http://neobiker.de/wiki/index.php?action=history&feed=atom&title=CA_openssl.cnf.tpl 2026-06-13T02:12:06Z Versionsgeschichte dieser Seite in Neobikers Wiki MediaWiki 1.43.8 http://neobiker.de/wiki/index.php?title=CA_openssl.cnf.tpl&diff=773&oldid=prev 2008-06-27T19:34:40Z

<p></p> <p><b>Neue Seite</b></p><div>&#039;&#039;&#039;./scripts/openssl.cnf.tpl&#039;&#039;&#039;<br /> &lt;pre&gt;<br /> # OpenSSL configuration file for certificates.<br /> # 2007 by neobiker<br /> #<br /> # $Id: openssl.cnf.tpl,v 1.1 2008/06/26 20:35:28 root Exp root $<br /> #<br /> # $Log: openssl.cnf.tpl,v $<br /> # Revision 1.1 2008/06/26 20:35:28 root<br /> # Initial revision<br /> #<br /> <br /> [ new_oids]<br /> <br /> ####################################################################<br /> [ ca ]<br /> default_ca = Server_CA # The default ca section<br /> <br /> ####################################################################<br /> [ Root_CA ]<br /> <br /> dir = $path/RootCA # Where everything is kept<br /> certs = $dir/certs # Where the issued certs are kept<br /> crl_dir = $dir/crls # Where the issued crl are kept<br /> database = $dir/index.txt # database index file.<br /> new_certs_dir = $dir/newcerts # default place for new certs.<br /> <br /> certificate = $dir/private/RCAcert.pem # The CA certificate<br /> serial = $dir/serial # The current serial number<br /> crl = $dir/crls/crl.pem # The current CRL<br /> private_key = $dir/private/RCAkey.pem # The private key<br /> <br /> default_days = 1825 # how long to certify for<br /> default_crl_days= 365 # how long before next CRL<br /> default_md = md5 # which md to use.<br /> <br /> x509_extensions = RCA_cert # The extentions to add to the cert<br /> preserve = no<br /> <br /> policy = policy_match # default policy<br /> <br /> [ Server_CA ]<br /> <br /> dir = $path/ServerCA # Where everything is kept<br /> certs = $dir/certs # Where the issued certs are kept<br /> crl_dir = $dir/crls # Where the issued crl are kept<br /> database = $dir/index.txt # database index file.<br /> new_certs_dir = $dir/newcerts # default place for new certs.<br /> <br /> certificate = $dir/private/SCAcert.pem # The CA certificate<br /> serial = $dir/serial # The current serial number<br /> crl = $dir/crls/crl.pem # The current CRL<br /> private_key = $dir/private/SCAkey.pem # The private key<br /> <br /> default_days = 1825 # how long to certify for<br /> default_crl_days= 30 # how long before next CRL<br /> default_md = md5 # which md to use.<br /> <br /> x509_extensions = SCA_cert # The extentions to add to the cert<br /> preserve = no<br /> <br /> policy = policy_anything # default policy<br /> <br /> [ User_CA ]<br /> <br /> dir = $path/UserCA # Where everything is kept<br /> certs = $dir/certs # Where the issued certs are kept<br /> crl_dir = $dir/crls # Where the issued crl are kept<br /> database = $dir/index.txt # database index file.<br /> new_certs_dir = $dir/newcerts # default place for new certs.<br /> <br /> certificate = $dir/private/UCAcert.pem # The CA certificate<br /> serial = $dir/serial # The current serial number<br /> crl = $dir/crls/crl.pem # The current CRL<br /> private_key = $dir/private/UCAkey.pem # The private key<br /> <br /> default_days = 730 # how long to certify for<br /> default_crl_days= 30 # how long before next CRL<br /> default_md = md5 # which md to use.<br /> <br /> x509_extensions = UCA_cert # The extentions to add to the cert<br /> preserve = no<br /> <br /> policy = policy_match # default policy<br /> <br /> [ policy_match ]<br /> <br /> countryName = match<br /> stateOrProvinceName = supplied<br /> localityName = optional<br /> organizationName = supplied<br /> organizationalUnitName = optional<br /> commonName = supplied<br /> emailAddress = optional<br /> <br /> [ policy_anything ]<br /> countryName = match<br /> stateOrProvinceName = optional<br /> localityName = optional<br /> organizationName = optional<br /> organizationalUnitName = optional<br /> commonName = supplied<br /> emailAddress = optional<br /> <br /> ####################################################################<br /> [ req ]<br /> <br /> default_bits = 2048<br /> distinguished_name = req_distinguished_name<br /> attributes = req_attributes<br /> <br /> x509_extensions = v3_ca # The extentions to add to the self signed cert<br /> <br /> string_mask = nombstr<br /> <br /> [ req_distinguished_name ]<br /> countryName = Country Name (2 letter code)<br /> countryName_default = DE<br /> countryName_min = 2<br /> countryName_max = 2<br /> <br /> stateOrProvinceName = State or Province Name (full name)<br /> stateOrProvinceName_default = Bayern<br /> <br /> localityName = Locality Name (eg, city)<br /> localityName_default = Nuernberg<br /> <br /> 0.organizationName = Organization Name (eg, company)<br /> 0.organizationName_default = OrganisationName<br /> <br /> organizationalUnitName = Organizational Unit Name (eg, section or website)<br /> organizationalUnitName_default = OrganisationUnit<br /> <br /> commonName = Common Name (SERVER / USER name)<br /> #commonName_default = server.company.de<br /> commonName_max = 64<br /> <br /> emailAddress = Email Address (eg, YOUR email)<br /> emailAddress_default = webmaster@company.de<br /> <br /> [ req_attributes ]<br /> # Das Challenge Password dient dazu, sich bei Verlust des geheimen<br /> # Schluessels gegenueber der Herausgeber-CA fuer einen<br /> # Zertifikatswiderruf auszuweisen. Wird bei der Erstellung der<br /> # Zeritifikatsanforderung erfragt.<br /> <br /> challengePassword = A challenge password<br /> challengePassword_min = 4<br /> challengePassword_max = 20<br /> <br /> unstructuredName = company.de<br /> <br /> ##################################################################<br /> [ RCA_cert ]<br /> <br /> basicConstraints = critical, CA:TRUE<br /> keyUsage = cRLSign, keyCertSign<br /> subjectKeyIdentifier = hash<br /> authorityKeyIdentifier = keyid,issuer:always<br /> subjectAltName = email:copy<br /> issuerAltName = issuer:copy<br /> #crlDistributionPoints = URI:http://company.homeip.net/RCA.crl<br /> nsCertType = sslCA, emailCA, objCA<br /> #nsBaseUrl = https://company.de/<br /> nsComment = &quot;issued by company.de CA&quot;<br /> <br /> <br /> [ SCA_cert ]<br /> <br /> # basicConstraints = critical, CA:FALSE<br /> keyUsage = digitalSignature, keyEncipherment<br /> subjectKeyIdentifier = hash<br /> authorityKeyIdentifier = keyid,issuer:always<br /> subjectAltName = email:copy<br /> issuerAltName = issuer:copy<br /> #crlDistributionPoints = URI:http://company.homeip.net/SCA.crl<br /> nsCertType = server<br /> nsBaseUrl = https://company.de/<br /> nsComment = &quot;issued by company.de (Server CA)&quot;<br /> <br /> <br /> [ UCA_cert ]<br /> <br /> # basicConstraints = critical, CA:FALSE<br /> keyUsage = digitalSignature, keyEncipherment, keyAgreement<br /> subjectKeyIdentifier = hash<br /> authorityKeyIdentifier = keyid,issuer:always<br /> subjectAltName = email:copy<br /> issuerAltName = issuer:copy<br /> #crlDistributionPoints = URI:http://company.homeip.net/UCA.crl<br /> nsCertType = client, email<br /> #nsBaseUrl = https://company.de/<br /> nsComment = &quot;issued by company.de (User CA)&quot;<br /> <br /> <br /> #################################################################<br /> [ v3_ca ]<br /> <br /> basicConstraints = critical, CA:true<br /> keyUsage = cRLSign, keyCertSign<br /> subjectKeyIdentifier = hash<br /> authorityKeyIdentifier = keyid,issuer:always<br /> subjectAltName = email:copy<br /> issuerAltName = issuer:copy<br /> #crlDistributionPoints = URI:http://company.de/RCA.crl<br /> nsCertType = sslCA, emailCA, objCA<br /> #nsBaseUrl = https://company.de/<br /> nsComment = &quot;issued by company.de CA&quot;<br /> <br /> [ crl_ext ]<br /> <br /> issuerAltName = issuer:copy<br /> authorityKeyIdentifier = keyid:always,issuer:always<br /> &lt;/pre&gt;</div>

Neobiker