1e1051a39Sopenharmony_ci# 2e1051a39Sopenharmony_ci# OpenSSL configuration file to create apps directory certificates 3e1051a39Sopenharmony_ci# 4e1051a39Sopenharmony_ci 5e1051a39Sopenharmony_ci# This definition stops the following lines choking if HOME or CN 6e1051a39Sopenharmony_ci# is undefined. 7e1051a39Sopenharmony_ciHOME = . 8e1051a39Sopenharmony_ciCN = "Not Defined" 9e1051a39Sopenharmony_ci 10e1051a39Sopenharmony_ci# Comment out the next line to ignore configuration errors 11e1051a39Sopenharmony_ciconfig_diagnostics = 1 12e1051a39Sopenharmony_ci 13e1051a39Sopenharmony_ci 14e1051a39Sopenharmony_ci#################################################################### 15e1051a39Sopenharmony_ci[ req ] 16e1051a39Sopenharmony_cidefault_bits = 2048 17e1051a39Sopenharmony_cidefault_keyfile = privkey.pem 18e1051a39Sopenharmony_ci# Don't prompt for fields: use those in section directly 19e1051a39Sopenharmony_ciprompt = no 20e1051a39Sopenharmony_cidistinguished_name = req_distinguished_name 21e1051a39Sopenharmony_cix509_extensions = v3_ca # The extensions to add to the self signed cert 22e1051a39Sopenharmony_cistring_mask = utf8only 23e1051a39Sopenharmony_ci 24e1051a39Sopenharmony_ci# req_extensions = v3_req # The extensions to add to a certificate request 25e1051a39Sopenharmony_ci 26e1051a39Sopenharmony_ci[ req_distinguished_name ] 27e1051a39Sopenharmony_cicountryName = UK 28e1051a39Sopenharmony_ci 29e1051a39Sopenharmony_ciorganizationName = OpenSSL Group 30e1051a39Sopenharmony_ciorganizationalUnitName = FOR TESTING PURPOSES ONLY 31e1051a39Sopenharmony_ci# Take CN from environment so it can come from a script. 32e1051a39Sopenharmony_cicommonName = $ENV::CN 33e1051a39Sopenharmony_ci 34e1051a39Sopenharmony_ci[ usr_cert ] 35e1051a39Sopenharmony_ci 36e1051a39Sopenharmony_ci# These extensions are added when 'ca' signs a request for an end entity 37e1051a39Sopenharmony_ci# certificate 38e1051a39Sopenharmony_ci 39e1051a39Sopenharmony_cibasicConstraints=critical, CA:FALSE 40e1051a39Sopenharmony_cikeyUsage=critical, nonRepudiation, digitalSignature, keyEncipherment 41e1051a39Sopenharmony_ci 42e1051a39Sopenharmony_ci[ ec_cert ] 43e1051a39Sopenharmony_ci 44e1051a39Sopenharmony_ci# These extensions are added when 'ca' signs a request for an end entity 45e1051a39Sopenharmony_ci# certificate 46e1051a39Sopenharmony_ci 47e1051a39Sopenharmony_cibasicConstraints=critical, CA:FALSE 48e1051a39Sopenharmony_cikeyUsage=critical, nonRepudiation, digitalSignature, keyAgreement 49e1051a39Sopenharmony_ci 50e1051a39Sopenharmony_ci# PKIX recommendations harmless if included in all certificates. 51e1051a39Sopenharmony_cisubjectKeyIdentifier=hash 52e1051a39Sopenharmony_ciauthorityKeyIdentifier=keyid 53e1051a39Sopenharmony_ci 54e1051a39Sopenharmony_ci[ v3_ca ] 55e1051a39Sopenharmony_ci 56e1051a39Sopenharmony_ci 57e1051a39Sopenharmony_ci# Extensions for a typical CA 58e1051a39Sopenharmony_ci 59e1051a39Sopenharmony_ci# PKIX recommendation. 60e1051a39Sopenharmony_ci 61e1051a39Sopenharmony_cisubjectKeyIdentifier=hash 62e1051a39Sopenharmony_ciauthorityKeyIdentifier=keyid:always 63e1051a39Sopenharmony_cibasicConstraints = critical,CA:true 64e1051a39Sopenharmony_cikeyUsage = critical, cRLSign, keyCertSign 65e1051a39Sopenharmony_ci 66e1051a39Sopenharmony_ci 67