1 1.1 christos # 2 1.1 christos # OpenSSL example configuration file for automated certificate creation. 3 1.1 christos # 4 1.1 christos 5 1.1 christos # This definition stops the following lines choking if HOME or CN 6 1.1 christos # is undefined. 7 1.1 christos HOME = . 8 1.1 christos CN = "Not Defined" 9 1.1 christos default_ca = ca 10 1.1 christos 11 1.1 christos # Comment out the next line to ignore configuration errors 12 1.1 christos config_diagnostics = 1 13 1.1 christos 14 1.1 christos #################################################################### 15 1.1 christos [ req ] 16 1.1 christos default_bits = 1024 17 1.1 christos default_keyfile = privkey.pem 18 1.1 christos # Don't prompt for fields: use those in section directly 19 1.1 christos prompt = no 20 1.1 christos distinguished_name = req_distinguished_name 21 1.1 christos x509_extensions = v3_ca # The extensions to add to the self signed cert 22 1.1 christos string_mask = utf8only 23 1.1 christos 24 1.1 christos # req_extensions = v3_req # The extensions to add to a certificate request 25 1.1 christos 26 1.1 christos [ req_distinguished_name ] 27 1.1 christos countryName = UK 28 1.1 christos 29 1.1 christos organizationName = OpenSSL Group 30 1.1 christos # Take CN from environment so it can come from a script. 31 1.1 christos commonName = $ENV::CN 32 1.1 christos 33 1.1 christos [ usr_cert ] 34 1.1 christos 35 1.1 christos # These extensions are added when 'ca' signs a request for an end entity 36 1.1 christos # certificate 37 1.1 christos 38 1.1 christos basicConstraints=critical, CA:FALSE 39 1.1 christos keyUsage=critical, nonRepudiation, digitalSignature, keyEncipherment 40 1.1 christos 41 1.1 christos # PKIX recommendations harmless if included in all certificates. 42 1.1 christos subjectKeyIdentifier=hash 43 1.1 christos authorityKeyIdentifier=keyid 44 1.1 christos # OCSP responder certificate 45 1.1 christos [ ocsp_cert ] 46 1.1 christos 47 1.1 christos basicConstraints=critical, CA:FALSE 48 1.1 christos keyUsage=critical, nonRepudiation, digitalSignature, keyEncipherment 49 1.1 christos 50 1.1 christos # PKIX recommendations harmless if included in all certificates. 51 1.1 christos subjectKeyIdentifier=hash 52 1.1 christos authorityKeyIdentifier=keyid 53 1.1 christos extendedKeyUsage=OCSPSigning 54 1.1 christos 55 1.1 christos [ dh_cert ] 56 1.1 christos 57 1.1 christos # These extensions are added when 'ca' signs a request for an end entity 58 1.1 christos # DH certificate 59 1.1 christos 60 1.1 christos basicConstraints=critical, CA:FALSE 61 1.1 christos keyUsage=critical, keyAgreement 62 1.1 christos 63 1.1 christos # PKIX recommendations harmless if included in all certificates. 64 1.1 christos subjectKeyIdentifier=hash 65 1.1 christos authorityKeyIdentifier=keyid 66 1.1 christos 67 1.1 christos [ v3_ca ] 68 1.1 christos 69 1.1 christos 70 1.1 christos # Extensions for a typical CA 71 1.1 christos 72 1.1 christos # PKIX recommendation. 73 1.1 christos 74 1.1 christos subjectKeyIdentifier=hash 75 1.1 christos authorityKeyIdentifier=keyid:always 76 1.1 christos basicConstraints = critical,CA:true 77 1.1 christos keyUsage = critical, cRLSign, keyCertSign 78 1.1 christos 79 1.1 christos # Minimal CA entry to allow generation of CRLs. 80 1.1 christos [ca] 81 1.1 christos database=index.txt 82 1.1 christos crlnumber=crlnum.txt 83
Indexes created Sat Feb 28 05:31:39 UTC 2026