Strona główna Odkrywaj Pomoc
Zaloguj się
SoftwareDesign
/
csu3_am335x
8
0
Forkuj 0
Pliki Problemy 0 Oczekujące zmiany 0 Wiki
Gałąź: master
Gałęzie Tagi
csu3_am335x
/
EVSE
/
GPL
/
openvpn-2.4.9
/
sample
/
sample-keys
/
openssl.cnf

openssl.cnf 4.2 KB
Bezpośredni odnośnik Historia Czysty

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139 
  1. # Heavily borrowed from EasyRSA 3, for use with OpenSSL 1.0.*
    2. 

  2. 

  3. ####################################################################
    4. 

  4. [ ca ]
    5. 

  5. default_ca	= CA_default		# The default ca section
    6. 

  6. 

  7. ####################################################################
    8. 

  8. [ CA_default ]
    9. 

  9. 

  10. dir		= sample-ca		# Where everything is kept
    11. 

  11. certs		= $dir			# Where the issued certs are kept
    12. 

  12. crl_dir		= $dir			# Where the issued crl are kept
    13. 

  13. database	= $dir/index.txt	# database index file.
    14. 

  14. new_certs_dir	= $dir			# default place for new certs.
    15. 

  15. 

  16. certificate	= $dir/ca.crt	 	# The CA certificate
    17. 

  17. serial		= $dir/serial 		# The current serial number
    18. 

  18. crl		= $dir/crl.pem 		# The current CRL
    19. 

  19. private_key	= $dir/ca.key		# The private key
    20. 

  20. RANDFILE	= $dir/.rand		# private random number file
    21. 

  21. 

  22. x509_extensions	= basic_exts		# The extentions to add to the cert
    23. 

  23. 

  24. # This allows a V2 CRL. Ancient browsers don't like it, but anything Easy-RSA
    25. 

  25. # is designed for will. In return, we get the Issuer attached to CRLs.
    26. 

  26. crl_extensions	= crl_ext
    27. 

  27. 

  28. default_days	= 3650			# how long to certify for
    29. 

  29. default_crl_days= 30			# how long before next CRL
    30. 

  30. default_md	= sha256		# use public key default MD
    31. 

  31. preserve	= no			# keep passed DN ordering
    32. 

  32. 

  33. # A few difference way of specifying how similar the request should look
    34. 

  34. # For type CA, the listed attributes must be the same, and the optional
    35. 

  35. # and supplied fields are just that :-)
    36. 

  36. policy		= policy_anything
    37. 

  37. 

  38. # For the 'anything' policy, which defines allowed DN fields
    39. 

  39. [ policy_anything ]
    40. 

  40. countryName		= optional
    41. 

  41. stateOrProvinceName	= optional
    42. 

  42. localityName		= optional
    43. 

  43. organizationName	= optional
    44. 

  44. organizationalUnitName	= optional
    45. 

  45. commonName		= supplied
    46. 

  46. name			= optional
    47. 

  47. emailAddress		= optional
    48. 

  48. 

  49. ####################################################################
    50. 

  50. # Easy-RSA request handling
    51. 

  51. # We key off $DN_MODE to determine how to format the DN
    52. 

  52. [ req ]
    53. 

  53. default_bits		= 2048
    54. 

  54. default_keyfile		= privkey.pem
    55. 

  55. default_md		= sha256
    56. 

  56. distinguished_name	= cn_only
    57. 

  57. x509_extensions		= easyrsa_ca	# The extentions to add to the self signed cert
    58. 

  58. 

  59. # A placeholder to handle the $EXTRA_EXTS feature:
    60. 

  60. #%EXTRA_EXTS%	# Do NOT remove or change this line as $EXTRA_EXTS support requires it
    61. 

  61. 

  62. ####################################################################
    63. 

  63. # Easy-RSA DN (Subject) handling
    64. 

  64. 

  65. # Easy-RSA DN for cn_only support:
    66. 

  66. [ cn_only ]
    67. 

  67. commonName		= Common Name (eg: your user, host, or server name)
    68. 

  68. commonName_max		= 64
    69. 

  69. commonName_default	= changeme
    70. 

  70. 

  71. # Easy-RSA DN for org support:
    72. 

  72. [ org ]
    73. 

  73. countryName			= Country Name (2 letter code)
    74. 

  74. countryName_default		= KG
    75. 

  75. countryName_min			= 2
    76. 

  76. countryName_max			= 2
    77. 

  77. 

  78. stateOrProvinceName		= State or Province Name (full name)
    79. 

  79. stateOrProvinceName_default	= NA
    80. 

  80. 

  81. localityName			= Locality Name (eg, city)
    82. 

  82. localityName_default		= BISHKEK
    83. 

  83. 

  84. 0.organizationName		= Organization Name (eg, company)
    85. 

  85. 0.organizationName_default	= OpenVPN-TEST
    86. 

  86. 

  87. organizationalUnitName		= Organizational Unit Name (eg, section)
    88. 

  88. organizationalUnitName_default	=
    89. 

  89. 

  90. commonName			= Common Name (eg: your user, host, or server name)
    91. 

  91. commonName_max			= 64
    92. 

  92. commonName_default		=
    93. 

  93. 

  94. emailAddress			= Email Address
    95. 

  95. emailAddress_default		= me@myhost.mydomain
    96. 

  96. emailAddress_max		= 64
    97. 

  97. 

  98. ####################################################################
    99. 

  99. 

  100. [ basic_exts ]
    101. 

  101. basicConstraints	= CA:FALSE
    102. 

  102. subjectKeyIdentifier	= hash
    103. 

  103. authorityKeyIdentifier	= keyid,issuer:always
    104. 

  104. 

  105. # The Easy-RSA CA extensions
    106. 

  106. [ easyrsa_ca ]
    107. 

  107. 

  108. # PKIX recommendations:
    109. 

  109. 

  110. subjectKeyIdentifier=hash
    111. 

  111. authorityKeyIdentifier=keyid:always,issuer:always
    112. 

  112. 

  113. # This could be marked critical, but it's nice to support reading by any
    114. 

  114. # broken clients who attempt to do so.
    115. 

  115. basicConstraints = CA:true
    116. 

  116. 

  117. # Limit key usage to CA tasks. If you really want to use the generated pair as
    118. 

  118. # a self-signed cert, comment this out.
    119. 

  119. keyUsage = cRLSign, keyCertSign
    120. 

  120. 

  121. # CRL extensions.
    122. 

  122. [ crl_ext ]
    123. 

  123. 

  124. # Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
    125. 

  125. 

  126. # issuerAltName=issuer:copy
    127. 

  127. authorityKeyIdentifier=keyid:always,issuer:always
    128. 

  128. 

  129. 

  130. # Server extensions.
    131. 

  131. [ server ]
    132. 

  132. 

  133. basicConstraints       = CA:FALSE
    134. 

  134. nsCertType             = server
    135. 

  135. nsComment              = "OpenSSL Generated Server Certificate"
    136. 

  136. subjectKeyIdentifier   = hash
    137. 

  137. authorityKeyIdentifier = keyid,issuer:always
    138. 

  138. extendedKeyUsage       = serverAuth
    139. 

  139. keyUsage               = digitalSignature, keyEncipherment
    140.