-
Notifications
You must be signed in to change notification settings - Fork 0
/
client.cnf
executable file
·68 lines (60 loc) · 1.41 KB
/
client.cnf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
[ ca ]
default_ca = CA_default
[ CA_default ]
dir = ./
certs = $dir
crl_dir = $dir/crl
database = $dir/index.txt
new_certs_dir = $dir
certificate = $dir/subca.pem
serial = $dir/serial
crl = $dir/crl.pem
private_key = $dir/subca.key
RANDFILE = $dir/.rand
name_opt = ca_default
cert_opt = ca_default
default_days = 365
default_crl_days = 30
default_md = sha256
preserve = no
policy = policy_match
x509_extensions = v3_ext
[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
[ req ]
prompt = no
distinguished_name = client
default_bits = 2048
input_password = whatever
output_password = whatever
x509_extensions = v3_req
[client]
countryName = US
stateOrProvinceName = Illinois
localityName = Chicago
organizationName = Demo Org
commonName = testcert.com
[v3_req]
basicConstraints = CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment
subjectAltName = @alt_names
authorityKeyIdentifier = keyid
extendedKeyUsage = serverAuth,clientAuth
[v3_ext]
authorityKeyIdentifier = keyid
extendedKeyUsage = serverAuth,clientAuth
[alt_names]
DNS.1 = testcert.com