2 RANDFILE = $ENV::HOME/.rnd
4 ####################################################################
8 default_keyfile = clientkey.pem
9 distinguished_name = client_distinguished_name
10 req_extensions = client_req_extensions
11 string_mask = utf8only
13 ####################################################################
14 [ client_distinguished_name ]
16 organizationName = Customer X
18 emailAddress = test@client.com
20 ####################################################################
21 [ client_req_extensions ]
23 subjectKeyIdentifier = hash
24 basicConstraints = CA:FALSE
25 keyUsage = digitalSignature, keyEncipherment
26 subjectAltName = @alternate_names
27 nsComment = "OpenSSL Generated Certificate"
29 ####################################################################
31 default_ca = CA_default # The default ca section
35 default_days = 1000 # How long to certify for
36 default_crl_days = 30 # How long before next CRL
37 default_md = sha256 # Use public key default MD
38 preserve = no # Keep passed DN ordering
40 x509_extensions = ca_extensions # The extensions to add to the cert
42 email_in_dn = no # Don't concat the email in the DN
43 copy_extensions = copy # Required to copy SANs from CSR to cert
45 certificate = $base_dir/clientcert.pem # The CA certifcate
46 private_key = $base_dir/clientkey.pem # The CA private key
47 new_certs_dir = $base_dir # Location for new certs after signing
48 database = $base_dir/index-ri.txt # Database index file
49 serial = $base_dir/serial-ri.txt # The current serial number
51 unique_subject = no # Set to 'no' to allow creation of
52 # several certificates with same subject.
54 ####################################################################
56 countryName = optional
57 stateOrProvinceName = optional
58 localityName = optional
59 organizationName = optional
60 organizationalUnitName = optional
62 emailAddress = optional
64 ####################################################################
66 subjectKeyIdentifier = hash
67 authorityKeyIdentifier = keyid,issuer
68 # authorityKeyIdentifier = issuer
69 basicConstraints = CA:FALSE
70 keyUsage = digitalSignature, keyEncipherment
72 ####################################################################
75 DNS.1 = ramuller.zoo.dynamic.nsn-net.net
76 DNS.2 = www.client.com
77 DNS.3 = mail.client.com
78 DNS.4 = ftp.client.com