1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586 |
- #
- # OpenSSL example configuration file for automated certificate creation.
- #
- # This definition stops the following lines choking if HOME or CN
- # is undefined.
- HOME = .
- RANDFILE = $ENV::HOME/.rnd
- CN = "Not Defined"
- default_ca = ca
- ####################################################################
- [ req ]
- default_bits = 1024
- default_keyfile = privkey.pem
- # Don't prompt for fields: use those in section directly
- prompt = no
- distinguished_name = req_distinguished_name
- x509_extensions = v3_ca # The extensions to add to the self signed cert
- string_mask = utf8only
- # req_extensions = v3_req # The extensions to add to a certificate request
- [ req_distinguished_name ]
- countryName = UK
- organizationName = OpenSSL Group
- # Take CN from environment so it can come from a script.
- commonName = $ENV::CN
- [ usr_cert ]
- # These extensions are added when 'ca' signs a request for an end entity
- # certificate
- basicConstraints=critical, CA:FALSE
- keyUsage=critical, nonRepudiation, digitalSignature, keyEncipherment
- # This will be displayed in Netscape's comment listbox.
- nsComment = "OpenSSL Generated Certificate"
- # PKIX recommendations harmless if included in all certificates.
- subjectKeyIdentifier=hash
- authorityKeyIdentifier=keyid
- # OCSP responder certificate
- [ ocsp_cert ]
- basicConstraints=critical, CA:FALSE
- keyUsage=critical, nonRepudiation, digitalSignature, keyEncipherment
- # This will be displayed in Netscape's comment listbox.
- nsComment = "OpenSSL Generated Certificate"
- # PKIX recommendations harmless if included in all certificates.
- subjectKeyIdentifier=hash
- authorityKeyIdentifier=keyid
- extendedKeyUsage=OCSPSigning
- [ dh_cert ]
- # These extensions are added when 'ca' signs a request for an end entity
- # DH certificate
- basicConstraints=critical, CA:FALSE
- keyUsage=critical, keyAgreement
- # PKIX recommendations harmless if included in all certificates.
- subjectKeyIdentifier=hash
- authorityKeyIdentifier=keyid
- [ v3_ca ]
- # Extensions for a typical CA
- # PKIX recommendation.
- subjectKeyIdentifier=hash
- authorityKeyIdentifier=keyid:always
- basicConstraints = critical,CA:true
- keyUsage = critical, cRLSign, keyCertSign
- # Minimal CA entry to allow generation of CRLs.
- [ca]
- database=index.txt
- crlnumber=crlnum.txt
|