Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
#
# OpenSSL configuration file.
#
# Establish working directory.
dir = .
[ ca ]
default_ca = CA_default
[ CA_default ]
default_days = 365
default_crl_days = 30
default_md = sha256
preserve = no
nameopt = default_ca
certopt = default_ca
email_in_dn = no
copy_extensions = copy
unique_subject = no
[ req ]
default_bits = 4096
default_keyfile = default_key.pem
distinguished_name = distinguished_name
x509_extensions = v3_ca
req_extensions = v3_req
string_mask = utf8only
####################################################################
[ distinguished_name ]
# Variable name Prompt string
#------------------------- ----------------------------------
countryName = Country Name (2 letter code)
countryName_min = 2
countryName_max = 2
countryName_default = US
stateOrProvinceName = State or Province Name (full name)
localityName = Locality Name (city, district)
organizationName = Organization Name (company)
organizationalUnitName = Organizational Unit Name (department, division)
emailAddress = Email Address
emailAddress_max = 40
commonName = Common Name (hostname, IP, or your name)
commonName_max = 64
####################################################################
[ ca_extensions ]
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always, issuer
basicConstraints = critical, CA:true
keyUsage = keyCertSign, cRLSign
####################################################################
[ signing_policy ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
####################################################################
[ v3_ca ]
basicConstraints = CA:TRUE
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always,issuer:always
keyUsage = keyCertSign, cRLSign
####################################################################
[ v3_req ]
subjectKeyIdentifier = hash
basicConstraints = CA:FALSE
keyUsage = keyEncipherment, dataEncipherment, digitalSignature
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment