summaryrefslogtreecommitdiffstats
path: root/net/data/ssl/scripts/client-certs.cnf
blob: 1efa04a2983ae76f4f5bdd04900e6773dd4fe756 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51

ID=1
CA_DIR=out

[ca]
default_ca = ca_settings
preserve   = yes

[ca_settings]
dir             = ${ENV::CA_DIR}
database        = $dir/${ENV::ID}-index.txt
new_certs_dir   = $dir
serial          = $dir/${ENV::ID}-serial
certificate     = $dir/${ENV::ID}.pem
private_key     = $dir/${ENV::ID}.key
RANDFILE        = $dir/rand
default_md      = sha1
default_days    = 3650
policy          = policy_anything
unique_subject  = no
copy_extensions = copy

[policy_anything]
# Default signing policy
countryName            = optional
stateOrProvinceName    = optional
localityName           = optional
organizationName       = optional
organizationalUnitName = optional
commonName             = optional
emailAddress           = optional

[req]
default_bits       = 2048
default_md         = sha1
string_mask        = utf8only
prompt             = no
encrypt_key        = no
distinguished_name = req_env_dn

[user_cert]
# Extensions to add when signing a request for an EE cert
basicConstraints = critical, CA:false
extendedKeyUsage = serverAuth,clientAuth

[ca_cert]
# Extensions to add when signing a request for an intermediate/CA cert
basicConstraints = critical, CA:true
keyUsage         = critical, keyCertSign, cRLSign

[req_env_dn]
CN = ${ENV::COMMON_NAME}
generated by cgit v1.1 at 2025-02-07 06:35:06 +0000