OpenVPN:Add HMAC, cipher 'n2n' and DH key selection. Fixes and new design.
[people/teissler/ipfire-2.x.git] / config / ovpn / openssl / ovpn.cnf
CommitLineData
49abe7af
EK
1HOME = .
2RANDFILE = /var/ipfire/ovpn/ca/.rnd
3oid_section = new_oids
6e13d0a5
MT
4
5[ new_oids ]
6
7[ ca ]
49abe7af 8default_ca = openvpn
6e13d0a5
MT
9
10[ openvpn ]
49abe7af
EK
11dir = /var/ipfire/ovpn
12certs = $dir/certs
13crl_dir = $dir/crl
14database = $dir/certs/index.txt
15new_certs_dir = $dir/certs
16certificate = $dir/ca/cacert.pem
17serial = $dir/certs/serial
18crl = $dir/crl.pem
19private_key = $dir/ca/cakey.pem
20RANDFILE = $dir/ca/.rand
21x509_extensions = usr_cert
22default_days = 999999
23default_crl_days = 30
24default_md = sha256
25preserve = no
26policy = policy_match
27email_in_dn = no
6e13d0a5
MT
28
29[ policy_match ]
49abe7af
EK
30countryName = optional
31stateOrProvinceName = optional
32organizationName = optional
33organizationalUnitName = optional
34commonName = supplied
35emailAddress = optional
6e13d0a5
MT
36
37[ req ]
49abe7af
EK
38default_bits = 2048
39default_keyfile = privkey.pem
40distinguished_name = req_distinguished_name
41attributes = req_attributes
42x509_extensions = v3_ca
43string_mask = nombstr
6e13d0a5
MT
44
45[ req_distinguished_name ]
46countryName = Country Name (2 letter code)
47countryName_default = GB
48countryName_min = 2
49countryName_max = 2
50
51stateOrProvinceName = State or Province Name (full name)
52stateOrProvinceName_default =
53
54localityName = Locality Name (eg, city)
55#localityName_default =
56
570.organizationName = Organization Name (eg, company)
580.organizationName_default = My Company Ltd
59
60organizationalUnitName = Organizational Unit Name (eg, section)
61#organizationalUnitName_default =
62
63commonName = Common Name (eg, your name or your server\'s hostname)
64commonName_max = 64
65
66emailAddress = Email Address
67emailAddress_max = 40
68
69[ req_attributes ]
70challengePassword = A challenge password
71challengePassword_min = 4
72challengePassword_max = 20
73unstructuredName = An optional company name
74
75[ usr_cert ]
49abe7af 76basicConstraints = CA:FALSE
6e13d0a5 77nsComment = "OpenSSL Generated Certificate"
49abe7af
EK
78subjectKeyIdentifier = hash
79authorityKeyIdentifier = keyid,issuer:always
6e13d0a5
MT
80
81[ server ]
82
83# JY ADDED -- Make a cert with nsCertType set to "server"
49abe7af 84basicConstraints = CA:FALSE
6e13d0a5
MT
85nsCertType = server
86nsComment = "OpenSSL Generated Server Certificate"
49abe7af
EK
87subjectKeyIdentifier = hash
88authorityKeyIdentifier = keyid,issuer:always
6e13d0a5
MT
89
90[ v3_req ]
49abe7af
EK
91basicConstraints = CA:FALSE
92keyUsage = nonRepudiation, digitalSignature, keyEncipherment
6e13d0a5
MT
93
94[ v3_ca ]
49abe7af
EK
95subjectKeyIdentifier = hash
96authorityKeyIdentifier = keyid:always,issuer:always
97basicConstraints = CA:true
6e13d0a5
MT
98
99[ crl_ext ]
49abe7af 100authorityKeyIdentifier = keyid:always,issuer:always
6e13d0a5
MT
101
102[ engine ]
49abe7af 103default = openssl