Attention: All pages of this wiki depend on the pages that come before it, in order as they are listed on the Main Page. Please check for Dependencies.
Please also look at What You Need to Know Before Using This Wiki

/var/CA/computerisms.com/computerisms.ssl.conf: Difference between revisions

From COCNM
Jump to navigation Jump to search
m (1 revision)
 
No edit summary
 
Line 84: Line 84:
basicConstraints = CA:FALSE
basicConstraints = CA:FALSE
#keyUsage = nonRepudiation, digitalSignature, keyEncipherment ##Use this line for everything except CAs  
#keyUsage = nonRepudiation, digitalSignature, keyEncipherment ##Use this line for everything except CAs  
#extendedKeyUsage              = serverAuth ## Enable this line for VPN firewall certs
keyUsage                        = nonRepudiation, digitalSignature, keyEncipherment, keyCertSign, cRLSign      ## Use this line for CAs
keyUsage                        = nonRepudiation, digitalSignature, keyEncipherment, keyCertSign, cRLSign      ## Use this line for CAs
[ v3_ca ]
[ v3_ca ]

Latest revision as of 13:11, 10 June 2015

HOME			= .
RANDFILE		= $ENV::HOME/.rnd
oid_section		= new_oids
[ new_oids ]
[ ca ]
default_ca			= CA_default			# The default ca section
[ CA_default ]
dir				= ./CA				# Where everything is kept
certs				= $dir/certs			# Where the issued certs are kept
crl_dir				= $dir/crl			# Where the issued crl are kept
database			= $dir/index.txt		# database index file.
new_certs_dir			= $dir/newcerts			# default place for new certs.
certificate			= $dir/cacert.pem 		# The CA certificate
serial				= $dir/serial 			# The current serial number
crlnumber			= $dir/crlnumber		# the current crl number
crl				= $dir/crl.pem 			# The current CRL
private_key			= $dir/private/cakey.pem	# The private key
RANDFILE			= $dir/private/.rand		# private random number file
x509_extensions			= usr_cert			# The extentions to add to the cert
name_opt 			= ca_default			# Subject Name options
cert_opt 			= ca_default			# Certificate field options
crl_extensions        		= crl_ext
default_days			= 3650				# how long to certify for
default_crl_days		= 10				# how long before next CRL
default_md			= sha1				# which md to use.
preserve			= no				# keep passed DN ordering
policy				= policy_match
copy_extensions			= copy
[ policy_match ]
countryName			= match
stateOrProvinceName		= match
organizationName		= match
organizationalUnitName		= optional
commonName			= supplied
emailAddress			= optional
[ policy_anything ]
countryName			= optional
stateOrProvinceName		= optional
localityName			= optional
organizationName		= optional
organizationalUnitName		= optional
commonName			= supplied
emailAddress			= optional
[ req ]
default_bits			= 4096
default_keyfile 		= privkey.pem
distinguished_name		= req_distinguished_name
attributes			= req_attributes
x509_extensions			= v3_ca				# The extentions to add to the self signed cert
string_mask 			= default	
req_extensions 			= v3_req 			# The extensions to add to a certificate request
[ req_distinguished_name ]
countryName			= Country Name (2 letter code)
countryName_default		= CA
countryName_min			= 2
countryName_max			= 2
stateOrProvinceName		= State or Province Name (full name)
stateOrProvinceName_default	= Yukon
localityName			= Locality Name (eg, city)
localityName_default		= Whitehorse
0.organizationName		= Organization Name (eg, company)
0.organizationName_default	= Computerisms
organizationalUnitName		= Organizational Unit Name (eg, section)
organizationalUnitName_default	= Administrator
commonName			= Common Name (eg, YOUR name)
commonName_max			= 64
emailAddress			= Email Address
emailAddress_max		= 64
[ req_attributes ]
[ usr_cert ]
basicConstraints		= CA:FALSE
subjectKeyIdentifier		= hash
authorityKeyIdentifier		= keyid,issuer
crlDistributionPoints		= URI:http://crl.computerisms.com/Computerisms.Certificate.Authority.crl
[ usr_cert_has_san ]
basicConstraints		= CA:FALSE
subjectKeyIdentifier		= hash
authorityKeyIdentifier		= keyid,issuer
crlDistributionPoints		= URI:http://crl.computerisms.com/Computerisms.Certificate.Authority.crl
[ v3_req ]
#subjectAltName			= DNS:fqdn.computerisms.com		## use this for machines
subjectAltName			= email:move                            ## use this for CA or person
basicConstraints 		= CA:FALSE
#keyUsage 			= nonRepudiation, digitalSignature, keyEncipherment	##Use this line for everything except CAs 
#extendedKeyUsage               = serverAuth ## Enable this line for VPN firewall certs
keyUsage                        = nonRepudiation, digitalSignature, keyEncipherment, keyCertSign, cRLSign       ## Use this line for CAs
[ v3_ca ]
subjectAltName			= email:move
subjectKeyIdentifier		= hash
authorityKeyIdentifier		= keyid:always,issuer:always
basicConstraints 		= CA:true
crlDistributionPoints		= URI:http://crl.computerisms.com/Computerisms.Certificate.Authority.crl
[ v3_ca_has_san ]
subjectKeyIdentifier		= hash
authorityKeyIdentifier		= keyid:always,issuer:always
basicConstraints 		= CA:true
crlDistributionPoints		= URI:http://crl.computerisms.com/Computerisms.Certificate.Authority.crl
[ crl_ext ]
authorityKeyIdentifier		= keyid:always,issuer:always