Scribd
Upload
18 views2 pages

Openssl

The document is an OpenSSL configuration file that defines various certificate authorities (CAs) and their settings, including paths for certificates and keys, policies for certificate issuance, and distinguished name fields for requests. It specifies configurations for root CAs, SSL CAs, server SSL certificates, and client SSL certificates, detailing their key usages and constraints. The file also includes default values for fields like country, state, locality, organization, and common name for certificate requests.

Uploaded by

mohamedaziz.belfaiez
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
18 views2 pages

Openssl

The document is an OpenSSL configuration file that defines various certificate authorities (CAs) and their settings, including paths for certificates and keys, policies for certificate issuance, and distinguished name fields for requests. It specifies configurations for root CAs, SSL CAs, server SSL certificates, and client SSL certificates, detailing their key usages and constraints. The file also includes default values for fields like country, state, locality, organization, and common name for certificate requests.

Uploaded by

mohamedaziz.belfaiez
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd

#Fichier openssl.

cnf

[ ca ]
default_ca = CA_default

[ CA_default ]
dir = .
certs = ./certs
new_certs_dir = ./newcerts
database = ./index.txt
certificate = ./ca.pem
serial = ./serial.txt
private_key = ./ca.key
default_days = 365
default_md = sha1
preserve = no
policy = policy_match

[CA_MIME]
nsComment = "CA MIME"
basicConstraints = critical,CA:TRUE,pathlen:0
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid,issuer:always
subjectAltName = critical,email:copy
keyUsage = critical, keyCertSign, cRLSign
nsCertType = emailCA

[CLIENT_MIME]
subjectKeyIdentifier = hash

[ CA_ssl_default ]
dir = .
certs = ./certs
new_certs_dir = ./newcerts
database = ./index.txt
certificate = ./cassl.pem
serial = ./serial
private_key = ./cassl.key
default_days = 365
default_md = sha1
preserve = no
policy = policy_match

[ policy_match ]
countryName = match
stateOrProvinceName = match
localityName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
emailAddress = optional

[ req ]
distinguished_name = req_distinguished_name

[ req_distinguished_name ]
countryName = Pays
countryName_default = TN
stateOrProvinceName = Etat
stateOrProvinceName_default = TUNISIE
localityName = Ville
localityName_default = ARIANA
organizationName = Organisation
organizationName_default = ISETCOM
commonName = Nom ou URL
commonName_max = 64
emailAddress = Adresse Email
emailAddress_max = 40

[CA_ROOT]
nsComment = "CA Racine"
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid,issuer:always
basicConstraints = critical,CA:TRUE,pathlen:1
keyUsage = keyCertSign, cRLSign

[CA_SSL]
nsComment = "CA SSL"
basicConstraints = critical,CA:TRUE,pathlen:0
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid,issuer:always
issuerAltName = issuer:copy
keyUsage = keyCertSign, cRLSign
nsCertType = sslCA

[SERVER_RSA_SSL]
nsComment = "Certificat Serveur SSL"
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid,issuer:always
issuerAltName = issuer:copy
subjectAltName = DNS:www.webserver.com, DNS:www.webserver-bis.com
basicConstraints = critical,CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment
nsCertType = server
extendedKeyUsage = serverAuth

[CLIENT_RSA_SSL]
nsComment = "Certificat Client SSL"
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid,issuer:always
issuerAltName = issuer:copy
subjectAltName = critical,email:copy,email:user-
[email protected],email:[email protected]
basicConstraints = critical,CA:FALSE
keyUsage = digitalSignature, nonRepudiation
nsCertType = client
extendedKeyUsage = clientAuth

You might also like