OpenSSL/ca.conf
をテンプレートにして作成
[
トップ
] [
タイトル一覧
|
ページ一覧
|
新規
|
検索
|
最終更新
|
ヘルプ
|
ログイン
]
開始行:
* ca.conf
<pre>
[ ca ]
default_ca = CA_default
x509_extensions = usr_cert
[ CA_default ]
dir = /var/CA/netpCA
certs = $dir/certs
crl_dir = $dir/crl
# CA_DB =
new_certs_dir = $dir/newcerts
certificate = $dir/cacert.pem
serial = $dir/serial
crl = $dir/crl/cacert.crl
private_key = $dir/private/cakey.pem
database = $dir/index.txt
# RANDFILE =
default_days = 365
# default_startdate =
# default_enddate =
default_crl_days = 365
# default_crl_hours =
#default_md = md5
#default_md = sha256
default_md = sha512
# preserve = no
policy = policy_match
x509_extensions = x509v3_extensions
# crl_extensions =
# msie_hack =
[ policy_match ]
countryName = optional
stateOrProvinceName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
[ usr_cert ]
basicConstraints=CA:FALSE
nsCertType = sslCA, emailCA, server, client, email, objsign
# nsCertType = objsign
# nsCertType = client, email
# nsCertType = client, email, objsign
# nsComment = "OpenSSL Generated Cert...
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
[ x509v3_extensions ]
subjectKeyIdentifier=hash
basicConstraints = CA:true
nsCertType = sslCA, emailCA, server, client, email, objsign
</pre>
終了行:
* ca.conf
<pre>
[ ca ]
default_ca = CA_default
x509_extensions = usr_cert
[ CA_default ]
dir = /var/CA/netpCA
certs = $dir/certs
crl_dir = $dir/crl
# CA_DB =
new_certs_dir = $dir/newcerts
certificate = $dir/cacert.pem
serial = $dir/serial
crl = $dir/crl/cacert.crl
private_key = $dir/private/cakey.pem
database = $dir/index.txt
# RANDFILE =
default_days = 365
# default_startdate =
# default_enddate =
default_crl_days = 365
# default_crl_hours =
#default_md = md5
#default_md = sha256
default_md = sha512
# preserve = no
policy = policy_match
x509_extensions = x509v3_extensions
# crl_extensions =
# msie_hack =
[ policy_match ]
countryName = optional
stateOrProvinceName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
[ usr_cert ]
basicConstraints=CA:FALSE
nsCertType = sslCA, emailCA, server, client, email, objsign
# nsCertType = objsign
# nsCertType = client, email
# nsCertType = client, email, objsign
# nsComment = "OpenSSL Generated Cert...
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
[ x509v3_extensions ]
subjectKeyIdentifier=hash
basicConstraints = CA:true
nsCertType = sslCA, emailCA, server, client, email, objsign
</pre>
ページ名:
![[PukiWiki]](image/pukiwiki.png "[PukiWiki]")
