-
Notifications
You must be signed in to change notification settings - Fork 0
/
openssl.cnf
47 lines (40 loc) · 1.46 KB
/
openssl.cnf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
# OpenSSL configuration file for friends of frostsnow.net
# This is used for signing of friend's certificate requests.
[ ca ]
default_ca = ca_default # The default ca section
[ ca_default ]
# Directory and file locations
dir = ./ # Where everything is kept
certs = $dir/certs # Where the issued certs are kept
crl_dir = $dir/crl # Where the issued crl are kept
new_certs_dir = $dir/newcerts # default place for new certs.
database = $dir/index.txt # database index file.
serial = $dir/serial # The current serial number
RANDFILE = $dir/private/.rand # private random number file
# Root key and cert.
private_key = $dir/private/key.pem # The private key
certificate = $dir/certs/cert.pem # The CA certificate
# Use better hash.
default_md = sha512
name_opt = ca_default # Subject Name options
cert_opt = ca_default # Certificate field options
default_days = 7200
preserve = no # keep passed DN ordering
policy = policy_anything
x509_extensions = v3_friend # The extentions to add to the cert
# For the 'anything' policy
# At this point in time, you must list all acceptable 'object'
# types.
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
[ v3_friend ]
# Extensions for friends of friends.
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always,issuer
basicConstraints = critical,CA:false