1# default settings 2CERTPATHLEN = 1 3CERTUSAGE = digitalSignature,keyCertSign,cRLSign 4EXTCERTUSAGE = serverAuth,clientAuth 5CERTIP = 0.0.0.0 6CERTFQDN = nohost.nodomain 7 8# This section should be referenced when building an x509v3 CA 9# Certificate. 10# The default path length and the key usage can be overridden 11# modified by setting the CERTPATHLEN and CERTUSAGE environment 12# variables. 13[x509v3_CA] 14basicConstraints=critical,CA:true,pathlen:$ENV::CERTPATHLEN 15keyUsage=$ENV::CERTUSAGE 16 17# This section should be referenced to add an IP Address 18# as an alternate subject name, needed by isakmpd 19# The address must be provided in the CERTIP environment variable 20[x509v3_IPAddr] 21subjectAltName=IP:$ENV::CERTIP 22extendedKeyUsage=$ENV::EXTCERTUSAGE 23 24# This section should be referenced to add a FQDN hostname 25# as an alternate subject name, needed by isakmpd 26# The address must be provided in the CERTFQDN environment variable 27[x509v3_FQDN] 28subjectAltName=DNS:$ENV::CERTFQDN 29extendedKeyUsage=$ENV::EXTCERTUSAGE 30