diff options
Diffstat (limited to 'etc/server.conf')
-rw-r--r-- | etc/server.conf | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/etc/server.conf b/etc/server.conf new file mode 100644 index 0000000..9fa9563 --- /dev/null +++ b/etc/server.conf @@ -0,0 +1,32 @@ +# TLS server certificate request + +# This file is used by the openssl req command. The subjectAltName cannot be +# prompted for and must be specified in the SAN environment variable. + +[ default ] +SAN = DNS:yourdomain.tld # Default value + +[ req ] +default_bits = 2048 # RSA key size +encrypt_key = yes # Protect private key +default_md = sha1 # MD to use +utf8 = yes # Input is UTF-8 +string_mask = utf8only # Emit UTF-8 strings +prompt = yes # Prompt for DN +distinguished_name = server_dn # DN template +req_extensions = server_reqext # Desired extensions + +[ server_dn ] +0.domainComponent = "1. Domain Component (eg, com) " +1.domainComponent = "2. Domain Component (eg, company) " +2.domainComponent = "3. Domain Component (eg, pki) " +organizationName = "4. Organization Name (eg, company) " +organizationalUnitName = "5. Organizational Unit Name (eg, section) " +commonName = "6. Common Name (eg, FQDN) " +commonName_max = 64 + +[ server_reqext ] +keyUsage = critical,digitalSignature,keyEncipherment +extendedKeyUsage = serverAuth,clientAuth +subjectKeyIdentifier = hash +subjectAltName = $ENV::SAN # No way to prompt for this |