diff options
Diffstat (limited to 'testing/hosts/winnetou/etc')
10 files changed, 51 insertions, 128 deletions
diff --git a/testing/hosts/winnetou/etc/apache2/conf-enabled/testresults-as-text.conf b/testing/hosts/winnetou/etc/apache2/conf-enabled/testresults-as-text.conf index 68438a656..e362e138c 100644 --- a/testing/hosts/winnetou/etc/apache2/conf-enabled/testresults-as-text.conf +++ b/testing/hosts/winnetou/etc/apache2/conf-enabled/testresults-as-text.conf @@ -2,3 +2,4 @@ AddType text/plain .conf .log .sql .users AddType text/plain .secrets .listall .statusall AddType text/plain .conns .certs .sas .pools .authorities .stats AddType text/plain .policy .state .route .iptables .iptables-save +AddType text/plain .eap .default .inner-tunnel diff --git a/testing/hosts/winnetou/etc/apache2/conf.d/testresults-as-text b/testing/hosts/winnetou/etc/apache2/conf.d/testresults-as-text deleted file mode 100644 index 68438a656..000000000 --- a/testing/hosts/winnetou/etc/apache2/conf.d/testresults-as-text +++ /dev/null @@ -1,4 +0,0 @@ -AddType text/plain .conf .log .sql .users -AddType text/plain .secrets .listall .statusall -AddType text/plain .conns .certs .sas .pools .authorities .stats -AddType text/plain .policy .state .route .iptables .iptables-save diff --git a/testing/hosts/winnetou/etc/apache2/sites-enabled/001-ocsp_vhost.conf b/testing/hosts/winnetou/etc/apache2/sites-enabled/001-ocsp_vhost.conf index 0772c34ea..fb9e98424 100644 --- a/testing/hosts/winnetou/etc/apache2/sites-enabled/001-ocsp_vhost.conf +++ b/testing/hosts/winnetou/etc/apache2/sites-enabled/001-ocsp_vhost.conf @@ -12,13 +12,7 @@ AddHandler cgi-script .cgi DirectoryIndex ocsp.cgi <Directory "/etc/openssl/ocsp"> Options +ExecCGI - <IfModule mod_authz_core.c> - Require all granted - </IfModule> - <IfModule !mod_authz_core.c> - Order deny,allow - Allow from all - </IfModule> + Require all granted </Directory> ErrorLog /var/log/apache2/ocsp/error_log CustomLog /var/log/apache2/ocsp/access_log combined @@ -34,13 +28,7 @@ Listen 8881 DirectoryIndex ocsp.cgi <Directory "/etc/openssl/research/ocsp"> Options +ExecCGI - <IfModule mod_authz_core.c> - Require all granted - </IfModule> - <IfModule !mod_authz_core.c> - Order deny,allow - Allow from all - </IfModule> + Require all granted </Directory> ErrorLog /var/log/apache2/ocsp/error_log CustomLog /var/log/apache2/ocsp/access_log combined @@ -56,13 +44,7 @@ Listen 8882 DirectoryIndex ocsp.cgi <Directory "/etc/openssl/sales/ocsp"> Options +ExecCGI - <IfModule mod_authz_core.c> - Require all granted - </IfModule> - <IfModule !mod_authz_core.c> - Order deny,allow - Allow from all - </IfModule> + Require all granted </Directory> ErrorLog /var/log/apache2/ocsp/error_log CustomLog /var/log/apache2/ocsp/access_log combined diff --git a/testing/hosts/winnetou/etc/openssl/duck/openssl.cnf b/testing/hosts/winnetou/etc/openssl/duck/openssl.cnf index 260171cfd..b610836fc 100644 --- a/testing/hosts/winnetou/etc/openssl/duck/openssl.cnf +++ b/testing/hosts/winnetou/etc/openssl/duck/openssl.cnf @@ -1,19 +1,11 @@ -# openssl.cnf - OpenSSL configuration file for the ZHW PKI -# Mario Strasser <mario.strasser@zhwin.ch> -# +# openssl.cnf - OpenSSL configuration file +# # This definitions were set by the ca_init script DO NOT change # them manually. CAHOME = /etc/openssl/duck RANDFILE = $CAHOME/.rand -# Extra OBJECT IDENTIFIER info: -oid_section = new_oids - -[ new_oids ] -SmartcardLogin = 1.3.6.1.4.1.311.20.2 -ClientAuthentication = 1.3.6.1.4.1.311.20.2.2 - #################################################################### [ ca ] @@ -21,7 +13,7 @@ default_ca = root_ca # The default ca section #################################################################### -[ root_ca ] +[ root_ca ] dir = $CAHOME certs = $dir/certs # Where the issued certs are kept @@ -82,7 +74,7 @@ x509_extensions = ca_ext # The extensions to add to the self signed cert # req_extensions = v3_req # The extensions to add to a certificate request -# This sets a mask for permitted string types. There are several options. +# This sets a mask for permitted string types. There are several options. # default: PrintableString, T61String, BMPString. # pkix : PrintableString, BMPString. # utf8only: only UTF8Strings. @@ -117,7 +109,7 @@ organizationName_default = Linux strongSwan #1.organizationalUnitName = Type (eg, Staff) #1.organizationalUnitName_default = Staff -#userId = UID +#userId = UID commonName = Common Name (eg, YOUR name) commonName_default = $ENV::COMMON_NAME @@ -154,7 +146,7 @@ basicConstraints = CA:FALSE keyUsage = digitalSignature, keyEncipherment, keyAgreement subjectKeyIdentifier = hash authorityKeyIdentifier = keyid, issuer:always -subjectAltName = email:$ENV::COMMON_NAME +subjectAltName = email:$ENV::COMMON_NAME #################################################################### diff --git a/testing/hosts/winnetou/etc/openssl/ecdsa/openssl.cnf b/testing/hosts/winnetou/etc/openssl/ecdsa/openssl.cnf index d31752e30..ddd94d061 100644 --- a/testing/hosts/winnetou/etc/openssl/ecdsa/openssl.cnf +++ b/testing/hosts/winnetou/etc/openssl/ecdsa/openssl.cnf @@ -1,19 +1,11 @@ -# openssl.cnf - OpenSSL configuration file for the ZHW PKI -# Mario Strasser <mario.strasser@zhwin.ch> -# +# openssl.cnf - OpenSSL configuration file +# # This definitions were set by the ca_init script DO NOT change # them manually. -CAHOME = /etc/openssl/ecdsa +CAHOME = /etc/openssl/ecdsa RANDFILE = $CAHOME/.rand -# Extra OBJECT IDENTIFIER info: -oid_section = new_oids - -[ new_oids ] -SmartcardLogin = 1.3.6.1.4.1.311.20.2 -ClientAuthentication = 1.3.6.1.4.1.311.20.2.2 - #################################################################### [ ca ] @@ -21,7 +13,7 @@ default_ca = root_ca # The default ca section #################################################################### -[ root_ca ] +[ root_ca ] dir = $CAHOME certs = $dir/certs # Where the issued certs are kept @@ -83,7 +75,7 @@ x509_extensions = ca_ext # The extensions to add to the self signed cert # req_extensions = v3_req # The extensions to add to a certificate request -# This sets a mask for permitted string types. There are several options. +# This sets a mask for permitted string types. There are several options. # default: PrintableString, T61String, BMPString. # pkix : PrintableString, BMPString. # utf8only: only UTF8Strings. @@ -118,7 +110,7 @@ organizationName_default = Linux strongSwan #1.organizationalUnitName = Type (eg, Staff) #1.organizationalUnitName_default = Staff -#userId = UID +#userId = UID commonName = Common Name (eg, YOUR name) commonName_default = $ENV::COMMON_NAME @@ -156,7 +148,7 @@ basicConstraints = CA:FALSE keyUsage = digitalSignature, keyEncipherment, keyAgreement subjectKeyIdentifier = hash authorityKeyIdentifier = keyid, issuer:always -subjectAltName = email:$ENV::COMMON_NAME +subjectAltName = email:$ENV::COMMON_NAME #authorityInfoAccess = OCSP;URI:http://ocsp.strongswan.org:8880 crlDistributionPoints = URI:http://crl.strongswan.org/strongswan_ec.crl diff --git a/testing/hosts/winnetou/etc/openssl/monster/openssl.cnf b/testing/hosts/winnetou/etc/openssl/monster/openssl.cnf index 5985b5650..170daba56 100644 --- a/testing/hosts/winnetou/etc/openssl/monster/openssl.cnf +++ b/testing/hosts/winnetou/etc/openssl/monster/openssl.cnf @@ -1,19 +1,11 @@ -# openssl.cnf - OpenSSL configuration file for the ZHW PKI -# Mario Strasser <mario.strasser@zhwin.ch> -# +# openssl.cnf - OpenSSL configuration file +# # This definitions were set by the ca_init script DO NOT change # them manually. CAHOME = /etc/openssl/monster RANDFILE = $CAHOME/.rand -# Extra OBJECT IDENTIFIER info: -oid_section = new_oids - -[ new_oids ] -SmartcardLogin = 1.3.6.1.4.1.311.20.2 -ClientAuthentication = 1.3.6.1.4.1.311.20.2.2 - #################################################################### [ ca ] @@ -21,7 +13,7 @@ default_ca = root_ca # The default ca section #################################################################### -[ root_ca ] +[ root_ca ] dir = $CAHOME certs = $dir/certs # Where the issued certs are kept @@ -83,7 +75,7 @@ x509_extensions = ca_ext # The extensions to add to the self signed cert # req_extensions = v3_req # The extensions to add to a certificate request -# This sets a mask for permitted string types. There are several options. +# This sets a mask for permitted string types. There are several options. # default: PrintableString, T61String, BMPString. # pkix : PrintableString, BMPString. # utf8only: only UTF8Strings. @@ -118,7 +110,7 @@ organizationName_default = Linux strongSwan #1.organizationalUnitName = Type (eg, Staff) #1.organizationalUnitName_default = Staff -#userId = UID +#userId = UID commonName = Common Name (eg, YOUR name) commonName_default = $ENV::COMMON_NAME @@ -156,7 +148,7 @@ basicConstraints = CA:FALSE keyUsage = digitalSignature, keyEncipherment, keyAgreement subjectKeyIdentifier = hash authorityKeyIdentifier = keyid, issuer:always -subjectAltName = email:$ENV::COMMON_NAME +subjectAltName = email:$ENV::COMMON_NAME #authorityInfoAccess = OCSP;URI:http://ocsp.strongswan.org:8880 crlDistributionPoints = URI:http://crl.strongswan.org/strongswan-monster.crl diff --git a/testing/hosts/winnetou/etc/openssl/openssl.cnf b/testing/hosts/winnetou/etc/openssl/openssl.cnf index 9078b2043..b1ef68a11 100644 --- a/testing/hosts/winnetou/etc/openssl/openssl.cnf +++ b/testing/hosts/winnetou/etc/openssl/openssl.cnf @@ -1,19 +1,11 @@ -# openssl.cnf - OpenSSL configuration file for the ZHW PKI -# Mario Strasser <mario.strasser@zhwin.ch> -# +# openssl.cnf - OpenSSL configuration file +# # This definitions were set by the ca_init script DO NOT change # them manually. -CAHOME = /etc/openssl +CAHOME = /etc/openssl RANDFILE = $CAHOME/.rand -# Extra OBJECT IDENTIFIER info: -oid_section = new_oids - -[ new_oids ] -SmartcardLogin = 1.3.6.1.4.1.311.20.2 -ClientAuthentication = 1.3.6.1.4.1.311.20.2.2 - #################################################################### [ ca ] @@ -21,7 +13,7 @@ default_ca = root_ca # The default ca section #################################################################### -[ root_ca ] +[ root_ca ] dir = $CAHOME certs = $dir/certs # Where the issued certs are kept @@ -83,7 +75,7 @@ x509_extensions = ca_ext # The extensions to add to the self signed cert # req_extensions = v3_req # The extensions to add to a certificate request -# This sets a mask for permitted string types. There are several options. +# This sets a mask for permitted string types. There are several options. # default: PrintableString, T61String, BMPString. # pkix : PrintableString, BMPString. # utf8only: only UTF8Strings. @@ -118,7 +110,7 @@ organizationName_default = Linux strongSwan #1.organizationalUnitName = Type (eg, Staff) #1.organizationalUnitName_default = Staff -#userId = UID +#userId = UID commonName = Common Name (eg, YOUR name) commonName_default = $ENV::COMMON_NAME @@ -157,7 +149,7 @@ basicConstraints = CA:FALSE keyUsage = digitalSignature, keyEncipherment, keyAgreement subjectKeyIdentifier = hash authorityKeyIdentifier = keyid, issuer:always -subjectAltName = email:$ENV::COMMON_NAME +subjectAltName = email:$ENV::COMMON_NAME #authorityInfoAccess = OCSP;URI:http://ocsp.strongswan.org:8880 crlDistributionPoints = URI:http://crl.strongswan.org/strongswan.crl diff --git a/testing/hosts/winnetou/etc/openssl/research/openssl.cnf b/testing/hosts/winnetou/etc/openssl/research/openssl.cnf index 7099413f0..f5ae64e36 100644 --- a/testing/hosts/winnetou/etc/openssl/research/openssl.cnf +++ b/testing/hosts/winnetou/etc/openssl/research/openssl.cnf @@ -1,19 +1,11 @@ -# openssl.cnf - OpenSSL configuration file for the ZHW PKI -# Mario Strasser <mario.strasser@zhwin.ch> -# +# openssl.cnf - OpenSSL configuration file +# # This definitions were set by the ca_init script DO NOT change # them manually. CAHOME = /etc/openssl/research RANDFILE = $CAHOME/.rand -# Extra OBJECT IDENTIFIER info: -oid_section = new_oids - -[ new_oids ] -SmartcardLogin = 1.3.6.1.4.1.311.20.2 -ClientAuthentication = 1.3.6.1.4.1.311.20.2.2 - #################################################################### [ ca ] @@ -21,7 +13,7 @@ default_ca = root_ca # The default ca section #################################################################### -[ root_ca ] +[ root_ca ] dir = $CAHOME certs = $dir/certs # Where the issued certs are kept @@ -82,7 +74,7 @@ x509_extensions = ca_ext # The extensions to add to the self signed cert # req_extensions = v3_req # The extensions to add to a certificate request -# This sets a mask for permitted string types. There are several options. +# This sets a mask for permitted string types. There are several options. # default: PrintableString, T61String, BMPString. # pkix : PrintableString, BMPString. # utf8only: only UTF8Strings. @@ -117,7 +109,7 @@ organizationName_default = Linux strongSwan #1.organizationalUnitName = Type (eg, Staff) #1.organizationalUnitName_default = Staff -#userId = UID +#userId = UID commonName = Common Name (eg, YOUR name) commonName_default = $ENV::COMMON_NAME @@ -155,7 +147,7 @@ basicConstraints = CA:FALSE keyUsage = digitalSignature, keyEncipherment, keyAgreement subjectKeyIdentifier = hash authorityKeyIdentifier = keyid, issuer:always -subjectAltName = email:$ENV::COMMON_NAME +subjectAltName = email:$ENV::COMMON_NAME crlDistributionPoints = URI:http://crl.strongswan.org/research.crl #################################################################### diff --git a/testing/hosts/winnetou/etc/openssl/rfc3779/openssl.cnf b/testing/hosts/winnetou/etc/openssl/rfc3779/openssl.cnf index 12da734aa..11ff172ac 100644 --- a/testing/hosts/winnetou/etc/openssl/rfc3779/openssl.cnf +++ b/testing/hosts/winnetou/etc/openssl/rfc3779/openssl.cnf @@ -1,19 +1,11 @@ -# openssl.cnf - OpenSSL configuration file for the ZHW PKI -# Mario Strasser <mario.strasser@zhwin.ch> -# +# openssl.cnf - OpenSSL configuration file +# # This definitions were set by the ca_init script DO NOT change # them manually. -CAHOME = /etc/openssl/rfc3779 +CAHOME = /etc/openssl/rfc3779 RANDFILE = $CAHOME/.rand -# Extra OBJECT IDENTIFIER info: -oid_section = new_oids - -[ new_oids ] -SmartcardLogin = 1.3.6.1.4.1.311.20.2 -ClientAuthentication = 1.3.6.1.4.1.311.20.2.2 - #################################################################### [ ca ] @@ -21,7 +13,7 @@ default_ca = root_ca # The default ca section #################################################################### -[ root_ca ] +[ root_ca ] dir = $CAHOME certs = $dir/certs # Where the issued certs are kept @@ -83,7 +75,7 @@ x509_extensions = ca_ext # The extensions to add to the self signed cert # req_extensions = v3_req # The extensions to add to a certificate request -# This sets a mask for permitted string types. There are several options. +# This sets a mask for permitted string types. There are several options. # default: PrintableString, T61String, BMPString. # pkix : PrintableString, BMPString. # utf8only: only UTF8Strings. @@ -113,12 +105,12 @@ organizationName = Organization Name (eg, company) organizationName_default = Linux strongSwan 0.organizationalUnitName = Organizational Unit Name (eg, section) -0.organizationalUnitName_default = RFC3779 +0.organizationalUnitName_default = RFC3779 #1.organizationalUnitName = Type (eg, Staff) #1.organizationalUnitName_default = Staff -#userId = UID +#userId = UID commonName = Common Name (eg, YOUR name) commonName_default = $ENV::COMMON_NAME @@ -173,7 +165,7 @@ basicConstraints = CA:FALSE keyUsage = digitalSignature, keyEncipherment, keyAgreement subjectKeyIdentifier = hash authorityKeyIdentifier = keyid, issuer:always -subjectAltName = email:$ENV::COMMON_NAME +subjectAltName = email:$ENV::COMMON_NAME #authorityInfoAccess = OCSP;URI:http://ocsp.strongswan.org:8880 crlDistributionPoints = URI:http://crl.strongswan.org/strongswan_rfc3779.crl diff --git a/testing/hosts/winnetou/etc/openssl/sales/openssl.cnf b/testing/hosts/winnetou/etc/openssl/sales/openssl.cnf index f3ec7e168..f1d080c0b 100644 --- a/testing/hosts/winnetou/etc/openssl/sales/openssl.cnf +++ b/testing/hosts/winnetou/etc/openssl/sales/openssl.cnf @@ -1,19 +1,11 @@ -# openssl.cnf - OpenSSL configuration file for the ZHW PKI -# Mario Strasser <mario.strasser@zhwin.ch> -# +# openssl.cnf - OpenSSL configuration file +# # This definitions were set by the ca_init script DO NOT change # them manually. -CAHOME = /etc/openssl/sales +CAHOME = /etc/openssl/sales RANDFILE = $CAHOME/.rand -# Extra OBJECT IDENTIFIER info: -oid_section = new_oids - -[ new_oids ] -SmartcardLogin = 1.3.6.1.4.1.311.20.2 -ClientAuthentication = 1.3.6.1.4.1.311.20.2.2 - #################################################################### [ ca ] @@ -21,7 +13,7 @@ default_ca = root_ca # The default ca section #################################################################### -[ root_ca ] +[ root_ca ] dir = $CAHOME certs = $dir/certs # Where the issued certs are kept @@ -82,7 +74,7 @@ x509_extensions = ca_ext # The extensions to add to the self signed cert # req_extensions = v3_req # The extensions to add to a certificate request -# This sets a mask for permitted string types. There are several options. +# This sets a mask for permitted string types. There are several options. # default: PrintableString, T61String, BMPString. # pkix : PrintableString, BMPString. # utf8only: only UTF8Strings. @@ -117,7 +109,7 @@ organizationName_default = Linux strongSwan #1.organizationalUnitName = Type (eg, Staff) #1.organizationalUnitName_default = Staff -#userId = UID +#userId = UID commonName = Common Name (eg, YOUR name) commonName_default = $ENV::COMMON_NAME @@ -155,7 +147,7 @@ basicConstraints = CA:FALSE keyUsage = digitalSignature, keyEncipherment, keyAgreement subjectKeyIdentifier = hash authorityKeyIdentifier = keyid, issuer:always -subjectAltName = email:$ENV::COMMON_NAME +subjectAltName = email:$ENV::COMMON_NAME crlDistributionPoints = URI:http://crl.strongswan.org/sales.crl #authorityInfoAccess = OCSP;URI:http://ocsp2.strongswan.org:8882 |