123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869 |
- #
- # OpenSSL configuration file to create apps directory certificates
- #
- # This definition stops the following lines choking if HOME or CN
- # is undefined.
- HOME = .
- RANDFILE = $ENV::HOME/.rnd
- CN = "Not Defined"
- ####################################################################
- [ req ]
- default_bits = 2048
- default_keyfile = privkey.pem
- # Don't prompt for fields: use those in section directly
- prompt = no
- distinguished_name = req_distinguished_name
- x509_extensions = v3_ca # The extensions to add to the self signed cert
- string_mask = utf8only
- # req_extensions = v3_req # The extensions to add to a certificate request
- [ req_distinguished_name ]
- countryName = UK
- organizationName = OpenSSL Group
- organizationalUnitName = FOR TESTING PURPOSES ONLY
- # Take CN from environment so it can come from a script.
- commonName = $ENV::CN
- [ usr_cert ]
- # These extensions are added when 'ca' signs a request for an end entity
- # certificate
- basicConstraints=critical, CA:FALSE
- keyUsage=critical, nonRepudiation, digitalSignature, keyEncipherment
- # This will be displayed in Netscape's comment listbox.
- nsComment = "OpenSSL Generated Certificate"
- [ ec_cert ]
- # These extensions are added when 'ca' signs a request for an end entity
- # certificate
- basicConstraints=critical, CA:FALSE
- keyUsage=critical, nonRepudiation, digitalSignature, keyAgreement
- # This will be displayed in Netscape's comment listbox.
- nsComment = "OpenSSL Generated Certificate"
- # PKIX recommendations harmless if included in all certificates.
- subjectKeyIdentifier=hash
- authorityKeyIdentifier=keyid
- [ v3_ca ]
- # Extensions for a typical CA
- # PKIX recommendation.
- subjectKeyIdentifier=hash
- authorityKeyIdentifier=keyid:always
- basicConstraints = critical,CA:true
- keyUsage = critical, cRLSign, keyCertSign
|