projects / people / pmueller / ipfire-2.x.git / blame
| Commit | Line | Data |
|---|---|---|
| cd1a2927 | 1 | HOME = . |
| cd1a2927 MT |
2 | oid_section = new_oids |
| 3 | ||
| 4 | [ new_oids ] | |
| 5 | ||
| 6 | [ ca ] | |
| 33a31f1a | 7 | default_ca = IPFire |
| cd1a2927 | 8 | |
| 1ce6d696 | 9 | [ IPFire ] |
| 33a31f1a | 10 | dir = /var/ipfire |
| cd1a2927 | 11 | certs = $dir/certs |
| e3a8510a | 12 | crl_dir = $dir/crls |
| cd1a2927 MT |
13 | database = $dir/certs/index.txt |
| 14 | new_certs_dir = $dir/certs | |
| 15 | certificate = $dir/ca/cacert.pem | |
| 16 | serial = $dir/certs/serial | |
| 17 | crl = $dir/crls/cacrl.pem | |
| 18 | private_key = $dir/private/cakey.pem | |
| cd1a2927 MT |
19 | x509_extensions = usr_cert |
| 20 | default_days = 999999 | |
| 21 | default_crl_days= 30 | |
| 3847730c | 22 | default_md = sha256 |
| cd1a2927 MT |
23 | preserve = no |
| 24 | policy = policy_match | |
| 25 | email_in_dn = no | |
| 26 | ||
| 27 | [ policy_match ] | |
| 28 | countryName = optional | |
| 29 | stateOrProvinceName = optional | |
| 30 | organizationName = optional | |
| 31 | organizationalUnitName = optional | |
| 32 | commonName = supplied | |
| 33 | emailAddress = optional | |
| 34 | ||
| 35 | [ req ] | |
| 3847730c | 36 | default_bits = 2048 |
| cd1a2927 MT |
37 | default_keyfile = privkey.pem |
| 38 | distinguished_name = req_distinguished_name | |
| 39 | attributes = req_attributes | |
| 40 | x509_extensions = v3_ca | |
| 41 | string_mask = nombstr | |
| 42 | ||
| 43 | [ req_distinguished_name ] | |
| 44 | countryName = Country Name (2 letter code) | |
| e3a8510a MT |
45 | countryName_default = DE |
| 46 | countryName_min = 2 | |
| 47 | countryName_max = 2 | |
| cd1a2927 MT |
48 | |
| 49 | stateOrProvinceName = State or Province Name (full name) | |
| 50 | stateOrProvinceName_default = | |
| 51 | ||
| 52 | localityName = Locality Name (eg, city) | |
| 53 | #localityName_default = | |
| 54 | ||
| 55 | 0.organizationName = Organization Name (eg, company) | |
| e3a8510a | 56 | 0.organizationName_default = IPFire |
| cd1a2927 MT |
57 | |
| 58 | organizationalUnitName = Organizational Unit Name (eg, section) | |
| 59 | #organizationalUnitName_default = | |
| 60 | ||
| 61 | commonName = Common Name (eg, your name or your server\'s hostname) | |
| e3a8510a | 62 | commonName_max = 64 |
| cd1a2927 MT |
63 | |
| 64 | emailAddress = Email Address | |
| 65 | emailAddress_max = 40 | |
| 66 | ||
| 67 | [ req_attributes ] | |
| 68 | challengePassword = A challenge password | |
| e3a8510a MT |
69 | challengePassword_min = 4 |
| 70 | challengePassword_max = 20 | |
| cd1a2927 MT |
71 | unstructuredName = An optional company name |
| 72 | ||
| 73 | [ usr_cert ] | |
| 74 | basicConstraints=CA:FALSE | |
| 75 | nsComment = "OpenSSL Generated Certificate" | |
| 76 | subjectKeyIdentifier=hash | |
| 77 | authorityKeyIdentifier=keyid,issuer:always | |
| 78 | ||
| 79 | [ v3_req ] | |
| 80 | basicConstraints = CA:FALSE | |
| 81 | keyUsage = nonRepudiation, digitalSignature, keyEncipherment | |
| 82 | ||
| 83 | [ v3_ca ] | |
| 84 | subjectKeyIdentifier=hash | |
| 85 | authorityKeyIdentifier=keyid:always,issuer:always | |
| 86 | basicConstraints = CA:true | |
| 87 | ||
| 88 | [ crl_ext ] | |
| 89 | authorityKeyIdentifier=keyid:always,issuer:always | |
| 90 | ||
| 91 | [ engine ] | |
| 92 | default = openssl |