]>
Commit | Line | Data |
---|---|---|
d02b48c6 | 1 | # |
06d5b162 | 2 | # OpenSSL example configuration file. |
d02b48c6 RE |
3 | # This is mostly being used for generation of certificate requests. |
4 | # | |
5 | ||
6 | RANDFILE = $ENV::HOME/.rnd | |
dfeab068 | 7 | oid_file = $ENV::HOME/.oid |
d02b48c6 RE |
8 | |
9 | #################################################################### | |
10 | [ ca ] | |
11 | default_ca = CA_default # The default ca section | |
12 | ||
13 | #################################################################### | |
14 | [ CA_default ] | |
15 | ||
16 | dir = ./demoCA # Where everything is kept | |
17 | certs = $dir/certs # Where the issued certs are kept | |
18 | crl_dir = $dir/crl # Where the issued crl are kept | |
19 | database = $dir/index.txt # database index file. | |
20 | new_certs_dir = $dir/newcerts # default place for new certs. | |
21 | ||
22 | certificate = $dir/cacert.pem # The CA certificate | |
23 | serial = $dir/serial # The current serial number | |
24 | crl = $dir/crl.pem # The current CRL | |
25 | private_key = $dir/private/cakey.pem# The private key | |
26 | RANDFILE = $dir/private/.rand # private random number file | |
27 | ||
28 | x509_extensions = x509v3_extensions # The extentions to add to the cert | |
29 | default_days = 365 # how long to certify for | |
30 | default_crl_days= 30 # how long before next CRL | |
31 | default_md = md5 # which md to use. | |
32 | preserve = no # keep passed DN ordering | |
33 | ||
34 | # A few difference way of specifying how similar the request should look | |
35 | # For type CA, the listed attributes must be the same, and the optional | |
36 | # and supplied fields are just that :-) | |
37 | policy = policy_match | |
38 | ||
39 | # For the CA policy | |
40 | [ policy_match ] | |
41 | countryName = match | |
42 | stateOrProvinceName = match | |
43 | organizationName = match | |
44 | organizationalUnitName = optional | |
45 | commonName = supplied | |
46 | emailAddress = optional | |
47 | ||
48 | # For the 'anything' policy | |
49 | # At this point in time, you must list all acceptable 'object' | |
50 | # types. | |
51 | [ policy_anything ] | |
52 | countryName = optional | |
53 | stateOrProvinceName = optional | |
54 | localityName = optional | |
55 | organizationName = optional | |
56 | organizationalUnitName = optional | |
57 | commonName = supplied | |
58 | emailAddress = optional | |
59 | ||
60 | #################################################################### | |
61 | [ req ] | |
62 | default_bits = 1024 | |
63 | default_keyfile = privkey.pem | |
64 | distinguished_name = req_distinguished_name | |
65 | attributes = req_attributes | |
66 | ||
67 | [ req_distinguished_name ] | |
68 | countryName = Country Name (2 letter code) | |
69 | countryName_default = AU | |
70 | countryName_min = 2 | |
71 | countryName_max = 2 | |
72 | ||
73 | stateOrProvinceName = State or Province Name (full name) | |
74 | stateOrProvinceName_default = Some-State | |
75 | ||
76 | localityName = Locality Name (eg, city) | |
77 | ||
78 | 0.organizationName = Organization Name (eg, company) | |
79 | 0.organizationName_default = Internet Widgits Pty Ltd | |
80 | ||
81 | # we can do this but it is not needed normally :-) | |
82 | #1.organizationName = Second Organization Name (eg, company) | |
06d5b162 | 83 | #1.organizationName_default = World Wide Web Pty Ltd |
d02b48c6 RE |
84 | |
85 | organizationalUnitName = Organizational Unit Name (eg, section) | |
86 | #organizationalUnitName_default = | |
87 | ||
88 | commonName = Common Name (eg, YOUR name) | |
89 | commonName_max = 64 | |
90 | ||
91 | emailAddress = Email Address | |
92 | emailAddress_max = 40 | |
93 | ||
dfeab068 RE |
94 | SET-ex3 = SET extension number 3 |
95 | ||
d02b48c6 RE |
96 | [ req_attributes ] |
97 | challengePassword = A challenge password | |
98 | challengePassword_min = 4 | |
99 | challengePassword_max = 20 | |
100 | ||
101 | unstructuredName = An optional company name | |
102 | ||
103 | [ x509v3_extensions ] | |
104 | ||
06d5b162 | 105 | nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem |
d02b48c6 RE |
106 | nsComment = "This is a comment" |
107 | ||
108 | # under ASN.1, the 0 bit would be encoded as 80 | |
109 | nsCertType = 0x40 | |
110 | ||
111 | #nsBaseUrl | |
112 | #nsRevocationUrl | |
113 | #nsRenewalUrl | |
114 | #nsCaPolicyUrl | |
115 | #nsSslServerName | |
116 | #nsCertSequence | |
117 | #nsCertExt | |
118 | #nsDataType | |
119 |