xref: /freebsd/crypto/openssl/demos/certs/apps/apps.cnf (revision 1719886f6d08408b834d270c59ffcfd821c8f63a)
1#
2# OpenSSL configuration file to create apps directory certificates
3#
4
5# This definition stops the following lines choking if HOME or CN
6# is undefined.
7HOME			= .
8CN			= "Not Defined"
9
10# Comment out the next line to ignore configuration errors
11config_diagnostics = 1
12
13
14####################################################################
15[ req ]
16default_bits		= 2048
17default_keyfile 	= privkey.pem
18# Don't prompt for fields: use those in section directly
19prompt			= no
20distinguished_name	= req_distinguished_name
21x509_extensions	= v3_ca	# The extensions to add to the self signed cert
22string_mask = utf8only
23
24# req_extensions = v3_req # The extensions to add to a certificate request
25
26[ req_distinguished_name ]
27countryName			= UK
28
29organizationName		= OpenSSL Group
30organizationalUnitName		= FOR TESTING PURPOSES ONLY
31# Take CN from environment so it can come from a script.
32commonName			= $ENV::CN
33
34[ usr_cert ]
35
36# These extensions are added when 'ca' signs a request for an end entity
37# certificate
38
39basicConstraints=critical, CA:FALSE
40keyUsage=critical, nonRepudiation, digitalSignature, keyEncipherment
41
42[ ec_cert ]
43
44# These extensions are added when 'ca' signs a request for an end entity
45# certificate
46
47basicConstraints=critical, CA:FALSE
48keyUsage=critical, nonRepudiation, digitalSignature, keyAgreement
49
50# PKIX recommendations harmless if included in all certificates.
51subjectKeyIdentifier=hash
52authorityKeyIdentifier=keyid
53
54[ v3_ca ]
55
56
57# Extensions for a typical CA
58
59# PKIX recommendation.
60
61subjectKeyIdentifier=hash
62authorityKeyIdentifier=keyid:always
63basicConstraints = critical,CA:true
64keyUsage = critical, cRLSign, keyCertSign
65
66
67