Add signer configuration

docker/signer-config/openssl-server.cnf

@@ -0,0 +1,34 @@
+[ ca ]
+default_ca             = CA_default               # The default ca section
+
+[ CA_default ]
+dir                    = /srv/ca/CA               # Where everything is kept
+certs                  = $dir/certs               # Where the issued certs are kept
+crl_dir                = $dir/crl                 # Where the issued crl are kept
+crlnumber              = $dir/crlnumber           # Where the current CRL-number is stored (bug-1438)
+database               = $dir/index.txt           # database index file.
+new_certs_dir          = $dir/newcerts            # default place for new certs.
+certificate            = $dir/ca.crt.pem          # The CA certificate
+serial                 = $dir/serial              # The current serial number
+crl                    = $dir/crl.pem             # The current CRL
+private_key            = $dir/private/ca.key.pem  # The private key
+RANDFILE               = $dir/private/.rand       # private random number file
+x509_extensions        = usr_cert                 # The extentions to add to the cert
+default_days           = 200                      # how long to certify for
+default_crl_days       = 30                       # how long before next CRL
+default_md             = sha512                   # which md to use.
+preserve               = no                       # keep passed DN ordering
+policy                 = policy_anything
+
+[ policy_anything ]
+commonName             = optional
+subjectAltName         = optional
+
+[ usr_cert ]
+basicConstraints       = critical,CA:FALSE
+keyUsage               = critical,digitalSignature,keyEncipherment,keyAgreement
+extendedKeyUsage       = clientAuth,serverAuth,nsSGC,msSGC
+authorityInfoAccess    = OCSP;URI:http://ocsp.cacert.localhost
+crlDistributionPoints  = URI:http://crl.cacert.localhost/revoke.crl
+
+[ crl_ext ]