update conf files to modern standards
- use SHA256 as default_md for all requests - use UTF-8 as mandated by RFC-2459 - bump default key size for CA certificate requests to 4096 bits - remove whitespace at end of line - update change dates
This commit is contained in:
parent
e61cc1c0ac
commit
7953dca56f
6 changed files with 22 additions and 26 deletions
|
@ -1,7 +1,7 @@
|
||||||
# Request configuration for client certificates
|
# Request configuration for client certificates
|
||||||
#
|
#
|
||||||
# Author: Jan Dittberner <jan@dittberner.info>
|
# Author: Jan Dittberner <jan@dittberner.info>
|
||||||
# Date: 2011-05-04
|
# Date: 2015-02-03
|
||||||
|
|
||||||
RANDFILE = $ENV::HOME/ca/.rnd
|
RANDFILE = $ENV::HOME/ca/.rnd
|
||||||
|
|
||||||
|
@ -9,10 +9,9 @@ RANDFILE = $ENV::HOME/ca/.rnd
|
||||||
default_bits = 2048
|
default_bits = 2048
|
||||||
distinguished_name = req_distinguished_name
|
distinguished_name = req_distinguished_name
|
||||||
req_extensions = v3_client_ext
|
req_extensions = v3_client_ext
|
||||||
|
utf8 = yes
|
||||||
# This sets a mask for permitted string types. There are several options.
|
default_md = sha256
|
||||||
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
|
string_mask = utf8only
|
||||||
string_mask = nombstr
|
|
||||||
|
|
||||||
[ req_distinguished_name ]
|
[ req_distinguished_name ]
|
||||||
countryName = Country Name (2 letter code)
|
countryName = Country Name (2 letter code)
|
||||||
|
|
|
@ -2,11 +2,11 @@
|
||||||
# this CA should only be used to sign sub CAs
|
# this CA should only be used to sign sub CAs
|
||||||
#
|
#
|
||||||
# Author: Jan Dittberner <jan@dittberner.info>
|
# Author: Jan Dittberner <jan@dittberner.info>
|
||||||
# Date: 2011-05-03
|
# Date: 2015-02-03
|
||||||
|
|
||||||
RANDFILE = $ENV::HOME/rootca/.rnd
|
RANDFILE = $ENV::HOME/rootca/.rnd
|
||||||
|
|
||||||
extensions = v3_ext
|
extensions = v3_ext
|
||||||
|
|
||||||
[ ca ]
|
[ ca ]
|
||||||
default_ca = EXAMPLEROOT # name of the default CA section
|
default_ca = EXAMPLEROOT # name of the default CA section
|
||||||
|
|
11
rootreq.conf
11
rootreq.conf
|
@ -1,18 +1,17 @@
|
||||||
# Request configuration for CA certificate
|
# Request configuration for CA certificate
|
||||||
#
|
#
|
||||||
# Author: Jan Dittberner <jan@dittberner.info>
|
# Author: Jan Dittberner <jan@dittberner.info>
|
||||||
# Date: 2011-05-03
|
# Date: 2015-02-03
|
||||||
|
|
||||||
RANDFILE = $ENV::HOME/ca/.rnd
|
RANDFILE = $ENV::HOME/ca/.rnd
|
||||||
|
|
||||||
[ req ]
|
[ req ]
|
||||||
default_bits = 2048
|
default_bits = 4096
|
||||||
distinguished_name = req_distinguished_name
|
distinguished_name = req_distinguished_name
|
||||||
x509_extensions = v3_ca_ext
|
x509_extensions = v3_ca_ext
|
||||||
|
utf8 = yes
|
||||||
# This sets a mask for permitted string types. There are several options.
|
default_md = sha256
|
||||||
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
|
string_mask = utf8only
|
||||||
string_mask = nombstr
|
|
||||||
|
|
||||||
[ req_distinguished_name ]
|
[ req_distinguished_name ]
|
||||||
countryName = Country Name (2 letter code)
|
countryName = Country Name (2 letter code)
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
# Request configuration for server certificates
|
# Request configuration for server certificates
|
||||||
#
|
#
|
||||||
# Author: Jan Dittberner <jan@dittberner.info>
|
# Author: Jan Dittberner <jan@dittberner.info>
|
||||||
# Date: 2011-05-04
|
# Date: 2015-02-03
|
||||||
|
|
||||||
RANDFILE = $ENV::HOME/ca/.rnd
|
RANDFILE = $ENV::HOME/ca/.rnd
|
||||||
|
|
||||||
|
@ -9,10 +9,9 @@ RANDFILE = $ENV::HOME/ca/.rnd
|
||||||
default_bits = 2048
|
default_bits = 2048
|
||||||
distinguished_name = req_distinguished_name
|
distinguished_name = req_distinguished_name
|
||||||
req_extensions = v3_server_ext
|
req_extensions = v3_server_ext
|
||||||
|
utf8 = yes
|
||||||
# This sets a mask for permitted string types. There are several options.
|
default_md = sha256
|
||||||
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
|
string_mask = utf8only
|
||||||
string_mask = nombstr
|
|
||||||
|
|
||||||
[ req_distinguished_name ]
|
[ req_distinguished_name ]
|
||||||
countryName = Country Name (2 letter code)
|
countryName = Country Name (2 letter code)
|
||||||
|
|
|
@ -2,11 +2,11 @@
|
||||||
# this CA should be used to sign client and server certificates
|
# this CA should be used to sign client and server certificates
|
||||||
#
|
#
|
||||||
# Author: Jan Dittberner <jan@dittberner.info>
|
# Author: Jan Dittberner <jan@dittberner.info>
|
||||||
# Date: 2011-05-04
|
# Date: 2015-02-03
|
||||||
|
|
||||||
RANDFILE = $ENV::HOME/subca/.rnd
|
RANDFILE = $ENV::HOME/subca/.rnd
|
||||||
|
|
||||||
extensions = v3_ext
|
extensions = v3_ext
|
||||||
|
|
||||||
[ ca ]
|
[ ca ]
|
||||||
default_ca = EXAMPLESUBCA # name of the default CA section
|
default_ca = EXAMPLESUBCA # name of the default CA section
|
||||||
|
|
|
@ -1,18 +1,17 @@
|
||||||
# Request configuration for Sub CA certificate
|
# Request configuration for Sub CA certificate
|
||||||
#
|
#
|
||||||
# Author: Jan Dittberner <jan@dittberner.info>
|
# Author: Jan Dittberner <jan@dittberner.info>
|
||||||
# Date: 2011-05-04
|
# Date: 2015-02-03
|
||||||
|
|
||||||
RANDFILE = $ENV::HOME/ca/.rnd
|
RANDFILE = $ENV::HOME/ca/.rnd
|
||||||
|
|
||||||
[ req ]
|
[ req ]
|
||||||
default_bits = 2048
|
default_bits = 4096
|
||||||
distinguished_name = req_distinguished_name
|
distinguished_name = req_distinguished_name
|
||||||
req_extensions = v3_subca_ext
|
req_extensions = v3_subca_ext
|
||||||
|
utf8 = yes
|
||||||
# This sets a mask for permitted string types. There are several options.
|
default_md = sha256
|
||||||
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
|
string_mask = utf8only
|
||||||
string_mask = nombstr
|
|
||||||
|
|
||||||
[ req_distinguished_name ]
|
[ req_distinguished_name ]
|
||||||
countryName = Country Name (2 letter code)
|
countryName = Country Name (2 letter code)
|
||||||
|
|
Loading…
Reference in a new issue