[people/pmueller/ipfire-2.x.git] / config / ssl / openssl.cnf

HOME		= .
oid_section	= new_oids

[ new_oids ]

[ ca ]
default_ca	= IPFire

[ IPFire ]
dir		= /var/ipfire
certs		= $dir/certs
crl_dir	= $dir/crls
database	= $dir/certs/index.txt
new_certs_dir	= $dir/certs
certificate	= $dir/ca/cacert.pem
serial		= $dir/certs/serial
crl		= $dir/crls/cacrl.pem
private_key	= $dir/private/cakey.pem
x509_extensions	= usr_cert
default_days	= 999999
default_crl_days= 30
default_md	= sha256
preserve	= no
policy		= policy_match
email_in_dn	= no
copy_extensions = copyall

[ policy_match ]
countryName		= optional
stateOrProvinceName	= optional
organizationName	= optional
organizationalUnitName	= optional
commonName		= supplied
emailAddress		= optional

[ req ]
default_bits		= 2048
default_keyfile 	= privkey.pem
distinguished_name	= req_distinguished_name
attributes		= req_attributes
x509_extensions	= v3_ca
string_mask = nombstr

[ req_distinguished_name ]
countryName			= Country Name (2 letter code)
countryName_default		= DE
countryName_min		= 2
countryName_max		= 2

stateOrProvinceName		= State or Province Name (full name)
stateOrProvinceName_default	= 

localityName			= Locality Name (eg, city)
#localityName_default		= 

0.organizationName		= Organization Name (eg, company)
0.organizationName_default	= IPFire

organizationalUnitName		= Organizational Unit Name (eg, section)
#organizationalUnitName_default	=

commonName			= Common Name (eg, your name or your server\'s hostname)
commonName_max		= 64

emailAddress			= Email Address
emailAddress_max		= 40

[ req_attributes ]
challengePassword		= A challenge password
challengePassword_min	= 4
challengePassword_max	= 20
unstructuredName		= An optional company name

[ usr_cert ]
basicConstraints=CA:FALSE
nsComment			= "OpenSSL Generated Certificate"
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always

[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment

[ v3_ca ]
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
basicConstraints = CA:true

[ crl_ext ]
authorityKeyIdentifier=keyid:always,issuer:always

[ engine ]
default = openssl
Commit	Line	Data
cd1a2927	1	HOME = .
cd1a2927 MT	2	oid_section = new_oids
	3
	4	[ new_oids ]
	5
	6	[ ca ]
33a31f1a	7	default_ca = IPFire
cd1a2927	8
1ce6d696	9	[ IPFire ]
33a31f1a	10	dir = /var/ipfire
cd1a2927	11	certs = $dir/certs
e3a8510a	12	crl_dir = $dir/crls
cd1a2927 MT	13	database = $dir/certs/index.txt
	14	new_certs_dir = $dir/certs
	15	certificate = $dir/ca/cacert.pem
	16	serial = $dir/certs/serial
	17	crl = $dir/crls/cacrl.pem
	18	private_key = $dir/private/cakey.pem
cd1a2927 MT	19	x509_extensions = usr_cert
	20	default_days = 999999
	21	default_crl_days= 30
3847730c	22	default_md = sha256
cd1a2927 MT	23	preserve = no
	24	policy = policy_match
	25	email_in_dn = no
9f010115	26	copy_extensions = copyall
cd1a2927 MT	27
	28	[ policy_match ]
	29	countryName = optional
	30	stateOrProvinceName = optional
	31	organizationName = optional
	32	organizationalUnitName = optional
	33	commonName = supplied
	34	emailAddress = optional
	35
	36	[ req ]
3847730c	37	default_bits = 2048
cd1a2927 MT	38	default_keyfile = privkey.pem
	39	distinguished_name = req_distinguished_name
	40	attributes = req_attributes
	41	x509_extensions = v3_ca
	42	string_mask = nombstr
	43
	44	[ req_distinguished_name ]
	45	countryName = Country Name (2 letter code)
e3a8510a MT	46	countryName_default = DE
	47	countryName_min = 2
	48	countryName_max = 2
cd1a2927 MT	49
	50	stateOrProvinceName = State or Province Name (full name)
	51	stateOrProvinceName_default =
	52
	53	localityName = Locality Name (eg, city)
	54	#localityName_default =
	55
	56	0.organizationName = Organization Name (eg, company)
e3a8510a	57	0.organizationName_default = IPFire
cd1a2927 MT	58
	59	organizationalUnitName = Organizational Unit Name (eg, section)
	60	#organizationalUnitName_default =
	61
	62	commonName = Common Name (eg, your name or your server\'s hostname)
e3a8510a	63	commonName_max = 64
cd1a2927 MT	64
	65	emailAddress = Email Address
	66	emailAddress_max = 40
	67
	68	[ req_attributes ]
	69	challengePassword = A challenge password
e3a8510a MT	70	challengePassword_min = 4
e3a8510a MT	71	challengePassword_max = 20
cd1a2927 MT	72	unstructuredName = An optional company name
	73
	74	[ usr_cert ]
	75	basicConstraints=CA:FALSE
	76	nsComment = "OpenSSL Generated Certificate"
	77	subjectKeyIdentifier=hash
	78	authorityKeyIdentifier=keyid,issuer:always
	79
	80	[ v3_req ]
	81	basicConstraints = CA:FALSE
	82	keyUsage = nonRepudiation, digitalSignature, keyEncipherment
	83
	84	[ v3_ca ]
	85	subjectKeyIdentifier=hash
	86	authorityKeyIdentifier=keyid:always,issuer:always
	87	basicConstraints = CA:true
	88
	89	[ crl_ext ]
	90	authorityKeyIdentifier=keyid:always,issuer:always
	91
	92	[ engine ]
	93	default = openssl