add configuration for client certificate requests

2011-05-04 21:58:03 +02:00 · 2011-05-04 21:58:03 +02:00 · f1242ada05
commit f1242ada05
parent 149022f312
1 changed files with 46 additions and 0 deletions
--- a/clientcsr.conf
+++ b/clientcsr.conf
@ -0,0 +1,46 @@
+# Request configuration for CA certificate
+#
+# Author: Jan Dittberner <jan@dittberner.info>
+# Date:   2011-05-04
+
+RANDFILE		= $ENV::HOME/ca/.rnd
+
+[ req ]
+default_bits		= 2048
+distinguished_name	= req_distinguished_name
+x509_extensions	        = v3_client_ext
+
+# This sets a mask for permitted string types. There are several options. 
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+string_mask             = nombstr
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= DE
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= Saxony
+
+localityName			= Locality Name (eg, city)
+localityName_default            = Example Town
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= Example Organization
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+organizationalUnitName_default	= Example Lab
+
+commonName			= Common Name (eg, YOUR name)
+commonName_max			= 64
+commonName_default              = Example Lab Client
+
+emailAddress			= Email Address
+emailAddress_max		= 64
+emailAddress_default            = client@example.org
+
+[ v3_client_ext ]
+basicConstraints                = critical, CA:false
+keyUsage                        = keyEncipherment,digitalSignature
+extendedKeyUsage                = clientAuth