Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
OpenSSL configuration file to generate Root CA and SSL Server certificate
#
# OpenSSL configuration file.
#
# Establish working directory.
dir = .
certificate = $dir/ssl-cacert.pem
private_key = $dir/ssl-cakey.pem
new_certs_dir = $dir/certificates
database = $dir/index.txt
serial = $dir/serial.txt
unique_subject = no
[ ca ]
default_ca = CA_default
[ CA_default ]
default_days = 365
default_crl_days = 30
default_md = sha256
preserve = no
nameopt = default_ca
certopt = default_ca
email_in_dn = no
copy_extensions = copy
unique_subject = no
[ req ]
default_bits = 4096
default_keyfile = ssl-defaultkey.pem
distinguished_name = distinguished_name
x509_extensions = v3_ca
req_extensions = v3_req
string_mask = utf8only
####################################################################
[ distinguished_name ]
# Variable name Prompt string
#------------------------- ----------------------------------
countryName = Country Name (2 letter code)
countryName_min = 2
countryName_max = 2
countryName_default = US
stateOrProvinceName = State or Province Name (full name)
localityName = Locality Name (city, district)
organizationName = Organization Name (company)
organizationalUnitName = Organizational Unit Name (department, division)
emailAddress = Email Address
emailAddress_max = 40
commonName = Common Name (hostname, IP, or your name)
commonName_max = 64
####################################################################
[ signing_policy ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
####################################################################
[ v3_ca ]
basicConstraints = CA:TRUE
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always,issuer:always
keyUsage = keyCertSign, cRLSign
####################################################################
[ v3_req ]
basicConstraints = CA:FALSE
subjectKeyIdentifier = hash
keyUsage = keyEncipherment, dataEncipherment, digitalSignature
####################################################################
[ sign_req ]
basicConstraints = CA:FALSE
subjectKeyIdentifier = hash
keyUsage = keyEncipherment, dataEncipherment, digitalSignature
authorityKeyIdentifier = keyid,issuer
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment