From 7953dca56f64cbddebc6638067b11e0730e7c004 Mon Sep 17 00:00:00 2001 From: Jan Dittberner Date: Tue, 3 Feb 2015 19:47:13 +0100 Subject: [PATCH] update conf files to modern standards - use SHA256 as default_md for all requests - use UTF-8 as mandated by RFC-2459 - bump default key size for CA certificate requests to 4096 bits - remove whitespace at end of line - update change dates --- clientcsr.conf | 9 ++++----- rootca.conf | 4 ++-- rootreq.conf | 11 +++++------ servercsr.conf | 9 ++++----- subca.conf | 4 ++-- subcareq.conf | 11 +++++------ 6 files changed, 22 insertions(+), 26 deletions(-) diff --git a/clientcsr.conf b/clientcsr.conf index f3d48ff..6a7a9e6 100644 --- a/clientcsr.conf +++ b/clientcsr.conf @@ -1,7 +1,7 @@ # Request configuration for client certificates # # Author: Jan Dittberner -# Date: 2011-05-04 +# Date: 2015-02-03 RANDFILE = $ENV::HOME/ca/.rnd @@ -9,10 +9,9 @@ RANDFILE = $ENV::HOME/ca/.rnd default_bits = 2048 distinguished_name = req_distinguished_name req_extensions = v3_client_ext - -# This sets a mask for permitted string types. There are several options. -# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). -string_mask = nombstr +utf8 = yes +default_md = sha256 +string_mask = utf8only [ req_distinguished_name ] countryName = Country Name (2 letter code) diff --git a/rootca.conf b/rootca.conf index f3b99b3..76d6345 100644 --- a/rootca.conf +++ b/rootca.conf @@ -2,11 +2,11 @@ # this CA should only be used to sign sub CAs # # Author: Jan Dittberner -# Date: 2011-05-03 +# Date: 2015-02-03 RANDFILE = $ENV::HOME/rootca/.rnd -extensions = v3_ext +extensions = v3_ext [ ca ] default_ca = EXAMPLEROOT # name of the default CA section diff --git a/rootreq.conf b/rootreq.conf index 73e34bf..6f88956 100644 --- a/rootreq.conf +++ b/rootreq.conf @@ -1,18 +1,17 @@ # Request configuration for CA certificate # # Author: Jan Dittberner -# Date: 2011-05-03 +# Date: 2015-02-03 RANDFILE = $ENV::HOME/ca/.rnd [ req ] -default_bits = 2048 +default_bits = 4096 distinguished_name = req_distinguished_name x509_extensions = v3_ca_ext - -# This sets a mask for permitted string types. There are several options. -# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). -string_mask = nombstr +utf8 = yes +default_md = sha256 +string_mask = utf8only [ req_distinguished_name ] countryName = Country Name (2 letter code) diff --git a/servercsr.conf b/servercsr.conf index a1e0257..3fccfc9 100644 --- a/servercsr.conf +++ b/servercsr.conf @@ -1,7 +1,7 @@ # Request configuration for server certificates # # Author: Jan Dittberner -# Date: 2011-05-04 +# Date: 2015-02-03 RANDFILE = $ENV::HOME/ca/.rnd @@ -9,10 +9,9 @@ RANDFILE = $ENV::HOME/ca/.rnd default_bits = 2048 distinguished_name = req_distinguished_name req_extensions = v3_server_ext - -# This sets a mask for permitted string types. There are several options. -# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). -string_mask = nombstr +utf8 = yes +default_md = sha256 +string_mask = utf8only [ req_distinguished_name ] countryName = Country Name (2 letter code) diff --git a/subca.conf b/subca.conf index fe77f52..12733e8 100644 --- a/subca.conf +++ b/subca.conf @@ -2,11 +2,11 @@ # this CA should be used to sign client and server certificates # # Author: Jan Dittberner -# Date: 2011-05-04 +# Date: 2015-02-03 RANDFILE = $ENV::HOME/subca/.rnd -extensions = v3_ext +extensions = v3_ext [ ca ] default_ca = EXAMPLESUBCA # name of the default CA section diff --git a/subcareq.conf b/subcareq.conf index 539fef3..46abf33 100644 --- a/subcareq.conf +++ b/subcareq.conf @@ -1,18 +1,17 @@ # Request configuration for Sub CA certificate # # Author: Jan Dittberner -# Date: 2011-05-04 +# Date: 2015-02-03 RANDFILE = $ENV::HOME/ca/.rnd [ req ] -default_bits = 2048 +default_bits = 4096 distinguished_name = req_distinguished_name req_extensions = v3_subca_ext - -# This sets a mask for permitted string types. There are several options. -# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). -string_mask = nombstr +utf8 = yes +default_md = sha256 +string_mask = utf8only [ req_distinguished_name ] countryName = Country Name (2 letter code)