core124: Fix typo in rootfile

[ipfire-2.x.git] / config / ssl / openssl.cnf

HOME            = .
RANDFILE        = /var/tmp/.rnd
oid_section     = new_oids

[ new_oids ]

[ ca ]
default_ca      = IPFire

[ IPFire ]
dir             = /var/ipfire
certs           = $dir/certs
crl_dir = $dir/crls
database        = $dir/certs/index.txt
new_certs_dir   = $dir/certs
certificate     = $dir/ca/cacert.pem
serial          = $dir/certs/serial
crl             = $dir/crls/cacrl.pem
private_key     = $dir/private/cakey.pem
RANDFILE        = $dir/tmp/.rand
x509_extensions = usr_cert
default_days    = 999999
default_crl_days= 30
default_md      = sha256
preserve        = no
policy          = policy_match
email_in_dn     = no

[ policy_match ]
countryName             = optional
stateOrProvinceName     = optional
organizationName        = optional
organizationalUnitName  = optional
commonName              = supplied
emailAddress            = optional

[ req ]
default_bits            = 2048
default_keyfile         = privkey.pem
distinguished_name      = req_distinguished_name
attributes              = req_attributes
x509_extensions = v3_ca
string_mask = nombstr

[ req_distinguished_name ]
countryName                     = Country Name (2 letter code)
countryName_default             = DE
countryName_min         = 2
countryName_max         = 2

stateOrProvinceName             = State or Province Name (full name)
stateOrProvinceName_default     = 

localityName                    = Locality Name (eg, city)
#localityName_default           = 

0.organizationName              = Organization Name (eg, company)
0.organizationName_default      = IPFire

organizationalUnitName          = Organizational Unit Name (eg, section)
#organizationalUnitName_default =

commonName                      = Common Name (eg, your name or your server\'s hostname)
commonName_max          = 64

emailAddress                    = Email Address
emailAddress_max                = 40

[ req_attributes ]
challengePassword               = A challenge password
challengePassword_min   = 4
challengePassword_max   = 20
unstructuredName                = An optional company name

[ usr_cert ]
basicConstraints=CA:FALSE
nsComment                       = "OpenSSL Generated Certificate"
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always

[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment

[ v3_ca ]
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
basicConstraints = CA:true

[ crl_ext ]
authorityKeyIdentifier=keyid:always,issuer:always

[ engine ]
default = openssl