]>
Commit | Line | Data |
---|---|---|
6e13d0a5 | 1 | HOME = . |
e383179b | 2 | RANDFILE = /var/ipfire/ovpn/ca/.rnd |
6e13d0a5 MT |
3 | oid_section = new_oids |
4 | ||
5 | [ new_oids ] | |
6 | ||
7 | [ ca ] | |
8 | default_ca = openvpn | |
9 | ||
10 | [ openvpn ] | |
e383179b | 11 | dir = /var/ipfire/ovpn |
6e13d0a5 MT |
12 | certs = $dir/certs |
13 | crl_dir = $dir/crl | |
14 | database = $dir/certs/index.txt | |
15 | new_certs_dir = $dir/certs | |
16 | certificate = $dir/ca/cacert.pem | |
17 | serial = $dir/certs/serial | |
18 | crl = $dir/crl.pem | |
19 | private_key = $dir/ca/cakey.pem | |
20 | RANDFILE = $dir/ca/.rand | |
21 | x509_extensions = usr_cert | |
22 | default_days = 999999 | |
23 | default_crl_days= 30 | |
24 | default_md = md5 | |
25 | preserve = no | |
26 | policy = policy_match | |
27 | email_in_dn = no | |
28 | ||
29 | [ policy_match ] | |
30 | countryName = optional | |
31 | stateOrProvinceName = optional | |
32 | organizationName = optional | |
33 | organizationalUnitName = optional | |
34 | commonName = supplied | |
35 | emailAddress = optional | |
36 | ||
37 | [ req ] | |
38 | default_bits = 1024 | |
39 | default_keyfile = privkey.pem | |
40 | distinguished_name = req_distinguished_name | |
41 | attributes = req_attributes | |
42 | x509_extensions = v3_ca | |
43 | string_mask = nombstr | |
44 | ||
45 | [ req_distinguished_name ] | |
46 | countryName = Country Name (2 letter code) | |
47 | countryName_default = GB | |
48 | countryName_min = 2 | |
49 | countryName_max = 2 | |
50 | ||
51 | stateOrProvinceName = State or Province Name (full name) | |
52 | stateOrProvinceName_default = | |
53 | ||
54 | localityName = Locality Name (eg, city) | |
55 | #localityName_default = | |
56 | ||
57 | 0.organizationName = Organization Name (eg, company) | |
58 | 0.organizationName_default = My Company Ltd | |
59 | ||
60 | organizationalUnitName = Organizational Unit Name (eg, section) | |
61 | #organizationalUnitName_default = | |
62 | ||
63 | commonName = Common Name (eg, your name or your server\'s hostname) | |
64 | commonName_max = 64 | |
65 | ||
66 | emailAddress = Email Address | |
67 | emailAddress_max = 40 | |
68 | ||
69 | [ req_attributes ] | |
70 | challengePassword = A challenge password | |
71 | challengePassword_min = 4 | |
72 | challengePassword_max = 20 | |
73 | unstructuredName = An optional company name | |
74 | ||
75 | [ usr_cert ] | |
76 | basicConstraints=CA:FALSE | |
77 | nsComment = "OpenSSL Generated Certificate" | |
78 | subjectKeyIdentifier=hash | |
79 | authorityKeyIdentifier=keyid,issuer:always | |
80 | ||
81 | [ server ] | |
82 | ||
83 | # JY ADDED -- Make a cert with nsCertType set to "server" | |
84 | basicConstraints=CA:FALSE | |
85 | nsCertType = server | |
86 | nsComment = "OpenSSL Generated Server Certificate" | |
87 | subjectKeyIdentifier=hash | |
88 | authorityKeyIdentifier=keyid,issuer:always | |
89 | ||
90 | [ v3_req ] | |
91 | basicConstraints = CA:FALSE | |
92 | keyUsage = nonRepudiation, digitalSignature, keyEncipherment | |
93 | ||
94 | [ v3_ca ] | |
95 | subjectKeyIdentifier=hash | |
96 | authorityKeyIdentifier=keyid:always,issuer:always | |
97 | basicConstraints = CA:true | |
98 | ||
99 | [ crl_ext ] | |
100 | authorityKeyIdentifier=keyid:always,issuer:always | |
101 | ||
102 | [ engine ] | |
103 | default = openssl |