92 lines
3.5 KiB
Plaintext
92 lines
3.5 KiB
Plaintext
|
|
# OpenSSL configuration file.
|
|
#
|
|
|
|
# Establish working directory.
|
|
|
|
dir = .
|
|
|
|
[ ca ]
|
|
default_ca = CA_default
|
|
|
|
[ CA_default ]
|
|
serial = $dir/serial
|
|
database = $dir/certindex.txt
|
|
certs = $dir/certs
|
|
new_certs_dir = $dir/
|
|
certificate = $dir/demoCA/cacert.pem
|
|
private_key = $dir/demoCA/private/cakey.pem
|
|
default_days = 3650
|
|
default_md = sha1
|
|
preserve = no
|
|
email_in_dn = no
|
|
#nameopt = default_ca
|
|
#certopt = default_ca
|
|
copy_extensions = none
|
|
policy = policy_match
|
|
|
|
basicConstraints = critical, CA:true
|
|
authorityKeyIdentifier = keyid:always,issuer:always
|
|
subjectKeyIdentifier = hash
|
|
keyUsage = critical, keyCertSign, cRLSign
|
|
|
|
[ policy_match ]
|
|
countryName = match
|
|
stateOrProvinceName = match
|
|
organizationName = match
|
|
organizationalUnitName = optional
|
|
commonName = supplied
|
|
emailAddress = optional
|
|
|
|
[ req ]
|
|
default_bits = 2048 # Size of keys
|
|
default_keyfile = key.pem # name of generated keys
|
|
default_md = sha1 # message digest algorithm
|
|
string_mask = nombstr # permitted characters
|
|
distinguished_name = req_distinguished_name
|
|
req_extensions = v3_req
|
|
#x509_extensions = subca_req
|
|
|
|
|
|
[ req_distinguished_name ]
|
|
# Variable name Prompt string
|
|
#------------------------- ----------------------------------
|
|
organizationName = Organisation
|
|
|
|
organizationalUnitName = Nom de l'unite organisationnelle (department, division)
|
|
|
|
emailAddress = Adresse e-mail
|
|
emailAddress_max = 40
|
|
|
|
localityName = Ville
|
|
|
|
stateOrProvinceName = Region
|
|
|
|
countryName = Pays (en 2 lettres)
|
|
countryName_min = 2
|
|
countryName_max = 2
|
|
|
|
commonName = Nom du certificat (hostname, IP, ou nom)
|
|
commonName_max = 64
|
|
|
|
# Default values for the above, for consistency and less typing.
|
|
# Variable name Value
|
|
#------------------------ ------------------------------
|
|
organizationName_default = CAShinken
|
|
organizationalUnitName_default = MAIN
|
|
localityName_default = World
|
|
stateOrProvinceName_default = Some-State
|
|
countryName_default = FR
|
|
|
|
|
|
[ v3_ca ]
|
|
basicConstraints = CA:TRUE
|
|
subjectKeyIdentifier = hash
|
|
authorityKeyIdentifier = keyid:always,issuer:always
|
|
|
|
[ v3_req ]
|
|
basicConstraints = CA:FALSE
|
|
subjectKeyIdentifier = hash
|
|
|
|
|