You might want to change the value to something like. It is also the default directory to which new certs and keys are written. Indicating that the demoCA directory (beneath whatever is the current working directory) contains files to be read. The sample openssl.cnf file has the line: The default directory that ca reads from and writes to (unless told to do otherwise). Long names are the same as the short names for OIDs that are defined in this manner. Key names in the section should be the OID's short name, and the corresponding value should be the OID's numerical representation. The name of a section (of the this configuration file) that contains object identifier definitions. The third column is the OID's long name, which may be composed of multiple words and characters other than letters. The second column is the OID's short name, which sould be a single word composed of only upper- and lowercase letters. The first column is the numerical representation of the OID. The format of this file is one definition per line, each line consisting of three columns. The name of a file that contains object identifier definitions. Then, when you issue the openssl ca command, specify a different section with the -name option to the ca command. If you regularly need different sets of configuration options when issuing the ca command, you can create other sections whose contents parallel the contents of CA_default (but with different values specified). You can change the name of this section by changing the value of the default_ca attribute in the section of the configuration file. In the default openssl.cnf file, directives for the ca command are in this section.
You can override the value of the default_ca attribute by using the ca command's -name option. Tells the ca command to look for a section named, which has the actual attributes used by the ca command. Thus, the following directive (in the sample openssl.cnf file shipped with OpenSSL)
On startup, the default behavior of openssl's ca command is to check the section for the value of the default_ca attribute, which references another section of the openssl.cnf file. In other cases, ca command options (-name, -clrexts, -extensions ) explicitly refer to sections of the openssl.cnf file that might otherwise be ignored. In some cases, omitting the options when invoking the ca command will cause ca to use the values in the openssl.cnf file. Many of them correspond to ca command options. The directives below are used by the openssl ca (Certificate Authority) command. Within each section, directives consist of attributes (on the left-hand side), an equals sign (``=''), and value(s) for the attribute (on the right-hand side. The first bracketed identifier in the file can be preceded by directives that affect the entire configuration file. Examples include and, which affect the behavior of openssl's ca and req commands. Openssl.cnf is divided into sections that begin with bracketed identifiers. The file provides default values that are used when corresponding options are omitted from the three commands it also provides default prompts and other values that affect the way the commands interact with the user. The file openssl.cnf contains configuration information used by three openssl (sub-)commands: ca, req and x509. KeyUsage = nonRepudiation, digitalSignature, keyEnciphermentīasicConstraints = critical, CA:true, pathlen:0ĮxtendedKeyUsage = serverAuth, clientAuth NsComment = "OpenSSL Certificate for SSL Client" NsComment = "OpenSSL Certificate for SSL Web Server" KeyUsage = digitalSignature, keyEnciphermentĮxtendedKeyUsage = serverAuth, nsSGC, msSGC StateOrProvinceName = State or Province NameĠ.organizationalUnitName = Level 0 Organizational UnitĠ.organizationalUnitName_default = IBM ASġ.organizationalUnitName = Level 1 Organizational Unitġ.organizationalUnitName_default = IBM AS DBS # =ĭistinguished_name = req_distinguished_nameĬountryName = Country Name (2 letter code)
0 kommentar(er)
