Created
May 13, 2016 01:47
-
-
Save klingerf/d43738ac98b6bf0479c47987977a7782 to your computer and use it in GitHub Desktop.
Sample openssl config file
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| dir = certificates | |
| [ ca ] | |
| default_ca = CA_default | |
| [ CA_default ] | |
| serial = $dir/serial | |
| database = $dir/index.txt | |
| new_certs_dir = $dir/newcerts | |
| certificate = $dir/cacert.pem | |
| private_key = $dir/private/cakey.pem | |
| default_days = 36500 | |
| default_md = sha256 | |
| preserve = no | |
| email_in_dn = no | |
| nameopt = default_ca | |
| certopt = default_ca | |
| policy = policy_match | |
| [ policy_match ] | |
| commonName = supplied | |
| countryName = optional | |
| stateOrProvinceName = optional | |
| organizationName = optional | |
| organizationalUnitName = optional | |
| emailAddress = optional | |
| [ req ] | |
| default_bits = 2048 | |
| default_keyfile = priv.pem | |
| default_md = sha256 | |
| distinguished_name = req_distinguished_name | |
| req_extensions = v3_req | |
| encyrpt_key = no | |
| [ req_distinguished_name ] | |
| [ v3_ca ] | |
| basicConstraints = CA:TRUE | |
| subjectKeyIdentifier = hash | |
| authorityKeyIdentifier = keyid:always,issuer:always | |
| [ v3_req ] | |
| basicConstraints = CA:FALSE | |
| subjectKeyIdentifier = hash |
@KishanKishore openssl command does not provide enough command line options for configuration fields, you have to specify most of them in config file
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is it possible to use shell commands here to make this dynamic ?