mirror of
https://github.com/openssl/openssl.git
synced 2024-12-03 05:41:46 +08:00
23f3993127
OpenSSL 1.1.1 introduced a new CSPRNG with an improved seeding mechanism, which makes it dispensable to define a RANDFILE for saving and restoring randomness. This commit removes the RANDFILE declarations from our own configuration files and adds documentation that this option is not needed anymore and retained mainly for compatibility reasons. Fixes #10433 Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/10436)
74 lines
2.1 KiB
INI
74 lines
2.1 KiB
INI
#
|
|
# SSLeay example configuration file.
|
|
# This is mostly being used for generation of certificate requests.
|
|
#
|
|
|
|
####################################################################
|
|
[ req ]
|
|
default_bits = 2048
|
|
default_keyfile = keySS.pem
|
|
distinguished_name = req_distinguished_name
|
|
encrypt_rsa_key = no
|
|
default_md = sha1
|
|
|
|
[ req_distinguished_name ]
|
|
countryName = Country Name (2 letter code)
|
|
countryName_default = AU
|
|
countryName_value = AU
|
|
|
|
organizationName = Organization Name (eg, company)
|
|
organizationName_value = Dodgy Brothers
|
|
|
|
commonName = Common Name (eg, YOUR name)
|
|
commonName_value = Dodgy CA
|
|
|
|
####################################################################
|
|
[ ca ]
|
|
default_ca = CA_default # The default ca section
|
|
|
|
####################################################################
|
|
[ CA_default ]
|
|
|
|
dir = ./demoCA # Where everything is kept
|
|
certs = $dir/certs # Where the issued certs are kept
|
|
crl_dir = $dir/crl # Where the issued crl are kept
|
|
database = $dir/index.txt # database index file.
|
|
#unique_subject = no # Set to 'no' to allow creation of
|
|
# several certificates with same subject.
|
|
new_certs_dir = $dir/newcerts # default place for new certs.
|
|
|
|
certificate = $dir/cacert.pem # The CA certificate
|
|
serial = $dir/serial # The current serial number
|
|
crl = $dir/crl.pem # The current CRL
|
|
private_key = $dir/private/cakey.pem# The private key
|
|
|
|
x509_extensions = v3_ca # The extensions to add to the cert
|
|
|
|
name_opt = ca_default # Subject Name options
|
|
cert_opt = ca_default # Certificate field options
|
|
|
|
default_days = 365 # how long to certify for
|
|
default_crl_days= 30 # how long before next CRL
|
|
default_md = md5 # which md to use.
|
|
preserve = no # keep passed DN ordering
|
|
|
|
policy = policy_anything
|
|
|
|
[ policy_anything ]
|
|
countryName = optional
|
|
stateOrProvinceName = optional
|
|
localityName = optional
|
|
organizationName = optional
|
|
organizationalUnitName = optional
|
|
commonName = supplied
|
|
emailAddress = optional
|
|
|
|
|
|
|
|
[ v3_ca ]
|
|
subjectKeyIdentifier=hash
|
|
authorityKeyIdentifier=keyid:always,issuer:always
|
|
basicConstraints = critical,CA:true,pathlen:1
|
|
keyUsage = cRLSign, keyCertSign
|
|
issuerAltName=issuer:copy
|