Last active
May 22, 2018 14:28
-
-
Save salrashid123/dbb032d4538c9df5d5ceed3f3e160ed4 to your computer and use it in GitHub Desktop.
openssl.cnf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
HOME = . | |
RANDFILE = $ENV::HOME/.rnd | |
oid_section = new_oids | |
extensions = v3_req | |
[ new_oids ] | |
#################################################################### | |
[ ca ] | |
default_ca = CA_default # The default ca section | |
#################################################################### | |
[ CA_default ] | |
dir = ./ | |
certs = $dir/certs # Where the issued certs are kept | |
crl_dir = $dir/crl # Where the issued crl are kept | |
database = $dir/index.txt # database index file. | |
new_certs_dir = $dir/new_certs # default place for new certs. | |
certificate = $dir/CA_crt.pem # The CA certificate | |
serial = $dir/serial # The current serial number | |
crl = $dir/CA_crl.pem # The current CRL | |
private_key = $dir/CA_key.pem | |
RANDFILE = $dir/.rand # private random number file | |
x509_extensions = usr_cert # The extentions to add to the cert | |
# crl_extensions = crl_ext | |
default_days = 1825 # how long to certify for | |
default_crl_days= 365 # how long before next CRL | |
default_md = sha256 | |
preserve = no # keep passed DN ordering | |
policy = policy_match | |
# For the CA policy | |
[ policy_match ] | |
countryName = match | |
stateOrProvinceName = match | |
organizationName = match | |
organizationalUnitName = optional | |
commonName = supplied | |
emailAddress = optional | |
[ policy_anything ] | |
countryName = optional | |
stateOrProvinceName = optional | |
localityName = optional | |
organizationName = optional | |
organizationalUnitName = optional | |
commonName = supplied | |
emailAddress = optional | |
[ req ] | |
default_bits = 1024 | |
default_keyfile = privkey.pem | |
distinguished_name = req_distinguished_name | |
attributes = req_attributes | |
x509_extensions = v3_ca # The extentions to add to the self signed cert | |
string_mask = nombstr | |
#req_extensions = v3_req # The extensions to add to a certificate request | |
[ req_distinguished_name ] | |
countryName = country | |
countryName_default = US | |
countryName_min = 2 | |
countryName_max = 2 | |
stateOrProvinceName = province | |
stateOrProvinceName_default = California | |
localityName = locality | |
localityName_default = Mountain View | |
0.organizationName = O | |
0.organizationName_default = Google | |
organizationalUnitName = OU | |
organizationalUnitName_default = Enterprise | |
commonName = CN | |
commonName_default = MyCA | |
commonName_max = 64 | |
emailAddress = email | |
emailAddress_max = 40 | |
# SET-ex3 = SET extension number 3 | |
[ req_attributes ] | |
challengePassword = | |
challengePassword_min = 0 | |
challengePassword_max = 20 | |
unstructuredName = An optional company name | |
[ usr_cert ] | |
nsComment = "OpenSSL Generated Certificate" | |
#subjectAltName = @alt_names | |
keyUsage = digitalSignature, nonRepudiation, keyEncipherment | |
[alt_names] | |
DNS.1 = squid.yourdomain.com | |
[ v3_req ] | |
basicConstraints = CA:false | |
keyUsage = digitalSignature, nonRepudiation, keyEncipherment | |
[ v3_ca ] | |
basicConstraints = CA:true | |
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment, keyAgreement, keyCertSign, cRLSign | |
[ crl_ext ] | |
authorityKeyIdentifier=keyid:always,issuer:always |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment