apps.cnf 1.8 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869
  1. #
  2. # OpenSSL configuration file to create apps directory certificates
  3. #
  4. # This definition stops the following lines choking if HOME or CN
  5. # is undefined.
  6. HOME = .
  7. RANDFILE = $ENV::HOME/.rnd
  8. CN = "Not Defined"
  9. ####################################################################
  10. [ req ]
  11. default_bits = 2048
  12. default_keyfile = privkey.pem
  13. # Don't prompt for fields: use those in section directly
  14. prompt = no
  15. distinguished_name = req_distinguished_name
  16. x509_extensions = v3_ca # The extensions to add to the self signed cert
  17. string_mask = utf8only
  18. # req_extensions = v3_req # The extensions to add to a certificate request
  19. [ req_distinguished_name ]
  20. countryName = UK
  21. organizationName = OpenSSL Group
  22. organizationalUnitName = FOR TESTING PURPOSES ONLY
  23. # Take CN from environment so it can come from a script.
  24. commonName = $ENV::CN
  25. [ usr_cert ]
  26. # These extensions are added when 'ca' signs a request for an end entity
  27. # certificate
  28. basicConstraints=critical, CA:FALSE
  29. keyUsage=critical, nonRepudiation, digitalSignature, keyEncipherment
  30. # This will be displayed in Netscape's comment listbox.
  31. nsComment = "OpenSSL Generated Certificate"
  32. [ ec_cert ]
  33. # These extensions are added when 'ca' signs a request for an end entity
  34. # certificate
  35. basicConstraints=critical, CA:FALSE
  36. keyUsage=critical, nonRepudiation, digitalSignature, keyAgreement
  37. # This will be displayed in Netscape's comment listbox.
  38. nsComment = "OpenSSL Generated Certificate"
  39. # PKIX recommendations harmless if included in all certificates.
  40. subjectKeyIdentifier=hash
  41. authorityKeyIdentifier=keyid
  42. [ v3_ca ]
  43. # Extensions for a typical CA
  44. # PKIX recommendation.
  45. subjectKeyIdentifier=hash
  46. authorityKeyIdentifier=keyid:always
  47. basicConstraints = critical,CA:true
  48. keyUsage = critical, cRLSign, keyCertSign