summaryrefslogtreecommitdiff
path: root/etc/server-ssl.conf
diff options
context:
space:
mode:
Diffstat (limited to 'etc/server-ssl.conf')
-rw-r--r--etc/server-ssl.conf30
1 files changed, 30 insertions, 0 deletions
diff --git a/etc/server-ssl.conf b/etc/server-ssl.conf
new file mode 100644
index 0000000..337a7a4
--- /dev/null
+++ b/etc/server-ssl.conf
@@ -0,0 +1,30 @@
+# TLS server certificate request
+
+# This file is used by the openssl req command. The subjectAltName cannot be
+# prompted for and must be specified in the SAN environment variable.
+
+[ default ]
+SAN = $ENV::SAN # Default value
+
+[ req ]
+default_bits = 2048 # RSA key size
+encrypt_key = no # Protect private key
+default_md = sha1 # MD to use
+utf8 = yes # Input is UTF-8
+string_mask = utf8only # Emit UTF-8 strings
+prompt = no # Prompt for DN
+distinguished_name = server_dn # DN template
+req_extensions = server_reqext # Desired extensions
+
+[ server_dn ]
+0.domainComponent = "net"
+1.domainComponent = "eckner"
+organizationName = "Eckner Net"
+organizationalUnitName = "Eckner Net Https"
+commonName = $ENV::CN
+
+[ server_reqext ]
+keyUsage = critical,digitalSignature,keyEncipherment
+extendedKeyUsage = serverAuth,clientAuth
+subjectKeyIdentifier = hash
+subjectAltName = $ENV::SAN
generated by cgit v1.2.3-54-g00ecf (git 2.44.0) at 2024-06-02 11:53:05 +0000