https://aznot.com/index.php?action=history&feed=atom&title=Openssl.cnfOpenssl.cnf - Revision history2026-05-08T23:03:35ZRevision history for this page on the wikiMediaWiki 1.41.0https://aznot.com/index.php?title=Openssl.cnf&diff=981&oldid=prevKenneth: Created page with " # # SSLeay example configuration file. # This is mostly being used for generation of certificate requests. # RANDFILE = .rnd #########################..."2014-09-15T06:05:35Z<p>Created page with " # # SSLeay example configuration file. # This is mostly being used for generation of certificate requests. # RANDFILE = .rnd #########################..."</p>
<p><b>New page</b></p><div> #<br />
# SSLeay example configuration file.<br />
# This is mostly being used for generation of certificate requests.<br />
#<br />
<br />
RANDFILE = .rnd<br />
<br />
####################################################################<br />
[ ca ]<br />
default_ca = CA_default # The default ca section<br />
<br />
####################################################################<br />
[ CA_default ]<br />
<br />
dir = demoCA # Where everything is kept<br />
certs = $dir\certs # Where the issued certs are kept<br />
crl_dir = $dir\crl # Where the issued crl are kept<br />
database = $dir\index.txt # database index file.<br />
new_certs_dir = $dir\newcerts # default place for new certs.<br />
<br />
certificate = $dir\cacert.pem # The CA certificate<br />
serial = $dir\serial # The current serial number<br />
crl = $dir\crl.pem # The current CRL<br />
private_key = $dir\private\cakey.pem # The private key<br />
RANDFILE = $dir\private\private.rnd # private random number file<br />
<br />
x509_extensions = x509v3_extensions # The extentions to add to the cert<br />
default_days = 365 # how long to certify for<br />
default_crl_days= 30 # how long before next CRL<br />
default_md = md5 # which md to use.<br />
preserve = no # keep passed DN ordering<br />
<br />
# A few difference way of specifying how similar the request should look<br />
# For type CA, the listed attributes must be the same, and the optional<br />
# and supplied fields are just that :-)<br />
policy = policy_match<br />
<br />
# For the CA policy<br />
[ policy_match ]<br />
countryName = optional<br />
stateOrProvinceName = optional<br />
organizationName = optional<br />
organizationalUnitName = optional<br />
commonName = supplied<br />
emailAddress = optional<br />
<br />
# For the 'anything' policy<br />
# At this point in time, you must list all acceptable 'object'<br />
# types.<br />
[ policy_anything ]<br />
countryName = optional<br />
stateOrProvinceName = optional<br />
localityName = optional<br />
organizationName = optional<br />
organizationalUnitName = optional<br />
commonName = supplied<br />
emailAddress = optional<br />
<br />
####################################################################<br />
[ req ]<br />
default_bits = 1024<br />
default_keyfile = privkey.pem<br />
distinguished_name = req_distinguished_name<br />
attributes = req_attributes<br />
<br />
[ req_distinguished_name ]<br />
countryName = Country Name (2 letter code)<br />
countryName_min = 2<br />
countryName_max = 2<br />
<br />
stateOrProvinceName = State or Province Name (full name)<br />
<br />
localityName = Locality Name (eg, city)<br />
<br />
0.organizationName = Organization Name (eg, company)<br />
<br />
organizationalUnitName = Organizational Unit Name (eg, section)<br />
<br />
commonName = Common Name (eg, your website's domain name)<br />
commonName_max = 64<br />
<br />
emailAddress = Email Address<br />
emailAddress_max = 40<br />
<br />
[ req_attributes ]<br />
challengePassword = A challenge password<br />
challengePassword_min = 4<br />
challengePassword_max = 20<br />
<br />
[ x509v3_extensions ]<br />
<br />
# under ASN.1, the 0 bit would be encoded as 80<br />
nsCertType = 0x40<br />
<br />
#nsBaseUrl<br />
#nsRevocationUrl<br />
#nsRenewalUrl<br />
#nsCaPolicyUrl<br />
#nsSslServerName<br />
#nsCertSequence<br />
#nsCertExt<br />
#nsDataType</div>Kenneth