-
Notifications
You must be signed in to change notification settings - Fork 0
/
TLS.conf
39 lines (31 loc) · 1.56 KB
/
TLS.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
# TLS server certificate request
# This file is used by the openssl req command. The subjectAltName cannot be
# prompted for and must be specified in the SAN environment variable.
[ default ]
SAN = DNS:yourdomain.tld # Default value
[ req ]
default_bits = 2048 # RSA key size
encrypt_key = no # Protect private key
default_md = sha1 # MD to use
utf8 = yes # Input is UTF-8
string_mask = utf8only # Emit UTF-8 strings
prompt = yes # Prompt for DN
distinguished_name = server_dn # DN template
req_extensions = server_reqext # Desired extensions
0.domainComponent = "me"
1.domainComponent = "nmz"
organizationName = "NMZ"
organizationalUnitName = "NMZ PKI"
[ server_dn ]
0.domainComponent = "1. Domain Component (eg, me) "
1.domainComponent = "2. Domain Component (eg, nmz) "
#2.domainComponent = "3. Domain Component (eg, pki) "
organizationName = "4. Organization Name (eg, NMZ) "
organizationalUnitName = "5. Organizational Unit Name (eg, section) "
commonName = "6. Common Name (eg, FQDN) "
commonName_max = 64
[ server_reqext ]
keyUsage = critical,digitalSignature,keyEncipherment
extendedKeyUsage = serverAuth,clientAuth
subjectKeyIdentifier = hash
subjectAltName = $ENV::SAN