forked from rcurrie/jupyter
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathopenssl.cnf
100 lines (83 loc) · 3.19 KB
/
openssl.cnf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
# OpenSSL root CA configuration file.
# Copy to the root directory where you are going to keep keys and certs.
[ ca ]
# `man ca`
default_ca = CA_default
[ CA_default ]
# Directory and file locations.
dir = . # Root directory for all keys and certs.
certs = $dir/ca/certs # Where the issued certs are kept.
crl_dir = $dir/ca/crl # Where the issued crl are kept.
new_certs_dir = $dir/ca/newcerts # Default place for new certs.
database = $dir/ca/index.txt # Database index file.
serial = $dir/ca/serial # The current serial number.
RANDFILE = $dir/ca/private/.rand # Private random number file.
# The root key and root certificate.
private_key = $dir/ca/private/ca.key.pem # The private key.
certificate = $dir/ca/certs/ca.cert.pem # The CA certificate.
# For certificate revocation lists.
crlnumber = $dir/ca/crlnumber
crl = $dir/ca/crl/ca.crl.pem
crl_extensions = crl_ext
default_crl_days = 30
# SHA-1 is deprecated, so use SHA-2 instead.
default_md = sha256
name_opt = ca_default
cert_opt = ca_default
default_days = 1024
preserve = no
policy = policy_match
[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = match
commonName = match
emailAddress = optional
[ req ]
# Options for the `req` tool (`man req`).
default_bits = 2048
distinguished_name = req_distinguished_name
string_mask = utf8only
# SHA-1 is deprecated, so use SHA-2 instead.
default_md = sha256
# Extension to add when the -x509 option is used.
x509_extensions = v3_ca
[ req_distinguished_name ]
# See <https://en.wikipedia.org/wiki/Certificate_signing_request>.
countryName = Country Name (2 letter code)
stateOrProvinceName = State or Province Name
localityName = Locality Name
0.organizationName = Organization Name
organizationalUnitName = Organizational Unit Name
commonName = Common Name
emailAddress = Email Address
# Optionally, specify some defaults.
countryName_default = US
stateOrProvinceName_default = California
localityName_default = Silicon Valley
0.organizationName_default = John Smith
organizationalUnitName_default = John Smith
commonName_default = Jupyter Notebook
emailAddress_default = [email protected]
[ v3_ca ]
# Extensions for a typical CA (`man x509v3_config`).
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always,issuer
basicConstraints = critical, CA:true
keyUsage = critical, digitalSignature, cRLSign, keyCertSign
[ crl_ext ]
# Extension for CRLs (`man x509v3_config`).
authorityKeyIdentifier=keyid:always
[ server_cert ]
# Extensions for server certificates (`man x509v3_config`).
basicConstraints = CA:FALSE
nsCertType = server
nsComment = "OpenSSL Generated Server Certificate"
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid,issuer:always
keyUsage = critical, digitalSignature, keyEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[ alt_names ]
DNS.1 = plaza.gi.ucsc.edu