blob: 62aa43e65a17e0cb3f39895d4260da093ede0489 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
|
[ca]
default_ca = neonca
[neonca]
dir = ${ENV::CADIR}
database = $dir/index.txt
new_certs_dir = $dir
certificate = $dir/cert.pem
serial = $dir/serial
private_key = $dir/key.pem
policy = policy_any
default_md = sha1
x509_extensions = issuedExt
unique_subject = no
default_bits = 2048
# same as neonca1 just +basicConstraints and without certificate to
# allow creation of the initial self signed certificate
[neoncainit]
dir = ${ENV::CADIR}
database = $dir/index.txt
new_certs_dir = $dir
serial = $dir/serial
private_key = $dir/key.pem
policy = policy_any
default_md = sha1
x509_extensions = issuedExt
unique_subject = no
basicConstraints = CA:TRUE
default_bits = 2048
[policy_any]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = optional
emailAddress = optional
[req]
distinguished_name = $ENV::REQDN
x509_extensions = caExt
string_mask = $ENV::STRMASK
default_bits = 2048
[caExt]
basicConstraints = CA:true
[issuedExt]
basicConstraints = CA:false
# subjectAltName extension sections
[altExt1]
subjectAltName = DNS:localhost
# 2+3: AltNames with multiple entries to test the matching logic
[altExt2]
subjectAltName = DNS:nohost.example.com, DNS:localhost
[altExt3]
subjectAltName = DNS:localhost, DNS:nohost.example.com
# an AltName with no DNS entries; should use commonName instead for
# identity check
[altExt4]
subjectAltName = email:neon@webdav.org
# an AltName with IP address
[altExt5]
subjectAltName = IP:127.0.0.1
# an AltName with a bad IP address
[altExt6]
subjectAltName = IP:1.2.3.4
# an AltName with a good URI
[altExt7]
subjectAltName = URI:https://localhost:7777/
# an AltName with a bad URI
[altExt8]
subjectAltName = URI:http://nohost.example.com/
# AltName with wildcard
[altExt9]
subjectAltName = DNS:*.example.com
[reqDN]
countryName = Country Name
stateOrProvinceName = State or Province Name
localityName = Locality Name
organizationName = Organization Name
organizationalUnitName = Organizational Unit Name
commonName = Common Name (eg, your name or your server\'s hostname)
emailAddress = Email Address
# a DN which gives two commonName attributes.
[reqDN.doubleCN]
countryName = Country Name
stateOrProvinceName = State or Province Name
localityName = Locality Name
organizationName = Organization Name
organizationalUnitName = Organizational Unit Name
0.commonName = Common Name
1.commonName = Common Name
emailAddress = Email Address
[reqDN.twoOU]
countryName = Country Name
stateOrProvinceName = State or Province Name
localityName = Locality Name
organizationName = Organization Name
0.organizationalUnitName = Organizational Unit Name
1.organizationalUnitName = Organizational Unit Name
commonName = Common Name (eg, your name or your server\'s hostname)
emailAddress = Email Address
[reqDN.CNfirst]
commonName = Common Name
[reqDN.missingCN]
countryName = CountryName
[reqDN.justEmail]
emailAddress = CountryName
|
