jan/osslconfexamples
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

update conf files to modern standards

Browse source 
- use SHA256 as default_md for all requests
- use UTF-8 as mandated by RFC-2459
- bump default key size for CA certificate requests to 4096 bits
- remove whitespace at end of line
- update change dates
This commit is contained in:
Jan Dittberner 2015-02-03 19:47:13 +01:00
parent e61cc1c0ac
commit 7953dca56f
6 changed files with 22 additions and 26 deletions
Download patch file Download diff file Expand all files Collapse all files

9
clientcsr.conf
View file

@ -1,7 +1,7 @@
# Request configuration for client certificates # Request configuration for client certificates
# #
# Author: Jan Dittberner <jan@dittberner.info> # Author: Jan Dittberner <jan@dittberner.info>
# Date: 2011-05-04 # Date: 2015-02-03
RANDFILE = $ENV::HOME/ca/.rnd RANDFILE = $ENV::HOME/ca/.rnd
@ -9,10 +9,9 @@ RANDFILE = $ENV::HOME/ca/.rnd
default_bits = 2048 default_bits = 2048
distinguished_name = req_distinguished_name distinguished_name = req_distinguished_name
req_extensions = v3_client_ext req_extensions = v3_client_ext
utf8 = yes
# This sets a mask for permitted string types. There are several options. default_md = sha256
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). string_mask = utf8only
string_mask = nombstr
[ req_distinguished_name ] [ req_distinguished_name ]
countryName = Country Name (2 letter code) countryName = Country Name (2 letter code)

2
rootca.conf
View file

@ -2,7 +2,7 @@
# this CA should only be used to sign sub CAs # this CA should only be used to sign sub CAs
# #
# Author: Jan Dittberner <jan@dittberner.info> # Author: Jan Dittberner <jan@dittberner.info>
# Date: 2011-05-03 # Date: 2015-02-03
RANDFILE = $ENV::HOME/rootca/.rnd RANDFILE = $ENV::HOME/rootca/.rnd

11
rootreq.conf
View file

@ -1,18 +1,17 @@
# Request configuration for CA certificate # Request configuration for CA certificate
# #
# Author: Jan Dittberner <jan@dittberner.info> # Author: Jan Dittberner <jan@dittberner.info>
# Date: 2011-05-03 # Date: 2015-02-03
RANDFILE = $ENV::HOME/ca/.rnd RANDFILE = $ENV::HOME/ca/.rnd
[ req ] [ req ]
default_bits = 2048 default_bits = 4096
distinguished_name = req_distinguished_name distinguished_name = req_distinguished_name
x509_extensions = v3_ca_ext x509_extensions = v3_ca_ext
utf8 = yes
# This sets a mask for permitted string types. There are several options. default_md = sha256
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). string_mask = utf8only
string_mask = nombstr
[ req_distinguished_name ] [ req_distinguished_name ]
countryName = Country Name (2 letter code) countryName = Country Name (2 letter code)

9
servercsr.conf
View file

@ -1,7 +1,7 @@
# Request configuration for server certificates # Request configuration for server certificates
# #
# Author: Jan Dittberner <jan@dittberner.info> # Author: Jan Dittberner <jan@dittberner.info>
# Date: 2011-05-04 # Date: 2015-02-03
RANDFILE = $ENV::HOME/ca/.rnd RANDFILE = $ENV::HOME/ca/.rnd
@ -9,10 +9,9 @@ RANDFILE = $ENV::HOME/ca/.rnd
default_bits = 2048 default_bits = 2048
distinguished_name = req_distinguished_name distinguished_name = req_distinguished_name
req_extensions = v3_server_ext req_extensions = v3_server_ext
utf8 = yes
# This sets a mask for permitted string types. There are several options. default_md = sha256
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). string_mask = utf8only
string_mask = nombstr
[ req_distinguished_name ] [ req_distinguished_name ]
countryName = Country Name (2 letter code) countryName = Country Name (2 letter code)

2
subca.conf
View file

@ -2,7 +2,7 @@
# this CA should be used to sign client and server certificates # this CA should be used to sign client and server certificates
# #
# Author: Jan Dittberner <jan@dittberner.info> # Author: Jan Dittberner <jan@dittberner.info>
# Date: 2011-05-04 # Date: 2015-02-03
RANDFILE = $ENV::HOME/subca/.rnd RANDFILE = $ENV::HOME/subca/.rnd

11
subcareq.conf
View file

@ -1,18 +1,17 @@
# Request configuration for Sub CA certificate # Request configuration for Sub CA certificate
# #
# Author: Jan Dittberner <jan@dittberner.info> # Author: Jan Dittberner <jan@dittberner.info>
# Date: 2011-05-04 # Date: 2015-02-03
RANDFILE = $ENV::HOME/ca/.rnd RANDFILE = $ENV::HOME/ca/.rnd
[ req ] [ req ]
default_bits = 2048 default_bits = 4096
distinguished_name = req_distinguished_name distinguished_name = req_distinguished_name
req_extensions = v3_subca_ext req_extensions = v3_subca_ext
utf8 = yes
# This sets a mask for permitted string types. There are several options. default_md = sha256
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). string_mask = utf8only
string_mask = nombstr
[ req_distinguished_name ] [ req_distinguished_name ]
countryName = Country Name (2 letter code) countryName = Country Name (2 letter code)