Ubuntu
openldap package

  1. Bug #398366
  2. Comment #4

Comment 4 for bug 398366

Revision history for this message
William King (quentusrex) wrote :

Here are the configs for the file: /home/quentusrex/.TinyCA/testing/openssl.cnf

[ ca ]
default_ca = server_ca

[ policy_client ]
countryName = optional
stateOrProvinceName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional

[ policy_server ]
countryName = optional
stateOrProvinceName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional

[ policy_ca ]
countryName = optional
stateOrProvinceName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional

[ req ]
default_bits = 4096
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca
string_mask = nombstr
req_extensions = v3_req

[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = AU
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = Some-State
localityName = Locality Name (eg, city)
0.organizationName = Organization Name (eg, company)
0.organizationName_default = Internet Widgits Pty Ltd
organizationalUnitName = Organizational Unit Name (eg, section)
commonName = Common Name (eg, YOUR name)
commonName_max = 64
emailAddress = Email Address
emailAddress_max = 40

[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment

[ req_attributes ]
challengePassword = A challenge password
challengePassword_min = 4
challengePassword_max = 20
unstructuredName = An optional company name

[ v3_ca ]
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always,issuer:always
basicConstraints = critical,CA:true
nsCertType = sslCA, emailCA
issuerAltName = issuer:copy
nsComment = "TinyCA Generated Certificate"
subjectAltName = email:copy
keyUsage = critical, keyCertSign, cRLSign

[ crl_ext ]
authorityKeyIdentifier = keyid:always,issuer:always

[ server_ca ]
dir = /home/quentusrex/.TinyCA/testing
certs = $dir/certs
crl_dir = $dir/crl
database = $dir/index.txt
new_certs_dir = $dir/newcerts
certificate = $dir/cacert.pem
serial = $dir/serial
crl = $dir/crl.pem
private_key = $dir/cacert.key
RANDFILE = $dir/.rand
x509_extensions = server_cert
default_days = 365
default_crl_days = 30
default_md = sha1
preserve = no
policy = policy_server
unique_subject = yes

[ client_ca ]
dir = /home/quentusrex/.TinyCA/testing
certs = $dir/certs
crl_dir = $dir/crl
database = $dir/index.txt
new_certs_dir = $dir/newcerts
certificate = $dir/cacert.pem
serial = $dir/serial
crl = $dir/crl.pem
private_key = $dir/cacert.key
RANDFILE = $dir/.rand
x509_extensions = client_cert
default_days = 365
default_crl_days = 30
default_md = sha1
preserve = no
policy = policy_client
unique_subject = yes

[ ca_ca ]
dir = /home/quentusrex/.TinyCA/testing
certs = $dir/certs
crl_dir = $dir/crl
database = $dir/index.txt
new_certs_dir = $dir/newcerts
certificate = $dir/cacert.pem
serial = $dir/serial
crl = $dir/crl.pem
private_key = $dir/cacert.key
RANDFILE = $dir/.rand
x509_extensions = v3_ca
default_days = 365
default_crl_days = 30
default_md = sha1
preserve = no
policy = policy_ca
unique_subject = yes

[ client_cert ]
basicConstraints = CA:FALSE
nsCertType = client, email, objsign
nsComment = "TinyCA Generated Certificate"
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid,issuer:always
issuerAltName = issuer:copy
subjectAltName = email:copy
keyUsage = digitalSignature, keyEncipherment

[ server_cert ]
basicConstraints = CA:FALSE
nsCertType = server
nsComment = "TinyCA Generated Certificate"
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid,issuer:always
issuerAltName = issuer:copy
subjectAltName = email:copy