WebSVN – sysadmin_scripts – Diff – /trunk/ssl_certs/openssl.cnf.sample

 [ req ]
-default_bits       = 2048 # default key size
+default_bits        = 2048            # Size of keys
-default_md         = sha256 # default message digest algorithm
+default_keyfile     = privkey.pem     # Default private key file
-distinguished_name = req_distinguished_name # definition used for DN
+distinguished_name  = req_distinguished_name
-req_extensions     = v3_req # go look at v3_req section for the extensions def
+prompt              = no
+#string_mask         = utf8
-prompt             = no # do not ask questions, take defaults
+req_extensions      = req_ext          # Extensions to add to certificate requests
 [ req_distinguished_name ]
-#commonName              = required # may also use CN
-#countryName             = optional # may also use C
-#stateOrProvinceName     = optional # may also use ST
-#organizationName        = optional # may also use O
-#organizationalUnitName  = optional # may also use OU
-#emailAddress            = optional
+# Modify these for your network
-# Required fields
-CN = www.example.com
-# not required
 C  = US
 ST = Texas
-O  = Example Corp
 L  = Dallas
-OU = Headquarters
+O  = Example Corp
+OU = Office
+CN = example.org
-emailAddress = info@example.com
+emailAddress = admin@example.org
+[ req_ext ]
+keyUsage = critical, digitalSignature, keyEncipherment
+extendedKeyUsage = serverAuth
+subjectAltName = @alt_names
+# this section gets destroyed when creating server ext files
+[alt_names]
+DNS.1 = mydomain.com
+DNS.2 = www.mydomain.com
+# used when creating a CA
+[ ca ]
+default_ca = CA_default
+[ CA_default ]
+keyUsage = critical, digitalSignature, keyEncipherment
+basicConstraints = CA:TRUE
+# used when creating a Server Cert
+[ server ]
+# Extensions for server certificates
+keyUsage = critical, digitalSignature, keyEncipherment
+extendedKeyUsage = serverAuth
+basicConstraints = CA:FALSE  # Specify that this is not a CA
-[ v3_req ]
-keyUsage          = critical, digitalSignature, keyEncipherment
-extendedKeyUsage  = serverAuth, clientAuth
-subjectAltName    = @alt_names # look for section [ alt_names ] for all the names
-basicConstraints  = CA:FALSE
-# these are not used in our scenario
-# authorityKeyIdentifier = keyid,issuer
-#certificatePolicies = policies that govern the use of the certificate, useful in compliance scenarios
-#crlDistributionPoints =  URLs for retrieving the CRL
-# list of all names for the cert, filled in by makeCert if .ext file does
-# not exist
-[ alt_names ]

Subversion Repositories sysadmin_scripts

(root)/trunk/ssl_certs/openssl.cnf.sample – Rev 180 → 182