Home | History | Annotate | Line # | Download | only in apps 
      1  1.1  christos #
      2  1.1  christos # OpenSSL configuration file to create apps directory certificates
      3  1.1  christos #
      4  1.1  christos 
      5  1.1  christos # This definition stops the following lines choking if HOME or CN
      6  1.1  christos # is undefined.
      7  1.1  christos HOME			= .
      8  1.1  christos RANDFILE		= $ENV::HOME/.rnd
      9  1.1  christos CN			= "Not Defined"
     10  1.1  christos 
     11  1.1  christos ####################################################################
     12  1.1  christos [ req ]
     13  1.1  christos default_bits		= 2048
     14  1.1  christos default_keyfile 	= privkey.pem
     15  1.1  christos # Don't prompt for fields: use those in section directly
     16  1.1  christos prompt			= no
     17  1.1  christos distinguished_name	= req_distinguished_name
     18  1.1  christos x509_extensions	= v3_ca	# The extensions to add to the self signed cert
     19  1.1  christos string_mask = utf8only
     20  1.1  christos 
     21  1.1  christos # req_extensions = v3_req # The extensions to add to a certificate request
     22  1.1  christos 
     23  1.1  christos [ req_distinguished_name ]
     24  1.1  christos countryName			= UK
     25  1.1  christos 
     26  1.1  christos organizationName		= OpenSSL Group
     27  1.1  christos organizationalUnitName		= FOR TESTING PURPOSES ONLY
     28  1.1  christos # Take CN from environment so it can come from a script.
     29  1.1  christos commonName			= $ENV::CN
     30  1.1  christos 
     31  1.1  christos [ usr_cert ]
     32  1.1  christos 
     33  1.1  christos # These extensions are added when 'ca' signs a request for an end entity
     34  1.1  christos # certificate
     35  1.1  christos 
     36  1.1  christos basicConstraints=critical, CA:FALSE
     37  1.1  christos keyUsage=critical, nonRepudiation, digitalSignature, keyEncipherment
     38  1.1  christos 
     39  1.1  christos # This will be displayed in Netscape's comment listbox.
     40  1.1  christos nsComment			= "OpenSSL Generated Certificate"
     41  1.1  christos 
     42  1.1  christos [ ec_cert ]
     43  1.1  christos 
     44  1.1  christos # These extensions are added when 'ca' signs a request for an end entity
     45  1.1  christos # certificate
     46  1.1  christos 
     47  1.1  christos basicConstraints=critical, CA:FALSE
     48  1.1  christos keyUsage=critical, nonRepudiation, digitalSignature, keyAgreement
     49  1.1  christos 
     50  1.1  christos # This will be displayed in Netscape's comment listbox.
     51  1.1  christos nsComment			= "OpenSSL Generated Certificate"
     52  1.1  christos 
     53  1.1  christos # PKIX recommendations harmless if included in all certificates.
     54  1.1  christos subjectKeyIdentifier=hash
     55  1.1  christos authorityKeyIdentifier=keyid
     56  1.1  christos 
     57  1.1  christos [ v3_ca ]
     58  1.1  christos 
     59  1.1  christos 
     60  1.1  christos # Extensions for a typical CA
     61  1.1  christos 
     62  1.1  christos # PKIX recommendation.
     63  1.1  christos 
     64  1.1  christos subjectKeyIdentifier=hash
     65  1.1  christos authorityKeyIdentifier=keyid:always
     66  1.1  christos basicConstraints = critical,CA:true
     67  1.1  christos keyUsage = critical, cRLSign, keyCertSign
     68  1.1  christos 
     69  1.1  christos 
     70