1 # 2 # OpenSSL configuration file to create apps directory certificates 3 # 4 5 # This definition stops the following lines choking if HOME or CN 6 # is undefined. 7 HOME = . 8 CN = "Not Defined" 9 10 # Comment out the next line to ignore configuration errors 11 config_diagnostics = 1 12 13 14 #################################################################### 15 [ req ] 16 default_bits = 2048 17 default_keyfile = privkey.pem 18 # Don't prompt for fields: use those in section directly 19 prompt = no 20 distinguished_name = req_distinguished_name 21 x509_extensions = v3_ca # The extensions to add to the self signed cert 22 string_mask = utf8only 23 24 # req_extensions = v3_req # The extensions to add to a certificate request 25 26 [ req_distinguished_name ] 27 countryName = UK 28 29 organizationName = OpenSSL Group 30 organizationalUnitName = FOR TESTING PURPOSES ONLY 31 # Take CN from environment so it can come from a script. 32 commonName = $ENV::CN 33 34 [ usr_cert ] 35 36 # These extensions are added when 'ca' signs a request for an end entity 37 # certificate 38 39 basicConstraints=critical, CA:FALSE 40 keyUsage=critical, nonRepudiation, digitalSignature, keyEncipherment 41 42 [ ec_cert ] 43 44 # These extensions are added when 'ca' signs a request for an end entity 45 # certificate 46 47 basicConstraints=critical, CA:FALSE 48 keyUsage=critical, nonRepudiation, digitalSignature, keyAgreement 49 50 # PKIX recommendations harmless if included in all certificates. 51 subjectKeyIdentifier=hash 52 authorityKeyIdentifier=keyid 53 54 [ v3_ca ] 55 56 57 # Extensions for a typical CA 58 59 # PKIX recommendation. 60 61 subjectKeyIdentifier=hash 62 authorityKeyIdentifier=keyid:always 63 basicConstraints = critical,CA:true 64 keyUsage = critical, cRLSign, keyCertSign 65 66 67
Indexes created Sat Feb 28 05:31:39 UTC 2026