1 # 2 # OpenSSL configuration file to create apps directory certificates 3 # 4 5 # This definition stops the following lines choking if HOME or CN 6 # is undefined. 7 HOME = . 8 RANDFILE = $ENV::HOME/.rnd 9 CN = "Not Defined" 10 11 #################################################################### 12 [ req ] 13 default_bits = 2048 14 default_keyfile = privkey.pem 15 # Don't prompt for fields: use those in section directly 16 prompt = no 17 distinguished_name = req_distinguished_name 18 x509_extensions = v3_ca # The extensions to add to the self signed cert 19 string_mask = utf8only 20 21 # req_extensions = v3_req # The extensions to add to a certificate request 22 23 [ req_distinguished_name ] 24 countryName = UK 25 26 organizationName = OpenSSL Group 27 organizationalUnitName = FOR TESTING PURPOSES ONLY 28 # Take CN from environment so it can come from a script. 29 commonName = $ENV::CN 30 31 [ usr_cert ] 32 33 # These extensions are added when 'ca' signs a request for an end entity 34 # certificate 35 36 basicConstraints=critical, CA:FALSE 37 keyUsage=critical, nonRepudiation, digitalSignature, keyEncipherment 38 39 # This will be displayed in Netscape's comment listbox. 40 nsComment = "OpenSSL Generated Certificate" 41 42 [ ec_cert ] 43 44 # These extensions are added when 'ca' signs a request for an end entity 45 # certificate 46 47 basicConstraints=critical, CA:FALSE 48 keyUsage=critical, nonRepudiation, digitalSignature, keyAgreement 49 50 # This will be displayed in Netscape's comment listbox. 51 nsComment = "OpenSSL Generated Certificate" 52 53 # PKIX recommendations harmless if included in all certificates. 54 subjectKeyIdentifier=hash 55 authorityKeyIdentifier=keyid 56 57 [ v3_ca ] 58 59 60 # Extensions for a typical CA 61 62 # PKIX recommendation. 63 64 subjectKeyIdentifier=hash 65 authorityKeyIdentifier=keyid:always 66 basicConstraints = critical,CA:true 67 keyUsage = critical, cRLSign, keyCertSign 68 69 70
Indexes created Sat Feb 28 05:31:39 UTC 2026