X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=sdk%2Fssl%2Fopenssl.cnf;fp=sdk%2Fssl%2Fopenssl.cnf;h=05bb6f77f6eee365410da003bb4da7274360079b;hb=406efdadf16d13ee40e1ce75177dcda775dd7abd;hp=0000000000000000000000000000000000000000;hpb=e96a083b731800c0089660088279f0e232b5c6b6;p=lgpl%2Fargeo-commons.git diff --git a/sdk/ssl/openssl.cnf b/sdk/ssl/openssl.cnf new file mode 100644 index 000000000..05bb6f77f --- /dev/null +++ b/sdk/ssl/openssl.cnf @@ -0,0 +1,120 @@ +dir = ./CA # Where everything is kept + +[ ca ] +default_ca = CA_default # The default ca section + +[ CA_default ] +certs = $dir/certs # Where the issued certs are kept +crl_dir = $dir/crl # Where the issued crl are kept +database = $dir/index.txt # database index file. +new_certs_dir = $dir/newcerts # default place for new certs. +certificate = $dir/cacert.pem # The CA certificate +serial = $dir/serial # The current serial number +crlnumber = $dir/crlnumber # the current crl number +crl = $dir/crl.pem # The current CRL +private_key = $dir/private/cakey.pem # The private key +x509_extensions = usr_cert # The extentions to add to the cert +name_opt = ca_default # Subject Name options +cert_opt = ca_default # Certificate field options +crl_extensions = crl_ext +default_days = 365 # how long to certify for +default_crl_days= 30 # how long before next CRL +default_md = default # use public key default MD +preserve = no # keep passed DN ordering +policy = policy_match + +[ policy_match ] +countryName = optional +stateOrProvinceName = optional +organizationName = optional +organizationalUnitName = optional +commonName = optional +emailAddress = optional + +[ policy_anything ] +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = optional +emailAddress = optional + +[ req ] +default_bits = 4096 +default_md = sha1 +default_keyfile = privkey.pem +distinguished_name = req_distinguished_name +attributes = req_attributes +x509_extensions = v3_ca # The extensions to add to the self signed cert + +# Passwords for private keys if not present they will be prompted for +input_password = demo +output_password = demo + +string_mask = utf8only +req_extensions = v3_req # The extensions to add to a certificate request + +[ req_distinguished_name ] +countryName = Country Name (2 letter code) +countryName_min = 2 +countryName_max = 2 +#stateOrProvinceName = State or Province Name (full name) +#localityName = Locality Name (eg, city) +0.organizationName = Organization Name (eg, company) +organizationalUnitName = Organizational Unit Name (eg, section) +commonName = Common Name (eg, your name or your server\'s hostname) +commonName_max = 64 +emailAddress = Email Address +emailAddress_max = 64 +# SET-ex3 = SET extension number 3 + +## +## DEFAULT VALUES +## +countryName_default = DE +#stateOrProvinceName_default = Berlin +#localityName_default = Berlin +0.organizationName_default = Example +organizationalUnitName_default = Certificate Authorities +commonName_default = Intermediate CA + +[ req_attributes ] +#challengePassword = A challenge password +#challengePassword_min = 4 +#challengePassword_max = 20 +#unstructuredName = An optional company name + +[ usr_cert ] +basicConstraints=CA:FALSE +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer +subjectAltName=email:move +issuerAltName=issuer:copy + +[ v3_req ] +basicConstraints = CA:FALSE +keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +[ v3_ca ] +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid:always,issuer +basicConstraints = critical, CA:true +keyUsage = critical, digitalSignature, cRLSign, keyCertSign + +[ v3_intermediate_ca ] +# Extensions for a typical intermediate CA (`man x509v3_config`). +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always,issuer +basicConstraints = critical, CA:true, pathlen:0 +keyUsage = critical, digitalSignature, cRLSign, keyCertSign + +[ crl_ext ] +issuerAltName=issuer:copy +authorityKeyIdentifier=keyid:always + +[ server_ext ] +extendedKeyUsage=serverAuth + +[ user_ext ] +extendedKeyUsage=clientAuth,emailProtection