To create new wiki account, please join us on #znc at Libera.Chat and ask admins to create a wiki account for you. You can say thanks to spambots for this inconvenience.
ZNC and OpenSSL.cnf SelfSigned: Difference between pages
(Difference between pages)
DarthGandalf (talk | contribs) |
Created page with " [default] default_md = sha512 name_opt = ca_default cert_opt = ca_default default_days = 375 policy = @policy_selfsigned [ re..." |
||
| Line 1: | Line 1: | ||
[default] | |||
default_md = sha512 | |||
name_opt = ca_default | |||
cert_opt = ca_default | |||
default_days = 375 | |||
policy = @policy_selfsigned | |||
[ req ] | |||
#Options from the [ req ] section are applied | |||
#when creating certificates or certificate signing requests. | |||
# Options for the `req` tool (`man req`). | |||
default_bits = 4096 | |||
distinguished_name = req_selfsigned | |||
string_mask = utf8only | |||
default_md = sha512 | |||
== | |||
[ req_selfsigned ] | |||
# The [ req_dn ] section declares the information | |||
# normally required in a certificate signing request. | |||
# You can optionally specify some defaults. | |||
# See <https://en.wikipedia.org/wiki/Certificate_signing_request>. | |||
countryName = Country Name (2 letter code) | |||
countryName_min = 2 | |||
countryName_max = 2 | |||
stateOrProvinceName = State or Province Name (full name) | |||
== | localityName = Locality Name (eg, city) | ||
organizationName = Organization Name (eg, company) | |||
organizationalUnitName = Organizational Unit Name (eg, section) | |||
commonName = Common Name (e.g. server FQDN or YOUR name) | |||
emailAddress = Email Address | |||
# Optionally, specify some defaults. | |||
countryName_default = IT | |||
stateOrProvinceName_default = Italy | |||
localityName_default = Italy | |||
organizationName_default = ZNC.in | |||
#organizationalUnitName_default = ZNC Service | |||
= | #commonName_default = wiki.znc.in | ||
emailAddress_default = user [at] example [dot] com | |||
[ policy_selfsigned ] | |||
# See the POLICY FORMAT section of the `ca` man page. | |||
countryName = optional | |||
stateOrProvinceName = optional | |||
=== | localityName = optional | ||
organizationName = optional | |||
organizationalUnitName = optional | |||
commonName = optional | |||
emailAddress = optional | |||
[ usr_cert ] | |||
# We’ll apply the usr_cert extension when signing client certificates, | |||
=== | # such as those used for remote user authentication. | ||
# Extensions for client certificates (`man x509v3_config`). | |||
basicConstraints = critical, CA:FALSE | |||
subjectKeyIdentifier = hash | |||
authorityKeyIdentifier = keyid:always, issuer:always | |||
keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment, dataEncipherment, keyAgreement | |||
extendedKeyUsage = critical, clientAuth, emailProtection, codeSigning | |||
[ server_cert ] | |||
# We’ll apply the server_cert extension when signing server certificates, | |||
# such as those used for web servers. | |||
# Extensions for server certificates (`man x509v3_config`). | |||
basicConstraints = critical, CA:FALSE | |||
subjectKeyIdentifier = hash | |||
authorityKeyIdentifier = keyid:always, issuer:always | |||
keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment, keyAgreement | |||
extendedKeyUsage = critical, serverAuth | |||
Revision as of 18:03, 23 August 2021
[default] default_md = sha512 name_opt = ca_default cert_opt = ca_default default_days = 375 policy = @policy_selfsigned [ req ] #Options from the [ req ] section are applied #when creating certificates or certificate signing requests. # Options for the `req` tool (`man req`). default_bits = 4096 distinguished_name = req_selfsigned string_mask = utf8only default_md = sha512 [ req_selfsigned ] # The [ req_dn ] section declares the information # normally required in a certificate signing request. # You can optionally specify some defaults. # See <https://en.wikipedia.org/wiki/Certificate_signing_request>. countryName = Country Name (2 letter code) countryName_min = 2 countryName_max = 2 stateOrProvinceName = State or Province Name (full name) localityName = Locality Name (eg, city) organizationName = Organization Name (eg, company) organizationalUnitName = Organizational Unit Name (eg, section) commonName = Common Name (e.g. server FQDN or YOUR name) emailAddress = Email Address # Optionally, specify some defaults. countryName_default = IT stateOrProvinceName_default = Italy localityName_default = Italy organizationName_default = ZNC.in #organizationalUnitName_default = ZNC Service #commonName_default = wiki.znc.in emailAddress_default = user [at] example [dot] com [ policy_selfsigned ] # See the POLICY FORMAT section of the `ca` man page. countryName = optional stateOrProvinceName = optional localityName = optional organizationName = optional organizationalUnitName = optional commonName = optional emailAddress = optional [ usr_cert ] # We’ll apply the usr_cert extension when signing client certificates, # such as those used for remote user authentication. # Extensions for client certificates (`man x509v3_config`). basicConstraints = critical, CA:FALSE subjectKeyIdentifier = hash authorityKeyIdentifier = keyid:always, issuer:always keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment, dataEncipherment, keyAgreement extendedKeyUsage = critical, clientAuth, emailProtection, codeSigning [ server_cert ] # We’ll apply the server_cert extension when signing server certificates, # such as those used for web servers. # Extensions for server certificates (`man x509v3_config`). basicConstraints = critical, CA:FALSE subjectKeyIdentifier = hash authorityKeyIdentifier = keyid:always, issuer:always keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment, keyAgreement extendedKeyUsage = critical, serverAuth