openssl.cnf (67867) | openssl.cnf (110007) |
---|---|
1# 2# OpenSSL example configuration file. 3# This is mostly being used for generation of certificate requests. 4# | 1# 2# OpenSSL example configuration file. 3# This is mostly being used for generation of certificate requests. 4# |
5# $FreeBSD: head/crypto/openssl/apps/openssl.cnf 67865 2000-10-29 10:00:58Z dougb $ | |
6 7# This definition stops the following lines choking if HOME isn't 8# defined. 9HOME = . 10RANDFILE = $ENV::HOME/.rnd 11 12# Extra OBJECT IDENTIFIER info: 13#oid_file = $ENV::HOME/.oid --- 30 unchanged lines hidden (view full) --- 44certificate = $dir/cacert.pem # The CA certificate 45serial = $dir/serial # The current serial number 46crl = $dir/crl.pem # The current CRL 47private_key = $dir/private/cakey.pem# The private key 48RANDFILE = $dir/private/.rand # private random number file 49 50x509_extensions = usr_cert # The extentions to add to the cert 51 | 5 6# This definition stops the following lines choking if HOME isn't 7# defined. 8HOME = . 9RANDFILE = $ENV::HOME/.rnd 10 11# Extra OBJECT IDENTIFIER info: 12#oid_file = $ENV::HOME/.oid --- 30 unchanged lines hidden (view full) --- 43certificate = $dir/cacert.pem # The CA certificate 44serial = $dir/serial # The current serial number 45crl = $dir/crl.pem # The current CRL 46private_key = $dir/private/cakey.pem# The private key 47RANDFILE = $dir/private/.rand # private random number file 48 49x509_extensions = usr_cert # The extentions to add to the cert 50 |
51# Comment out the following two lines for the "traditional" 52# (and highly broken) format. 53name_opt = ca_default # Subject Name options 54cert_opt = ca_default # Certificate field options 55 56# Extension copying option: use with caution. 57# copy_extensions = copy 58 |
|
52# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs 53# so this is commented out by default to leave a V1 CRL. 54# crl_extensions = crl_ext 55 56default_days = 365 # how long to certify for 57default_crl_days= 30 # how long before next CRL 58default_md = md5 # which md to use. 59preserve = no # keep passed DN ordering --- 68 unchanged lines hidden (view full) --- 128 129organizationalUnitName = Organizational Unit Name (eg, section) 130#organizationalUnitName_default = 131 132commonName = Common Name (eg, YOUR name) 133commonName_max = 64 134 135emailAddress = Email Address | 59# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs 60# so this is commented out by default to leave a V1 CRL. 61# crl_extensions = crl_ext 62 63default_days = 365 # how long to certify for 64default_crl_days= 30 # how long before next CRL 65default_md = md5 # which md to use. 66preserve = no # keep passed DN ordering --- 68 unchanged lines hidden (view full) --- 135 136organizationalUnitName = Organizational Unit Name (eg, section) 137#organizationalUnitName_default = 138 139commonName = Common Name (eg, YOUR name) 140commonName_max = 64 141 142emailAddress = Email Address |
136emailAddress_max = 40 | 143emailAddress_max = 64 |
137 138# SET-ex3 = SET extension number 3 139 140[ req_attributes ] 141challengePassword = A challenge password 142challengePassword_min = 4 143challengePassword_max = 20 144 --- 31 unchanged lines hidden (view full) --- 176 177# PKIX recommendations harmless if included in all certificates. 178subjectKeyIdentifier=hash 179authorityKeyIdentifier=keyid,issuer:always 180 181# This stuff is for subjectAltName and issuerAltname. 182# Import the email address. 183# subjectAltName=email:copy | 144 145# SET-ex3 = SET extension number 3 146 147[ req_attributes ] 148challengePassword = A challenge password 149challengePassword_min = 4 150challengePassword_max = 20 151 --- 31 unchanged lines hidden (view full) --- 183 184# PKIX recommendations harmless if included in all certificates. 185subjectKeyIdentifier=hash 186authorityKeyIdentifier=keyid,issuer:always 187 188# This stuff is for subjectAltName and issuerAltname. 189# Import the email address. 190# subjectAltName=email:copy |
191# An alternative to produce certificates that aren't 192# deprecated according to PKIX. 193# subjectAltName=email:move |
|
184 185# Copy subject details 186# issuerAltName=issuer:copy 187 188#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem 189#nsBaseUrl 190#nsRevocationUrl 191#nsRenewalUrl --- 54 unchanged lines hidden --- | 194 195# Copy subject details 196# issuerAltName=issuer:copy 197 198#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem 199#nsBaseUrl 200#nsRevocationUrl 201#nsRenewalUrl --- 54 unchanged lines hidden --- |