# TLS server certificate request # This file is used by the openssl req command. The subjectAltName cannot be # prompted for and must be specified in the SAN environment variable. [ default ] SAN = DNS:yourdomain.tld # Default value [ req ] default_bits = 2048 # RSA key size encrypt_key = no # Protect private key default_md = sha1 # MD to use utf8 = yes # Input is UTF-8 string_mask = utf8only # Emit UTF-8 strings prompt = no # Prompt for DN distinguished_name = server_dn # DN template req_extensions = server_reqext # Desired extensions [ server_dn ] 0.domainComponent = "net" 1.domainComponent = "eckner" organizationName = "Eckner Net" organizationalUnitName = "Eckner Net" commonName = $ENV::CN [ server_reqext ] keyUsage = critical,digitalSignature,keyEncipherment extendedKeyUsage = serverAuth,clientAuth subjectKeyIdentifier = hash subjectAltName = $ENV::SAN