projects / people / pmueller / ipfire-2.x.git / blame
| Commit | Line | Data |
|---|---|---|
| cd1a2927 MT |
1 | HOME = . |
| 2 | RANDFILE = /var/tmp/.rnd | |
| 3 | oid_section = new_oids | |
| 4 | ||
| 5 | [ new_oids ] | |
| 6 | ||
| 7 | [ ca ] | |
| 33a31f1a | 8 | default_ca = IPFire |
| cd1a2927 | 9 | |
| 1ce6d696 | 10 | [ IPFire ] |
| 33a31f1a | 11 | dir = /var/ipfire |
| cd1a2927 | 12 | certs = $dir/certs |
| e3a8510a | 13 | crl_dir = $dir/crls |
| cd1a2927 MT |
14 | database = $dir/certs/index.txt |
| 15 | new_certs_dir = $dir/certs | |
| 16 | certificate = $dir/ca/cacert.pem | |
| 17 | serial = $dir/certs/serial | |
| 18 | crl = $dir/crls/cacrl.pem | |
| 19 | private_key = $dir/private/cakey.pem | |
| 20 | RANDFILE = $dir/tmp/.rand | |
| 21 | x509_extensions = usr_cert | |
| 22 | default_days = 999999 | |
| 23 | default_crl_days= 30 | |
| 24 | default_md = md5 | |
| 25 | preserve = no | |
| 26 | policy = policy_match | |
| 27 | email_in_dn = no | |
| 28 | ||
| 29 | [ policy_match ] | |
| 30 | countryName = optional | |
| 31 | stateOrProvinceName = optional | |
| 32 | organizationName = optional | |
| 33 | organizationalUnitName = optional | |
| 34 | commonName = supplied | |
| 35 | emailAddress = optional | |
| 36 | ||
| 37 | [ req ] | |
| 38 | default_bits = 1024 | |
| 39 | default_keyfile = privkey.pem | |
| 40 | distinguished_name = req_distinguished_name | |
| 41 | attributes = req_attributes | |
| 42 | x509_extensions = v3_ca | |
| 43 | string_mask = nombstr | |
| 44 | ||
| 45 | [ req_distinguished_name ] | |
| 46 | countryName = Country Name (2 letter code) | |
| e3a8510a MT |
47 | countryName_default = DE |
| 48 | countryName_min = 2 | |
| 49 | countryName_max = 2 | |
| cd1a2927 MT |
50 | |
| 51 | stateOrProvinceName = State or Province Name (full name) | |
| 52 | stateOrProvinceName_default = | |
| 53 | ||
| 54 | localityName = Locality Name (eg, city) | |
| 55 | #localityName_default = | |
| 56 | ||
| 57 | 0.organizationName = Organization Name (eg, company) | |
| e3a8510a | 58 | 0.organizationName_default = IPFire |
| cd1a2927 MT |
59 | |
| 60 | organizationalUnitName = Organizational Unit Name (eg, section) | |
| 61 | #organizationalUnitName_default = | |
| 62 | ||
| 63 | commonName = Common Name (eg, your name or your server\'s hostname) | |
| e3a8510a | 64 | commonName_max = 64 |
| cd1a2927 MT |
65 | |
| 66 | emailAddress = Email Address | |
| 67 | emailAddress_max = 40 | |
| 68 | ||
| 69 | [ req_attributes ] | |
| 70 | challengePassword = A challenge password | |
| e3a8510a MT |
71 | challengePassword_min = 4 |
| 72 | challengePassword_max = 20 | |
| cd1a2927 MT |
73 | unstructuredName = An optional company name |
| 74 | ||
| 75 | [ usr_cert ] | |
| 76 | basicConstraints=CA:FALSE | |
| 77 | nsComment = "OpenSSL Generated Certificate" | |
| 78 | subjectKeyIdentifier=hash | |
| 79 | authorityKeyIdentifier=keyid,issuer:always | |
| 80 | ||
| 81 | [ v3_req ] | |
| 82 | basicConstraints = CA:FALSE | |
| 83 | keyUsage = nonRepudiation, digitalSignature, keyEncipherment | |
| 84 | ||
| 85 | [ v3_ca ] | |
| 86 | subjectKeyIdentifier=hash | |
| 87 | authorityKeyIdentifier=keyid:always,issuer:always | |
| 88 | basicConstraints = CA:true | |
| 89 | ||
| 90 | [ crl_ext ] | |
| 91 | authorityKeyIdentifier=keyid:always,issuer:always | |
| 92 | ||
| 93 | [ engine ] | |
| 94 | default = openssl |