X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=demo%2Fssl%2Fopenssl.cnf;h=05bb6f77f6eee365410da003bb4da7274360079b;hb=b257f54d9d6d3a7b181c76c0b74b0e780800faa7;hp=62f76bac03e08b3b357bc6f5f882c079ddc9b7f1;hpb=89cd1a458823bbbbb1a5167a953f3d03ef1d2e05;p=lgpl%2Fargeo-commons.git diff --git a/demo/ssl/openssl.cnf b/demo/ssl/openssl.cnf index 62f76bac0..05bb6f77f 100644 --- a/demo/ssl/openssl.cnf +++ b/demo/ssl/openssl.cnf @@ -41,7 +41,7 @@ commonName = optional emailAddress = optional [ req ] -default_bits = 1024 +default_bits = 4096 default_md = sha1 default_keyfile = privkey.pem distinguished_name = req_distinguished_name @@ -49,8 +49,8 @@ attributes = req_attributes x509_extensions = v3_ca # The extensions to add to the self signed cert # Passwords for private keys if not present they will be prompted for -# input_password = secret -# output_password = secret +input_password = demo +output_password = demo string_mask = utf8only req_extensions = v3_req # The extensions to add to a certificate request @@ -62,7 +62,7 @@ countryName_max = 2 #stateOrProvinceName = State or Province Name (full name) #localityName = Locality Name (eg, city) 0.organizationName = Organization Name (eg, company) -#organizationalUnitName = Organizational Unit Name (eg, section) +organizationalUnitName = Organizational Unit Name (eg, section) commonName = Common Name (eg, your name or your server\'s hostname) commonName_max = 64 emailAddress = Email Address @@ -76,8 +76,8 @@ countryName_default = DE #stateOrProvinceName_default = Berlin #localityName_default = Berlin 0.organizationName_default = Example -#organizationalUnitName_default = Certificate Authorities -commonName_default = Certificate Authority +organizationalUnitName_default = Certificate Authorities +commonName_default = Intermediate CA [ req_attributes ] #challengePassword = A challenge password @@ -99,11 +99,15 @@ keyUsage = nonRepudiation, digitalSignature, keyEncipherment [ v3_ca ] subjectKeyIdentifier=hash authorityKeyIdentifier=keyid:always,issuer -basicConstraints = critical,CA:true -# keyUsage = cRLSign, keyCertSign - -#subjectAltName=email:copy -issuerAltName=issuer:copy +basicConstraints = critical, CA:true +keyUsage = critical, digitalSignature, cRLSign, keyCertSign + +[ v3_intermediate_ca ] +# Extensions for a typical intermediate CA (`man x509v3_config`). +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always,issuer +basicConstraints = critical, CA:true, pathlen:0 +keyUsage = critical, digitalSignature, cRLSign, keyCertSign [ crl_ext ] issuerAltName=issuer:copy