Documentatie/Beheerder/Modules/Grouper: openssl.cnf

File openssl.cnf, 2.9 KB (added by adriaan, 14 years ago)
Line 
1#
2# SSLeay example configuration file.
3# This is mostly being used for generation of certificate requests.
4#
5
6RANDFILE                = .rnd
7
8####################################################################
9[ ca ]
10default_ca      = CA_default            # The default ca section
11
12####################################################################
13[ CA_default ]
14
15dir             = demoCA                # Where everything is kept
16certs           = $dir\certs            # Where the issued certs are kept
17crl_dir         = $dir\crl              # Where the issued crl are kept
18database        = $dir\index.txt        # database index file.
19new_certs_dir   = $dir\newcerts         # default place for new certs.
20
21certificate     = $dir\cacert.pem          # The CA certificate
22serial          = $dir\serial              # The current serial number
23crl             = $dir\crl.pem             # The current CRL
24private_key     = $dir\private\cakey.pem   # The private key
25RANDFILE        = $dir\private\private.rnd # private random number file
26
27x509_extensions = x509v3_extensions     # The extentions to add to the cert
28default_days    = 365                   # how long to certify for
29default_crl_days= 30                    # how long before next CRL
30default_md      = md5                   # which md to use.
31preserve        = no                    # keep passed DN ordering
32
33# A few difference way of specifying how similar the request should look
34# For type CA, the listed attributes must be the same, and the optional
35# and supplied fields are just that :-)
36policy          = policy_match
37
38# For the CA policy
39[ policy_match ]
40countryName             = optional
41stateOrProvinceName     = optional
42organizationName        = optional
43organizationalUnitName  = optional
44commonName              = supplied
45emailAddress            = optional
46
47# For the 'anything' policy
48# At this point in time, you must list all acceptable 'object'
49# types.
50[ policy_anything ]
51countryName             = optional
52stateOrProvinceName     = optional
53localityName            = optional
54organizationName        = optional
55organizationalUnitName  = optional
56commonName              = supplied
57emailAddress            = optional
58
59####################################################################
60[ req ]
61default_bits            = 1024
62default_keyfile         = privkey.pem
63distinguished_name      = req_distinguished_name
64attributes              = req_attributes
65
66[ req_distinguished_name ]
67countryName                     = Country Name (2 letter code)
68countryName_min                 = 2
69countryName_max                 = 2
70
71stateOrProvinceName             = State or Province Name (full name)
72
73localityName                    = Locality Name (eg, city)
74
750.organizationName              = Organization Name (eg, company)
76
77organizationalUnitName          = Organizational Unit Name (eg, section)
78
79commonName                      = Common Name (eg, your website's domain name)
80commonName_max                  = 64
81
82emailAddress                    = Email Address
83emailAddress_max                = 40
84
85[ req_attributes ]
86challengePassword               = A challenge password
87challengePassword_min           = 4
88challengePassword_max           = 20
89
90[ x509v3_extensions ]
91
92# under ASN.1, the 0 bit would be encoded as 80
93nsCertType                      = 0x40
94
95#nsBaseUrl
96#nsRevocationUrl
97#nsRenewalUrl
98#nsCaPolicyUrl
99#nsSslServerName
100#nsCertSequence
101#nsCertExt
102#nsDataType
103