wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-26 22:52:21 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
master
wolfssl/certs/intermediate/ca_false_intermediate/wolfssl_base.conf
Hideki Miyazaki fdb889303a fix qt unit test qsslcertificate 
fix trusted peer cert cache
2024-11-13 08:38:51 +09:00

73 lines
3.6 KiB
Plaintext
Raw Permalink Blame History

# OpenSSL config: certificate authority (CA)
# Default value
[ default ]
ca_name = _CA_NAME_ # CA name
home = . # Top dir
default_ca = ca # Default CA section
name_opt = utf8,esc_ctrl,multiline,lname,align # Display UTF-8 characters
# Certificate request
[ req ]
default_bits = 2048 # RSA key size
encrypt_key = yes # Encrypted CA private key
default_md = sha256 # Message Digest to use
utf8 = yes # Input is UTF-8
string_mask = utf8only # Emit UTF-8 strings
prompt = no # Don't prompt for DN
distinguished_name = ca_dn # DN section
req_extensions = ca_ext # Desired extensions
# CA certificate info
[ ca_dn ]
countryName = "US" # CA cert info
stateOrProvinceName = "Wahington" # CA cert info
organizationName = "Seattle" # CA cert info
localityName = "WOLFSSL" # CA cert info
organizationalUnitName = "_CA_DEPART_" # CA cert info
commonName = "www.wolfssl.com" # Replaced during build proceduce
# Extensions for signing CA certificate
[ ca_ext ]
keyUsage = critical,keyCertSign,cRLSign,digitalSignature # Limit key usage
basicConstraints = critical,CA:true # Dont allow intermediary CA
subjectKeyIdentifier = hash # SKI validation
# CA operational settings
[ ca ]
default_ca = _CA_NAME_ # Default CA section
# CA Section
[ _CA_NAME_ ]
certificate = $home/$ca_name.crt # CA certificate
private_key = $home/private/$ca_name.key # CA private key
new_certs_dir = $home/certs # Generated certificates
database = $home/db/index # Index file of generated crt
serial = $home/db/serial # Serial number file
RANDFILE = $home/ca/private/random # Random file
unique_subject = no # Dont require unique subject
default_days = 3650 # How long to certify for
default_md = sha256 # Message Digest to use
policy = match_pol # Default naming policy
email_in_dn = no # Dont add email to cert DN
copy_extensions = copy # Copy extensions from CSR (!)
x509_extensions = server_ext # Default cert extensions
# Matching policy
# Enforce that all cert issued by the CA match criteria
# Useful for CA used internally with limited scope
[ match_pol ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
# Extension used when signing server cert
[ _CERT_NAME_ ]
basicConstraints = critical,CA:false # Dont allow intermediary CA
nsCertType = server # Certificate type
subjectKeyIdentifier = hash # SKI validation
keyUsage = critical,digitalSignature,keyEncipherment # Define key usage
extendedKeyUsage = clientAuth,serverAuth # key usage continued
Reference in New Issue View Git Blame Copy Permalink