# TLS server certificate request # This file is used by the openssl req command. The subjectAltName cannot be # prompted for and must be specified in the SAN environment variable. [ default ] SAN = DNS:yourdomain.tld # Default value [ req ] default_bits = 2048 # RSA key size encrypt_key = no # Protect private key default_md = sha1 # MD to use utf8 = yes # Input is UTF-8 string_mask = utf8only # Emit UTF-8 strings prompt = yes # Prompt for DN distinguished_name = server_dn # DN template req_extensions = server_reqext # Desired extensions [ server_dn ] 0.domainComponent = "1. Domain Component (eg, com) " 1.domainComponent = "2. Domain Component (eg, company) " 2.domainComponent = "3. Domain Component (eg, pki) " organizationName = "4. Organization Name (eg, company) " organizationalUnitName = "5. Organizational Unit Name (eg, section) " commonName = "6. Common Name (eg, FQDN) " commonName_max = 64 [ server_reqext ] keyUsage = critical,digitalSignature,keyEncipherment extendedKeyUsage = serverAuth,clientAuth subjectKeyIdentifier = hash subjectAltName = $ENV::SAN