]>
Commit | Line | Data |
---|---|---|
c2b5d12b | 1 | HOME = . |
c2b5d12b | 2 | oid_section = new_oids |
6e13d0a5 MT |
3 | |
4 | [ new_oids ] | |
5 | ||
6 | [ ca ] | |
c2b5d12b | 7 | default_ca = openvpn |
6e13d0a5 MT |
8 | |
9 | [ openvpn ] | |
c2b5d12b EK |
10 | dir = /var/ipfire/ovpn |
11 | certs = $dir/certs | |
12 | crl_dir = $dir/crl | |
13 | database = $dir/certs/index.txt | |
14 | new_certs_dir = $dir/certs | |
15 | certificate = $dir/ca/cacert.pem | |
16 | serial = $dir/certs/serial | |
17 | crl = $dir/crl.pem | |
18 | private_key = $dir/ca/cakey.pem | |
c2b5d12b EK |
19 | x509_extensions = usr_cert |
20 | default_days = 999999 | |
21 | default_crl_days = 30 | |
22 | default_md = sha256 | |
23 | preserve = no | |
24 | policy = policy_match | |
25 | email_in_dn = no | |
6e13d0a5 MT |
26 | |
27 | [ policy_match ] | |
c2b5d12b EK |
28 | countryName = optional |
29 | stateOrProvinceName = optional | |
30 | organizationName = optional | |
31 | organizationalUnitName = optional | |
32 | commonName = supplied | |
33 | emailAddress = optional | |
6e13d0a5 MT |
34 | |
35 | [ req ] | |
c2b5d12b EK |
36 | default_bits = 2048 |
37 | default_keyfile = privkey.pem | |
38 | distinguished_name = req_distinguished_name | |
39 | attributes = req_attributes | |
40 | x509_extensions = v3_ca | |
41 | string_mask = nombstr | |
6e13d0a5 MT |
42 | |
43 | [ req_distinguished_name ] | |
44 | countryName = Country Name (2 letter code) | |
45 | countryName_default = GB | |
46 | countryName_min = 2 | |
47 | countryName_max = 2 | |
48 | ||
49 | stateOrProvinceName = State or Province Name (full name) | |
50 | stateOrProvinceName_default = | |
51 | ||
52 | localityName = Locality Name (eg, city) | |
53 | #localityName_default = | |
54 | ||
55 | 0.organizationName = Organization Name (eg, company) | |
56 | 0.organizationName_default = My Company Ltd | |
57 | ||
58 | organizationalUnitName = Organizational Unit Name (eg, section) | |
59 | #organizationalUnitName_default = | |
60 | ||
61 | commonName = Common Name (eg, your name or your server\'s hostname) | |
62 | commonName_max = 64 | |
63 | ||
64 | emailAddress = Email Address | |
65 | emailAddress_max = 40 | |
66 | ||
67 | [ req_attributes ] | |
68 | challengePassword = A challenge password | |
69 | challengePassword_min = 4 | |
70 | challengePassword_max = 20 | |
71 | unstructuredName = An optional company name | |
72 | ||
73 | [ usr_cert ] | |
c2b5d12b | 74 | basicConstraints = CA:FALSE |
6e13d0a5 | 75 | nsComment = "OpenSSL Generated Certificate" |
c2b5d12b EK |
76 | subjectKeyIdentifier = hash |
77 | authorityKeyIdentifier = keyid,issuer:always | |
b66b02ab EK |
78 | extendedKeyUsage = clientAuth |
79 | keyUsage = digitalSignature | |
6e13d0a5 MT |
80 | |
81 | [ server ] | |
82 | ||
83 | # JY ADDED -- Make a cert with nsCertType set to "server" | |
c2b5d12b | 84 | basicConstraints = CA:FALSE |
6e13d0a5 MT |
85 | nsCertType = server |
86 | nsComment = "OpenSSL Generated Server Certificate" | |
c2b5d12b EK |
87 | subjectKeyIdentifier = hash |
88 | authorityKeyIdentifier = keyid,issuer:always | |
b66b02ab EK |
89 | extendedKeyUsage = serverAuth |
90 | keyUsage = digitalSignature, keyEncipherment | |
6e13d0a5 MT |
91 | |
92 | [ v3_req ] | |
c2b5d12b EK |
93 | basicConstraints = CA:FALSE |
94 | keyUsage = nonRepudiation, digitalSignature, keyEncipherment | |
6e13d0a5 MT |
95 | |
96 | [ v3_ca ] | |
c2b5d12b EK |
97 | subjectKeyIdentifier = hash |
98 | authorityKeyIdentifier = keyid:always,issuer:always | |
99 | basicConstraints = CA:true | |
6e13d0a5 MT |
100 | |
101 | [ crl_ext ] | |
c2b5d12b | 102 | authorityKeyIdentifier = keyid:always,issuer:always |
6e13d0a5 MT |
103 | |
104 | [ engine ] | |
c2b5d12b | 105 | default = openssl |