Skip to content
Browse files

modifications for psych0tik use

changed default-days, bits, key usages, basicConstraints, etc.
  • Loading branch information...
1 parent 783668a commit 44064cf69236f85f372973a99f5f6ecbded21308 @CarbonLifeForm CarbonLifeForm committed Dec 15, 2011
Showing with 15 additions and 8 deletions.
  1. +15 −8 openssl.cnf
View
23 openssl.cnf
@@ -70,7 +70,7 @@ cert_opt = ca_default # Certificate field options
# crlnumber must also be commented out to leave a V1 CRL.
# crl_extensions = crl_ext
-default_days = 365 # how long to certify for
+default_days = 730 # how long to certify for
default_crl_days= 30 # how long before next CRL
default_md = default # use public key default MD
preserve = no # keep passed DN ordering
@@ -103,7 +103,7 @@ emailAddress = optional
####################################################################
[ req ]
-default_bits = 1024
+default_bits = 2048
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
attributes = req_attributes
@@ -131,19 +131,20 @@ countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
-stateOrProvinceName_default = Some-State
+stateOrProvinceName_default = Unknown
localityName = Locality Name (eg, city)
+localityName_default = Unknown
0.organizationName = Organization Name (eg, company)
-0.organizationName_default = Internet Widgits Pty Ltd
+0.organizationName_default = psych0tik network
# we can do this but it is not needed normally :-)
#1.organizationName = Second Organization Name (eg, company)
#1.organizationName_default = World Wide Web Pty Ltd
0.organizationalUnitName = Organizational Unit Name (eg, section)
-#0.organizationalUnitName_default =
+0.organizationalUnitName_default = IRC
#1.organizationalUnitName = Organizational Unit Name (eg, section)
#1.organizationalUnitName_default =
@@ -153,6 +154,7 @@ commonName_max = 64
emailAddress = Email Address
emailAddress_max = 64
+emailAddress_default = irc-staff@psych0tik.net
# SET-ex3 = SET extension number 3
@@ -189,6 +191,11 @@ basicConstraints=CA:FALSE
# This is typical in keyUsage for a client certificate.
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+keyUsage = keyEncipherment, digitalSignature
+
+# Extended key usage
+extendedKeyUsage=serverAuth, msSGC, nsSGC
+nsCertType=server
# This will be displayed in Netscape's comment listbox.
nsComment = "OpenSSL Generated Certificate"
@@ -245,10 +252,10 @@ basicConstraints = CA:true
# Key usage: this is typical for a CA certificate. However since it will
# prevent it being used as an test self-signed certificate it is best
# left out by default.
-# keyUsage = cRLSign, keyCertSign
+keyUsage = cRLSign, keyCertSign
# Some might want this also
-# nsCertType = sslCA, emailCA
+nsCertType = sslCA
# Include email address in subject alt name: another PKIX recommendation
# subjectAltName=email:copy
@@ -296,7 +303,7 @@ basicConstraints=CA:FALSE
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
# This will be displayed in Netscape's comment listbox.
-nsComment = "OpenSSL Generated Certificate"
+# nsComment = "OpenSSL Generated Certificate"
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash

0 comments on commit 44064cf

Please sign in to comment.
Something went wrong with that request. Please try again.