To create new wiki account, please join us on #znc at Libera.Chat and ask admins to create a wiki account for you. You can say thanks to spambots for this inconvenience.

Partdetach and OpenSSL.cnf SelfSigned: Difference between pages

From ZNC
(Difference between pages)
Jump to navigation Jump to search
rewrite
 
DoctorD90 (talk | contribs)
Created page with " [default] default_md = sha512 name_opt = ca_default cert_opt = ca_default default_days = 375 policy = @policy_selfsigned [ re..."
 
Line 1: Line 1:
{{External Module}}
[default]
For ZNC prior to version 1.0: http://people.znc.in/~psychon/znc/modules/partdetach.cpp or http://people.znc.in/~psychon/znc/modules/partdetach2.cpp
default_md        = sha512
 
name_opt          = ca_default
For ZNC version 1.0 and later: https://gist.github.com/Socialery/7058137
cert_opt          = ca_default
 
default_days      = 375
There is also a python module at https://github.com/Nothing4You/znc-modules/blob/master/part_detach.py - version compatibility unknown.
policy            = @policy_selfsigned
 
== Description ==
[ req ]
This network module detaches the user from the channel which is parted.
#Options from the [ req ] section are applied
To actually part a channel the user has to part it twice, first part to detach, second part to actually part.
#when creating certificates or certificate signing requests.
 
# Options for the `req` tool (`man req`).
== Installation ==
default_bits        = 4096
If you chose the >= 1.0 compatible version, here is example installation (znc-buildmod required):
distinguished_name  = req_selfsigned
 
string_mask        = utf8only
  mkdir ~/.znc/modules ; cd ~/.znc/modules
default_md          = sha512
  wget https://gist.githubusercontent.com/Socialery/7058137/raw/2eeb084c5be845d0b4dd37bc5576ce8160140c3c/partdetach2.cpp
  znc-buildmod partdetach2.cpp
 
[ req_selfsigned ]
You can then load the module with <code>/msg *status loadmod partdetach2</code>
# The [ req_dn ] section declares the information
 
# normally required in a certificate signing request.
If you chose the python module, make sure [[modpython]] is installed and loaded, first.
# You can optionally specify some defaults.
Then, place it as ~/.znc/modules/part_detach.py
# See <https://en.wikipedia.org/wiki/Certificate_signing_request>.
 
countryName                    = Country Name (2 letter code)
== Configuration ==
countryName_min                = 2
There are no configurable options.
countryName_max                = 2
 
stateOrProvinceName            = State or Province Name (full name)
== Support ==
localityName                    = Locality Name (eg, city)
You can find me ([[User:Nothing4You|Nothing4You]]) on irc, #znc on freenode, or use the [https://github.com/Nothing4You/znc-modules/issues Issue Tracker] on GitHub.
organizationName                = Organization Name (eg, company)
organizationalUnitName          = Organizational Unit Name (eg, section)
commonName                      = Common Name (e.g. server FQDN or YOUR name)
emailAddress                    = Email Address
# Optionally, specify some defaults.
countryName_default            = IT
stateOrProvinceName_default    = Italy
localityName_default            = Italy
organizationName_default        = ZNC.in
#organizationalUnitName_default  = ZNC Service
  #commonName_default            = wiki.znc.in
  emailAddress_default            = user [at] example [dot] com
[ policy_selfsigned ]
# See the POLICY FORMAT section of the `ca` man page.
  countryName            = optional
stateOrProvinceName    = optional
localityName            = optional
organizationName        = optional
organizationalUnitName  = optional
commonName              = optional
emailAddress            = optional
[ usr_cert ]
# We’ll apply the usr_cert extension when signing client certificates,
# such as those used for remote user authentication.
# Extensions for client certificates (`man x509v3_config`).
basicConstraints = critical, CA:FALSE
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always, issuer:always
keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment, dataEncipherment, keyAgreement
extendedKeyUsage = critical, clientAuth, emailProtection, codeSigning
[ server_cert ]
# We’ll apply the server_cert extension when signing server certificates,
# such as those used for web servers.
# Extensions for server certificates (`man x509v3_config`).
basicConstraints = critical, CA:FALSE
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always, issuer:always
keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment, keyAgreement
extendedKeyUsage = critical, serverAuth

Revision as of 18:03, 23 August 2021

[default]
default_md        = sha512
name_opt          = ca_default
cert_opt          = ca_default
default_days      = 375
policy            = @policy_selfsigned

[ req ]
#Options from the [ req ] section are applied
#when creating certificates or certificate signing requests.
# Options for the `req` tool (`man req`).
default_bits        = 4096
distinguished_name  = req_selfsigned
string_mask         = utf8only
default_md          = sha512


[ req_selfsigned ]
# The [ req_dn ] section declares the information
# normally required in a certificate signing request.
# You can optionally specify some defaults.
# See <https://en.wikipedia.org/wiki/Certificate_signing_request>.
countryName                     = Country Name (2 letter code)
countryName_min                 = 2
countryName_max                 = 2
stateOrProvinceName             = State or Province Name (full name)
localityName                    = Locality Name (eg, city)
organizationName                = Organization Name (eg, company)
organizationalUnitName          = Organizational Unit Name (eg, section)
commonName                      = Common Name (e.g. server FQDN or YOUR name)
emailAddress                    = Email Address

# Optionally, specify some defaults.
countryName_default             = IT
stateOrProvinceName_default     = Italy
localityName_default            = Italy
organizationName_default        = ZNC.in
#organizationalUnitName_default  = ZNC Service
#commonName_default             = wiki.znc.in
emailAddress_default            = user [at] example [dot] com

[ policy_selfsigned ]
# See the POLICY FORMAT section of the `ca` man page.
countryName             = optional
stateOrProvinceName     = optional
localityName            = optional
organizationName        = optional
organizationalUnitName  = optional
commonName              = optional
emailAddress            = optional

[ usr_cert ]
# We’ll apply the usr_cert extension when signing client certificates,
# such as those used for remote user authentication.
# Extensions for client certificates (`man x509v3_config`).
basicConstraints = critical, CA:FALSE
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always, issuer:always
keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment, dataEncipherment, keyAgreement
extendedKeyUsage = critical, clientAuth, emailProtection, codeSigning

[ server_cert ]
# We’ll apply the server_cert extension when signing server certificates,
# such as those used for web servers.
# Extensions for server certificates (`man x509v3_config`).
basicConstraints = critical, CA:FALSE
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always, issuer:always
keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment, keyAgreement
extendedKeyUsage = critical, serverAuth