Simple Working Configuration File for OpenSSL "ca"
Q
Where to find a simple configuration file example for the OpenSSL "ca" command?
✍: FYIcenter.com
A
Here is a simple configuration file example for the OpenSSL "ca" command:
# Unnamed section of generic options # ------------------------------------------------------------------ # Section for the "default_ca" option # ------------------------------------------------------------------ [ca] # Section pointer for "ca" command options default_ca = my_ca_default # ------------------------------------------------------------------ # Default section for "ca" command options # ------------------------------------------------------------------ [my_ca_default] # Directory to store backup copies certificates new_certs_dir = ./my_ca/certs # Database file to track certificates database = ./my_ca/certs.db # Message digest algorithm for the digital signature in the certificate default_md = md5 # Section pointer for DN field validation and order policy = my_ca_policy # Sequence number file used the serial number in the certificate serial = ./my_ca/certs.seq # Number of valid days to give to new certificates default_days = 365 # ------------------------------------------------------------------ # section for DN field validation and order # ------------------------------------------------------------------ [my_ca_policy] # "commonName" field is required commonName = supplied # "countryName" field is optional countryName = optional # "stateOrProvinceName" field is optional stateOrProvinceName = optional # "localityName" field is optional localityName = optional # "organizationName" field is optional organizationName = optional # "organizationalUnitName" field is optional organizationalUnitName = optional # "emailAddress" field is optional emailAddress = optional
2022-06-05, 2670👍, 1💬
Related Topics:
💬 2018-10-14 FYIcenter.com: @Cindy, Yes. Keys generated here are valid RSA keys!
