-
Notifications
You must be signed in to change notification settings - Fork 104
/
Copy pathstubby4j.self.signed.v3.conf
60 lines (52 loc) · 2.82 KB
/
stubby4j.self.signed.v3.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
[ req ]
default_bits = 4096
default_days = 10950
distinguished_name = subject
x509_extensions = x509_ext
string_mask = utf8only
prompt = no
# The Subject DN can be formed using X501 or RFC 4514 (see RFC 4519 for a description).
# Its sort of a mashup. For example, RFC 4514 does not provide emailAddress.
[ subject ]
countryName = AU
stateOrProvinceName = Victoria
localityName = Melbourne
organizationName = stubby4j
organizationalUnitName = Org
# Use a friendly name here because it's presented to the user. The server's DNS
# names are placed in Subject Alternate Names. Plus, DNS names here is deprecated
# by both IETF and CA/Browser Forums. If you place a DNS name here, then you
# must include the DNS name in the SAN too (otherwise, Chrome and others that
# strictly follow the CA/Browser Baseline Requirements will fail).
commonName = stubby4j
# Section x509_ext is used when generating a self-signed certificate. I.e., openssl req -x509 ...
[ x509_ext ]
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always,issuer:always
# This is a multi valued extension which indicates whether a certificate is a CA certificate.
# The first (mandatory) name is CA followed by TRUE or FALSE. If CA is TRUE then an optional
# pathlen name followed by an non-negative value can be included. The pathlen parameter indicates
# the maximum number of CAs that can appear below this one in a chain. So if you have a CA with a
# pathlen of zero it can only be used to sign end user certificates and not further CAs.
basicConstraints = CA:TRUE,pathlen:0
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment, keyAgreement, keyCertSign
subjectAltName = @alternate_names
issuerAltName = issuer:copy
nsComment = "OpenSSL generated certificate for stubby4j"
extendedKeyUsage = serverAuth
[ alternate_names ]
DNS.1 = localhost
# IPv6 localhost. ::1 is the IPv6 loopback address, the equivalent of the IPv4 loopback 127.0.0.1
DNS.2 = ::1
IP.1 = 127.0.0.1
IP.2 = 0.0.0.0
IP.3 = 192.168.0.1
IP.4 = 192.168.0.2
IP.5 = 192.168.0.3
IP.6 = 192.168.0.4
IP.7 = 192.168.0.5
IP.8 = 10.0.0.1
IP.9 = 10.0.0.2
IP.10 = 10.0.0.3
IP.11 = 10.0.0.4
IP.12 = 10.0.0.5