CA
HOME = . | |
RANDFILE = $ENV::HOME/.rnd | |
#################################################################### | |
[ ca ] | |
default_ca = CA_default # The default ca section | |
[ CA_default ] | |
default_days = 730 # how long to certify for | |
default_crl_days = 30 # how long before next CRL | |
default_md = sha256 # use public key default MD | |
preserve = no # keep passed DN ordering | |
x509_extensions = ca_extensions # The extensions to add to the cert | |
email_in_dn = no # Don't concat the email in the DN | |
copy_extensions = copy # Required to copy SANs from CSR to cert | |
base_dir = . | |
certificate = $base_dir/cacert.pem # The CA certifcate | |
private_key = $base_dir/cakey.pem # The CA private key | |
new_certs_dir = $base_dir/newcerts # Location for new certs after signing | |
certs = $base_dir/certs # Where the issued certs are kept | |
crl_dir = $base_dir/crl # Where the issued crl are kept | |
database = $base_dir/index.txt # Database index file | |
serial = $base_dir/serial.txt # The current serial number | |
unique_subject = no # Set to 'no' to allow creation of | |
# several certificates with same subject. | |
#################################################################### | |
[ req ] | |
default_bits = 4096 | |
default_keyfile = cakey.pem | |
distinguished_name = ca_distinguished_name | |
x509_extensions = ca_extensions | |
string_mask = utf8only | |
#################################################################### | |
[ ca_distinguished_name ] | |
countryName = Country Name (2 letter code) | |
countryName_default = CA | |
stateOrProvinceName = State or Province Name (full name) | |
stateOrProvinceName_default = Ontario | |
localityName = Locality Name (eg, city) | |
localityName_default = Toronto | |
organizationName = Organization Name (eg, company) | |
organizationName_default = NDPAR INC. | |
organizationalUnitName = Organizational Unit (eg, division) | |
organizationalUnitName_default = IT | |
commonName = Common Name (e.g. server FQDN or YOUR name) | |
commonName_default = ndpar.org | |
emailAddress = Email Address | |
emailAddress_default = ca@ndpar.org | |
#################################################################### | |
[ ca_extensions ] | |
subjectKeyIdentifier = hash | |
authorityKeyIdentifier = keyid:always, issuer | |
basicConstraints = critical, CA:true | |
keyUsage = keyCertSign, cRLSign | |
#################################################################### | |
[ signing_policy ] | |
countryName = optional | |
stateOrProvinceName = optional | |
localityName = optional | |
organizationName = optional | |
organizationalUnitName = optional | |
commonName = supplied | |
emailAddress = optional | |
#################################################################### | |
[ signing_req ] | |
subjectKeyIdentifier = hash | |
authorityKeyIdentifier = keyid,issuer | |
basicConstraints = CA:FALSE | |
keyUsage = digitalSignature, keyEncipherment |
HOME = . | |
RANDFILE = $ENV::HOME/.rnd | |
#################################################################### | |
[ req ] | |
default_bits = 2048 | |
default_keyfile = serverkey.pem | |
distinguished_name = server_distinguished_name | |
req_extensions = server_req_extensions | |
string_mask = utf8only | |
#################################################################### | |
[ server_distinguished_name ] | |
countryName = Country Name (2 letter code) | |
countryName_default = CA | |
stateOrProvinceName = State or Province Name (full name) | |
stateOrProvinceName_default = Ontario | |
localityName = Locality Name (eg, city) | |
localityName_default = Toronto | |
organizationName = Organization Name (eg, company) | |
organizationName_default = NDPAR INC. | |
commonName = Common Name (e.g. server FQDN or YOUR name) | |
commonName_default = ndpar.org | |
emailAddress = Email Address | |
emailAddress_default = it@ndpar.org | |
#################################################################### | |
[ server_req_extensions ] | |
subjectKeyIdentifier = hash | |
basicConstraints = CA:FALSE | |
keyUsage = digitalSignature, keyEncipherment | |
subjectAltName = @alternate_names | |
nsComment = "OpenSSL Generated Certificate" | |
#################################################################### | |
[ alternate_names ] | |
DNS.1 = ndpar.org | |
DNS.2 = www.ndpar.org | |
DNS.3 = *.ndpar.org |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment