diff --git a/clientcsr.conf b/clientcsr.conf index f3d48ff..6a7a9e6 100644 --- a/clientcsr.conf +++ b/clientcsr.conf @@ -1,7 +1,7 @@ # Request configuration for client certificates # # Author: Jan Dittberner -# Date: 2011-05-04 +# Date: 2015-02-03 RANDFILE = $ENV::HOME/ca/.rnd @@ -9,10 +9,9 @@ RANDFILE = $ENV::HOME/ca/.rnd default_bits = 2048 distinguished_name = req_distinguished_name req_extensions = v3_client_ext - -# This sets a mask for permitted string types. There are several options. -# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). -string_mask = nombstr +utf8 = yes +default_md = sha256 +string_mask = utf8only [ req_distinguished_name ] countryName = Country Name (2 letter code) diff --git a/rootca.conf b/rootca.conf index f3b99b3..76d6345 100644 --- a/rootca.conf +++ b/rootca.conf @@ -2,11 +2,11 @@ # this CA should only be used to sign sub CAs # # Author: Jan Dittberner -# Date: 2011-05-03 +# Date: 2015-02-03 RANDFILE = $ENV::HOME/rootca/.rnd -extensions = v3_ext +extensions = v3_ext [ ca ] default_ca = EXAMPLEROOT # name of the default CA section diff --git a/rootreq.conf b/rootreq.conf index 73e34bf..6f88956 100644 --- a/rootreq.conf +++ b/rootreq.conf @@ -1,18 +1,17 @@ # Request configuration for CA certificate # # Author: Jan Dittberner -# Date: 2011-05-03 +# Date: 2015-02-03 RANDFILE = $ENV::HOME/ca/.rnd [ req ] -default_bits = 2048 +default_bits = 4096 distinguished_name = req_distinguished_name x509_extensions = v3_ca_ext - -# This sets a mask for permitted string types. There are several options. -# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). -string_mask = nombstr +utf8 = yes +default_md = sha256 +string_mask = utf8only [ req_distinguished_name ] countryName = Country Name (2 letter code) diff --git a/servercsr.conf b/servercsr.conf index a1e0257..3fccfc9 100644 --- a/servercsr.conf +++ b/servercsr.conf @@ -1,7 +1,7 @@ # Request configuration for server certificates # # Author: Jan Dittberner -# Date: 2011-05-04 +# Date: 2015-02-03 RANDFILE = $ENV::HOME/ca/.rnd @@ -9,10 +9,9 @@ RANDFILE = $ENV::HOME/ca/.rnd default_bits = 2048 distinguished_name = req_distinguished_name req_extensions = v3_server_ext - -# This sets a mask for permitted string types. There are several options. -# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). -string_mask = nombstr +utf8 = yes +default_md = sha256 +string_mask = utf8only [ req_distinguished_name ] countryName = Country Name (2 letter code) diff --git a/subca.conf b/subca.conf index fe77f52..12733e8 100644 --- a/subca.conf +++ b/subca.conf @@ -2,11 +2,11 @@ # this CA should be used to sign client and server certificates # # Author: Jan Dittberner -# Date: 2011-05-04 +# Date: 2015-02-03 RANDFILE = $ENV::HOME/subca/.rnd -extensions = v3_ext +extensions = v3_ext [ ca ] default_ca = EXAMPLESUBCA # name of the default CA section diff --git a/subcareq.conf b/subcareq.conf index 539fef3..46abf33 100644 --- a/subcareq.conf +++ b/subcareq.conf @@ -1,18 +1,17 @@ # Request configuration for Sub CA certificate # # Author: Jan Dittberner -# Date: 2011-05-04 +# Date: 2015-02-03 RANDFILE = $ENV::HOME/ca/.rnd [ req ] -default_bits = 2048 +default_bits = 4096 distinguished_name = req_distinguished_name req_extensions = v3_subca_ext - -# This sets a mask for permitted string types. There are several options. -# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). -string_mask = nombstr +utf8 = yes +default_md = sha256 +string_mask = utf8only [ req_distinguished_name ] countryName = Country Name (2 letter code)