|
Packit Service |
4684c1 |
# X.509 Certificate options
|
|
Packit Service |
4684c1 |
#
|
|
Packit Service |
4684c1 |
# DN options
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
# The organization of the subject.
|
|
Packit Service |
4684c1 |
organization = "Koko inc."
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
# The organizational unit of the subject.
|
|
Packit Service |
4684c1 |
unit = "sleeping dept."
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
# The locality of the subject.
|
|
Packit Service |
4684c1 |
# locality =
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
# The state of the certificate owner.
|
|
Packit Service |
4684c1 |
state = "Attiki"
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
# The country of the subject. Two letter code.
|
|
Packit Service |
4684c1 |
country = GR
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
# The common name of the certificate owner.
|
|
Packit Service |
4684c1 |
cn = "Cindy Lauper"
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
# A user id of the certificate owner.
|
|
Packit Service |
4684c1 |
#uid = "clauper"
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
# Set domain components
|
|
Packit Service |
4684c1 |
#dc = "name"
|
|
Packit Service |
4684c1 |
#dc = "domain"
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
# If the supported DN OIDs are not adequate you can set
|
|
Packit Service |
4684c1 |
# any OID here.
|
|
Packit Service |
4684c1 |
# For example set the X.520 Title and the X.520 Pseudonym
|
|
Packit Service |
4684c1 |
# by using OID and string pairs.
|
|
Packit Service |
4684c1 |
#dn_oid = 2.5.4.12 Dr.
|
|
Packit Service |
4684c1 |
#dn_oid = 2.5.4.65 jackal
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
# This is deprecated and should not be used in new
|
|
Packit Service |
4684c1 |
# certificates.
|
|
Packit Service |
4684c1 |
# pkcs9_email = "none@@none.org"
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
# An alternative way to set the certificate's distinguished name directly
|
|
Packit Service |
4684c1 |
# is with the "dn" option. The attribute names allowed are:
|
|
Packit Service |
4684c1 |
# C (country), street, O (organization), OU (unit), title, CN (common name),
|
|
Packit Service |
4684c1 |
# L (locality), ST (state), placeOfBirth, gender, countryOfCitizenship,
|
|
Packit Service |
4684c1 |
# countryOfResidence, serialNumber, telephoneNumber, surName, initials,
|
|
Packit Service |
4684c1 |
# generationQualifier, givenName, pseudonym, dnQualifier, postalCode, name,
|
|
Packit Service |
4684c1 |
# businessCategory, DC, UID, jurisdictionOfIncorporationLocalityName,
|
|
Packit Service |
4684c1 |
# jurisdictionOfIncorporationStateOrProvinceName,
|
|
Packit Service |
4684c1 |
# jurisdictionOfIncorporationCountryName, XmppAddr, and numeric OIDs.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
#dn = "cn = Nikos,st = New\, Something,C=GR,surName=Mavrogiannopoulos,2.5.4.9=Arkadias"
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
# The serial number of the certificate
|
|
Packit Service |
4684c1 |
# Comment the field for a time-based serial number.
|
|
Packit Service |
4684c1 |
serial = 007
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
# In how many days, counting from today, this certificate will expire.
|
|
Packit Service |
4684c1 |
# Use -1 if there is no expiration date.
|
|
Packit Service |
4684c1 |
expiration_days = 700
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
# Alternatively you may set concrete dates and time. The GNU date string
|
|
Packit Service |
4684c1 |
# formats are accepted. See:
|
|
Packit Service |
4684c1 |
# https://www.gnu.org/software/tar/manual/html_node/Date-input-formats.html
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
#activation_date = "2004-02-29 16:21:42"
|
|
Packit Service |
4684c1 |
#expiration_date = "2025-02-29 16:24:41"
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
# X.509 v3 extensions
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
# A dnsname in case of a WWW server.
|
|
Packit Service |
4684c1 |
#dns_name = "www.none.org"
|
|
Packit Service |
4684c1 |
#dns_name = "www.morethanone.org"
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
# A subject alternative name URI
|
|
Packit Service |
4684c1 |
#uri = "https://www.example.com"
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
# An IP address in case of a server.
|
|
Packit Service |
4684c1 |
#ip_address = "192.168.1.1"
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
# An email in case of a person
|
|
Packit Service |
4684c1 |
email = "none@@none.org"
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
# Challenge password used in certificate requests
|
|
Packit Service |
4684c1 |
challenge_password = 123456
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
# Password when encrypting a private key
|
|
Packit Service |
4684c1 |
#password = secret
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
# An URL that has CRLs (certificate revocation lists)
|
|
Packit Service |
4684c1 |
# available. Needed in CA certificates.
|
|
Packit Service |
4684c1 |
#crl_dist_points = "https://www.getcrl.crl/getcrl/"
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
# Whether this is a CA certificate or not
|
|
Packit Service |
4684c1 |
#ca
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
# for microsoft smart card logon
|
|
Packit Service |
4684c1 |
# key_purpose_oid = 1.3.6.1.4.1.311.20.2.2
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
### Other predefined key purpose OIDs
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
# Whether this certificate will be used for a TLS client
|
|
Packit Service |
4684c1 |
#tls_www_client
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
# Whether this certificate will be used for a TLS server
|
|
Packit Service |
4684c1 |
#tls_www_server
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
# Whether this certificate will be used to sign data (needed
|
|
Packit Service |
4684c1 |
# in TLS DHE ciphersuites).
|
|
Packit Service |
4684c1 |
signing_key
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
# Whether this certificate will be used to encrypt data (needed
|
|
Packit Service |
4684c1 |
# in TLS RSA ciphersuites). Note that it is preferred to use different
|
|
Packit Service |
4684c1 |
# keys for encryption and signing.
|
|
Packit Service |
4684c1 |
encryption_key
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
# Whether this key will be used to sign other certificates.
|
|
Packit Service |
4684c1 |
#cert_signing_key
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
# Whether this key will be used to sign CRLs.
|
|
Packit Service |
4684c1 |
#crl_signing_key
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
# Whether this key will be used to sign code.
|
|
Packit Service |
4684c1 |
#code_signing_key
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
# Whether this key will be used to sign OCSP data.
|
|
Packit Service |
4684c1 |
#ocsp_signing_key
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
# Whether this key will be used for time stamping.
|
|
Packit Service |
4684c1 |
#time_stamping_key
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
# Whether this key will be used for IPsec IKE operations.
|
|
Packit Service |
4684c1 |
#ipsec_ike_key
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
### end of key purpose OIDs
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
# When generating a certificate from a certificate
|
|
Packit Service |
4684c1 |
# request, then honor the extensions stored in the request
|
|
Packit Service |
4684c1 |
# and store them in the real certificate.
|
|
Packit Service |
4684c1 |
#honor_crq_extensions
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
# Path length constraint. Sets the maximum number of
|
|
Packit Service |
4684c1 |
# certificates that can be used to certify this certificate.
|
|
Packit Service |
4684c1 |
# (i.e. the certificate chain length)
|
|
Packit Service |
4684c1 |
#path_len = -1
|
|
Packit Service |
4684c1 |
#path_len = 2
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
# OCSP URI
|
|
Packit Service |
4684c1 |
# ocsp_uri = https://my.ocsp.server/ocsp
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
# CA issuers URI
|
|
Packit Service |
4684c1 |
# ca_issuers_uri = https://my.ca.issuer
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
# Certificate policies
|
|
Packit Service |
4684c1 |
#policy1 = 1.3.6.1.4.1.5484.1.10.99.1.0
|
|
Packit Service |
4684c1 |
#policy1_txt = "This is a long policy to summarize"
|
|
Packit Service |
4684c1 |
#policy1_url = https://www.example.com/a-policy-to-read
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
#policy2 = 1.3.6.1.4.1.5484.1.10.99.1.1
|
|
Packit Service |
4684c1 |
#policy2_txt = "This is a short policy"
|
|
Packit Service |
4684c1 |
#policy2_url = https://www.example.com/another-policy-to-read
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
# Name constraints
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
# DNS
|
|
Packit Service |
4684c1 |
#nc_permit_dns = example.com
|
|
Packit Service |
4684c1 |
#nc_exclude_dns = test.example.com
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
# EMAIL
|
|
Packit Service |
4684c1 |
#nc_permit_email = "nmav@@ex.net"
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
# Exclude subdomains of example.com
|
|
Packit Service |
4684c1 |
#nc_exclude_email = .example.com
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
# Exclude all e-mail addresses of example.com
|
|
Packit Service |
4684c1 |
#nc_exclude_email = example.com
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
# Options for proxy certificates
|
|
Packit Service |
4684c1 |
#proxy_policy_language = 1.3.6.1.5.5.7.21.1
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
# Options for generating a CRL
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
# The number of days the next CRL update will be due.
|
|
Packit Service |
4684c1 |
# next CRL update will be in 43 days
|
|
Packit Service |
4684c1 |
#crl_next_update = 43
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
# this is the 5th CRL by this CA
|
|
Packit Service |
4684c1 |
# Comment the field for a time-based number.
|
|
Packit Service |
4684c1 |
#crl_number = 5
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
# TLS feature extensions (RFC 7633)
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
# If the status_request TLS extension is set, OCSP stapling becomes mandatory
|
|
Packit Service |
4684c1 |
#tls_feature = 5
|