File: openssl.cnf

package info (click to toggle)
imx-code-signing-tool 3.3.1%2Bdfsg-2
  • links: PTS, VCS
  • area: main
  • in suites: bookworm
  • size: 5,336 kB
  • sloc: ansic: 10,752; sh: 1,167; python: 384; yacc: 245; makefile: 117; lex: 59
file content (97 lines) | stat: -rw-r--r-- 3,060 bytes parent folder | download | duplicates (3) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
 
#
# OpenSSL configuration file.
#

# Establish working directory.

dir					= .

[ ca ]
default_ca				= CA_default

[ CA_default ]
serial					= $dir/serial
database				= $dir/index.txt
new_certs_dir				= $dir
certificate				= $dir/cacert.pem
private_key				= $dir/ca_key.pem
default_days				= 3650
default_md				= sha256
preserve				= no
email_in_dn				= no
nameopt					= default_ca
certopt					= default_ca
policy					= policy_match
x509_extensions	                        = openssl_usr_cert     # Default extensions to add to the cert

[ policy_match ]
countryName				= optional
stateOrProvinceName			= optional
organizationName			= optional
organizationalUnitName			= optional
commonName				= supplied
emailAddress				= optional

[ req ]
default_bits				= 2048			# Size of keys
default_keyfile				= key.pem		# name of generated keys
default_md				= sha256		# message digest algorithm
string_mask				= nombstr		# permitted characters
distinguished_name			= req_distinguished_name
#req_extensions				= v3_req                # omit - openssl doesn't copy req extension
x509_extensions	                        = v3_ca                 # The extentions to add to the self signed cert

# Passwords for private keys if not present they will be prompted for
# input_password = secret
# output_password = secret

[ req_distinguished_name ]
# Variable name				Prompt string
#-------------------------	  ----------------------------------
countryName				= Country Name (2 letter code)
countryName_default			= US
commonName				= Common Name (hostname, IP, or your name)
commonName_max				= 64

#0.organizationName			= Organization Name (company)
#organizationalUnitName			= Organizational Unit Name (department, division)
#emailAddress				= Email Address
#emailAddress_max			= 40
#localityName				= Locality Name (city, district)
#stateOrProvinceName			= State or Province Name (full name)
#countryName_min				= 2
#countryName_max				= 2

# Default values for the above, for consistency and less typing.
# Variable name				Value
#------------------------	  ------------------------------
0.organizationName_default		= My Company
localityName_default			= My Town
stateOrProvinceName_default		= State or Providence

[ v3_usr ]
# Standard openssl extensions on user certificates
# These extensions are added when 'ca' signs a request.
# This goes against PKIX guidelines but some CAs do it and some software
# requires this to avoid interpreting an end user certificate as a CA.
basicConstraints=CA:FALSE

# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer

[ v3_ca ]
# PKIX-conformant extensions on CA certificates
# PKIX recommendation.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always

# PKIX requires basicConstraints to be critical on CA certs (sec 4.2.1.9)
basicConstraints = critical,CA:true

# PKIX requires keyUsage present with keyCertSign on CA certs (sec 4.2.1.3)
keyUsage = keyCertSign

[ v3_req ]
basicConstraints			= CA:FALSE
subjectKeyIdentifier			= hash