update conf files to modern standards

- use SHA256 as default_md for all requests
- use UTF-8 as mandated by RFC-2459
- bump default key size for CA certificate requests to 4096 bits
- remove whitespace at end of line
- update change dates
This commit is contained in:
Jan Dittberner 2015-02-03 19:47:13 +01:00
parent e61cc1c0ac
commit 7953dca56f
6 changed files with 22 additions and 26 deletions

View file

@ -1,7 +1,7 @@
# Request configuration for client certificates # Request configuration for client certificates
# #
# Author: Jan Dittberner <jan@dittberner.info> # Author: Jan Dittberner <jan@dittberner.info>
# Date: 2011-05-04 # Date: 2015-02-03
RANDFILE = $ENV::HOME/ca/.rnd RANDFILE = $ENV::HOME/ca/.rnd
@ -9,10 +9,9 @@ RANDFILE = $ENV::HOME/ca/.rnd
default_bits = 2048 default_bits = 2048
distinguished_name = req_distinguished_name distinguished_name = req_distinguished_name
req_extensions = v3_client_ext req_extensions = v3_client_ext
utf8 = yes
# This sets a mask for permitted string types. There are several options. default_md = sha256
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). string_mask = utf8only
string_mask = nombstr
[ req_distinguished_name ] [ req_distinguished_name ]
countryName = Country Name (2 letter code) countryName = Country Name (2 letter code)

View file

@ -2,11 +2,11 @@
# this CA should only be used to sign sub CAs # this CA should only be used to sign sub CAs
# #
# Author: Jan Dittberner <jan@dittberner.info> # Author: Jan Dittberner <jan@dittberner.info>
# Date: 2011-05-03 # Date: 2015-02-03
RANDFILE = $ENV::HOME/rootca/.rnd RANDFILE = $ENV::HOME/rootca/.rnd
extensions = v3_ext extensions = v3_ext
[ ca ] [ ca ]
default_ca = EXAMPLEROOT # name of the default CA section default_ca = EXAMPLEROOT # name of the default CA section

View file

@ -1,18 +1,17 @@
# Request configuration for CA certificate # Request configuration for CA certificate
# #
# Author: Jan Dittberner <jan@dittberner.info> # Author: Jan Dittberner <jan@dittberner.info>
# Date: 2011-05-03 # Date: 2015-02-03
RANDFILE = $ENV::HOME/ca/.rnd RANDFILE = $ENV::HOME/ca/.rnd
[ req ] [ req ]
default_bits = 2048 default_bits = 4096
distinguished_name = req_distinguished_name distinguished_name = req_distinguished_name
x509_extensions = v3_ca_ext x509_extensions = v3_ca_ext
utf8 = yes
# This sets a mask for permitted string types. There are several options. default_md = sha256
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). string_mask = utf8only
string_mask = nombstr
[ req_distinguished_name ] [ req_distinguished_name ]
countryName = Country Name (2 letter code) countryName = Country Name (2 letter code)

View file

@ -1,7 +1,7 @@
# Request configuration for server certificates # Request configuration for server certificates
# #
# Author: Jan Dittberner <jan@dittberner.info> # Author: Jan Dittberner <jan@dittberner.info>
# Date: 2011-05-04 # Date: 2015-02-03
RANDFILE = $ENV::HOME/ca/.rnd RANDFILE = $ENV::HOME/ca/.rnd
@ -9,10 +9,9 @@ RANDFILE = $ENV::HOME/ca/.rnd
default_bits = 2048 default_bits = 2048
distinguished_name = req_distinguished_name distinguished_name = req_distinguished_name
req_extensions = v3_server_ext req_extensions = v3_server_ext
utf8 = yes
# This sets a mask for permitted string types. There are several options. default_md = sha256
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). string_mask = utf8only
string_mask = nombstr
[ req_distinguished_name ] [ req_distinguished_name ]
countryName = Country Name (2 letter code) countryName = Country Name (2 letter code)

View file

@ -2,11 +2,11 @@
# this CA should be used to sign client and server certificates # this CA should be used to sign client and server certificates
# #
# Author: Jan Dittberner <jan@dittberner.info> # Author: Jan Dittberner <jan@dittberner.info>
# Date: 2011-05-04 # Date: 2015-02-03
RANDFILE = $ENV::HOME/subca/.rnd RANDFILE = $ENV::HOME/subca/.rnd
extensions = v3_ext extensions = v3_ext
[ ca ] [ ca ]
default_ca = EXAMPLESUBCA # name of the default CA section default_ca = EXAMPLESUBCA # name of the default CA section

View file

@ -1,18 +1,17 @@
# Request configuration for Sub CA certificate # Request configuration for Sub CA certificate
# #
# Author: Jan Dittberner <jan@dittberner.info> # Author: Jan Dittberner <jan@dittberner.info>
# Date: 2011-05-04 # Date: 2015-02-03
RANDFILE = $ENV::HOME/ca/.rnd RANDFILE = $ENV::HOME/ca/.rnd
[ req ] [ req ]
default_bits = 2048 default_bits = 4096
distinguished_name = req_distinguished_name distinguished_name = req_distinguished_name
req_extensions = v3_subca_ext req_extensions = v3_subca_ext
utf8 = yes
# This sets a mask for permitted string types. There are several options. default_md = sha256
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). string_mask = utf8only
string_mask = nombstr
[ req_distinguished_name ] [ req_distinguished_name ]
countryName = Country Name (2 letter code) countryName = Country Name (2 letter code)