]> git.ipfire.org Git - thirdparty/openssl.git/blob - apps/ssleay.cnf
projects / thirdparty / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Import of old SSLeay release: SSLeay 0.8.1b
[thirdparty/openssl.git] / apps / ssleay.cnf
1 #
2 # SSLeay example configuration file.
3 # This is mostly being used for generation of certificate requests.
4 #
5
6 RANDFILE = $ENV::HOME/.rnd
7
8 ####################################################################
9 [ ca ]
10 default_ca = CA_default # The default ca section
11
12 ####################################################################
13 [ CA_default ]
14
15 dir = ./demoCA # Where everything is kept
16 certs = $dir/certs # Where the issued certs are kept
17 crl_dir = $dir/crl # Where the issued crl are kept
18 database = $dir/index.txt # database index file.
19 new_certs_dir = $dir/newcerts # default place for new certs.
20
21 certificate = $dir/cacert.pem # The CA certificate
22 serial = $dir/serial # The current serial number
23 crl = $dir/crl.pem # The current CRL
24 private_key = $dir/private/cakey.pem# The private key
25 RANDFILE = $dir/private/.rand # private random number file
26
27 x509_extensions = x509v3_extensions # The extentions to add to the cert
28 default_days = 365 # how long to certify for
29 default_crl_days= 30 # how long before next CRL
30 default_md = md5 # which md to use.
31 preserve = no # keep passed DN ordering
32
33 # A few difference way of specifying how similar the request should look
34 # For type CA, the listed attributes must be the same, and the optional
35 # and supplied fields are just that :-)
36 policy = policy_match
37
38 # For the CA policy
39 [ policy_match ]
40 countryName = match
41 stateOrProvinceName = match
42 organizationName = match
43 organizationalUnitName = optional
44 commonName = supplied
45 emailAddress = optional
46
47 # For the 'anything' policy
48 # At this point in time, you must list all acceptable 'object'
49 # types.
50 [ policy_anything ]
51 countryName = optional
52 stateOrProvinceName = optional
53 localityName = optional
54 organizationName = optional
55 organizationalUnitName = optional
56 commonName = supplied
57 emailAddress = optional
58
59 ####################################################################
60 [ req ]
61 default_bits = 1024
62 default_keyfile = privkey.pem
63 distinguished_name = req_distinguished_name
64 attributes = req_attributes
65
66 [ req_distinguished_name ]
67 countryName = Country Name (2 letter code)
68 countryName_default = AU
69 countryName_min = 2
70 countryName_max = 2
71
72 stateOrProvinceName = State or Province Name (full name)
73 stateOrProvinceName_default = Some-State
74
75 localityName = Locality Name (eg, city)
76
77 0.organizationName = Organization Name (eg, company)
78 0.organizationName_default = Internet Widgits Pty Ltd
79
80 # we can do this but it is not needed normally :-)
81 #1.organizationName = Second Organization Name (eg, company)
82 #1.organizationName_default = CryptSoft Pty Ltd
83
84 organizationalUnitName = Organizational Unit Name (eg, section)
85 #organizationalUnitName_default =
86
87 commonName = Common Name (eg, YOUR name)
88 commonName_max = 64
89
90 emailAddress = Email Address
91 emailAddress_max = 40
92
93 [ req_attributes ]
94 challengePassword = A challenge password
95 challengePassword_min = 4
96 challengePassword_max = 20
97
98 unstructuredName = An optional company name
99
100 [ x509v3_extensions ]
101
102 nsCaRevocationUrl = http://www.cryptsoft.com/ca-crl.pem
103 nsComment = "This is a comment"
104
105 # under ASN.1, the 0 bit would be encoded as 80
106 nsCertType = 0x40
107
108 #nsBaseUrl
109 #nsRevocationUrl
110 #nsRenewalUrl
111 #nsCaPolicyUrl
112 #nsSslServerName
113 #nsCertSequence
114 #nsCertExt
115 #nsDataType
116
A mirror of the official openssl repository