forked from AbsoluteZero-ljz/appweb
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathopenssl.conf
85 lines (69 loc) · 2.77 KB
/
openssl.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
[ ca ]
default_ca = defaultCA
[ defaultCA ]
dir = . # Where everything is kept
new_certs_dir = $ENV::BIN # Default place for new certs
certificate = $ENV::BIN/ca.crt # The CA certificate
database = $ENV::BIN/ca.db # Database index file
serial = $ENV::BIN/ca.srl # The current serial number
private_key = $ENV::BIN/ca.key # The private key
default_crl_days = 7 # How long before next CRL
default_days = 3650 # How long to certify for
default_md = default # Which md to use
policy = policyMatch
x509_extensions = client
copy_extensions = copy
name_opt = ca_default
cert_opt = ca_default
[ policyMatch ]
countryName = supplied
stateOrProvinceName = supplied
organizationName = supplied
organizationalUnitName = supplied
commonName = supplied
emailAddress = supplied
# Keygen, requests and self-signed certs
[ req ]
default_bits = 2048
default_keyfile = $ENV::BIN/ca.key
default_md = default
prompt = no
distinguished_name = distinguishedName
x509_extensions = selfExtensions # Extensions to add to self-signed cert
req_extensions = reqExtensions # Extensions for certificate request
# [ reqAttributes ]
[ distinguishedName ]
countryName = US
stateOrProvinceName = Washington
localityName = Seattle
0.organizationName = Example.com
organizationalUnitName = Licensing
commonName = example.com
emailAddress = [email protected]
[ caExtensions ]
basicConstraints = CA:true
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always, issuer:always
keyUsage = cRLSign, keyCertSign, digitalSignature, keyEncipherment
[ selfExtensions ]
basicConstraints = CA:true
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always, issuer:always
[ client ]
basicConstraints = CA:FALSE
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid, issuer:always
keyUsage = digitalSignature, keyEncipherment
extendedKeyUsage = clientAuth
[ server ]
basicConstraints = CA:FALSE
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
extendedKeyUsage = clientAuth
nsComment = "device"
#nsCertType
[ reqExtensions ]
basicConstraints = CA:FALSE
subjectKeyIdentifier = hash
keyUsage = nonRepudiation, digitalSignature, keyEncipherment