]>
Commit | Line | Data |
---|---|---|
cd1a2927 | 1 | HOME = . |
cd1a2927 MT |
2 | oid_section = new_oids |
3 | ||
4 | [ new_oids ] | |
5 | ||
6 | [ ca ] | |
33a31f1a | 7 | default_ca = IPFire |
cd1a2927 | 8 | |
1ce6d696 | 9 | [ IPFire ] |
33a31f1a | 10 | dir = /var/ipfire |
cd1a2927 | 11 | certs = $dir/certs |
e3a8510a | 12 | crl_dir = $dir/crls |
cd1a2927 MT |
13 | database = $dir/certs/index.txt |
14 | new_certs_dir = $dir/certs | |
15 | certificate = $dir/ca/cacert.pem | |
16 | serial = $dir/certs/serial | |
17 | crl = $dir/crls/cacrl.pem | |
18 | private_key = $dir/private/cakey.pem | |
cd1a2927 MT |
19 | x509_extensions = usr_cert |
20 | default_days = 999999 | |
21 | default_crl_days= 30 | |
3847730c | 22 | default_md = sha256 |
cd1a2927 MT |
23 | preserve = no |
24 | policy = policy_match | |
25 | email_in_dn = no | |
9f010115 | 26 | copy_extensions = copyall |
cd1a2927 MT |
27 | |
28 | [ policy_match ] | |
29 | countryName = optional | |
30 | stateOrProvinceName = optional | |
31 | organizationName = optional | |
32 | organizationalUnitName = optional | |
33 | commonName = supplied | |
34 | emailAddress = optional | |
35 | ||
36 | [ req ] | |
3847730c | 37 | default_bits = 2048 |
cd1a2927 MT |
38 | default_keyfile = privkey.pem |
39 | distinguished_name = req_distinguished_name | |
40 | attributes = req_attributes | |
41 | x509_extensions = v3_ca | |
42 | string_mask = nombstr | |
43 | ||
44 | [ req_distinguished_name ] | |
45 | countryName = Country Name (2 letter code) | |
e3a8510a MT |
46 | countryName_default = DE |
47 | countryName_min = 2 | |
48 | countryName_max = 2 | |
cd1a2927 MT |
49 | |
50 | stateOrProvinceName = State or Province Name (full name) | |
51 | stateOrProvinceName_default = | |
52 | ||
53 | localityName = Locality Name (eg, city) | |
54 | #localityName_default = | |
55 | ||
56 | 0.organizationName = Organization Name (eg, company) | |
e3a8510a | 57 | 0.organizationName_default = IPFire |
cd1a2927 MT |
58 | |
59 | organizationalUnitName = Organizational Unit Name (eg, section) | |
60 | #organizationalUnitName_default = | |
61 | ||
62 | commonName = Common Name (eg, your name or your server\'s hostname) | |
e3a8510a | 63 | commonName_max = 64 |
cd1a2927 MT |
64 | |
65 | emailAddress = Email Address | |
66 | emailAddress_max = 40 | |
67 | ||
68 | [ req_attributes ] | |
69 | challengePassword = A challenge password | |
e3a8510a MT |
70 | challengePassword_min = 4 |
71 | challengePassword_max = 20 | |
cd1a2927 MT |
72 | unstructuredName = An optional company name |
73 | ||
74 | [ usr_cert ] | |
75 | basicConstraints=CA:FALSE | |
76 | nsComment = "OpenSSL Generated Certificate" | |
77 | subjectKeyIdentifier=hash | |
78 | authorityKeyIdentifier=keyid,issuer:always | |
79 | ||
80 | [ v3_req ] | |
81 | basicConstraints = CA:FALSE | |
82 | keyUsage = nonRepudiation, digitalSignature, keyEncipherment | |
83 | ||
84 | [ v3_ca ] | |
85 | subjectKeyIdentifier=hash | |
86 | authorityKeyIdentifier=keyid:always,issuer:always | |
87 | basicConstraints = CA:true | |
88 | ||
89 | [ crl_ext ] | |
90 | authorityKeyIdentifier=keyid:always,issuer:always | |
91 | ||
92 | [ engine ] | |
93 | default = openssl |