Initial import.

1 files changed, 31 insertions, 0 deletions

diff --git a/etc/email-client.conf b/etc/email-client.conf
new file mode 100644
index 0000000..04fdaef
--- /dev/null
+++ b/etc/email-client.conf
@@ -0,0 +1,31 @@
+# Email client certificate request
+
+# This file is used by the openssl req command. Since we cannot know the DN in
+# advance the user is prompted for DN information.
+
+[ req ]
+default_bits            = 2048                  # RSA key size
+encrypt_key             = yes                   # Protect private key
+default_md              = sha1                  # MD to use
+utf8                    = yes                   # Input is UTF-8
+string_mask             = utf8only              # Emit UTF-8 strings
+prompt                  = yes                   # Prompt for DN
+distinguished_name      = email_dn              # DN template
+req_extensions          = email_reqext          # Desired extensions
+
+[ email_dn ]
+0.domainComponent       = "1. Domain Component         (eg, com)      "
+1.domainComponent       = "2. Domain Component         (eg, company)  "
+2.domainComponent       = "3. Domain Component         (eg, pki)      "
+organizationName        = "4. Organization Name        (eg, company)  "
+organizationalUnitName  = "5. Organizational Unit Name (eg, section)  "
+commonName              = "6. Common Name              (eg, full name)"
+commonName_max          = 64
+emailAddress            = "7. Email Address            (eg, name@fqdn)"
+emailAddress_max        = 40
+
+[ email_reqext ]
+keyUsage                = critical,digitalSignature,keyEncipherment
+extendedKeyUsage        = emailProtection,clientAuth
+subjectKeyIdentifier    = hash
+subjectAltName          = email:copy