1# $FreeBSD: head/crypto/openssl/apps/openssl.cnf 142428 2005-02-25 05:49:44Z nectar $
2#
3# OpenSSL example configuration file.
4# This is mostly being used for generation of certificate requests.
5#
6
7# This definition stops the following lines choking if HOME isn't
8# defined.
9HOME = .
--- 30 unchanged lines hidden (view full) ---
40crl_dir = $dir/crl # Where the issued crl are kept
41database = $dir/index.txt # database index file.
42#unique_subject = no # Set to 'no' to allow creation of
43 # several ctificates with same subject.
44new_certs_dir = $dir/newcerts # default place for new certs.
45
46certificate = $dir/cacert.pem # The CA certificate
47serial = $dir/serial # The current serial number
48#crlnumber = $dir/crlnumber # the current crl number must be
49 # commented out to leave a V1 CRL
50crl = $dir/crl.pem # The current CRL
51private_key = $dir/private/cakey.pem# The private key
52RANDFILE = $dir/private/.rand # private random number file
53
54x509_extensions = usr_cert # The extentions to add to the cert
55
56# Comment out the following two lines for the "traditional"
57# (and highly broken) format.
--- 5 unchanged lines hidden (view full) ---
63
64# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
65# so this is commented out by default to leave a V1 CRL.
66# crlnumber must also be commented out to leave a V1 CRL.
67# crl_extensions = crl_ext
68
69default_days = 365 # how long to certify for
70default_crl_days= 30 # how long before next CRL
71default_md = md5 # which md to use.
72preserve = no # keep passed DN ordering
73
74# A few difference way of specifying how similar the request should look
75# For type CA, the listed attributes must be the same, and the optional
76# and supplied fields are just that :-)
77policy = policy_match
78
79# For the CA policy
--- 104 unchanged lines hidden (view full) ---
184# This is typical in keyUsage for a client certificate.
185# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
186
187# This will be displayed in Netscape's comment listbox.
188nsComment = "OpenSSL Generated Certificate"
189
190# PKIX recommendations harmless if included in all certificates.
191subjectKeyIdentifier=hash
192authorityKeyIdentifier=keyid,issuer:always
193
194# This stuff is for subjectAltName and issuerAltname.
195# Import the email address.
196# subjectAltName=email:copy
197# An alternative to produce certificates that aren't
198# deprecated according to PKIX.
199# subjectAltName=email:move
200
--- 53 unchanged lines hidden (view full) ---
254
255[ crl_ext ]
256
257# CRL extensions.
258# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
259
260# issuerAltName=issuer:copy
261authorityKeyIdentifier=keyid:always,issuer:always
2#
3# OpenSSL example configuration file.
4# This is mostly being used for generation of certificate requests.
5#
6
7# This definition stops the following lines choking if HOME isn't
8# defined.
9HOME = .
--- 30 unchanged lines hidden (view full) ---
40crl_dir = $dir/crl # Where the issued crl are kept
41database = $dir/index.txt # database index file.
42#unique_subject = no # Set to 'no' to allow creation of
43 # several ctificates with same subject.
44new_certs_dir = $dir/newcerts # default place for new certs.
45
46certificate = $dir/cacert.pem # The CA certificate
47serial = $dir/serial # The current serial number
48#crlnumber = $dir/crlnumber # the current crl number must be
49 # commented out to leave a V1 CRL
50crl = $dir/crl.pem # The current CRL
51private_key = $dir/private/cakey.pem# The private key
52RANDFILE = $dir/private/.rand # private random number file
53
54x509_extensions = usr_cert # The extentions to add to the cert
55
56# Comment out the following two lines for the "traditional"
57# (and highly broken) format.
--- 5 unchanged lines hidden (view full) ---
63
64# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
65# so this is commented out by default to leave a V1 CRL.
66# crlnumber must also be commented out to leave a V1 CRL.
67# crl_extensions = crl_ext
68
69default_days = 365 # how long to certify for
70default_crl_days= 30 # how long before next CRL
71default_md = md5 # which md to use.
72preserve = no # keep passed DN ordering
73
74# A few difference way of specifying how similar the request should look
75# For type CA, the listed attributes must be the same, and the optional
76# and supplied fields are just that :-)
77policy = policy_match
78
79# For the CA policy
--- 104 unchanged lines hidden (view full) ---
184# This is typical in keyUsage for a client certificate.
185# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
186
187# This will be displayed in Netscape's comment listbox.
188nsComment = "OpenSSL Generated Certificate"
189
190# PKIX recommendations harmless if included in all certificates.
191subjectKeyIdentifier=hash
192authorityKeyIdentifier=keyid,issuer:always
193
194# This stuff is for subjectAltName and issuerAltname.
195# Import the email address.
196# subjectAltName=email:copy
197# An alternative to produce certificates that aren't
198# deprecated according to PKIX.
199# subjectAltName=email:move
200
--- 53 unchanged lines hidden (view full) ---
254
255[ crl_ext ]
256
257# CRL extensions.
258# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
259
260# issuerAltName=issuer:copy
261authorityKeyIdentifier=keyid:always,issuer:always