Tips-Of-Mine/gestion-certificats2
2
0
Fork 0
mirror of https://github.com/tips-of-mine/gestion-certificats2.git synced 2025-06-28 15:08:42 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity
Files
1ddb7594f566766a1262cc360d35f7341de79aeb
gestion-certificats2/scripts/configs/intermediate-openssl.conf
tips-of-mine 1ddb7594f5 Create intermediate-openssl.conf
2025-06-15 09:35:54 +02:00

87 lines
2.6 KiB
Plaintext
Raw Blame History

[ ca ]
default_ca = CA_default # The
[ CA_default ]
dir = /opt/tls/intermediate
certificate = $dir/certs/intermediate.cert.pem
database = $dir/index.txt
new_certs_dir = $dir/certs
serial = $dir/serial
crlnumber = $dir/crlnumber
private_key = $dir/private/intermediate.key.pem
name_opt = ca_default
cert_opt = ca_default
default_days = 365
default_crl_days= 30
default_md = sha256
preserve = no
policy = policy_anything
[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
[ req ]
default_bits = 4096
default_md = sha256
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
x509_extensions = v3_ca
string_mask = nombstr
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = FR
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = NORD
localityName = Locality Name (eg, city)
localityName_default = ROUBAIX
0.organizationName = Organization Name (eg, company)
0.organizationName_default = IT
organizationalUnitName = Organizational Unit Name (eg, section)
commonName = Common Name (eg, your name or your server\'s hostname)
commonName_max = 64
emailAddress = Email Address
emailAddress_max = 64
emailAddress_default = sec@test.testing
[ v3_ca ]
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer
basicConstraints = critical,CA:true
[ v3_intermediate_ca ]
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always,issuer
basicConstraints = critical, CA:true, pathlen:0
keyUsage = critical, digitalSignature, cRLSign, keyCertSign
extendedKeyUsage = OCSPSigning
[ v3_ocsp ]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
extendedKeyUsage = OCSPSigning
[ v3_leaf ]
extendedKeyUsage = serverAuth, clientAuth
authorityInfoAccess = OCSP;URI:$ENV::OCSP_URL
subjectAltName = $ENV::SAN
Reference in New Issue View Git Blame Copy Permalink