1# 2# OpenSSL configuration file to create apps directory certificates 3# 4 5# This definition stops the following lines choking if HOME or CN 6# is undefined. 7HOME = . 8CN = "Not Defined" 9 10# Comment out the next line to ignore configuration errors 11config_diagnostics = 1 12 13 14#################################################################### 15[ req ] 16default_bits = 2048 17default_keyfile = privkey.pem 18# Don't prompt for fields: use those in section directly 19prompt = no 20distinguished_name = req_distinguished_name 21x509_extensions = v3_ca # The extensions to add to the self signed cert 22string_mask = utf8only 23 24# req_extensions = v3_req # The extensions to add to a certificate request 25 26[ req_distinguished_name ] 27countryName = UK 28 29organizationName = OpenSSL Group 30organizationalUnitName = FOR TESTING PURPOSES ONLY 31# Take CN from environment so it can come from a script. 32commonName = $ENV::CN 33 34[ usr_cert ] 35 36# These extensions are added when 'ca' signs a request for an end entity 37# certificate 38 39basicConstraints=critical, CA:FALSE 40keyUsage=critical, nonRepudiation, digitalSignature, keyEncipherment 41 42[ ec_cert ] 43 44# These extensions are added when 'ca' signs a request for an end entity 45# certificate 46 47basicConstraints=critical, CA:FALSE 48keyUsage=critical, nonRepudiation, digitalSignature, keyAgreement 49 50# PKIX recommendations harmless if included in all certificates. 51subjectKeyIdentifier=hash 52authorityKeyIdentifier=keyid 53 54[ v3_ca ] 55 56 57# Extensions for a typical CA 58 59# PKIX recommendation. 60 61subjectKeyIdentifier=hash 62authorityKeyIdentifier=keyid:always 63basicConstraints = critical,CA:true 64keyUsage = critical, cRLSign, keyCertSign 65 66 67
