To create new wiki account, please join us on #znc at Libera.Chat and ask admins to create a wiki account for you. You can say thanks to spambots for this inconvenience.

OpenSSL.cnf SelfSigned

From ZNC
Jump to navigation Jump to search
[default]
default_md        = sha512
name_opt          = ca_default
cert_opt          = ca_default
default_days      = 375
policy            = @policy_selfsigned

[ req ]
#Options from the [ req ] section are applied
#when creating certificates or certificate signing requests.
# Options for the `req` tool (`man req`).
default_bits        = 4096
distinguished_name  = @req_dn
string_mask         = utf8only
default_md          = sha512


[ req_dn ]
# The [ req_dn ] section declares the information
# normally required in a certificate signing request.
# You can optionally specify some defaults.
# See <https://en.wikipedia.org/wiki/Certificate_signing_request>.
countryName                     = Country Name (2 letter code)
countryName_min                 = 2
countryName_max                 = 2
stateOrProvinceName             = State or Province Name (full name)
localityName                    = Locality Name (eg, city)
organizationName                = Organization Name (eg, company)
organizationalUnitName          = Organizational Unit Name (eg, section)
commonName                      = Common Name (e.g. server FQDN or YOUR name)
emailAddress                    = Email Address

# Optionally, specify some defaults.
countryName_default             = IT
stateOrProvinceName_default     = Italy
localityName_default            = Italy
organizationName_default        = ZNC.in
#organizationalUnitName_default  = ZNC Service
#commonName_default             = wiki.znc.in
emailAddress_default            = user [at] example [dot] com

[ policy_selfsigned ]
# See the POLICY FORMAT section of the `ca` man page.
countryName             = optional
stateOrProvinceName     = optional
localityName            = optional
organizationName        = optional
organizationalUnitName  = optional
commonName              = optional
emailAddress            = optional

[ usr_cert ]
# We’ll apply the usr_cert extension when signing client certificates,
# such as those used for remote user authentication.
# Extensions for client certificates (`man x509v3_config`).
basicConstraints = critical, CA:FALSE
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always, issuer:always
keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment, dataEncipherment, keyAgreement
extendedKeyUsage = critical, clientAuth, emailProtection, codeSigning

[ server_cert ]
# We’ll apply the server_cert extension when signing server certificates,
# such as those used for web servers.
# Extensions for server certificates (`man x509v3_config`).
basicConstraints = critical, CA:FALSE
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always, issuer:always
keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment, keyAgreement
extendedKeyUsage = critical, serverAuth