SourceForge.net Logo

E.2. openssl.conf

# GPL $Id: openssl.conf,v 1.2 2005/03/19 05:35:29 cvonk Exp $
# run-time configuration file for OpenSSL

[ ca ]
default_ca = CA_default                # the default ca section

[ CA_default ]
dir           = $ENV::SSL_DIR          # top dir
database      = $dir/index.txt         # database index file
new_certs_dir = $dir/newcerts          # default place for new certs
certs         = $dir/certs             # where issued certs are kept
crl_dir       = $dir/ca                # where issued crl are kept

certificate   = $dir/ca/CAcert.pem     # the CA certificate
private_key   = $dir/ca/CAkey.pem      # the CA private key
crl           = $dir/ca/CRL.pem        # the current CRL
serial        = $dir/serial            # the current serial number
RANDFILE      = $ENV::HOME/.rnd        # private random number file

default_days     = 10950               # how long to certify for
default_crl_days = 10950               # how long before next CRL
default_md       = md5                 # which md to use.

policy          = policy_match
preserve        = no                   # keep passed DN ordering
x509_extensions = x509v3_extensions   # extentions to add to the cert


[ policy_match ]
countryName            = match
stateOrProvinceName    = optional
localityName           = match
organizationName       = match
organizationalUnitName = optional
commonName             = supplied
emailAddress           = optional

[ req ]
default_bits        = 1024
default_keyfile     = privkey.pem
distinguished_name  = req_distinguished_name
#attributes          = req_attributes

[ req_distinguished_name ]
countryName                    = Country Name (2 letter code)
countryName_default            = US
countryName_min                = 2
countryName_max                = 2
stateOrProvinceName            = State or Province Name (full name)
stateOrProvinceName_default    = Oregon
localityName                   = Locality Name (eg, city)
localityName_default           = Portland
organizationName               = Organization Name (eg, company)
organizationName_default       = Coert Vonk
organizationalUnitName         = Organizational Unit Name (eg, section)
organizationalUnitName_default =
commonName                     = Common Name (eg, YOUR name, or machine name)
commonName_default             = 
commonName_max                 = 64
emailAddress                   = Email Address
emailAddress_max               = 40
emailAddress_default           = cvonk@mail.vonk

# per RFC 3280, section "extended key usage"
#  1.3.6.1.5.5.7.3.1  TLS WWW server authentication
#  1.3.6.1.5.5.7.3.2  TLS WWW client authentication
#  1.3.6.1.5.5.7.3.3  Signing of downloadable executable code
#  1.3.6.1.5.5.7.3.4  E-mail protection

[server_eku]
extendedKeyUsage = serverAuth

[client_eku]
extendedKeyUsage = clientAuth, emailProtection, codeSigning

[clientemail_eku]
extendedKeyUsage = emailProtection

Example E.2. openssl.conf