/openssl-ca.cnf
Created May 4, 2018
CA
| HOME = . | |
| RANDFILE = $ENV::HOME/.rnd | |
| #################################################################### | |
| [ ca ] | |
| default_ca = CA_default # The default ca section | |
| [ CA_default ] | |
| default_days = 730 # how long to certify for | |
| default_crl_days = 30 # how long before next CRL | |
| default_md = sha256 # use public key default MD | |
| preserve = no # keep passed DN ordering | |
| x509_extensions = ca_extensions # The extensions to add to the cert | |
| email_in_dn = no # Don't concat the email in the DN | |
| copy_extensions = copy # Required to copy SANs from CSR to cert | |
| base_dir = . | |
| certificate = $base_dir/cacert.pem # The CA certifcate | |
| private_key = $base_dir/cakey.pem # The CA private key | |
| new_certs_dir = $base_dir/newcerts # Location for new certs after signing | |
| certs = $base_dir/certs # Where the issued certs are kept | |
| crl_dir = $base_dir/crl # Where the issued crl are kept | |
| database = $base_dir/index.txt # Database index file | |
| serial = $base_dir/serial.txt # The current serial number | |
| unique_subject = no # Set to 'no' to allow creation of | |
| # several certificates with same subject. | |
| #################################################################### | |
| [ req ] | |
| default_bits = 4096 | |
| default_keyfile = cakey.pem | |
| distinguished_name = ca_distinguished_name | |
| x509_extensions = ca_extensions | |
| string_mask = utf8only | |
| #################################################################### | |
| [ ca_distinguished_name ] | |
| countryName = Country Name (2 letter code) | |
| countryName_default = CA | |
| stateOrProvinceName = State or Province Name (full name) | |
| stateOrProvinceName_default = Ontario | |
| localityName = Locality Name (eg, city) | |
| localityName_default = Toronto | |
| organizationName = Organization Name (eg, company) | |
| organizationName_default = NDPAR INC. | |
| organizationalUnitName = Organizational Unit (eg, division) | |
| organizationalUnitName_default = IT | |
| commonName = Common Name (e.g. server FQDN or YOUR name) | |
| commonName_default = ndpar.org | |
| emailAddress = Email Address | |
| emailAddress_default = ca@ndpar.org | |
| #################################################################### | |
| [ ca_extensions ] | |
| subjectKeyIdentifier = hash | |
| authorityKeyIdentifier = keyid:always, issuer | |
| basicConstraints = critical, CA:true | |
| keyUsage = keyCertSign, cRLSign | |
| #################################################################### | |
| [ signing_policy ] | |
| countryName = optional | |
| stateOrProvinceName = optional | |
| localityName = optional | |
| organizationName = optional | |
| organizationalUnitName = optional | |
| commonName = supplied | |
| emailAddress = optional | |
| #################################################################### | |
| [ signing_req ] | |
| subjectKeyIdentifier = hash | |
| authorityKeyIdentifier = keyid,issuer | |
| basicConstraints = CA:FALSE | |
| keyUsage = digitalSignature, keyEncipherment |
| HOME = . | |
| RANDFILE = $ENV::HOME/.rnd | |
| #################################################################### | |
| [ req ] | |
| default_bits = 2048 | |
| default_keyfile = serverkey.pem | |
| distinguished_name = server_distinguished_name | |
| req_extensions = server_req_extensions | |
| string_mask = utf8only | |
| #################################################################### | |
| [ server_distinguished_name ] | |
| countryName = Country Name (2 letter code) | |
| countryName_default = CA | |
| stateOrProvinceName = State or Province Name (full name) | |
| stateOrProvinceName_default = Ontario | |
| localityName = Locality Name (eg, city) | |
| localityName_default = Toronto | |
| organizationName = Organization Name (eg, company) | |
| organizationName_default = NDPAR INC. | |
| commonName = Common Name (e.g. server FQDN or YOUR name) | |
| commonName_default = ndpar.org | |
| emailAddress = Email Address | |
| emailAddress_default = it@ndpar.org | |
| #################################################################### | |
| [ server_req_extensions ] | |
| subjectKeyIdentifier = hash | |
| basicConstraints = CA:FALSE | |
| keyUsage = digitalSignature, keyEncipherment | |
| subjectAltName = @alternate_names | |
| nsComment = "OpenSSL Generated Certificate" | |
| #################################################################### | |
| [ alternate_names ] | |
| DNS.1 = ndpar.org | |
| DNS.2 = www.ndpar.org | |
| DNS.3 = *.ndpar.org |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment