X-Git-Url: http://git.argeo.org/?a=blobdiff_plain;f=demo%2Fssl%2Fopenssl.cnf;h=05bb6f77f6eee365410da003bb4da7274360079b;hb=94fc38845d358e5aafdcfb97110e6e381dc04259;hp=45cfea08cd46cf8d2cccf17df05b36b0cf9a3406;hpb=8c273829d9bfa505e4c269a239c98491ab4e31e7;p=lgpl%2Fargeo-commons.git diff --git a/demo/ssl/openssl.cnf b/demo/ssl/openssl.cnf index 45cfea08c..05bb6f77f 100644 --- a/demo/ssl/openssl.cnf +++ b/demo/ssl/openssl.cnf @@ -17,18 +17,18 @@ x509_extensions = usr_cert # The extentions to add to the cert name_opt = ca_default # Subject Name options cert_opt = ca_default # Certificate field options crl_extensions = crl_ext -default_days = 3650 # how long to certify for +default_days = 365 # how long to certify for default_crl_days= 30 # how long before next CRL default_md = default # use public key default MD preserve = no # keep passed DN ordering policy = policy_match [ policy_match ] -countryName = match -stateOrProvinceName = match -organizationName = match +countryName = optional +stateOrProvinceName = optional +organizationName = optional organizationalUnitName = optional -commonName = supplied +commonName = optional emailAddress = optional [ policy_anything ] @@ -37,11 +37,11 @@ stateOrProvinceName = optional localityName = optional organizationName = optional organizationalUnitName = optional -commonName = supplied +commonName = optional emailAddress = optional [ req ] -default_bits = 1024 +default_bits = 4096 default_md = sha1 default_keyfile = privkey.pem distinguished_name = req_distinguished_name @@ -49,8 +49,8 @@ attributes = req_attributes x509_extensions = v3_ca # The extensions to add to the self signed cert # Passwords for private keys if not present they will be prompted for -# input_password = secret -# output_password = secret +input_password = demo +output_password = demo string_mask = utf8only req_extensions = v3_req # The extensions to add to a certificate request @@ -59,7 +59,7 @@ req_extensions = v3_req # The extensions to add to a certificate request countryName = Country Name (2 letter code) countryName_min = 2 countryName_max = 2 -stateOrProvinceName = State or Province Name (full name) +#stateOrProvinceName = State or Province Name (full name) #localityName = Locality Name (eg, city) 0.organizationName = Organization Name (eg, company) organizationalUnitName = Organizational Unit Name (eg, section) @@ -73,10 +73,11 @@ emailAddress_max = 64 ## DEFAULT VALUES ## countryName_default = DE -stateOrProvinceName_default = Berlin +#stateOrProvinceName_default = Berlin #localityName_default = Berlin 0.organizationName_default = Example -organizationalUnitName_default = People +organizationalUnitName_default = Certificate Authorities +commonName_default = Intermediate CA [ req_attributes ] #challengePassword = A challenge password @@ -98,11 +99,15 @@ keyUsage = nonRepudiation, digitalSignature, keyEncipherment [ v3_ca ] subjectKeyIdentifier=hash authorityKeyIdentifier=keyid:always,issuer -basicConstraints = critical,CA:true -# keyUsage = cRLSign, keyCertSign - -subjectAltName=email:copy -issuerAltName=issuer:copy +basicConstraints = critical, CA:true +keyUsage = critical, digitalSignature, cRLSign, keyCertSign + +[ v3_intermediate_ca ] +# Extensions for a typical intermediate CA (`man x509v3_config`). +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always,issuer +basicConstraints = critical, CA:true, pathlen:0 +keyUsage = critical, digitalSignature, cRLSign, keyCertSign [ crl_ext ] issuerAltName=issuer:copy