summaryrefslogtreecommitdiff
path: root/etc/server.conf
diff options
context:
space:
mode:
Diffstat (limited to 'etc/server.conf')
-rw-r--r--etc/server.conf32
1 files changed, 32 insertions, 0 deletions
diff --git a/etc/server.conf b/etc/server.conf
new file mode 100644
index 0000000..9fa9563
--- /dev/null
+++ b/etc/server.conf
@@ -0,0 +1,32 @@
+# TLS server certificate request
+
+# This file is used by the openssl req command. The subjectAltName cannot be
+# prompted for and must be specified in the SAN environment variable.
+
+[ default ]
+SAN = DNS:yourdomain.tld # Default value
+
+[ req ]
+default_bits = 2048 # RSA key size
+encrypt_key = yes # Protect private key
+default_md = sha1 # MD to use
+utf8 = yes # Input is UTF-8
+string_mask = utf8only # Emit UTF-8 strings
+prompt = yes # Prompt for DN
+distinguished_name = server_dn # DN template
+req_extensions = server_reqext # Desired extensions
+
+[ server_dn ]
+0.domainComponent = "1. Domain Component (eg, com) "
+1.domainComponent = "2. Domain Component (eg, company) "
+2.domainComponent = "3. Domain Component (eg, pki) "
+organizationName = "4. Organization Name (eg, company) "
+organizationalUnitName = "5. Organizational Unit Name (eg, section) "
+commonName = "6. Common Name (eg, FQDN) "
+commonName_max = 64
+
+[ server_reqext ]
+keyUsage = critical,digitalSignature,keyEncipherment
+extendedKeyUsage = serverAuth,clientAuth
+subjectKeyIdentifier = hash
+subjectAltName = $ENV::SAN # No way to prompt for this