1# 2# OpenSSL configuration file to create apps directory certificates 3# 4 5# This definition stops the following lines choking if HOME or CN 6# is undefined. 7HOME = . 8RANDFILE = $ENV::HOME/.rnd 9CN = "Not Defined" 10 11#################################################################### 12[ req ] 13default_bits = 2048 14default_keyfile = privkey.pem 15# Don't prompt for fields: use those in section directly 16prompt = no 17distinguished_name = req_distinguished_name 18x509_extensions = v3_ca # The extensions to add to the self signed cert 19string_mask = utf8only 20 21# req_extensions = v3_req # The extensions to add to a certificate request 22 23[ req_distinguished_name ] 24countryName = UK 25 26organizationName = OpenSSL Group 27organizationalUnitName = FOR TESTING PURPOSES ONLY 28# Take CN from environment so it can come from a script. 29commonName = $ENV::CN 30 31[ usr_cert ] 32 33# These extensions are added when 'ca' signs a request for an end entity 34# certificate 35 36basicConstraints=critical, CA:FALSE 37keyUsage=critical, nonRepudiation, digitalSignature, keyEncipherment 38 39# This will be displayed in Netscape's comment listbox. 40nsComment = "OpenSSL Generated Certificate" 41 42[ ec_cert ] 43 44# These extensions are added when 'ca' signs a request for an end entity 45# certificate 46 47basicConstraints=critical, CA:FALSE 48keyUsage=critical, nonRepudiation, digitalSignature, keyAgreement 49 50# This will be displayed in Netscape's comment listbox. 51nsComment = "OpenSSL Generated Certificate" 52 53# PKIX recommendations harmless if included in all certificates. 54subjectKeyIdentifier=hash 55authorityKeyIdentifier=keyid 56 57[ v3_ca ] 58 59 60# Extensions for a typical CA 61 62# PKIX recommendation. 63 64subjectKeyIdentifier=hash 65authorityKeyIdentifier=keyid:always 66basicConstraints = critical,CA:true 67keyUsage = critical, cRLSign, keyCertSign 68 69 70