| Ralf S. Engelschall | d02b48c | 1998-12-21 10:52:47 +0000 | [diff] [blame] | 1 | # |
| Ralf S. Engelschall | 06d5b16 | 1999-01-02 12:59:33 +0000 | [diff] [blame^] | 2 | # OpenSSL example configuration file. |
| Ralf S. Engelschall | d02b48c | 1998-12-21 10:52:47 +0000 | [diff] [blame] | 3 | # This is mostly being used for generation of certificate requests. |
| 4 | # |
| 5 | |
| 6 | RANDFILE = $ENV::HOME/.rnd |
| Ralf S. Engelschall | dfeab06 | 1998-12-21 11:00:56 +0000 | [diff] [blame] | 7 | oid_file = $ENV::HOME/.oid |
| Ralf S. Engelschall | d02b48c | 1998-12-21 10:52:47 +0000 | [diff] [blame] | 8 | |
| 9 | #################################################################### |
| 10 | [ ca ] |
| 11 | default_ca = CA_default # The default ca section |
| 12 | |
| 13 | #################################################################### |
| 14 | [ CA_default ] |
| 15 | |
| 16 | dir = ./demoCA # Where everything is kept |
| 17 | certs = $dir/certs # Where the issued certs are kept |
| 18 | crl_dir = $dir/crl # Where the issued crl are kept |
| 19 | database = $dir/index.txt # database index file. |
| 20 | new_certs_dir = $dir/newcerts # default place for new certs. |
| 21 | |
| 22 | certificate = $dir/cacert.pem # The CA certificate |
| 23 | serial = $dir/serial # The current serial number |
| 24 | crl = $dir/crl.pem # The current CRL |
| 25 | private_key = $dir/private/cakey.pem# The private key |
| 26 | RANDFILE = $dir/private/.rand # private random number file |
| 27 | |
| 28 | x509_extensions = x509v3_extensions # The extentions to add to the cert |
| 29 | default_days = 365 # how long to certify for |
| 30 | default_crl_days= 30 # how long before next CRL |
| 31 | default_md = md5 # which md to use. |
| 32 | preserve = no # keep passed DN ordering |
| 33 | |
| 34 | # A few difference way of specifying how similar the request should look |
| 35 | # For type CA, the listed attributes must be the same, and the optional |
| 36 | # and supplied fields are just that :-) |
| 37 | policy = policy_match |
| 38 | |
| 39 | # For the CA policy |
| 40 | [ policy_match ] |
| 41 | countryName = match |
| 42 | stateOrProvinceName = match |
| 43 | organizationName = match |
| 44 | organizationalUnitName = optional |
| 45 | commonName = supplied |
| 46 | emailAddress = optional |
| 47 | |
| 48 | # For the 'anything' policy |
| 49 | # At this point in time, you must list all acceptable 'object' |
| 50 | # types. |
| 51 | [ policy_anything ] |
| 52 | countryName = optional |
| 53 | stateOrProvinceName = optional |
| 54 | localityName = optional |
| 55 | organizationName = optional |
| 56 | organizationalUnitName = optional |
| 57 | commonName = supplied |
| 58 | emailAddress = optional |
| 59 | |
| 60 | #################################################################### |
| 61 | [ req ] |
| 62 | default_bits = 1024 |
| 63 | default_keyfile = privkey.pem |
| 64 | distinguished_name = req_distinguished_name |
| 65 | attributes = req_attributes |
| 66 | |
| 67 | [ req_distinguished_name ] |
| 68 | countryName = Country Name (2 letter code) |
| 69 | countryName_default = AU |
| 70 | countryName_min = 2 |
| 71 | countryName_max = 2 |
| 72 | |
| 73 | stateOrProvinceName = State or Province Name (full name) |
| 74 | stateOrProvinceName_default = Some-State |
| 75 | |
| 76 | localityName = Locality Name (eg, city) |
| 77 | |
| 78 | 0.organizationName = Organization Name (eg, company) |
| 79 | 0.organizationName_default = Internet Widgits Pty Ltd |
| 80 | |
| 81 | # we can do this but it is not needed normally :-) |
| 82 | #1.organizationName = Second Organization Name (eg, company) |
| Ralf S. Engelschall | 06d5b16 | 1999-01-02 12:59:33 +0000 | [diff] [blame^] | 83 | #1.organizationName_default = World Wide Web Pty Ltd |
| Ralf S. Engelschall | d02b48c | 1998-12-21 10:52:47 +0000 | [diff] [blame] | 84 | |
| 85 | organizationalUnitName = Organizational Unit Name (eg, section) |
| 86 | #organizationalUnitName_default = |
| 87 | |
| 88 | commonName = Common Name (eg, YOUR name) |
| 89 | commonName_max = 64 |
| 90 | |
| 91 | emailAddress = Email Address |
| 92 | emailAddress_max = 40 |
| 93 | |
| Ralf S. Engelschall | dfeab06 | 1998-12-21 11:00:56 +0000 | [diff] [blame] | 94 | SET-ex3 = SET extension number 3 |
| 95 | |
| Ralf S. Engelschall | d02b48c | 1998-12-21 10:52:47 +0000 | [diff] [blame] | 96 | [ req_attributes ] |
| 97 | challengePassword = A challenge password |
| 98 | challengePassword_min = 4 |
| 99 | challengePassword_max = 20 |
| 100 | |
| 101 | unstructuredName = An optional company name |
| 102 | |
| 103 | [ x509v3_extensions ] |
| 104 | |
| Ralf S. Engelschall | 06d5b16 | 1999-01-02 12:59:33 +0000 | [diff] [blame^] | 105 | nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem |
| Ralf S. Engelschall | d02b48c | 1998-12-21 10:52:47 +0000 | [diff] [blame] | 106 | nsComment = "This is a comment" |
| 107 | |
| 108 | # under ASN.1, the 0 bit would be encoded as 80 |
| 109 | nsCertType = 0x40 |
| 110 | |
| 111 | #nsBaseUrl |
| 112 | #nsRevocationUrl |
| 113 | #nsRenewalUrl |
| 114 | #nsCaPolicyUrl |
| 115 | #nsSslServerName |
| 116 | #nsCertSequence |
| 117 | #nsCertExt |
| 118 | #nsDataType |
| 119 | |
