X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=apps%2Fopenssl-vms.cnf;h=c0ded4a5f18f73cbcb42ef8fafa52465a472d86b;hb=5ad4fdce41bb1ce7762b70fb50f732f70e3772cf;hp=c8e1a61a11abcf96291861590285ca482e028b8d;hpb=9ab899a660b30d80d844c5d1be9998180c91149a;p=oweals%2Fopenssl.git diff --git a/apps/openssl-vms.cnf b/apps/openssl-vms.cnf index c8e1a61a11..c0ded4a5f1 100644 --- a/apps/openssl-vms.cnf +++ b/apps/openssl-vms.cnf @@ -44,7 +44,7 @@ certs = $dir.certs] # Where the issued certs are kept crl_dir = $dir.crl] # Where the issued crl are kept database = $dir]index.txt # database index file. #unique_subject = no # Set to 'no' to allow creation of - # several ctificates with same subject. + # several certs with same subject. new_certs_dir = $dir.newcerts] # default place for new certs. certificate = $dir]cacert.pem # The CA certificate @@ -55,7 +55,7 @@ crl = $dir]crl.pem # The current CRL private_key = $dir.private]cakey.pem# The private key RANDFILE = $dir.private].rand # private random number file -x509_extensions = usr_cert # The extentions to add to the cert +x509_extensions = usr_cert # The extensions to add to the cert # Comment out the following two lines for the "traditional" # (and highly broken) format. @@ -72,7 +72,7 @@ cert_opt = ca_default # Certificate field options default_days = 365 # how long to certify for default_crl_days= 30 # how long before next CRL -default_md = sha1 # which md to use. +default_md = default # use public key default MD preserve = no # keep passed DN ordering # A few difference way of specifying how similar the request should look @@ -103,11 +103,11 @@ emailAddress = optional #################################################################### [ req ] -default_bits = 1024 +default_bits = 2048 default_keyfile = privkey.pem distinguished_name = req_distinguished_name attributes = req_attributes -x509_extensions = v3_ca # The extentions to add to the self signed cert +x509_extensions = v3_ca # The extensions to add to the self signed cert # Passwords for private keys if not present they will be prompted for # input_password = secret @@ -145,7 +145,7 @@ localityName = Locality Name (eg, city) organizationalUnitName = Organizational Unit Name (eg, section) #organizationalUnitName_default = -commonName = Common Name (eg, YOUR name) +commonName = Common Name (e.g. server FQDN or YOUR name) commonName_max = 64 emailAddress = Email Address @@ -212,7 +212,7 @@ authorityKeyIdentifier=keyid,issuer #nsSslServerName # This is required for TSA certificates. -extendedKeyUsage = critical,timeStamping +# extendedKeyUsage = critical,timeStamping [ v3_req ] @@ -231,7 +231,7 @@ keyUsage = nonRepudiation, digitalSignature, keyEncipherment subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid:always,issuer:always +authorityKeyIdentifier=keyid:always,issuer # This is what PKIX recommends but some broken software chokes on critical # extensions. @@ -264,7 +264,7 @@ basicConstraints = CA:true # Only issuerAltName and authorityKeyIdentifier make any sense in a CRL. # issuerAltName=issuer:copy -authorityKeyIdentifier=keyid:always,issuer:always +authorityKeyIdentifier=keyid:always [ proxy_cert_ext ] # These extensions should be added when creating a proxy certificate @@ -297,7 +297,7 @@ nsComment = "OpenSSL Generated Certificate" # PKIX recommendations harmless if included in all certificates. subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid,issuer:always +authorityKeyIdentifier=keyid,issuer # This stuff is for subjectAltName and issuerAltname. # Import the email address.