esp-idf/examples/wifi/wifi_enterprise/generate_certs/example-ca-openssl.cnf
2023-06-15 20:32:57 +08:00

118 lines
2.4 KiB
INI

# OpenSSL configuration file
HOME = .
RANDFILE = $ENV::HOME/.rnd
oid_section = new_oids
[ new_oids ]
[ ca ]
default_ca = CA_default
[ CA_default ]
dir = ./ca
certs = $dir/certs
crl_dir = $dir/crl
database = $dir/index.txt
unique_subject = no
new_certs_dir = $dir/newcerts
certificate = $dir/cacert.pem
serial = $dir/serial
crlnumber = $dir/crlnumber
crl = $dir/crl.pem
private_key = $dir/private/cakey.pem
RANDFILE = $dir/private/.rand
x509_extensions = usr_cert
name_opt = ca_default
cert_opt = ca_default
copy_extensions = copy
default_days = 3650
default_crl_days= 30
default_md = default
preserve = no
policy = policy_match
[ policy_match ]
countryName = match
stateOrProvinceName = optional
organizationName = match
organizationalUnitName = optional
commonName = supplied
#emailAddress = optional
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
#emailAddress = optional
[ req ]
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca
string_mask = utf8only
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = CN
countryName_min = 2
countryName_max = 2
localityName = Locality Name (eg, city)
localityName_default = Shanghai
0.organizationName = Organization Name (eg, company)
0.organizationName_default = espressif
commonName = Common Name (e.g. server FQDN or YOUR name)
#@CN@
commonName_max = 64
[ req_attributes ]
[ v3_ca ]
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer
basicConstraints = critical, CA:true
#keyUsage = critical, cRLSign, keyCertSign
[ crl_ext ]
# issuerAltName=issuer:copy
authorityKeyIdentifier=keyid:always
[ usr_cert ]
basicConstraints=CA:FALSE
nsComment = "OpenSSL Generated Certificate"
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:issuer
[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
[ ext_client ]
extendedKeyUsage = 1.3.6.1.5.5.7.3.2
basicConstraints=CA:FALSE
subjectKeyIdentifier = hash
nsComment = "OpenSSL Generated Certificate"
authorityKeyIdentifier = keyid:always, issuer
[ ext_server ]
extendedKeyUsage = 1.3.6.1.5.5.7.3.1
basicConstraints=CA:FALSE
subjectKeyIdentifier = hash
nsComment = "OpenSSL Generated Certificate"
authorityKeyIdentifier = keyid:always, issuer