1e1051a39Sopenharmony_ci# 2e1051a39Sopenharmony_ci# OpenSSL example configuration file for automated certificate creation. 3e1051a39Sopenharmony_ci# 4e1051a39Sopenharmony_ci 5e1051a39Sopenharmony_ci# Comment out the next line to ignore configuration errors 6e1051a39Sopenharmony_ciconfig_diagnostics = 1 7e1051a39Sopenharmony_ci 8e1051a39Sopenharmony_ci# This definition stops the following lines choking if HOME or CN 9e1051a39Sopenharmony_ci# is undefined. 10e1051a39Sopenharmony_ciHOME = . 11e1051a39Sopenharmony_ciCN = "Not Defined" 12e1051a39Sopenharmony_cidefault_ca = ca 13e1051a39Sopenharmony_ci 14e1051a39Sopenharmony_ci#################################################################### 15e1051a39Sopenharmony_ci[ req ] 16e1051a39Sopenharmony_cidefault_bits = 2048 17e1051a39Sopenharmony_cidefault_keyfile = privkey.pem 18e1051a39Sopenharmony_ci# Don't prompt for fields: use those in section directly 19e1051a39Sopenharmony_ciprompt = no 20e1051a39Sopenharmony_cidistinguished_name = req_distinguished_name 21e1051a39Sopenharmony_cix509_extensions = v3_ca # The extensions to add to the self signed cert 22e1051a39Sopenharmony_cistring_mask = utf8only 23e1051a39Sopenharmony_ci 24e1051a39Sopenharmony_ci# req_extensions = v3_req # The extensions to add to a certificate request 25e1051a39Sopenharmony_ci 26e1051a39Sopenharmony_ci[ req_distinguished_name ] 27e1051a39Sopenharmony_cicountryName = UK 28e1051a39Sopenharmony_ci 29e1051a39Sopenharmony_ciorganizationName = OpenSSL Group 30e1051a39Sopenharmony_ci# Take CN from environment so it can come from a script. 31e1051a39Sopenharmony_cicommonName = $ENV::CN 32e1051a39Sopenharmony_ci 33e1051a39Sopenharmony_ci[ usr_cert ] 34e1051a39Sopenharmony_ci 35e1051a39Sopenharmony_ci# These extensions are added when 'ca' signs a request for an end entity 36e1051a39Sopenharmony_ci# certificate 37e1051a39Sopenharmony_ci 38e1051a39Sopenharmony_cibasicConstraints=critical, CA:FALSE 39e1051a39Sopenharmony_cikeyUsage=critical, nonRepudiation, digitalSignature, keyEncipherment 40e1051a39Sopenharmony_ci 41e1051a39Sopenharmony_ci# PKIX recommendations harmless if included in all certificates. 42e1051a39Sopenharmony_cisubjectKeyIdentifier=hash 43e1051a39Sopenharmony_ciauthorityKeyIdentifier=keyid 44e1051a39Sopenharmony_ci 45e1051a39Sopenharmony_ci[ dh_cert ] 46e1051a39Sopenharmony_ci 47e1051a39Sopenharmony_ci# These extensions are added when 'ca' signs a request for an end entity 48e1051a39Sopenharmony_ci# DH certificate 49e1051a39Sopenharmony_ci 50e1051a39Sopenharmony_cibasicConstraints=critical, CA:FALSE 51e1051a39Sopenharmony_cikeyUsage=critical, keyAgreement 52e1051a39Sopenharmony_ci 53e1051a39Sopenharmony_ci# PKIX recommendations harmless if included in all certificates. 54e1051a39Sopenharmony_cisubjectKeyIdentifier=hash 55e1051a39Sopenharmony_ciauthorityKeyIdentifier=keyid 56e1051a39Sopenharmony_ci 57e1051a39Sopenharmony_ci[ v3_ca ] 58e1051a39Sopenharmony_ci 59e1051a39Sopenharmony_ci 60e1051a39Sopenharmony_ci# Extensions for a typical CA 61e1051a39Sopenharmony_ci 62e1051a39Sopenharmony_ci# PKIX recommendation. 63e1051a39Sopenharmony_ci 64e1051a39Sopenharmony_cisubjectKeyIdentifier=hash 65e1051a39Sopenharmony_ciauthorityKeyIdentifier=keyid:always 66e1051a39Sopenharmony_cibasicConstraints = critical,CA:true 67e1051a39Sopenharmony_cikeyUsage = critical, cRLSign, keyCertSign 68e1051a39Sopenharmony_ci 69