shellpki/openssl.cnf

# VERSION="22.04"

[ ca ]
default_ca      = CA_default

[ CA_default ]
dir             = /etc/shellpki
certs           = $dir/certs
new_certs_dir   = $dir/tmp
database        = $dir/index.txt
certificate     = $dir/cacert.pem
serial          = $dir/serial
crl             = $dir/crl.pem
private_key     = $dir/cakey.key
RANDFILE        = $dir/.rand
default_days    = 365
default_crl_days= 365
default_md      = sha256
preserve        = no
policy          = policy_match

[ policy_match ]
countryName             = supplied
stateOrProvinceName     = supplied
organizationName        = supplied
organizationalUnitName  = optional
commonName              = supplied
emailAddress            = supplied

[ req ]
default_bits            = 2048
distinguished_name      = req_distinguished_name

[ v3_ca ]
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
basicConstraints = CA:true

[ v3_ocsp ]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
extendedKeyUsage = OCSPSigning

[ req_distinguished_name ]
countryName                     = Country Name (2 letter code)
countryName_default             = FR
countryName_min                 = 2
countryName_max                 = 2
stateOrProvinceName             = State or Province
stateOrProvinceName_default     = 13
localityName                    = Locality Name (eg, city)
localityName_default            = Marseille
0.organizationName              = Organization Name (eg, company)
0.organizationName_default      = Evolix
organizationalUnitName          = Organizational Unit Name (eg, section)
commonName                      = Common Name (eg, your name or your server\'s hostname)
commonName_max                  = 64
emailAddress                    = Email Address
emailAddress_default            = security@evolix.net
emailAddress_max                = 40
Add version to files that will be copied out of this repo so that we easily know if they will need an update 2022-04-14 16:21:38 +02:00			`# VERSION="22.04"`

initial import 2010-10-06 17:34:30 +02:00			`[ ca ]`
			`default_ca = CA_default`

			`[ CA_default ]`
Retrieve vars from openssl.cnf file 2018-01-31 12:43:18 +01:00			`dir = /etc/shellpki`
Complete refactoring 2018-01-17 12:21:39 +01:00			`certs = $dir/certs`
			`new_certs_dir = $dir/tmp`
initial import 2010-10-06 17:34:30 +02:00			`database = $dir/index.txt`
			`certificate = $dir/cacert.pem`
			`serial = $dir/serial`
Complete refactoring 2018-01-17 12:21:39 +01:00			`crl = $dir/crl.pem`
Retrieve vars from openssl.cnf file 2018-01-31 12:43:18 +01:00			`private_key = $dir/cakey.key`
initial import 2010-10-06 17:34:30 +02:00			`RANDFILE = $dir/.rand`
			`default_days = 365`
			`default_crl_days= 365`
Dot not use weak ciphers. 2015-07-22 09:56:04 +02:00			`default_md = sha256`
initial import 2010-10-06 17:34:30 +02:00			`preserve = no`
			`policy = policy_match`

			`[ policy_match ]`
			`countryName = supplied`
			`stateOrProvinceName = supplied`
			`organizationName = supplied`
			`organizationalUnitName = optional`
			`commonName = supplied`
			`emailAddress = supplied`

			`[ req ]`
Dot not use weak ciphers. 2015-07-22 09:56:04 +02:00			`default_bits = 2048`
initial import 2010-10-06 17:34:30 +02:00			`distinguished_name = req_distinguished_name`

Add v3_ca extension when generating CA. 2017-03-05 15:11:54 +01:00			`[ v3_ca ]`
			`subjectKeyIdentifier=hash`
			`authorityKeyIdentifier=keyid:always,issuer:always`
			`basicConstraints = CA:true`

Add an OCSPD responder 2018-06-27 12:52:20 +02:00			`[ v3_ocsp ]`
			`basicConstraints = CA:FALSE`
			`keyUsage = nonRepudiation, digitalSignature, keyEncipherment`
			`extendedKeyUsage = OCSPSigning`

initial import 2010-10-06 17:34:30 +02:00			`[ req_distinguished_name ]`
			`countryName = Country Name (2 letter code)`
			`countryName_default = FR`
			`countryName_min = 2`
			`countryName_max = 2`
			`stateOrProvinceName = State or Province`
			`stateOrProvinceName_default = 13`
			`localityName = Locality Name (eg, city)`
			`localityName_default = Marseille`
			`0.organizationName = Organization Name (eg, company)`
			`0.organizationName_default = Evolix`
			`organizationalUnitName = Organizational Unit Name (eg, section)`
			`commonName = Common Name (eg, your name or your server\'s hostname)`
			`commonName_max = 64`
			`emailAddress = Email Address`
			`emailAddress_default = security@evolix.net`
			`emailAddress_max = 40`