- configuration samples for generating rootCA and user certs moved in here
authorBogdan-Andrei Iancu <bogdan@voice-system.ro>
Thu, 8 Mar 2007 16:30:05 +0000 (16:30 +0000)
committerBogdan-Andrei Iancu <bogdan@voice-system.ro>
Thu, 8 Mar 2007 16:30:05 +0000 (16:30 +0000)
  from tls/tools

git-svn-id: https://openser.svn.sourceforge.net/svnroot/openser/trunk@1773 689a6050-402a-0410-94f2-e92a70836424

etc/tls/ca.conf [new file with mode: 0644]
etc/tls/request.conf [new file with mode: 0644]
etc/tls/user.conf [new file with mode: 0644]

diff --git a/etc/tls/ca.conf b/etc/tls/ca.conf
new file mode 100644 (file)
index 0000000..b5dbb0c
--- /dev/null
@@ -0,0 +1,88 @@
+#
+# Default configuration to use  when one
+# is not provided on the command line.
+#
+[ ca ]
+default_ca = local_ca
+
+
+#
+# Default location  of  directories  and
+# files needed to generate certificates.
+#
+[ local_ca ]
+dir              = ./rootCA
+certificate      = $dir/cacert.pem
+database         = $dir/index.txt
+new_certs_dir    = $dir/certs
+private_key      = $dir/private/cakey.pem
+serial           = $dir/serial
+
+
+#
+# Default   expiration   and  encryption
+# policies for certificates.
+#
+default_crl_days = 365
+default_days     = 1825
+default_md       = sha1
+
+policy = local_ca_policy
+x509_extensions = local_ca_extensions
+
+
+#
+# Default policy to use  when generating
+# server   certificates.  The  following
+# fields  must  be defined in the server
+# certificate.
+#
+[ local_ca_policy ]
+commonName             = supplied
+stateOrProvinceName    = supplied
+countryName            = supplied
+emailAddress           = supplied
+organizationName       = supplied
+organizationalUnitName = supplied
+
+
+#
+# x509 extensions to use when generating
+# server certificates.
+#
+[ local_ca_extensions ]
+#subjectAltName      = DNS:altname.somewhere.com
+basicConstraints    = CA:false
+nsCertType          = server
+
+
+#
+# The   default   policy   to  use  when
+# generating the root certificate.
+#
+[ req ]
+default_bits        = 2048
+default_keyfile     = ./private/cakey.pem
+default_md          = sha1
+
+prompt              = no
+distinguished_name  = root_ca_distinguished_name
+x509_extensions     = root_ca_extensions
+
+
+#
+# Root  Certificate  Authority   distin-
+# guished name.  Changes these fields to
+# your local environment.
+#
+[ root_ca_distinguished_name ]
+commonName          = Your_NAME          # please update
+stateOrProvinceName = Your_STATE         # please update
+countryName         = CO                 # please update
+emailAddress        = YOUR_EMAIL         # please update
+organizationName    = YOUR_ORG_NAME      # please update
+
+[ root_ca_extensions ]
+basicConstraints    = CA:true
+subjectAltName      = email:copy
+issuerAltName       = issuer:copy
diff --git a/etc/tls/request.conf b/etc/tls/request.conf
new file mode 100644 (file)
index 0000000..2559380
--- /dev/null
@@ -0,0 +1,58 @@
+#
+# Default configuration to use  when one
+# is not provided on the command line.
+#
+[ ca ]
+default_ca     = CA_request
+
+
+#
+# Default location  of  directories  and
+# files needed to generate certificates.
+#
+[ CA_request ]
+dir            = ./rootCA
+database       = $dir/index.txt
+new_certs_dir  = $dir/certs
+
+certificate    = $dir/cacert.pem
+serial         = $dir/serial
+private_key    = $dir/private/cakey.pem
+
+
+#
+# Default   expiration   and  encryption
+# policies for certificates.
+#
+default_days     = 365
+default_crl_days = 1825
+default_md       = sha1
+
+policy           = req_policy
+
+
+#
+# Information to be moved from 
+# request to the certificate
+#
+nameopt          = ca_default
+certopt          = ca_default
+copy_extensions  = copy
+x509_extensions     = cert_extensions
+
+
+#
+# The   default   policy   to  use  when
+# generating the certificate.
+#
+[ req_policy ]
+countryName            = supplied
+stateOrProvinceName    = optional
+organizationName       = supplied
+organizationalUnitName = optional
+commonName             = supplied
+emailAddress           = supplied
+
+[ cert_extensions ]
+basicConstraints    = CA:false
+
diff --git a/etc/tls/user.conf b/etc/tls/user.conf
new file mode 100644 (file)
index 0000000..f4501eb
--- /dev/null
@@ -0,0 +1,16 @@
+#
+# LocalServer.conf
+#
+
+[ req ]
+prompt = no
+distinguished_name = server_distinguished_name
+
+[ server_distinguished_name ]
+commonName             = somename.somewhere.com               # please update
+stateOrProvinceName    = Some State                           # please update
+countryName            = XY                                   # please update
+emailAddress           = root@somename.somewhere.com          # please update
+organizationName       = My Large Organization Name           # please update
+organizationalUnitName = My Subunit of Large Organization     # please update
+