# Section req_ext is used when generating a certificate signing request. # extendedKeyUsage = serverAuth, clientAuth # In either case, you probably only need serverAuth. # CA/Browser Baseline Requirements, Appendix (B)(3)(G) makes me confused # RFC 5280, Section 4.2.1.12 makes EKU optional SubjectAltName = "OpenSSL Generated Certificate" KeyUsage = digitalSignature, keyEncipherment # omit keyEncipherment because that's key transport. # RSA Key transport (i.e., you use ephemeral cipher suites), then server FQDN or YOUR name)ĮmailAddress_default = # Section x509_ext is used when generating a self-signed certificate. # strictly follow the CA/Browser Baseline Requirements will fail).ĬommonName = Common Name (e.g. # must include the DNS name in the SAN too (otherwise, Chrome and others that # names are placed in Subject Alternate Names. # Use a friendly name here because its presented to the user. OrganizationName_default = Andrew Connell Inc. OrganizationName = Organization Name (eg, company) StateOrProvinceName = State or Province Name (full name) For example, RFC 4514 does not provide emailAddress.ĬountryName = Country Name (2 letter code) # The Subject DN can be formed using X501 or RFC 4514 (see RFC 4519 for a description).
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |