| 179 |
rodolico |
1 |
[ req ]
|
|
|
2 |
default_bits = 2048 # default key size
|
|
|
3 |
default_md = sha256 # default message digest algorithm
|
|
|
4 |
distinguished_name = req_distinguished_name # definition used for DN
|
|
|
5 |
req_extensions = v3_req # go look at v3_req section for the extensions def
|
|
|
6 |
prompt = no # do not ask questions, take defaults
|
|
|
7 |
|
|
|
8 |
[ req_distinguished_name ]
|
| 180 |
rodolico |
9 |
#commonName = required # may also use CN
|
|
|
10 |
#countryName = optional # may also use C
|
|
|
11 |
#stateOrProvinceName = optional # may also use ST
|
|
|
12 |
#organizationName = optional # may also use O
|
|
|
13 |
#organizationalUnitName = optional # may also use OU
|
|
|
14 |
#emailAddress = optional
|
|
|
15 |
|
| 179 |
rodolico |
16 |
# Required fields
|
| 180 |
rodolico |
17 |
CN = www.example.com
|
|
|
18 |
# not required
|
| 179 |
rodolico |
19 |
C = US
|
|
|
20 |
ST = Texas
|
|
|
21 |
O = Example Corp
|
|
|
22 |
L = Dallas
|
|
|
23 |
OU = Headquarters
|
|
|
24 |
emailAddress = info@example.com
|
|
|
25 |
|
|
|
26 |
[ v3_req ]
|
|
|
27 |
keyUsage = critical, digitalSignature, keyEncipherment
|
|
|
28 |
extendedKeyUsage = serverAuth, clientAuth
|
|
|
29 |
subjectAltName = @alt_names # look for section [ alt_names ] for all the names
|
|
|
30 |
basicConstraints = CA:FALSE
|
|
|
31 |
# these are not used in our scenario
|
|
|
32 |
# authorityKeyIdentifier = keyid,issuer
|
|
|
33 |
#certificatePolicies = policies that govern the use of the certificate, useful in compliance scenarios
|
|
|
34 |
#crlDistributionPoints = URLs for retrieving the CRL
|
|
|
35 |
|
|
|
36 |
# list of all names for the cert, filled in by makeCert if .ext file does
|
|
|
37 |
# not exist
|
|
|
38 |
[ alt_names ]
|