# JY ADDED - Make a cert with nsCertType set to «server» # This stuff is for subjectAltName and issuerAltname. # PKIX recommendations harmless if included in all certificates.ĪuthorityKeyIdentifier=keyid,issuer:always NsComment = «OpenSSL Generated Certificate» # This will be displayed in Netscape's comment listbox. # keyUsage = nonRepudiation, digitalSignature, keyEncipherment # This is typical in keyUsage for a client certificate. # and for everything including object signing: # For an object signing certificate this would be used. # the certificate can be used for anything *except* object signing. # Here are some examples of the usage of nsCertType. # requires this to avoid interpreting an end user certificate as a CA.
#Openvpn windows software
# This goes against PKIX guidelines but some CAs do it and some software # These extensions are added when 'ca' signs a request. UnstructuredName = An optional company name OrganizationalUnitName = Organizational Unit Name (eg, section)ĬommonName = Common Name (eg, your name or your server\'s hostname) #1.organizationName_default = World Wide Web Pty Ltd #1.organizationName = Second Organization Name (eg, company) # we can do this but it is not needed normally :-) StateOrProvinceName_default = $ENV::KEY_PROVINCEĠ.organizationName = Organization Name (eg, company)Ġ.organizationName_default = $ENV::KEY_ORG StateOrProvinceName = State or Province Name (full name) # req_extensions = v3_req # The extensions to add to a certificate requestĬountryName = Country Name (2 letter code) # WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings # nombstr: PrintableString, T61String (no BMPStrings or UTF8Strings). # default: PrintableString, T61String, BMPString. # This sets a mask for permitted string types. # Passwords for private keys if not present they will be prompted for X509_extensions = v3_ca # The extentions to add to the self signed cert # At this point in time, you must list all acceptable 'object'ĭistinguished_name = req_distinguished_name # For type CA, the listed attributes must be the same, and the optional # A few difference way of specifying how similar the request should look # so this is commented out by default to leave a V1 CRL.ĭefault_days = 3650 # how long to certify forĭefault_crl_days= 30 # how long before next CRL Note: Netscape communicator chokes on V2 CRLs X509_extensions = usr_cert # The extentions to add to the cert RANDFILE = $dir/.rand # private random number file
Private_key = $dir/ca.key # The private key
#Openvpn windows serial number
Serial = $dir/serial # The current serial number
New_certs_dir = $dir # default place for new certs.Ĭertificate = $dir/ca.crt # The CA certificate # Or use config file substitution like this:ĭefault_ca = CA_default # The default ca sectionĭir = $ENV::KEY_DIR # Where everything is keptĬerts = $dir # Where the issued certs are keptĬrl_dir = $dir # Where the issued crl are keptĭatabase = $dir/index.txt # database index file. # We can add new OIDs in here for use by 'ca' and 'req'.
# X.509v3 extensions in its main section.) # (Alternatively, use a configuration file that has only # «openssl x509» utility, name here the section containing the # To use this configuration file with the "-extfile" option of the # This definition stops the following lines choking if HOME isn't # This is mostly being used for generation of certificate requests.
0 kommentar(er)
