Created
May 4, 2018 02:40
-
-
Save ndpar/867893f78f8e36a7cbcf279f0d2a60ad to your computer and use it in GitHub Desktop.
CA
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| HOME = . | |
| RANDFILE = $ENV::HOME/.rnd | |
| #################################################################### | |
| [ ca ] | |
| default_ca = CA_default # The default ca section | |
| [ CA_default ] | |
| default_days = 730 # how long to certify for | |
| default_crl_days = 30 # how long before next CRL | |
| default_md = sha256 # use public key default MD | |
| preserve = no # keep passed DN ordering | |
| x509_extensions = ca_extensions # The extensions to add to the cert | |
| email_in_dn = no # Don't concat the email in the DN | |
| copy_extensions = copy # Required to copy SANs from CSR to cert | |
| base_dir = . | |
| certificate = $base_dir/cacert.pem # The CA certifcate | |
| private_key = $base_dir/cakey.pem # The CA private key | |
| new_certs_dir = $base_dir/newcerts # Location for new certs after signing | |
| certs = $base_dir/certs # Where the issued certs are kept | |
| crl_dir = $base_dir/crl # Where the issued crl are kept | |
| database = $base_dir/index.txt # Database index file | |
| serial = $base_dir/serial.txt # The current serial number | |
| unique_subject = no # Set to 'no' to allow creation of | |
| # several certificates with same subject. | |
| #################################################################### | |
| [ req ] | |
| default_bits = 4096 | |
| default_keyfile = cakey.pem | |
| distinguished_name = ca_distinguished_name | |
| x509_extensions = ca_extensions | |
| string_mask = utf8only | |
| #################################################################### | |
| [ ca_distinguished_name ] | |
| countryName = Country Name (2 letter code) | |
| countryName_default = CA | |
| stateOrProvinceName = State or Province Name (full name) | |
| stateOrProvinceName_default = Ontario | |
| localityName = Locality Name (eg, city) | |
| localityName_default = Toronto | |
| organizationName = Organization Name (eg, company) | |
| organizationName_default = NDPAR INC. | |
| organizationalUnitName = Organizational Unit (eg, division) | |
| organizationalUnitName_default = IT | |
| commonName = Common Name (e.g. server FQDN or YOUR name) | |
| commonName_default = ndpar.org | |
| emailAddress = Email Address | |
| emailAddress_default = ca@ndpar.org | |
| #################################################################### | |
| [ ca_extensions ] | |
| subjectKeyIdentifier = hash | |
| authorityKeyIdentifier = keyid:always, issuer | |
| basicConstraints = critical, CA:true | |
| keyUsage = keyCertSign, cRLSign | |
| #################################################################### | |
| [ signing_policy ] | |
| countryName = optional | |
| stateOrProvinceName = optional | |
| localityName = optional | |
| organizationName = optional | |
| organizationalUnitName = optional | |
| commonName = supplied | |
| emailAddress = optional | |
| #################################################################### | |
| [ signing_req ] | |
| subjectKeyIdentifier = hash | |
| authorityKeyIdentifier = keyid,issuer | |
| basicConstraints = CA:FALSE | |
| keyUsage = digitalSignature, keyEncipherment |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| HOME = . | |
| RANDFILE = $ENV::HOME/.rnd | |
| #################################################################### | |
| [ req ] | |
| default_bits = 2048 | |
| default_keyfile = serverkey.pem | |
| distinguished_name = server_distinguished_name | |
| req_extensions = server_req_extensions | |
| string_mask = utf8only | |
| #################################################################### | |
| [ server_distinguished_name ] | |
| countryName = Country Name (2 letter code) | |
| countryName_default = CA | |
| stateOrProvinceName = State or Province Name (full name) | |
| stateOrProvinceName_default = Ontario | |
| localityName = Locality Name (eg, city) | |
| localityName_default = Toronto | |
| organizationName = Organization Name (eg, company) | |
| organizationName_default = NDPAR INC. | |
| commonName = Common Name (e.g. server FQDN or YOUR name) | |
| commonName_default = ndpar.org | |
| emailAddress = Email Address | |
| emailAddress_default = it@ndpar.org | |
| #################################################################### | |
| [ server_req_extensions ] | |
| subjectKeyIdentifier = hash | |
| basicConstraints = CA:FALSE | |
| keyUsage = digitalSignature, keyEncipherment | |
| subjectAltName = @alternate_names | |
| nsComment = "OpenSSL Generated Certificate" | |
| #################################################################### | |
| [ alternate_names ] | |
| DNS.1 = ndpar.org | |
| DNS.2 = www.ndpar.org | |
| DNS.3 = *.ndpar.org |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment