Files
@ 814be5def61d
Branch filter:
Location: majic-ansible-roles/testsite/tls/gnutls_server_certificate.cfg.j2 - annotation
814be5def61d
926 B
text/plain
MAR-189: Added support for Debian 11 Bullseye to xmpp_server role:
- Roll-out LDAP client configuration since Bullseye does not come with
a stock one at /etc/ldap/ldap.conf that sets the trust anchor
correctly for validating LDAP server certificates.
- Drop the backports pinning in case of Bullseye (for now let's try to
keep the Buster and Bullseye at same versions for simplicity).
- Drop installation of Python apt bindings (no longer used).
- Tests for Buster and Bullseye need to be split-up a bit due to some
differences around backports etc.
- Roll-out LDAP client configuration since Bullseye does not come with
a stock one at /etc/ldap/ldap.conf that sets the trust anchor
correctly for validating LDAP server certificates.
- Drop the backports pinning in case of Bullseye (for now let's try to
keep the Buster and Bullseye at same versions for simplicity).
- Drop installation of Python apt bindings (no longer used).
- Tests for Buster and Bullseye need to be split-up a bit due to some
differences around backports etc.
052eefc4fab0 052eefc4fab0 052eefc4fab0 052eefc4fab0 052eefc4fab0 052eefc4fab0 052eefc4fab0 052eefc4fab0 052eefc4fab0 052eefc4fab0 052eefc4fab0 70733167cdf8 052eefc4fab0 052eefc4fab0 052eefc4fab0 052eefc4fab0 052eefc4fab0 052eefc4fab0 052eefc4fab0 70733167cdf8 2ded0cbae449 2ded0cbae449 2ded0cbae449 052eefc4fab0 052eefc4fab0 052eefc4fab0 052eefc4fab0 052eefc4fab0 052eefc4fab0 052eefc4fab0 884beb9a0e1d 884beb9a0e1d 884beb9a0e1d 884beb9a0e1d 884beb9a0e1d | # X.509 Certificate options
#
# DN options
# The organization of the subject.
organization = "Example Inc."
# The country of the subject. Two letter code.
country = SE
# The common name of the certificate owner.
cn = "Exampe Inc. {{ item.name }} Server"
# In how many days, counting from today, this certificate will expire.
expiration_days = 365
# X.509 v3 extensions
# A dnsname in case of a WWW server.
dns_name = "{{ item.hostname }}.{{ testsite_domain }}"
{% for dns_name in item.extra_dns_names | default([]) %}
dns_name = "{{ dns_name }}"
{% endfor %}
# Whether this certificate will be used for a TLS server
tls_www_server
# Whether this certificate will be used to sign data (needed
# in TLS DHE ciphersuites).
signing_key
# Whether this certificate will be used to encrypt data (needed
# in TLS RSA ciphersuites). Note that it is preferred to use different
# keys for encryption and signing.
encryption_key
|