Skip to content

Commit

Permalink
modifications for psych0tik use
Browse files Browse the repository at this point in the history 
changed default-days, bits, key usages, basicConstraints, etc.
  • Loading branch information
@CarbonLifeForm
CarbonLifeForm committed Dec 15, 2011
1 parent 783668a commit 44064cf
Showing 1 changed file with 15 additions and 8 deletions.
23 changes: 15 additions & 8 deletions openssl.cnf
View file
Expand Up @@ -70,7 +70,7 @@ cert_opt = ca_default # Certificate field options
# crlnumber must also be commented out to leave a V1 CRL. # crlnumber must also be commented out to leave a V1 CRL.
# crl_extensions = crl_ext # crl_extensions = crl_ext


default_days = 365 # how long to certify for default_days = 730 # how long to certify for
default_crl_days= 30 # how long before next CRL default_crl_days= 30 # how long before next CRL
default_md = default # use public key default MD default_md = default # use public key default MD
preserve = no # keep passed DN ordering preserve = no # keep passed DN ordering
Expand Down Expand Up @@ -103,7 +103,7 @@ emailAddress = optional


#################################################################### ####################################################################
[ req ] [ req ]
default_bits = 1024 default_bits = 2048
default_keyfile = privkey.pem default_keyfile = privkey.pem
distinguished_name = req_distinguished_name distinguished_name = req_distinguished_name
attributes = req_attributes attributes = req_attributes
Expand Down Expand Up @@ -131,19 +131,20 @@ countryName_min = 2
countryName_max = 2 countryName_max = 2


stateOrProvinceName = State or Province Name (full name) stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = Some-State stateOrProvinceName_default = Unknown


localityName = Locality Name (eg, city) localityName = Locality Name (eg, city)
localityName_default = Unknown


0.organizationName = Organization Name (eg, company) 0.organizationName = Organization Name (eg, company)
0.organizationName_default = Internet Widgits Pty Ltd 0.organizationName_default = psych0tik network


# we can do this but it is not needed normally :-) # we can do this but it is not needed normally :-)
#1.organizationName = Second Organization Name (eg, company) #1.organizationName = Second Organization Name (eg, company)
#1.organizationName_default = World Wide Web Pty Ltd #1.organizationName_default = World Wide Web Pty Ltd


0.organizationalUnitName = Organizational Unit Name (eg, section) 0.organizationalUnitName = Organizational Unit Name (eg, section)
#0.organizationalUnitName_default = 0.organizationalUnitName_default = IRC


#1.organizationalUnitName = Organizational Unit Name (eg, section) #1.organizationalUnitName = Organizational Unit Name (eg, section)
#1.organizationalUnitName_default = #1.organizationalUnitName_default =
Expand All @@ -153,6 +154,7 @@ commonName_max = 64


emailAddress = Email Address emailAddress = Email Address
emailAddress_max = 64 emailAddress_max = 64
emailAddress_default = irc-staff@psych0tik.net


# SET-ex3 = SET extension number 3 # SET-ex3 = SET extension number 3


Expand Down Expand Up @@ -189,6 +191,11 @@ basicConstraints=CA:FALSE


# This is typical in keyUsage for a client certificate. # This is typical in keyUsage for a client certificate.
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment # keyUsage = nonRepudiation, digitalSignature, keyEncipherment
keyUsage = keyEncipherment, digitalSignature

# Extended key usage
extendedKeyUsage=serverAuth, msSGC, nsSGC
nsCertType=server


# This will be displayed in Netscape's comment listbox. # This will be displayed in Netscape's comment listbox.
nsComment = "OpenSSL Generated Certificate" nsComment = "OpenSSL Generated Certificate"
Expand Down Expand Up @@ -245,10 +252,10 @@ basicConstraints = CA:true
# Key usage: this is typical for a CA certificate. However since it will # Key usage: this is typical for a CA certificate. However since it will
# prevent it being used as an test self-signed certificate it is best # prevent it being used as an test self-signed certificate it is best
# left out by default. # left out by default.
# keyUsage = cRLSign, keyCertSign keyUsage = cRLSign, keyCertSign


# Some might want this also # Some might want this also
# nsCertType = sslCA, emailCA nsCertType = sslCA


# Include email address in subject alt name: another PKIX recommendation # Include email address in subject alt name: another PKIX recommendation
# subjectAltName=email:copy # subjectAltName=email:copy
Expand Down Expand Up @@ -296,7 +303,7 @@ basicConstraints=CA:FALSE
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment # keyUsage = nonRepudiation, digitalSignature, keyEncipherment


# This will be displayed in Netscape's comment listbox. # This will be displayed in Netscape's comment listbox.
nsComment = "OpenSSL Generated Certificate" # nsComment = "OpenSSL Generated Certificate"


# PKIX recommendations harmless if included in all certificates. # PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash subjectKeyIdentifier=hash
Expand Down

0 comments on commit 44064cf

Please sign in to comment.