X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=demo%2Fssl%2Fopenssl.cnf;fp=demo%2Fssl%2Fopenssl.cnf;h=0000000000000000000000000000000000000000;hb=406efdadf16d13ee40e1ce75177dcda775dd7abd;hp=05bb6f77f6eee365410da003bb4da7274360079b;hpb=e96a083b731800c0089660088279f0e232b5c6b6;p=lgpl%2Fargeo-commons.git diff --git a/demo/ssl/openssl.cnf b/demo/ssl/openssl.cnf deleted file mode 100644 index 05bb6f77f..000000000 --- a/demo/ssl/openssl.cnf +++ /dev/null @@ -1,120 +0,0 @@ -dir = ./CA # Where everything is kept - -[ ca ] -default_ca = CA_default # The default ca section - -[ CA_default ] -certs = $dir/certs # Where the issued certs are kept -crl_dir = $dir/crl # Where the issued crl are kept -database = $dir/index.txt # database index file. -new_certs_dir = $dir/newcerts # default place for new certs. -certificate = $dir/cacert.pem # The CA certificate -serial = $dir/serial # The current serial number -crlnumber = $dir/crlnumber # the current crl number -crl = $dir/crl.pem # The current CRL -private_key = $dir/private/cakey.pem # The private key -x509_extensions = usr_cert # The extentions to add to the cert -name_opt = ca_default # Subject Name options -cert_opt = ca_default # Certificate field options -crl_extensions = crl_ext -default_days = 365 # how long to certify for -default_crl_days= 30 # how long before next CRL -default_md = default # use public key default MD -preserve = no # keep passed DN ordering -policy = policy_match - -[ policy_match ] -countryName = optional -stateOrProvinceName = optional -organizationName = optional -organizationalUnitName = optional -commonName = optional -emailAddress = optional - -[ policy_anything ] -countryName = optional -stateOrProvinceName = optional -localityName = optional -organizationName = optional -organizationalUnitName = optional -commonName = optional -emailAddress = optional - -[ req ] -default_bits = 4096 -default_md = sha1 -default_keyfile = privkey.pem -distinguished_name = req_distinguished_name -attributes = req_attributes -x509_extensions = v3_ca # The extensions to add to the self signed cert - -# Passwords for private keys if not present they will be prompted for -input_password = demo -output_password = demo - -string_mask = utf8only -req_extensions = v3_req # The extensions to add to a certificate request - -[ req_distinguished_name ] -countryName = Country Name (2 letter code) -countryName_min = 2 -countryName_max = 2 -#stateOrProvinceName = State or Province Name (full name) -#localityName = Locality Name (eg, city) -0.organizationName = Organization Name (eg, company) -organizationalUnitName = Organizational Unit Name (eg, section) -commonName = Common Name (eg, your name or your server\'s hostname) -commonName_max = 64 -emailAddress = Email Address -emailAddress_max = 64 -# SET-ex3 = SET extension number 3 - -## -## DEFAULT VALUES -## -countryName_default = DE -#stateOrProvinceName_default = Berlin -#localityName_default = Berlin -0.organizationName_default = Example -organizationalUnitName_default = Certificate Authorities -commonName_default = Intermediate CA - -[ req_attributes ] -#challengePassword = A challenge password -#challengePassword_min = 4 -#challengePassword_max = 20 -#unstructuredName = An optional company name - -[ usr_cert ] -basicConstraints=CA:FALSE -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid,issuer -subjectAltName=email:move -issuerAltName=issuer:copy - -[ v3_req ] -basicConstraints = CA:FALSE -keyUsage = nonRepudiation, digitalSignature, keyEncipherment - -[ v3_ca ] -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid:always,issuer -basicConstraints = critical, CA:true -keyUsage = critical, digitalSignature, cRLSign, keyCertSign - -[ v3_intermediate_ca ] -# Extensions for a typical intermediate CA (`man x509v3_config`). -subjectKeyIdentifier = hash -authorityKeyIdentifier = keyid:always,issuer -basicConstraints = critical, CA:true, pathlen:0 -keyUsage = critical, digitalSignature, cRLSign, keyCertSign - -[ crl_ext ] -issuerAltName=issuer:copy -authorityKeyIdentifier=keyid:always - -[ server_ext ] -extendedKeyUsage=serverAuth - -[ user_ext ] -extendedKeyUsage=clientAuth,emailProtection