etc/certs/shinken_openssl_cnf

   1
   2 # OpenSSL configuration file.
   3 #
   4
   5 # Establish working directory.
   6
   7 dir                                     = .
   8
   9 [ ca ]
  10 default_ca                              = CA_default
  11
  12 [ CA_default ]
  13 serial                                  = $dir/serial
  14 database                                = $dir/certindex.txt
  15 certs                                   = $dir/certs
  16 new_certs_dir                           = $dir/
  17 certificate                             = $dir/demoCA/cacert.pem
  18 private_key                             = $dir/demoCA/private/cakey.pem
  19 default_days                            = 3650
  20 default_md                              = sha1
  21 preserve                                = no
  22 email_in_dn                             = no
  23 #nameopt                                        = default_ca
  24 #certopt                                        = default_ca
  25 copy_extensions                         = none
  26 policy                                  = policy_match
  27
  28 basicConstraints                        = critical, CA:true
  29 authorityKeyIdentifier                  = keyid:always,issuer:always
  30 subjectKeyIdentifier                    = hash
  31 keyUsage                                = critical, keyCertSign, cRLSign
  32
  33 [ policy_match ]
  34 countryName                             = match
  35 stateOrProvinceName                     = match
  36 organizationName                        = match
  37 organizationalUnitName                  = optional
  38 commonName                              = supplied
  39 emailAddress                            = optional
  40
  41 [ req ]
  42 default_bits                            = 2048                  # Size of keys
  43 default_keyfile                         = key.pem               # name of generated keys
  44 default_md                              = sha1                          # message digest algorithm
  45 string_mask                             = nombstr               # permitted characters
  46 distinguished_name                      = req_distinguished_name
  47 req_extensions                          = v3_req
  48 #x509_extensions                         = subca_req
  49
  50
  51 [ req_distinguished_name ]
  52 # Variable name                         Prompt string
  53 #-------------------------        ----------------------------------
  54 organizationName                        = Organisation
  55
  56 organizationalUnitName                  = Nom de l'unite organisationnelle (department, division)
  57
  58 emailAddress                            = Adresse e-mail
  59 emailAddress_max                        = 40
  60
  61 localityName                            = Ville
  62
  63 stateOrProvinceName                     = Region
  64
  65 countryName                             = Pays (en 2 lettres)
  66 countryName_min                         = 2
  67 countryName_max                         = 2
  68
  69 commonName                              = Nom du certificat (hostname, IP, ou nom)
  70 commonName_max                          = 64
  71
  72 # Default values for the above, for consistency and less typing.
  73 # Variable name                         Value
  74 #------------------------         ------------------------------
  75 organizationName_default                = CAShinken
  76 organizationalUnitName_default          = MAIN
  77 localityName_default                    = World
  78 stateOrProvinceName_default             = Some-State
  79 countryName_default                     = FR
  80
  81
  82 [ v3_ca ]
  83 basicConstraints                        = CA:TRUE
  84 subjectKeyIdentifier                    = hash
  85 authorityKeyIdentifier                  = keyid:always,issuer:always
  86
  87 [ v3_req ]
  88 basicConstraints                        = CA:FALSE
  89 subjectKeyIdentifier                    = hash
  90
  91