Openssl.cnf

From Omnia
Revision as of 06:05, 15 September 2014 by Kenneth (talk | contribs) (Created page with " # # SSLeay example configuration file. # This is mostly being used for generation of certificate requests. # RANDFILE = .rnd #########################...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search
#
# SSLeay example configuration file.
# This is mostly being used for generation of certificate requests.
#

RANDFILE                = .rnd

####################################################################
[ ca ]
default_ca      = CA_default            # The default ca section

####################################################################
[ CA_default ]

dir             = demoCA                # Where everything is kept
certs           = $dir\certs            # Where the issued certs are kept
crl_dir         = $dir\crl              # Where the issued crl are kept
database        = $dir\index.txt        # database index file.
new_certs_dir   = $dir\newcerts         # default place for new certs.

certificate     = $dir\cacert.pem          # The CA certificate
serial          = $dir\serial              # The current serial number
crl             = $dir\crl.pem             # The current CRL
private_key     = $dir\private\cakey.pem   # The private key
RANDFILE        = $dir\private\private.rnd # private random number file

x509_extensions = x509v3_extensions     # The extentions to add to the cert
default_days    = 365                   # how long to certify for
default_crl_days= 30                    # how long before next CRL
default_md      = md5                   # which md to use.
preserve        = no                    # keep passed DN ordering

# A few difference way of specifying how similar the request should look
# For type CA, the listed attributes must be the same, and the optional
# and supplied fields are just that :-)
policy          = policy_match

# For the CA policy
[ policy_match ]
countryName             = optional
stateOrProvinceName     = optional
organizationName        = optional
organizationalUnitName  = optional
commonName              = supplied
emailAddress            = optional

# For the 'anything' policy
# At this point in time, you must list all acceptable 'object'
# types.
[ policy_anything ]
countryName             = optional
stateOrProvinceName     = optional
localityName            = optional
organizationName        = optional
organizationalUnitName  = optional
commonName              = supplied
emailAddress            = optional

####################################################################
[ req ]
default_bits            = 1024
default_keyfile         = privkey.pem
distinguished_name      = req_distinguished_name
attributes              = req_attributes

[ req_distinguished_name ]
countryName                     = Country Name (2 letter code)
countryName_min                 = 2
countryName_max                 = 2

stateOrProvinceName             = State or Province Name (full name)

localityName                    = Locality Name (eg, city)

0.organizationName              = Organization Name (eg, company)

organizationalUnitName          = Organizational Unit Name (eg, section)

commonName                      = Common Name (eg, your website's domain name)
commonName_max                  = 64

emailAddress                    = Email Address
emailAddress_max                = 40

[ req_attributes ]
challengePassword               = A challenge password
challengePassword_min           = 4
challengePassword_max           = 20

[ x509v3_extensions ]

# under ASN.1, the 0 bit would be encoded as 80
nsCertType                      = 0x40

#nsBaseUrl
#nsRevocationUrl
#nsRenewalUrl
#nsCaPolicyUrl
#nsSslServerName
#nsCertSequence
#nsCertExt
#nsDataType