Permalink
Cannot retrieve contributors at this time
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
39 lines (31 sloc)
1.56 KB
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# TLS server certificate request | |
# This file is used by the openssl req command. The subjectAltName cannot be | |
# prompted for and must be specified in the SAN environment variable. | |
[ default ] | |
SAN = DNS:yourdomain.tld # Default value | |
[ req ] | |
default_bits = 2048 # RSA key size | |
encrypt_key = no # Protect private key | |
default_md = sha1 # MD to use | |
utf8 = yes # Input is UTF-8 | |
string_mask = utf8only # Emit UTF-8 strings | |
prompt = yes # Prompt for DN | |
distinguished_name = server_dn # DN template | |
req_extensions = server_reqext # Desired extensions | |
0.domainComponent = "me" | |
1.domainComponent = "nmz" | |
organizationName = "NMZ" | |
organizationalUnitName = "NMZ PKI" | |
[ server_dn ] | |
0.domainComponent = "1. Domain Component (eg, me) " | |
1.domainComponent = "2. Domain Component (eg, nmz) " | |
#2.domainComponent = "3. Domain Component (eg, pki) " | |
organizationName = "4. Organization Name (eg, NMZ) " | |
organizationalUnitName = "5. Organizational Unit Name (eg, section) " | |
commonName = "6. Common Name (eg, FQDN) " | |
commonName_max = 64 | |
[ server_reqext ] | |
keyUsage = critical,digitalSignature,keyEncipherment | |
extendedKeyUsage = serverAuth,clientAuth | |
subjectKeyIdentifier = hash | |
subjectAltName = $ENV::SAN |