jan/osslconfexamples
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

update conf files to modern standards

Browse source 
- use SHA256 as default_md for all requests
- use UTF-8 as mandated by RFC-2459
- bump default key size for CA certificate requests to 4096 bits
- remove whitespace at end of line
- update change dates
This commit is contained in:
Jan Dittberner 2015-02-03 19:47:13 +01:00
parent e61cc1c0ac
commit 7953dca56f
6 changed files with 22 additions and 26 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
clientcsr.conf
View file

@ -1,7 +1,7 @@
# Request configuration for client certificates
#
# Author: Jan Dittberner <jan@dittberner.info>
# Date: 2011-05-04
# Date: 2015-02-03
RANDFILE = $ENV::HOME/ca/.rnd
@ -9,10 +9,9 @@ RANDFILE = $ENV::HOME/ca/.rnd
default_bits = 2048
distinguished_name = req_distinguished_name
req_extensions = v3_client_ext
# This sets a mask for permitted string types. There are several options.
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
string_mask = nombstr
utf8 = yes
default_md = sha256
string_mask = utf8only
[ req_distinguished_name ]
countryName = Country Name (2 letter code)

4
rootca.conf
View file

@ -2,11 +2,11 @@
# this CA should only be used to sign sub CAs
#
# Author: Jan Dittberner <jan@dittberner.info>
# Date: 2011-05-03
# Date: 2015-02-03
RANDFILE = $ENV::HOME/rootca/.rnd
extensions = v3_ext
extensions = v3_ext
[ ca ]
default_ca = EXAMPLEROOT # name of the default CA section

11
rootreq.conf
View file

@ -1,18 +1,17 @@
# Request configuration for CA certificate
#
# Author: Jan Dittberner <jan@dittberner.info>
# Date: 2011-05-03
# Date: 2015-02-03
RANDFILE = $ENV::HOME/ca/.rnd
[ req ]
default_bits = 2048
default_bits = 4096
distinguished_name = req_distinguished_name
x509_extensions = v3_ca_ext
# This sets a mask for permitted string types. There are several options.
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
string_mask = nombstr
utf8 = yes
default_md = sha256
string_mask = utf8only
[ req_distinguished_name ]
countryName = Country Name (2 letter code)

9
servercsr.conf
View file

@ -1,7 +1,7 @@
# Request configuration for server certificates
#
# Author: Jan Dittberner <jan@dittberner.info>
# Date: 2011-05-04
# Date: 2015-02-03
RANDFILE = $ENV::HOME/ca/.rnd
@ -9,10 +9,9 @@ RANDFILE = $ENV::HOME/ca/.rnd
default_bits = 2048
distinguished_name = req_distinguished_name
req_extensions = v3_server_ext
# This sets a mask for permitted string types. There are several options.
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
string_mask = nombstr
utf8 = yes
default_md = sha256
string_mask = utf8only
[ req_distinguished_name ]
countryName = Country Name (2 letter code)

4
subca.conf
View file

@ -2,11 +2,11 @@
# this CA should be used to sign client and server certificates
#
# Author: Jan Dittberner <jan@dittberner.info>
# Date: 2011-05-04
# Date: 2015-02-03
RANDFILE = $ENV::HOME/subca/.rnd
extensions = v3_ext
extensions = v3_ext
[ ca ]
default_ca = EXAMPLESUBCA # name of the default CA section

11
subcareq.conf
View file

@ -1,18 +1,17 @@
# Request configuration for Sub CA certificate
#
# Author: Jan Dittberner <jan@dittberner.info>
# Date: 2011-05-04
# Date: 2015-02-03
RANDFILE = $ENV::HOME/ca/.rnd
[ req ]
default_bits = 2048
default_bits = 4096
distinguished_name = req_distinguished_name
req_extensions = v3_subca_ext
# This sets a mask for permitted string types. There are several options.
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
string_mask = nombstr
utf8 = yes
default_md = sha256
string_mask = utf8only
[ req_distinguished_name ]
countryName = Country Name (2 letter code)