From aa4d426b4d3527d7e166df1a05058c9a4a0f6683 Mon Sep 17 00:00:00 2001 From: Wojtek Kosior Date: Fri, 30 Apr 2021 00:33:56 +0200 Subject: initial/final commit --- openssl-1.1.0h/demos/certs/ca.cnf | 86 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 86 insertions(+) create mode 100644 openssl-1.1.0h/demos/certs/ca.cnf (limited to 'openssl-1.1.0h/demos/certs/ca.cnf') diff --git a/openssl-1.1.0h/demos/certs/ca.cnf b/openssl-1.1.0h/demos/certs/ca.cnf new file mode 100644 index 0000000..5a8a5f2 --- /dev/null +++ b/openssl-1.1.0h/demos/certs/ca.cnf @@ -0,0 +1,86 @@ +# +# OpenSSL example configuration file for automated certificate creation. +# + +# This definition stops the following lines choking if HOME or CN +# is undefined. +HOME = . +RANDFILE = $ENV::HOME/.rnd +CN = "Not Defined" +default_ca = ca + +#################################################################### +[ req ] +default_bits = 1024 +default_keyfile = privkey.pem +# Don't prompt for fields: use those in section directly +prompt = no +distinguished_name = req_distinguished_name +x509_extensions = v3_ca # The extensions to add to the self signed cert +string_mask = utf8only + +# req_extensions = v3_req # The extensions to add to a certificate request + +[ req_distinguished_name ] +countryName = UK + +organizationName = OpenSSL Group +# Take CN from environment so it can come from a script. +commonName = $ENV::CN + +[ usr_cert ] + +# These extensions are added when 'ca' signs a request for an end entity +# certificate + +basicConstraints=critical, CA:FALSE +keyUsage=critical, nonRepudiation, digitalSignature, keyEncipherment + +# This will be displayed in Netscape's comment listbox. +nsComment = "OpenSSL Generated Certificate" + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid +# OCSP responder certificate +[ ocsp_cert ] + +basicConstraints=critical, CA:FALSE +keyUsage=critical, nonRepudiation, digitalSignature, keyEncipherment + +# This will be displayed in Netscape's comment listbox. +nsComment = "OpenSSL Generated Certificate" + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid +extendedKeyUsage=OCSPSigning + +[ dh_cert ] + +# These extensions are added when 'ca' signs a request for an end entity +# DH certificate + +basicConstraints=critical, CA:FALSE +keyUsage=critical, keyAgreement + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid + +[ v3_ca ] + + +# Extensions for a typical CA + +# PKIX recommendation. + +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid:always +basicConstraints = critical,CA:true +keyUsage = critical, cRLSign, keyCertSign + +# Minimal CA entry to allow generation of CRLs. +[ca] +database=index.txt +crlnumber=crlnum.txt -- cgit v1.2.3