Skip to content

Instantly share code, notes, and snippets.

@oz9un

oz9un/openssl.conf

Created October 26, 2021 06:30
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save oz9un/60cb7d491989002578d7d763dfda333c to your computer and use it in GitHub Desktop.
Save oz9un/60cb7d491989002578d7d763dfda333c to your computer and use it in GitHub Desktop.
Download ZIP
openssl.conf for Windows
Raw
openssl.conf
oid_section = OIDs
[ OIDs ]
certificateTemplateName = 1.3.6.1.4.1.311.20.2
caVersion = 1.3.6.1.4.1.311.21.1
[ ca ]
default_ca = CA_default
[ CA_default ]
dir = /home/pardus/ca
certs = $dir/certs
csr = $dir/csr
crl_dir = $dir/crl
new_certs_dir = $dir/newcerts
database = $dir/index.txt
serial = $dir/serial
extfiles = $dir/extfiles
RANDFILE = $dir/private/.rand
private_key = $dir/private/ca.key.pem
certificate = $dir/certs/ca.cert.pem
crlnumber = $dir/crlnumber
crl = $dir/crl/ca.crl.pem
crl_extensions = crl_ext
default_crl_days = 30
default_md = sha256
name_opt = ca_default
cert_opt = ca_default
default_days = 375
preserve = no
policy = policy_strict
[ policy_strict ]
countryName = optional
commonName = supplied
stateOrProvinceName = optional
organizationName = optional
organizationalUnitName = optional
emailAddress = optional
DC = optional
[ policy_loose ]
countryName = optional
stateOrProvinceName = optional
commonName = supplied
localityName = optional
organizationName = optional
organizationalUnitName = optional
emailAddress = optional
[ req ]
default_bits = 2048
distinguished_name = req_distinguished_name
string_mask = default
default_md = sha256
x509_extensions = v3_ca
req_extensions = v3_req
[ v3_req ]
subjectKeyIdentifier = hash
basicConstraints = critical, CA:true
keyUsage = digitalSignature, cRLSign, keyCertSign
certificateTemplateName = ASN1:PRINTABLESTRING:CA
caVersion = ASN1:INTEGER:0
[ req_distinguished_name ]
1.DC = com
0.DC = company
DC = subdomain
commonName = Common Name
[ v3_ca ]
subjectKeyIdentifier = hash
basicConstraints = critical, CA:true
keyUsage = digitalSignature, cRLSign, keyCertSign
[ v3_intermediate_ca ]
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always,issuer
basicConstraints = critical, CA:true, pathlen:0
keyUsage = critical, digitalSignature, cRLSign, keyCertSign
[ usr_cert ]
basicConstraints = CA:FALSE
nsCertType = client, email
nsComment = OpenSSL Generated Client Certificate
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid,issuer
keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
extendedKeyUsage = clientAuth, emailProtection
crlDistributionPoints = URI:http://10.154.127.103:8888/openssl.crl
[ server_cert ]
basicConstraints = CA:FALSE
nsCertType = server
nsComment = OpenSSL Generated Server Certificate
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid,issuer:always
keyUsage = critical, digitalSignature, keyEncipherment
extendedKeyUsage = serverAuth
crlDistributionPoints = URI:http://10.154.127.103:8888/openssl.crl
[ crl_ext ]
authorityKeyIdentifier = keyid:always
[ ocsp ]
basicConstraints = CA:FALSE
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid,issuer
keyUsage = critical, digitalSignature
extendedKeyUsage = critical, OCSPSigning
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment