Home Explore Help
Register Sign In
markus
/
isakmpd-pki-setup
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Branch: master
Branches Tags
isakmpd-pki-set...
/
x509v3.cnf

x509v3.cnf 1.2 KB
Permalink History Raw

1234567891011121314151617181920212223242526272829303132333435 
  1. CERTPATHLEN             = 1
    2. 

  2. CERTUSAGE               = digitalSignature,keyCertSign,cRLSign
    3. 

  3. EXTCERTUSAGE            = serverAuth,clientAuth
    4. 

  4. CADB                    = index.txt
    5. 

  5. CASERIAL                = serial.txt
    6. 

  6. NSCERTTYPE              = server,client
    7. 

  7. 

  8. [ x509v3_extensions ]
    9. 

  9. nsCertType                      = 0x40
    10. 

  10. 

  11. [ x509v3_CA ]
    12. 

  12. basicConstraints                = critical,CA:true,pathlen:$ENV::CERTPATHLEN
    13. 

  13. keyUsage                        = $ENV::CERTUSAGE
    14. 

  14. 

  15. [ ca ]
    16. 

  16. default_ca                      = CA_default
    17. 

  17. 

  18. [ CA_sign_policy ]
    19. 

  19. countryName                     = optional
    20. 

  20. stateOrProvinceName             = optional
    21. 

  21. localityName                    = optional
    22. 

  22. organizationName                = optional
    23. 

  23. organizationalUnitName          = optional
    24. 

  24. commonName                      = supplied
    25. 

  25. emailAddress                    = optional
    26. 

  26. 

  27. [ CA_default ]
    28. 

  28. database                        = $ENV::CADB
    29. 

  29. serial                          = $ENV::CASERIAL
    30. 

  30. default_md                      = sha256
    31. 

  31. default_days                    = 3650
    32. 

  32. default_crl_days                = 3650
    33. 

  33. unique_subject                  = yes
    34. 

  34. email_in_dn                     = yes
    35. 

  35. policy                          = CA_sign_policy
    36.