|
1 |
| -# |
2 |
| -# OpenSSL example configuration file. |
3 |
| -# This is mostly being used for generation of certificate requests. |
4 |
| -# |
5 |
| - |
6 |
| -# This definition stops the following lines choking if HOME isn't |
7 |
| -# defined. |
8 |
| -HOME = . |
9 |
| -RANDFILE = $ENV::HOME/.rnd |
10 |
| - |
11 |
| -# Extra OBJECT IDENTIFIER info: |
12 |
| -#oid_file = $ENV::HOME/.oid |
13 |
| -oid_section = new_oids |
14 |
| - |
15 |
| -# To use this configuration file with the "-extfile" option of the |
16 |
| -# "openssl x509" utility, name here the section containing the |
17 |
| -# X.509v3 extensions to use: |
18 |
| -# extensions = |
19 |
| -# (Alternatively, use a configuration file that has only |
20 |
| -# X.509v3 extensions in its main [= default] section.) |
21 |
| - |
22 |
| -[ new_oids ] |
23 |
| - |
24 |
| -# We can add new OIDs in here for use by 'ca', 'req' and 'ts'. |
25 |
| -# Add a simple OID like this: |
26 |
| -# testoid1=1.2.3.4 |
27 |
| -# Or use config file substitution like this: |
28 |
| -# testoid2=${testoid1}.5.6 |
29 |
| - |
30 |
| -# Policies used by the TSA examples. |
31 |
| -tsa_policy1 = 1.2.3.4.1 |
32 |
| -tsa_policy2 = 1.2.3.4.5.6 |
33 |
| -tsa_policy3 = 1.2.3.4.5.7 |
34 |
| - |
35 |
| -#################################################################### |
36 |
| -[ ca ] |
37 |
| -default_ca = CA_default # The default ca section |
38 |
| - |
39 |
| -[ CA_default ] |
40 |
| -dir = /home/gridappsd/tls # Where everything is kept |
41 |
| -certs = $dir/certs # Where the issued certs are kept |
42 |
| -database = $dir/index.txt # database index file. |
43 |
| - # several certs with same subject. |
44 |
| -new_certs_dir = $dir/certs # default place for new certs. |
45 |
| -certificate = $dir/certs/ec-cacert.pem # The CA certificate |
46 |
| -serial = $dir/serial # The current serial number |
47 |
| -crlnumber = $dir/crlnumber # the current crl number |
48 |
| - # must be commented out to leave a V1 CRL |
49 |
| -private_key = $dir/private/ec-cakey.pem # The private key |
50 |
| - |
51 |
| -name_opt = ca_default # Subject Name options |
52 |
| -cert_opt = ca_default # Certificate field options |
53 |
| - |
54 |
| -default_days = 365 # how long to certify for |
55 |
| -default_crl_days= 30 # how long before next CRL |
56 |
| -default_md = sha256 # use SHA-256 by default |
57 |
| -preserve = no # keep passed DN ordering |
58 |
| -policy = policy_match |
59 |
| - |
60 |
| -# For the CA policy |
61 |
| -[ policy_match ] |
62 |
| -countryName = optional |
63 |
| -stateOrProvinceName = optional |
64 |
| -organizationName = optional |
65 |
| -organizationalUnitName = optional |
66 |
| -commonName = optional |
67 |
| -emailAddress = optional |
68 |
| - |
69 |
| -[ policy_anything ] |
70 |
| -countryName = optional |
71 |
| -stateOrProvinceName = optional |
72 |
| -localityName = optional |
73 |
| -organizationName = optional |
74 |
| -organizationalUnitName = optional |
75 |
| -commonName = optional |
76 |
| -emailAddress = optional |
77 |
| - |
78 |
| -#################################################################### |
79 |
| -[ req ] |
80 |
| -default_bits = 2048 |
81 |
| -default_md = sha256 |
82 |
| -default_keyfile = privkey.pem |
83 |
| -#distinguished_name = req_distinguished_name |
84 |
| -#attributes = req_attributes |
85 |
| -x509_extensions = v3_ca # The extentions to add to the self signed cert |
86 |
| - |
87 |
| -[ req_distinguished_name ] |
88 |
| -#countryName = Country Name (2 letter code) |
89 |
| -#countryName_default = US |
90 |
| -#countryName_min = 2 |
91 |
| -#countryName_max = 2 |
92 |
| -#stateOrProvinceName = State or Province Name (full name) |
93 |
| -#stateOrProvinceName_default = Washington |
94 |
| -#localityName = Locality Name (eg, city) |
95 |
| -#localityName_default = Richland |
96 |
| -#0.organizationName = Organization Name (eg, company) |
97 |
| -#0.organizationName_default = |
98 |
| -#organizationalUnitName = Organizational Unit Name (eg, section) |
99 |
| -#commonName = Common Name (eg, your name or your server\'s hostname) |
100 |
| -#commonName_max = 64 |
101 |
| -#emailAddress = Email Address |
102 |
| -#emailAddress_max = 64 |
103 |
| - |
104 |
| -[ req_attributes ] |
105 |
| -challengePassword = A challenge password |
106 |
| -challengePassword_min = 4 |
107 |
| -challengePassword_max = 20 |
108 |
| -unstructuredName = An optional company name |
109 |
| - |
110 |
| - |
111 |
| -[ v3_req ] |
112 |
| -# Extensions to add to a certificate request |
113 |
| -basicConstraints = CA:FALSE |
114 |
| -keyUsage = nonRepudiation, digitalSignature, keyEncipherment |
115 |
| - |
116 |
| -[ v3_ca ] |
117 |
| -# Extensions for a typical CA |
118 |
| -subjectKeyIdentifier=hash |
119 |
| -authorityKeyIdentifier=keyid:always,issuer |
120 |
| -basicConstraints = critical,CA:true |
121 |
| - |
122 |
| -[ crl_ext ] |
123 |
| -# issuerAltName=issuer:copy |
124 |
| -authorityKeyIdentifier=keyid:always# |
125 | 1 | # OpenSSL example configuration file.
|
126 | 2 | # This is mostly being used for generation of certificate requests.
|
127 | 3 | #
|
@@ -160,7 +36,7 @@ tsa_policy3 = 1.2.3.4.5.7
|
160 | 36 | default_ca = CA_default # The default ca section
|
161 | 37 |
|
162 | 38 | [ CA_default ]
|
163 |
| -dir = /home/gridappsd/tls # Where everything is kept |
| 39 | +dir = $ENV::HOME/tls # Where everything is kept |
164 | 40 | certs = $dir/certs # Where the issued certs are kept
|
165 | 41 | database = $dir/index.txt # database index file.
|
166 | 42 | # several certs with same subject.
|
|
0 commit comments