From 18c4c3789722d6ebbf8b0bb8ce86a508d2aea2c5 Mon Sep 17 00:00:00 2001
From: Timothy Pearson <kb9vqf@pearsoncomputing.net>
Date: Mon, 31 Aug 2015 23:11:58 +0000
Subject: Use tdeldap library PKI certificate generation methods

---
 confskel/Makefile.am            |  3 --
 confskel/openssl/pki_extensions | 61 -----------------------------------------
 2 files changed, 64 deletions(-)
 delete mode 100644 confskel/openssl/pki_extensions

(limited to 'confskel')

diff --git a/confskel/Makefile.am b/confskel/Makefile.am
index 42f25a9..2f5fe92 100644
--- a/confskel/Makefile.am
+++ b/confskel/Makefile.am
@@ -14,6 +14,3 @@ ldapldifskel_DATA = openldap/ldif/*
 
 saslskeldir = $(confskeldir)/sasl
 saslskel_DATA = sasl/*
-
-sslskeldir = $(confskeldir)/openssl
-sslskel_DATA = openssl/*
\ No newline at end of file
diff --git a/confskel/openssl/pki_extensions b/confskel/openssl/pki_extensions
deleted file mode 100644
index d841890..0000000
--- a/confskel/openssl/pki_extensions
+++ /dev/null
@@ -1,61 +0,0 @@
-[ kdc_cert ]
-basicConstraints=CA:FALSE
-
-# Here are some examples of the usage of nsCertType. If it is omitted
-keyUsage = nonRepudiation, digitalSignature, keyEncipherment, keyAgreement
-
-#Pkinit EKU
-extendedKeyUsage = 1.3.6.1.5.2.3.5
-
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer
-
-# Copy subject details
-
-issuerAltName=issuer:copy
-
-# Add id-pkinit-san (pkinit subjectAlternativeName)
-subjectAltName=otherName:1.3.6.1.5.2.2;SEQUENCE:kdc_princ_name
-
-[kdc_princ_name]
-realm = EXP:0, GeneralString:@@@REALM_UCNAME@@@
-principal_name = EXP:1, SEQUENCE:kdc_principal_seq
-
-[kdc_principal_seq]
-name_type = EXP:0, INTEGER:1
-name_string = EXP:1, SEQUENCE:kdc_principals
-
-[kdc_principals]
-princ1 = GeneralString:krbtgt
-princ2 = GeneralString:@@@REALM_UCNAME@@@
-
-[ client_cert ]
-
-# These extensions are added when 'ca' signs a request.
-
-basicConstraints=CA:FALSE
-
-keyUsage = digitalSignature, keyEncipherment, keyAgreement
-
-extendedKeyUsage =  1.3.6.1.5.2.3.4
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer
-
-
-subjectAltName=otherName:1.3.6.1.5.2.2;SEQUENCE:princ_name
-
-
-# Copy subject details
-
-issuerAltName=issuer:copy
-
-[princ_name]
-realm = EXP:0, GeneralString:@@@REALM_UCNAME@@@
-principal_name = EXP:1, SEQUENCE:principal_seq
-
-[principal_seq]
-name_type = EXP:0, INTEGER:1
-name_string = EXP:1, SEQUENCE:principals
-
-[principals]
-princ1 = GeneralString:@@@KDCSERVER@@@
-- 
cgit v1.2.1