1 # OpenSSL example configuration file. |
|
2 # This is mostly being used for generation of certificate requests. |
|
3 # |
|
4 |
|
5 # This definition stops the following lines choking if HOME isn't |
|
6 # defined. |
|
7 HOME = . |
|
8 RANDFILE = $ENV::HOME/.rnd |
|
9 |
|
10 # Extra OBJECT IDENTIFIER info: |
|
11 #oid_file = $ENV::HOME/.oid |
|
12 #oid_section = new_oids |
|
13 |
|
14 [ req ] |
|
15 default_bits = 1024 |
|
16 default_keyfile = privkey.pem |
|
17 distinguished_name = req_distinguished_name |
|
18 #attributes = req_attributes |
|
19 x509_extensions = v3_ca # The extentions to add to the self signed cert |
|
20 |
|
21 # Passwords for private keys if not present they will be prompted for |
|
22 # input_password = secret |
|
23 # output_password = secret |
|
24 |
|
25 # This sets a mask for permitted string types. There are several options. |
|
26 # default: PrintableString, T61String, BMPString. |
|
27 # pkix : PrintableString, BMPString. |
|
28 # utf8only: only UTF8Strings. |
|
29 # nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). |
|
30 # MASK:XXXX a literal mask value. |
|
31 # WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings |
|
32 # so use this option with caution! |
|
33 string_mask = nombstr |
|
34 |
|
35 # req_extensions = v3_req # The extensions to add to a certificate request |
|
36 |
|
37 [ req_distinguished_name ] |
|
38 countryName = Country Name (2 letter code) |
|
39 countryName_default = DE |
|
40 countryName_min = 2 |
|
41 countryName_max = 2 |
|
42 |
|
43 stateOrProvinceName = State or Province Name (full name) |
|
44 stateOrProvinceName_default = Saxony |
|
45 |
|
46 localityName = Locality Name (eg, city) |
|
47 0.organizationName = Organization Name (eg, company) |
|
48 |
|
49 organizationalUnitName = Organizational Unit Name (eg, section) |
|
50 |
|
51 commonName = Common Name (eg, YOUR name) |
|
52 commonName_max = 64 |
|
53 |
|
54 emailAddress = Email Address |
|
55 emailAddress_max = 64 |
|
56 |
|
57 # SET-ex3 = SET extension number 3 |
|
58 |
|
59 [ req_attributes ] |
|
60 challengePassword = A challenge password |
|
61 challengePassword_min = 4 |
|
62 challengePassword_max = 20 |
|
63 |
|
64 unstructuredName = An optional company name |
|
65 |
|
66 [ v3_ca ] |
|
67 |
|
68 |
|
69 # Extensions for a typical CA |
|
70 |
|
71 |
|
72 # PKIX recommendation. |
|
73 |
|
74 subjectKeyIdentifier=hash |
|
75 |
|
76 authorityKeyIdentifier=keyid:always,issuer:always |
|
77 |
|
78 # This is what PKIX recommends but some broken software chokes on critical |
|
79 # extensions. |
|
80 #basicConstraints = critical,CA:true |
|
81 # So we do this instead. |
|
82 basicConstraints = CA:true |
|
83 |
|
84 # Key usage: this is typical for a CA certificate. However since it will |
|
85 # prevent it being used as an test self-signed certificate it is best |
|
86 # left out by default. |
|
87 # keyUsage = cRLSign, keyCertSign |
|
88 |
|
89 # Some might want this also |
|
90 # nsCertType = sslCA, emailCA |
|
91 |
|
92 # Include email address in subject alt name: another PKIX recommendation |
|
93 # subjectAltName=email:copy |
|
94 # Copy issuer details |
|
95 # issuerAltName=issuer:copy |
|
96 |
|
97 # DER hex encoding of an extension: beware experts only! |
|
98 # obj=DER:02:03 |
|
99 # Where 'obj' is a standard or added object |
|
100 # You can even override a supported extension: |
|
101 # basicConstraints= critical, DER:30:03:01:01:FF |
|
102 |
|