config/ssl/openssl.cnf

   1 HOME            = .
   2 oid_section     = new_oids
   3
   4 [ new_oids ]
   5
   6 [ ca ]
   7 default_ca      = IPFire
   8
   9 [ IPFire ]
  10 dir             = /var/ipfire
  11 certs           = $dir/certs
  12 crl_dir = $dir/crls
  13 database        = $dir/certs/index.txt
  14 new_certs_dir   = $dir/certs
  15 certificate     = $dir/ca/cacert.pem
  16 serial          = $dir/certs/serial
  17 crl             = $dir/crls/cacrl.pem
  18 private_key     = $dir/private/cakey.pem
  19 x509_extensions = usr_cert
  20 default_days    = 999999
  21 default_crl_days= 30
  22 default_md      = sha256
  23 preserve        = no
  24 policy          = policy_match
  25 email_in_dn     = no
  26 copy_extensions = copyall
  27
  28 [ policy_match ]
  29 countryName             = optional
  30 stateOrProvinceName     = optional
  31 organizationName        = optional
  32 organizationalUnitName  = optional
  33 commonName              = supplied
  34 emailAddress            = optional
  35
  36 [ req ]
  37 default_bits            = 2048
  38 default_keyfile         = privkey.pem
  39 distinguished_name      = req_distinguished_name
  40 attributes              = req_attributes
  41 x509_extensions = v3_ca
  42 string_mask = nombstr
  43
  44 [ req_distinguished_name ]
  45 countryName                     = Country Name (2 letter code)
  46 countryName_default             = DE
  47 countryName_min         = 2
  48 countryName_max         = 2
  49
  50 stateOrProvinceName             = State or Province Name (full name)
  51 stateOrProvinceName_default     =
  52
  53 localityName                    = Locality Name (eg, city)
  54 #localityName_default           =
  55
  56 0.organizationName              = Organization Name (eg, company)
  57 0.organizationName_default      = IPFire
  58
  59 organizationalUnitName          = Organizational Unit Name (eg, section)
  60 #organizationalUnitName_default =
  61
  62 commonName                      = Common Name (eg, your name or your server\'s hostname)
  63 commonName_max          = 64
  64
  65 emailAddress                    = Email Address
  66 emailAddress_max                = 40
  67
  68 [ req_attributes ]
  69 challengePassword               = A challenge password
  70 challengePassword_min   = 4
  71 challengePassword_max   = 20
  72 unstructuredName                = An optional company name
  73
  74 [ usr_cert ]
  75 basicConstraints=CA:FALSE
  76 nsComment                       = "OpenSSL Generated Certificate"
  77 subjectKeyIdentifier=hash
  78 authorityKeyIdentifier=keyid,issuer:always
  79
  80 [ v3_req ]
  81 basicConstraints = CA:FALSE
  82 keyUsage = nonRepudiation, digitalSignature, keyEncipherment
  83
  84 [ v3_ca ]
  85 subjectKeyIdentifier=hash
  86 authorityKeyIdentifier=keyid:always,issuer:always
  87 basicConstraints = CA:true
  88
  89 [ crl_ext ]
  90 authorityKeyIdentifier=keyid:always,issuer:always
  91
  92 [ engine ]
  93 default = openssl