X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;ds=sidebyside;f=apps%2Fopenssl.cnf;h=8941f454f8a577d088f5628772498a75e2f21e54;hb=299024498004473a58e780cdf8ec83e85a04f807;hp=dbe8cbefe0eaff39e0abd55754878cd48c7beb18;hpb=b38f9f66c3ac92d7ad1a23f6b951b966c779905c;p=oweals%2Fopenssl.git diff --git a/apps/openssl.cnf b/apps/openssl.cnf index dbe8cbefe0..8941f454f8 100644 --- a/apps/openssl.cnf +++ b/apps/openssl.cnf @@ -38,18 +38,31 @@ dir = ./demoCA # Where everything is kept certs = $dir/certs # Where the issued certs are kept crl_dir = $dir/crl # Where the issued crl are kept database = $dir/index.txt # database index file. +#unique_subject = no # Set to 'no' to allow creation of + # several ctificates with same subject. new_certs_dir = $dir/newcerts # default place for new certs. certificate = $dir/cacert.pem # The CA certificate serial = $dir/serial # The current serial number +crlnumber = $dir/crlnumber # the current crl number + # must be commented out to leave a V1 CRL crl = $dir/crl.pem # The current CRL private_key = $dir/private/cakey.pem# The private key RANDFILE = $dir/private/.rand # private random number file x509_extensions = usr_cert # The extentions to add to the cert +# Comment out the following two lines for the "traditional" +# (and highly broken) format. +name_opt = ca_default # Subject Name options +cert_opt = ca_default # Certificate field options + +# Extension copying option: use with caution. +# copy_extensions = copy + # Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs # so this is commented out by default to leave a V1 CRL. +# crlnumber must also be commented out to leave a V1 CRL. # crl_extensions = crl_ext default_days = 365 # how long to certify for @@ -132,7 +145,7 @@ commonName = Common Name (eg, YOUR name) commonName_max = 64 emailAddress = Email Address -emailAddress_max = 40 +emailAddress_max = 64 # SET-ex3 = SET extension number 3 @@ -180,6 +193,9 @@ authorityKeyIdentifier=keyid,issuer:always # This stuff is for subjectAltName and issuerAltname. # Import the email address. # subjectAltName=email:copy +# An alternative to produce certificates that aren't +# deprecated according to PKIX. +# subjectAltName=email:move # Copy subject details # issuerAltName=issuer:copy