
||
|
hashistack_ca_root_email:
|
||
|
hashistack_ca_root_key_usage:
|
||
|
- keyCertSign
|
||
|
- cRLSign
|
||
|
hashistack_ca_root_key_usage_critical: true
|
||
|
hashistack_ca_root_basic_constraints:
|
||
|
- CA:TRUE
|
||
|
hashistack_ca_root_basic_constraints_critical: true
|
||
|
|
||
|
# Optional fields
|
||
|
hashistack_ca_root_state_or_province_name:
|
||
|
hashistack_ca_root_email_address:
|
||
|
|
||
|
# Validity
|
||
|
hashistack_ca_root_valid_for: 1825d
|
||
|
hashistack_ca_root_renew_threshold: 180d
|
||
|
|
||
|
######################################
|
||
|
# Intermediate Certificate Authority #
|
||
|
######################################
|
||
|
hashistack_ca_intermediate_org_name: EDNZ Cloud Intermediate
|
||
|
hashistack_ca_intermediate_country: FR
|
||
|
hashistack_ca_intermediate_locality: Paris
|
||
|
hashistack_ca_intermediate_common_name: "{{ hashistack_ca_domain }} Intermediate CA"
|
||
|
hashistack_ca_intermediate_email:
|
||
|
hashistack_ca_intermediate_key_usage:
|
||
|
- keyCertSign
|
||
|
- cRLSign
|
||
|
hashistack_ca_intermediate_key_usage_critical: true
|
||
|
hashistack_ca_intermediate_basic_constraints:
|
||
|
- CA:TRUE
|
||
|
- pathlen:0
|
||
|
hashistack_ca_intermediate_basic_constraints_critical: true
|
||
|
|
||
|
# Optional fields
|
||
|
hashistack_ca_intermediate_state_or_province_name:
|
||
|
hashistack_ca_intermediate_email_address:
|
||
|
|
||
|
# Validity
|
||
|
hashistack_ca_intermediate_valid_for: 365d
|
||
|
hashistack_ca_intermediate_renew_threshold: 90d
|
||
|
|
||
|
# Name Constraints
|
||
|
hashistack_ca_intermediate_name_constraints_permitted:
|
||
|
- DNS:.nomad
|
||
|
- DNS:.consul
|
||
|
- DNS:.example.com
|
||
|
- DNS:localhost
|
||
|
- IP:192.168.0.0/16
|
||
|
- IP:172.16.0.0/16
|
||
|
- IP:10.0.0.0/8
|
||
|
- IP:127.0.0.0/8
|
||
|
hashistack_ca_intermediate_name_constraints_critical: "{{ (hashistack_ca_intermediate_name_constraints_permitted is defined and hashistack_ca_intermediate_name_constraints_permitted | length > 0) }}"
|