Skip to content

Instantly share code, notes, and snippets.

@salrashid123
Last active May 22, 2018
Embed
What would you like to do?
openssl.cnf
HOME = .
RANDFILE = $ENV::HOME/.rnd
oid_section = new_oids
extensions = v3_req
[ new_oids ]
####################################################################
[ ca ]
default_ca = CA_default # The default ca section
####################################################################
[ CA_default ]
dir = ./
certs = $dir/certs # Where the issued certs are kept
crl_dir = $dir/crl # Where the issued crl are kept
database = $dir/index.txt # database index file.
new_certs_dir = $dir/new_certs # default place for new certs.
certificate = $dir/CA_crt.pem # The CA certificate
serial = $dir/serial # The current serial number
crl = $dir/CA_crl.pem # The current CRL
private_key = $dir/CA_key.pem
RANDFILE = $dir/.rand # private random number file
x509_extensions = usr_cert # The extentions to add to the cert
# crl_extensions = crl_ext
default_days = 1825 # how long to certify for
default_crl_days= 365 # how long before next CRL
default_md = sha256
preserve = no # keep passed DN ordering
policy = policy_match
# For the CA policy
[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
[ req ]
default_bits = 1024
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca # The extentions to add to the self signed cert
string_mask = nombstr
#req_extensions = v3_req # The extensions to add to a certificate request
[ req_distinguished_name ]
countryName = country
countryName_default = US
countryName_min = 2
countryName_max = 2
stateOrProvinceName = province
stateOrProvinceName_default = California
localityName = locality
localityName_default = Mountain View
0.organizationName = O
0.organizationName_default = Google
organizationalUnitName = OU
organizationalUnitName_default = Enterprise
commonName = CN
commonName_default = MyCA
commonName_max = 64
emailAddress = email
emailAddress_max = 40
# SET-ex3 = SET extension number 3
[ req_attributes ]
challengePassword =
challengePassword_min = 0
challengePassword_max = 20
unstructuredName = An optional company name
[ usr_cert ]
nsComment = "OpenSSL Generated Certificate"
#subjectAltName = @alt_names
keyUsage = digitalSignature, nonRepudiation, keyEncipherment
[alt_names]
DNS.1 = squid.yourdomain.com
[ v3_req ]
basicConstraints = CA:false
keyUsage = digitalSignature, nonRepudiation, keyEncipherment
[ v3_ca ]
basicConstraints = CA:true
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment, keyAgreement, keyCertSign, cRLSign
[ crl_ext ]
authorityKeyIdentifier=keyid:always,issuer:always
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment