Browse Source

update conf files to modern standards

- use SHA256 as default_md for all requests
- use UTF-8 as mandated by RFC-2459
- bump default key size for CA certificate requests to 4096 bits
- remove whitespace at end of line
- update change dates
master
Jan Dittberner 4 years ago
parent
commit
7953dca56f
6 changed files with 22 additions and 26 deletions
  1. 4
    5
      clientcsr.conf
  2. 2
    2
      rootca.conf
  3. 5
    6
      rootreq.conf
  4. 4
    5
      servercsr.conf
  5. 2
    2
      subca.conf
  6. 5
    6
      subcareq.conf

+ 4
- 5
clientcsr.conf View File

@@ -1,7 +1,7 @@
# Request configuration for client certificates
#
# Author: Jan Dittberner <jan@dittberner.info>
# Date: 2011-05-04
# Date: 2015-02-03

RANDFILE = $ENV::HOME/ca/.rnd

@@ -9,10 +9,9 @@ RANDFILE = $ENV::HOME/ca/.rnd
default_bits = 2048
distinguished_name = req_distinguished_name
req_extensions = v3_client_ext

# This sets a mask for permitted string types. There are several options.
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
string_mask = nombstr
utf8 = yes
default_md = sha256
string_mask = utf8only

[ req_distinguished_name ]
countryName = Country Name (2 letter code)

+ 2
- 2
rootca.conf View File

@@ -2,11 +2,11 @@
# this CA should only be used to sign sub CAs
#
# Author: Jan Dittberner <jan@dittberner.info>
# Date: 2011-05-03
# Date: 2015-02-03

RANDFILE = $ENV::HOME/rootca/.rnd

extensions = v3_ext
extensions = v3_ext

[ ca ]
default_ca = EXAMPLEROOT # name of the default CA section

+ 5
- 6
rootreq.conf View File

@@ -1,18 +1,17 @@
# Request configuration for CA certificate
#
# Author: Jan Dittberner <jan@dittberner.info>
# Date: 2011-05-03
# Date: 2015-02-03

RANDFILE = $ENV::HOME/ca/.rnd

[ req ]
default_bits = 2048
default_bits = 4096
distinguished_name = req_distinguished_name
x509_extensions = v3_ca_ext

# This sets a mask for permitted string types. There are several options.
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
string_mask = nombstr
utf8 = yes
default_md = sha256
string_mask = utf8only

[ req_distinguished_name ]
countryName = Country Name (2 letter code)

+ 4
- 5
servercsr.conf View File

@@ -1,7 +1,7 @@
# Request configuration for server certificates
#
# Author: Jan Dittberner <jan@dittberner.info>
# Date: 2011-05-04
# Date: 2015-02-03

RANDFILE = $ENV::HOME/ca/.rnd

@@ -9,10 +9,9 @@ RANDFILE = $ENV::HOME/ca/.rnd
default_bits = 2048
distinguished_name = req_distinguished_name
req_extensions = v3_server_ext

# This sets a mask for permitted string types. There are several options.
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
string_mask = nombstr
utf8 = yes
default_md = sha256
string_mask = utf8only

[ req_distinguished_name ]
countryName = Country Name (2 letter code)

+ 2
- 2
subca.conf View File

@@ -2,11 +2,11 @@
# this CA should be used to sign client and server certificates
#
# Author: Jan Dittberner <jan@dittberner.info>
# Date: 2011-05-04
# Date: 2015-02-03

RANDFILE = $ENV::HOME/subca/.rnd

extensions = v3_ext
extensions = v3_ext

[ ca ]
default_ca = EXAMPLESUBCA # name of the default CA section

+ 5
- 6
subcareq.conf View File

@@ -1,18 +1,17 @@
# Request configuration for Sub CA certificate
#
# Author: Jan Dittberner <jan@dittberner.info>
# Date: 2011-05-04
# Date: 2015-02-03

RANDFILE = $ENV::HOME/ca/.rnd

[ req ]
default_bits = 2048
default_bits = 4096
distinguished_name = req_distinguished_name
req_extensions = v3_subca_ext

# This sets a mask for permitted string types. There are several options.
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
string_mask = nombstr
utf8 = yes
default_md = sha256
string_mask = utf8only

[ req_distinguished_name ]
countryName = Country Name (2 letter code)

Loading…
Cancel
Save