Various scripts in various languages.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

openssl.cnf.in 1.6KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172
  1. #
  2. # OpenSSL configuration file.
  3. #
  4. # Establish working directory
  5. dir = .
  6. [ ca ]
  7. default_ca = CA_Default
  8. [ CA_Default ]
  9. serial = $dir/serial
  10. database = $dir/index.txt
  11. new_certs_dir = $dir/newcerts
  12. certificate = $dir/certs/ca-cert.pem
  13. private_key = $dir/private/ca-key.pem
  14. default_days = @LENGTH@ # Certificates are signed for default_days days
  15. default_md = sha1
  16. preserve = no
  17. email_in_dn = no
  18. nameopt = default_ca
  19. certopt = default_ca
  20. policy = policy_match
  21. copy_extensions = copy
  22. # We want those extensions only to generate the root certificates, so
  23. # we specify it on the command line:
  24. x509_extensions = v3_x509
  25. [ policy_match ]
  26. localityName = match
  27. countryName = match
  28. stateOrProvinceName = match
  29. organizationName = match
  30. organizationalUnitName = optional
  31. commonName = supplied
  32. emailAddress = optional
  33. [ req ]
  34. # Keys' size:
  35. default_bits = 2048
  36. # Name of the generated key (specify it as a CLI argument if different):
  37. default_keyfile = newkeys/key.pem
  38. # Hash algorithm:
  39. default_md = sha1
  40. # Authorised characters:
  41. string_mask = nombstr
  42. prompt = no
  43. distinguished_name = req_distinguished_name
  44. req_extensions = v3_req
  45. [ req_distinguished_name ]
  46. organizationName = @ORG@
  47. organizationalUnitName = @ORGUNIT@
  48. localityName = @LOCALITY@
  49. stateOrProvinceName = @STATE@
  50. countryName = @COUNTRY@
  51. commonName = @COMMONNAME@
  52. [ v3_ca ]
  53. basicConstraints = CA:TRUE
  54. subjectKeyIdentifier = hash
  55. authorityKeyIdentifier = keyid:always,issuer:always
  56. [ v3_req ]
  57. basicConstraints = CA:FALSE
  58. subjectKeyIdentifier = hash
  59. subjectAltName = @ALTNAME@
  60. [ v3_x509 ]
  61. basicConstraints = CA:FALSE
  62. subjectKeyIdentifier = hash
  63. authorityKeyIdentifier = keyid:always,issuer:always