[people/teissler/ipfire-2.x.git] / config / ovpn / openssl / ovpn.cnf

HOME		= .
RANDFILE	= /var/ipfire/ovpn/ca/.rnd
oid_section	= new_oids

[ new_oids ]

[ ca ]
default_ca	= openvpn

[ openvpn ]
dir		= /var/ipfire/ovpn
certs		= $dir/certs
crl_dir		= $dir/crl
database	= $dir/certs/index.txt
new_certs_dir	= $dir/certs
certificate	= $dir/ca/cacert.pem
serial		= $dir/certs/serial
crl		= $dir/crl.pem
private_key	= $dir/ca/cakey.pem
RANDFILE	= $dir/ca/.rand
x509_extensions	= usr_cert
default_days	= 999999
default_crl_days= 30
default_md	= md5
preserve	= no
policy		= policy_match
email_in_dn	= no

[ policy_match ]
countryName		= optional
stateOrProvinceName	= optional
organizationName	= optional
organizationalUnitName	= optional
commonName		= supplied
emailAddress		= optional

[ req ]
default_bits		= 1024
default_keyfile 	= privkey.pem
distinguished_name	= req_distinguished_name
attributes		= req_attributes
x509_extensions	= v3_ca
string_mask = nombstr

[ req_distinguished_name ]
countryName			= Country Name (2 letter code)
countryName_default		= GB
countryName_min			= 2
countryName_max			= 2

stateOrProvinceName		= State or Province Name (full name)
stateOrProvinceName_default	= 

localityName			= Locality Name (eg, city)
#localityName_default		= 

0.organizationName		= Organization Name (eg, company)
0.organizationName_default	= My Company Ltd

organizationalUnitName		= Organizational Unit Name (eg, section)
#organizationalUnitName_default	=

commonName			= Common Name (eg, your name or your server\'s hostname)
commonName_max			= 64

emailAddress			= Email Address
emailAddress_max		= 40

[ req_attributes ]
challengePassword		= A challenge password
challengePassword_min		= 4
challengePassword_max		= 20
unstructuredName		= An optional company name

[ usr_cert ]
basicConstraints=CA:FALSE
nsComment			= "OpenSSL Generated Certificate"
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always

[ server ]

# JY ADDED -- Make a cert with nsCertType set to "server"
basicConstraints=CA:FALSE
nsCertType			= server
nsComment			= "OpenSSL Generated Server Certificate"
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always 

[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment

[ v3_ca ]
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
basicConstraints = CA:true

[ crl_ext ]
authorityKeyIdentifier=keyid:always,issuer:always

[ engine ]
default = openssl
Commit	Line	Data
b2e75449 MT	1	HOME = .
	2	RANDFILE = /var/ipfire/ovpn/ca/.rnd
	3	oid_section = new_oids
6e13d0a5 MT	4
	5	[ new_oids ]
	6
	7	[ ca ]
b2e75449	8	default_ca = openvpn
6e13d0a5 MT	9
6e13d0a5 MT	10	[ openvpn ]
b2e75449 MT	11	dir = /var/ipfire/ovpn
	12	certs = $dir/certs
	13	crl_dir = $dir/crl
	14	database = $dir/certs/index.txt
	15	new_certs_dir = $dir/certs
	16	certificate = $dir/ca/cacert.pem
	17	serial = $dir/certs/serial
	18	crl = $dir/crl.pem
	19	private_key = $dir/ca/cakey.pem
	20	RANDFILE = $dir/ca/.rand
	21	x509_extensions = usr_cert
	22	default_days = 999999
	23	default_crl_days= 30
	24	default_md = md5
	25	preserve = no
	26	policy = policy_match
	27	email_in_dn = no
6e13d0a5 MT	28
6e13d0a5 MT	29	[ policy_match ]
b2e75449 MT	30	countryName = optional
	31	stateOrProvinceName = optional
	32	organizationName = optional
	33	organizationalUnitName = optional
	34	commonName = supplied
	35	emailAddress = optional
6e13d0a5 MT	36
6e13d0a5 MT	37	[ req ]
b2e75449 MT	38	default_bits = 1024
	39	default_keyfile = privkey.pem
	40	distinguished_name = req_distinguished_name
	41	attributes = req_attributes
	42	x509_extensions = v3_ca
	43	string_mask = nombstr
6e13d0a5 MT	44
	45	[ req_distinguished_name ]
	46	countryName = Country Name (2 letter code)
	47	countryName_default = GB
	48	countryName_min = 2
	49	countryName_max = 2
	50
	51	stateOrProvinceName = State or Province Name (full name)
	52	stateOrProvinceName_default =
	53
	54	localityName = Locality Name (eg, city)
	55	#localityName_default =
	56
	57	0.organizationName = Organization Name (eg, company)
	58	0.organizationName_default = My Company Ltd
	59
	60	organizationalUnitName = Organizational Unit Name (eg, section)
	61	#organizationalUnitName_default =
	62
	63	commonName = Common Name (eg, your name or your server\'s hostname)
	64	commonName_max = 64
	65
	66	emailAddress = Email Address
	67	emailAddress_max = 40
	68
	69	[ req_attributes ]
	70	challengePassword = A challenge password
	71	challengePassword_min = 4
	72	challengePassword_max = 20
	73	unstructuredName = An optional company name
	74
	75	[ usr_cert ]
b2e75449	76	basicConstraints=CA:FALSE
6e13d0a5	77	nsComment = "OpenSSL Generated Certificate"
b2e75449 MT	78	subjectKeyIdentifier=hash
b2e75449 MT	79	authorityKeyIdentifier=keyid,issuer:always
6e13d0a5 MT	80
	81	[ server ]
	82
	83	# JY ADDED -- Make a cert with nsCertType set to "server"
b2e75449	84	basicConstraints=CA:FALSE
6e13d0a5 MT	85	nsCertType = server
6e13d0a5 MT	86	nsComment = "OpenSSL Generated Server Certificate"
b2e75449 MT	87	subjectKeyIdentifier=hash
b2e75449 MT	88	authorityKeyIdentifier=keyid,issuer:always
6e13d0a5 MT	89
6e13d0a5 MT	90	[ v3_req ]
b2e75449 MT	91	basicConstraints = CA:FALSE
b2e75449 MT	92	keyUsage = nonRepudiation, digitalSignature, keyEncipherment
6e13d0a5 MT	93
6e13d0a5 MT	94	[ v3_ca ]
b2e75449 MT	95	subjectKeyIdentifier=hash
	96	authorityKeyIdentifier=keyid:always,issuer:always
	97	basicConstraints = CA:true
6e13d0a5 MT	98
6e13d0a5 MT	99	[ crl_ext ]
b2e75449	100	authorityKeyIdentifier=keyid:always,issuer:always
6e13d0a5 MT	101
6e13d0a5 MT	102	[ engine ]
b2e75449	103	default = openssl