xref: /openbsd/usr.sbin/ikectl/ikeca.cnf (revision 8932bfb7) 
1# $OpenBSD: ikeca.cnf,v 1.4 2010/10/08 16:15:22 reyk Exp $
2# $vantronix: ikeca.cnf,v 1.3 2010/05/31 12:26:26 reyk Exp $
3
4RANDFILE		= /dev/arandom
5
6CERT_C			= DE
7CERT_ST			= Lower Saxony
8CERT_L			= Hanover
9CERT_O			= .vantronix
10CERT_OU			= VPN
11CERT_CN			=
12CERT_EMAIL		= support@vantronix.com
13
14# default settings
15CERTPATHLEN		= 1
16CERTUSAGE		= digitalSignature,keyCertSign,cRLSign
17EXTCERTUSAGE		= serverAuth,clientAuth
18CERTIP			= 0.0.0.0
19CERTFQDN		= nohost.nodomain
20CADB			= index.txt
21NSCERTTYPE		= server,client
22
23[ req ]
24default_bits		= 2048
25default_keyfile 	= privkey.pem
26distinguished_name	= req_distinguished_name
27#attributes		= req_attributes
28
29[ req_distinguished_name ]
30countryName			= Country Name (2 letter code)
31countryName_default		= $ENV::CERT_C
32countryName_min			= 2
33countryName_max			= 2
34
35stateOrProvinceName		= State or Province Name (full name)
36stateOrProvinceName_default	= $ENV::CERT_ST
37
38localityName			= Locality Name (eg, city)
39localityName_default		= $ENV::CERT_L
40
410.organizationName		= Organization Name (eg, company)
420.organizationName_default	= $ENV::CERT_O
43
44# we can do this but it is not needed normally :-)
45#1.organizationName		= Second Organization Name (eg, company)
46#1.organizationName_default	= OpenBSD
47
48organizationalUnitName		= Organizational Unit Name (eg, section)
49organizationalUnitName_default	= $ENV::CERT_OU
50
51commonName			= Common Name (eg, fully qualified host name)
52commonName_max			= 64
53commonName_default		= $ENV::CERT_CN
54
55emailAddress			= Email Address
56emailAddress_max		= 64
57emailAddress_default		= $ENV::CERT_EMAIL
58
59[ req_attributes ]
60challengePassword		= A challenge password
61challengePassword_min		= 4
62challengePassword_max		= 20
63
64unstructuredName		= An optional company name
65
66[ x509v3_extensions ]
67nsCaRevocationUrl		= http://127.0.0.1/ca-crl.pem
68nsComment			= "This is a comment"
69
70# under ASN.1, the 0 bit would be encoded as 80
71nsCertType			= 0x40
72
73[x509v3_CA]
74basicConstraints=critical,CA:true,pathlen:$ENV::CERTPATHLEN
75keyUsage=$ENV::CERTUSAGE
76
77[x509v3_IPAddr]
78keyUsage=$ENV::CERTUSAGE
79nsCertType=$ENV::NSCERTTYPE
80subjectAltName=IP:$ENV::CERTIP
81extendedKeyUsage=$ENV::EXTCERTUSAGE
82
83[x509v3_FQDN]
84keyUsage=$ENV::CERTUSAGE
85nsCertType=$ENV::NSCERTTYPE
86subjectAltName=DNS:$ENV::CERTFQDN
87extendedKeyUsage=$ENV::EXTCERTUSAGE
88
89[ca]
90default_ca			= CA_default
91
92[CA_default]
93database			= $ENV::CADB
94default_md			= sha1
95default_crl_days		= 365
96
97