]> git.ipfire.org Git - people/pmueller/ipfire-2.x.git/blob - config/ovpn/openssl/ovpn.cnf
projects / people / pmueller / ipfire-2.x.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
del_rand: Deletion of RAND file in openssl config
[people/pmueller/ipfire-2.x.git] / config / ovpn / openssl / ovpn.cnf
1 HOME = .
2 oid_section = new_oids
3
4 [ new_oids ]
5
6 [ ca ]
7 default_ca = openvpn
8
9 [ openvpn ]
10 dir = /var/ipfire/ovpn
11 certs = $dir/certs
12 crl_dir = $dir/crl
13 database = $dir/certs/index.txt
14 new_certs_dir = $dir/certs
15 certificate = $dir/ca/cacert.pem
16 serial = $dir/certs/serial
17 crl = $dir/crl.pem
18 private_key = $dir/ca/cakey.pem
19 x509_extensions = usr_cert
20 default_days = 999999
21 default_crl_days = 30
22 default_md = sha256
23 preserve = no
24 policy = policy_match
25 email_in_dn = no
26
27 [ policy_match ]
28 countryName = optional
29 stateOrProvinceName = optional
30 organizationName = optional
31 organizationalUnitName = optional
32 commonName = supplied
33 emailAddress = optional
34
35 [ req ]
36 default_bits = 2048
37 default_keyfile = privkey.pem
38 distinguished_name = req_distinguished_name
39 attributes = req_attributes
40 x509_extensions = v3_ca
41 string_mask = nombstr
42
43 [ req_distinguished_name ]
44 countryName = Country Name (2 letter code)
45 countryName_default = GB
46 countryName_min = 2
47 countryName_max = 2
48
49 stateOrProvinceName = State or Province Name (full name)
50 stateOrProvinceName_default =
51
52 localityName = Locality Name (eg, city)
53 #localityName_default =
54
55 0.organizationName = Organization Name (eg, company)
56 0.organizationName_default = My Company Ltd
57
58 organizationalUnitName = Organizational Unit Name (eg, section)
59 #organizationalUnitName_default =
60
61 commonName = Common Name (eg, your name or your server\'s hostname)
62 commonName_max = 64
63
64 emailAddress = Email Address
65 emailAddress_max = 40
66
67 [ req_attributes ]
68 challengePassword = A challenge password
69 challengePassword_min = 4
70 challengePassword_max = 20
71 unstructuredName = An optional company name
72
73 [ usr_cert ]
74 basicConstraints = CA:FALSE
75 nsComment = "OpenSSL Generated Certificate"
76 subjectKeyIdentifier = hash
77 authorityKeyIdentifier = keyid,issuer:always
78 extendedKeyUsage = clientAuth
79 keyUsage = digitalSignature
80
81 [ server ]
82
83 # JY ADDED -- Make a cert with nsCertType set to "server"
84 basicConstraints = CA:FALSE
85 nsCertType = server
86 nsComment = "OpenSSL Generated Server Certificate"
87 subjectKeyIdentifier = hash
88 authorityKeyIdentifier = keyid,issuer:always
89 extendedKeyUsage = serverAuth
90 keyUsage = digitalSignature, keyEncipherment
91
92 [ v3_req ]
93 basicConstraints = CA:FALSE
94 keyUsage = nonRepudiation, digitalSignature, keyEncipherment
95
96 [ v3_ca ]
97 subjectKeyIdentifier = hash
98 authorityKeyIdentifier = keyid:always,issuer:always
99 basicConstraints = CA:true
100
101 [ crl_ext ]
102 authorityKeyIdentifier = keyid:always,issuer:always
103
104 [ engine ]
105 default = openssl
Peter's tree of IPFire 2.x