CA script done
This commit is contained in:
Li Chen
parent
8d55d30550
commit
fa6fc60759
2 changed files with 97 additions and 46 deletions
|
|
@ -39,7 +39,7 @@ default_ca = CA_default # The default ca section
|
|||
####################################################################
|
||||
[ CA_default ]
|
||||
|
||||
dir = /etc/ssl # Where everything is kept
|
||||
dir = fic_pki #DIR # Where everything is kept
|
||||
certs = $dir/certs # Where the issued certs are kept
|
||||
crl_dir = $dir/crl # Where the issued crl are kept
|
||||
database = $dir/index.txt # database index file.
|
||||
|
|
@ -47,12 +47,12 @@ database = $dir/index.txt # database index file.
|
|||
# several ctificates with same subject.
|
||||
new_certs_dir = $dir/newcerts # default place for new certs.
|
||||
|
||||
certificate = $dir/cacert.pem # The CA certificate
|
||||
certificate = $dir/cacert.crt # The CA certificate
|
||||
serial = $dir/serial # The current serial number
|
||||
crlnumber = $dir/crlnumber # the current crl number
|
||||
# must be commented out to leave a V1 CRL
|
||||
crl = $dir/crl.pem # The current CRL
|
||||
private_key = $dir/private/cakey.pem# The private key
|
||||
private_key = $dir/private/cakey.key # The private key
|
||||
RANDFILE = $dir/private/.rand # private random number file
|
||||
|
||||
x509_extensions = usr_cert # The extentions to add to the cert
|
||||
|
|
@ -147,11 +147,12 @@ organizationalUnitName = Organizational Unit Name (eg, section)
|
|||
organizationalUnitName_default = SRS
|
||||
|
||||
commonName = Common Name (e.g. server FQDN or YOUR name)
|
||||
commonName_default = tata#CommonNameEndEndEndEndEnd
|
||||
commonName_default = toto#COMMONNAME
|
||||
commonName_max = 64
|
||||
|
||||
emailAddress = Email Address
|
||||
emailAddress_max = 64
|
||||
emailAddress_default = root@srs.epita.fr
|
||||
|
||||
# SET-ex3 = SET extension number 3
|
||||
|
||||
|
|
@ -175,7 +176,7 @@ basicConstraints=CA:FALSE
|
|||
# the certificate can be used for anything *except* object signing.
|
||||
|
||||
# This is OK for an SSL server.
|
||||
# nsCertType = server
|
||||
nsCertType = client #CERTTYPE
|
||||
|
||||
# For an object signing certificate this would be used.
|
||||
# nsCertType = objsign
|
||||
|
|
@ -190,7 +191,7 @@ basicConstraints=CA:FALSE
|
|||
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
|
||||
|
||||
# This will be displayed in Netscape's comment listbox.
|
||||
nsComment = "OpenSSL Generated Certificate"
|
||||
nsComment = "FIC 2014 generated certificates"
|
||||
|
||||
# PKIX recommendations harmless if included in all certificates.
|
||||
subjectKeyIdentifier=hash
|
||||
|
|
|
|||
Reference in a new issue