diff options
Diffstat (limited to 'src/lib/libssl/x509v3.cnf')
| -rw-r--r-- | src/lib/libssl/x509v3.cnf | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/src/lib/libssl/x509v3.cnf b/src/lib/libssl/x509v3.cnf new file mode 100644 index 0000000000..e430088671 --- /dev/null +++ b/src/lib/libssl/x509v3.cnf | |||
| @@ -0,0 +1,26 @@ | |||
| 1 | # default settings | ||
| 2 | CERTPATHLEN = 1 | ||
| 3 | CERTUSAGE = digitalSignature,keyCertSign | ||
| 4 | CERTIP = 0.0.0.0 | ||
| 5 | CERTFQDN = nohost.nodomain | ||
| 6 | |||
| 7 | # This section should be referenced when building an x509v3 CA | ||
| 8 | # Certificate. | ||
| 9 | # The default path length and the key usage can be overriden | ||
| 10 | # modified by setting the CERTPATHLEN and CERTUSAGE environment | ||
| 11 | # variables. | ||
| 12 | [x509v3_CA] | ||
| 13 | basicConstraints=critical,CA:true,pathlen:$ENV::CERTPATHLEN | ||
| 14 | keyUsage=$ENV::CERTUSAGE | ||
| 15 | |||
| 16 | # This section should be referenced to add an IP Address | ||
| 17 | # as an alternate subject name, needed by isakmpd | ||
| 18 | # The address must be provided in the CERTIP environment variable | ||
| 19 | [x509v3_IPAddr] | ||
| 20 | subjectAltName=IP:$ENV::CERTIP | ||
| 21 | |||
| 22 | # This section should be referenced to add a FQDN hostname | ||
| 23 | # as an alternate subject name, needed by isakmpd | ||
| 24 | # The address must be provided in the CERTFQDN environment variable | ||
| 25 | [x509v3_FQDN] | ||
| 26 | subjectAltName=DNS:$ENV::CERTFQDN | ||