63 lines
1.5 KiB
Plaintext
63 lines
1.5 KiB
Plaintext
#
|
|
# OpenSSL configuration file.
|
|
#
|
|
|
|
# Establish working directory
|
|
dir = .
|
|
|
|
[ ca ]
|
|
default_ca = CA_Default
|
|
|
|
[ CA_Default ]
|
|
serial = $dir/serial
|
|
database = $dir/index.txt
|
|
new_certs_dir = $dir/newcerts
|
|
certificate = $dir/certs/ca-cert.pem
|
|
private_key = $dir/private/ca-key.pem
|
|
default_days = #LENGTH# # Certificates are signed for default_days days
|
|
default_md = md5
|
|
preserve = no
|
|
email_in_dn = no
|
|
nameopt = default_ca
|
|
certopt = default_ca
|
|
policy = policy_match
|
|
copy_extensions = copy
|
|
|
|
[ policy_match ]
|
|
countryName = match
|
|
stateOrProvinceName = match
|
|
organizationName = match
|
|
organizationalUnitName = optional
|
|
commonName = supplied
|
|
emailAddress = optional
|
|
|
|
[ req ]
|
|
default_bits = 2048 # Taille des clés
|
|
default_keyfile = newkeys/key.pem # Nom de la clé généré (à spécifier en ligne de commande si différent)
|
|
default_md = md5 # Algorithme de résumé (hash)
|
|
string_mask = nombstr # Caractères authorisés
|
|
prompt = no
|
|
distinguished_name = req_distinguished_name
|
|
req_extensions = v3_req
|
|
# On ne veut ces extensions que pour générer les certificats racines
|
|
# donc on le spécifie sur la ligne de commande
|
|
x509_extensions = v3_ca
|
|
|
|
[ req_distinguished_name ]
|
|
organizationName = #ORG#
|
|
organizationalUnitName = #ORGUNIT#
|
|
localityName = #LOCALITY#
|
|
stateOrProvinceName = #STATE#
|
|
countryName = #COUNTRY#
|
|
commonName = #COMMONNAME#
|
|
|
|
[ v3_ca ]
|
|
basicConstraints = CA:TRUE
|
|
subjectKeyIdentifier = hash
|
|
authorityKeyIdentifier = keyid:always,issuer:always
|
|
|
|
[ v3_req ]
|
|
basicConstraints = CA:FALSE
|
|
subjectKeyIdentifier = hash
|
|
subjectAltName = #ALTNAME#
|